CM online verification - monetplus/IDport GitHub Wiki

CM online verification

This flow describes how to initiate transaction for authentication with online mobile device.

Initiate online verification IAPI/initiateTransaction
Authorize transaction in mobile app

Initiate online verification

initiate authentication with online mobile instance
specific parameters setting:
- operationType = AUTHENTICATION
- type = PIN for PIN only authorization, type = ALT_SECRET for PIN and biometric authorization, type = NO_PIN for confirmation only (if CM used as second factor)
- processingOptions.authorizationFlow = ONLINE
- if muid is not present, expect data for anonymous QR code in response parameter methodSpecific.qrData
used parameters:

Parameter	Description	Required	Value example
`methodType`	type of used method	true	["PASSWORD","SMS","CM"]
`muid`	user identifier	false	cg2t1
`operationType`	type of initiated transaction, deafault value is AUTHORIZATION	false	["AUTHENTICATION","AUTHORIZATION"]
`tenant`	organisation name, if not supplied, default value from configuration is taken	false	Monet+
`type`	secret that can be used for transaction verification, secrets hierarchy: PIN > ALT_SECRET > NO_PIN, stronger secret can be used always, default value is PIN	false	["PIN","NO_PIN","INFORMATION_MESSAGE","ALT_SECRET_ACTIVATION"]
`processingOptions.authorizationFlow`	distinguishes how the transaction can be verified, default value is ONLINE_OFFLINE	false	["ONLINE","OFFLINE","ONLINE_OFFLINE"]
`transactionData.data`	WYSIWYS transaction data (base64-encoded)	true	PFdZU0lXWVMgeG1sbnM9Imh0dHA6Ly9tZXAubW9uZXRwbHVzLmN6IiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB2ZXJzaW9uPSIxLjIiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL21lcC5tb25ldHBsdXMuY3ogbWVwX3d5c2l3eXNfMV8yLnhzZCI+DQoJPHQ+DQoJCTxsdlNwZWMgbD0iTsOhemV2IHRyYW5zYWtjZSIgbHdzPSIiIHdzPSIiPlDFmWlobMOhxaFlbsOtIGRvIGFwbGlrYWNlPC9sdlNwZWM+DQoJCTxsdiBpZD0iQVBQX0lEIiBsPSJBcGxpa2FjZSI+QkxVRTwvbHY+DQoJCTxsdiBpZD0iVFJBTlNBQ1RJT05fSUQiIGw9IklEIG9wZXJhY2UiPjE2MDcyNjAwMDAwMDA1NzwvbHY+DQoJCTxsdiBpZD0iQVBQTElDQVRJT05fTkFNRSIgbD0iTsOhemV2IGFwbGlrYWNlIj5CTFVFPC9sdj4NCgkJPGx2IGlkPSJUSU1FU1RBTVAiIGw9IkRhdHVtIGEgxI1hcyB0cmFuc2FrY2UiPjI2LjA3LjIwMTYgMTU6MjQ6MjA8L2x2Pg0KCQk8bHYgaWQ9IkNBU0VfTkFNRSIgbD0iTsOhemV2IHRyYW5zYWtjZSI+UMWZaWhsw6HFoWVuw60gZG8gYXBsaWthY2U8L2x2Pg0KCTwvdD4NCjwvV1lTSVdZUz4=
`transactionData.locale`	language code according to ISO 639-1	true	cs
`transactionData.template`	transformation template	true	AUTHENTICATION

REST API callback: IAPI/initiateTransaction

POST http://${BASE_URL}/case-iapi/v1/initiateTransaction
{
  "tenant": "idport",
  "muid": "cg2t1",
  "methodType": "CM",
  "operationType": "AUTHENTICATION",
  "type": "PIN",
  "transactionData": {
    "data": "PFdZU0lXWVMgeG1sbnM9Imh0dHA6Ly9tZXAubW9uZXRwbHVzLmN6IiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB2ZXJzaW9uPSIxLjIiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL21lcC5tb25ldHBsdXMuY3ogbWVwX3d5c2l3eXNfMV8yLnhzZCI+DQoJPHQ+DQoJCTxsdlNwZWMgbD0iTsOhemV2IHRyYW5zYWtjZSIgbHdzPSIiIHdzPSIiPlDFmWlobMOhxaFlbsOtIGRvIGFwbGlrYWNlPC9sdlNwZWM+DQoJCTxsdiBpZD0iQVBQX0lEIiBsPSJBcGxpa2FjZSI+QkxVRTwvbHY+DQoJCTxsdiBpZD0iVFJBTlNBQ1RJT05fSUQiIGw9IklEIG9wZXJhY2UiPjE2MDcyNjAwMDAwMDA1NzwvbHY+DQoJCTxsdiBpZD0iQVBQTElDQVRJT05fTkFNRSIgbD0iTsOhemV2IGFwbGlrYWNlIj5CTFVFPC9sdj4NCgkJPGx2IGlkPSJUSU1FU1RBTVAiIGw9IkRhdHVtIGEgxI1hcyB0cmFuc2FrY2UiPjI2LjA3LjIwMTYgMTU6MjQ6MjA8L2x2Pg0KCQk8bHYgaWQ9IkNBU0VfTkFNRSIgbD0iTsOhemV2IHRyYW5zYWtjZSI+UMWZaWhsw6HFoWVuw60gZG8gYXBsaWthY2U8L2x2Pg0KCTwvdD4NCjwvV1lTSVdZUz4=",
    "locale": "cs",
    "template": "AUTHENTICATION"
  },
  "processingOptions": {
    "authorizationFlow": "ONLINE"
  }
}
{
  "status": "success",
  "data": {
    "caseId": "S2MBS9+/lg6wbC0LizTrWBqmkYBXNub/JOGyVkZv/f/CNLAYmFMArdhWCgd+5+ueN+dVBD3tZ1motWAA3jOQyoERpwhJL7kgsfdBTwz02o2NCkqwCLu+dFoyDCAnquya"
  }
}

Authorize transaction in mobile app

authorize transaction in mobile application (push notification is sent)