SMS transaction - monetplus/IDport GitHub Wiki
SMS transaction
This flow describes how to initiate and verify SMS transaction.
- Initiate login with SMS
IAPI/initiateTransaction
- Wait for SMS
- Encrypt SMS code with RSA key
- Verify SMS transaction
IAPI/verifyTransaction
Initiate login with SMS
- initiate transaction for specified
muid and methodType = SMS
- used parameters:
| Parameter |
Description |
Required |
Value example |
methodType |
type of used method |
true |
["PASSWORD","SMS","CM"] |
muid |
user identifier |
false |
cg2t1 |
operationType |
type of initiated transaction, deafault value is AUTHORIZATION |
false |
["AUTHENTICATION","AUTHORIZATION"] |
tenant |
organisation name, if not supplied, default value from configuration is taken |
false |
Monet+ |
transactionData.data |
WYSIWYS transaction data (base64-encoded) |
true |
PFdZU0lXWVMgeG1sbnM9Imh0dHA6Ly9tZXAubW9uZXRwbHVzLmN6IiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB2ZXJzaW9uPSIxLjIiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL21lcC5tb25ldHBsdXMuY3ogbWVwX3d5c2l3eXNfMV8yLnhzZCI+DQoJPHQ+DQoJCTxsdlNwZWMgbD0iTsOhemV2IHRyYW5zYWtjZSIgbHdzPSIiIHdzPSIiPlDFmWlobMOhxaFlbsOtIGRvIGFwbGlrYWNlPC9sdlNwZWM+DQoJCTxsdiBpZD0iQVBQX0lEIiBsPSJBcGxpa2FjZSI+QkxVRTwvbHY+DQoJCTxsdiBpZD0iVFJBTlNBQ1RJT05fSUQiIGw9IklEIG9wZXJhY2UiPjE2MDcyNjAwMDAwMDA1NzwvbHY+DQoJCTxsdiBpZD0iQVBQTElDQVRJT05fTkFNRSIgbD0iTsOhemV2IGFwbGlrYWNlIj5CTFVFPC9sdj4NCgkJPGx2IGlkPSJUSU1FU1RBTVAiIGw9IkRhdHVtIGEgxI1hcyB0cmFuc2FrY2UiPjI2LjA3LjIwMTYgMTU6MjQ6MjA8L2x2Pg0KCQk8bHYgaWQ9IkNBU0VfTkFNRSIgbD0iTsOhemV2IHRyYW5zYWtjZSI+UMWZaWhsw6HFoWVuw60gZG8gYXBsaWthY2U8L2x2Pg0KCTwvdD4NCjwvV1lTSVdZUz4= |
transactionData.locale |
language code according to ISO 639-1 |
true |
cs |
transactionData.template |
transformation template |
true |
AUTHENTICATION |
- REST API callback:
IAPI/initiateTransaction
POST http://${BASE_URL}/case-iapi/v1/initiateTransaction
{
"tenant": "idport",
"muid": "cg2t1",
"methodType": "SMS",
"operationType": "AUTHENTICATION",
"transactionData": {
"data": "PFdZU0lXWVMgeG1sbnM9Imh0dHA6Ly9tZXAubW9uZXRwbHVzLmN6IiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB2ZXJzaW9uPSIxLjIiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL21lcC5tb25ldHBsdXMuY3ogbWVwX3d5c2l3eXNfMV8yLnhzZCI+DQoJPHQ+DQoJCTxsdlNwZWMgbD0iTsOhemV2IHRyYW5zYWtjZSIgbHdzPSIiIHdzPSIiPlDFmWlobMOhxaFlbsOtIGRvIGFwbGlrYWNlPC9sdlNwZWM+DQoJCTxsdiBpZD0iQVBQX0lEIiBsPSJBcGxpa2FjZSI+QkxVRTwvbHY+DQoJCTxsdiBpZD0iVFJBTlNBQ1RJT05fSUQiIGw9IklEIG9wZXJhY2UiPjE2MDcyNjAwMDAwMDA1NzwvbHY+DQoJCTxsdiBpZD0iQVBQTElDQVRJT05fTkFNRSIgbD0iTsOhemV2IGFwbGlrYWNlIj5CTFVFPC9sdj4NCgkJPGx2IGlkPSJUSU1FU1RBTVAiIGw9IkRhdHVtIGEgxI1hcyB0cmFuc2FrY2UiPjI2LjA3LjIwMTYgMTU6MjQ6MjA8L2x2Pg0KCQk8bHYgaWQ9IkNBU0VfTkFNRSIgbD0iTsOhemV2IHRyYW5zYWtjZSI+UMWZaWhsw6HFoWVuw60gZG8gYXBsaWthY2U8L2x2Pg0KCTwvdD4NCjwvV1lTSVdZUz4=",
"locale": "cs",
"template": "AUTHENTICATION"
}
}
{
"status": "success",
"data": {
"caseId": "HSO6PLbi7/J+OCgcx5bvGP1S191lbjuPeBAMaP4EqrVVsktG9V1E7ZrAhNiLjc9pDtALXAldJZBj64ZI7AkOK+RFe/ngmN5wHxI8qpINOA1ugfTWG3SiCUv+dmLqIMUu",
"methodSpecific": {
"cipherPublicKey": "MIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQCbA+nA4Oyfe4OiFeYGRK8O02+q3ObJ3IZPhYw7SJ5ULhygpZNhIcL5X0c1c2/yHuVoD7PKmoguQUu5Jj5uRC2ovvC8+X+xPRfohrhw8IXQ/DJC8AqRifCCUWshL8qzA4NNzIDIcMG+gLstSHdcMt6+opQb7AemGPfKiWVYw8wsTI9omkfT5QeMWTGJjBD38DFTLzEua/E56lm4MKDM4rk2PxD0Va0h2aZG7T0F6RwqhM7YYLhbc9LVwr840U9/EfUCAwEAAQ=="
}
}
}
Wait for SMS
- wait for SMS with verification code sent by IAM
Encrypt SMS code with RSA key
- optional step
- encrypt code from SMS with RSA
methodSpecific.cipherPublicKey from IAPI/initiateTransaction response (if provided)
- algorithm
RSA/ECB/PKCS1Padding is used for encryption and SMS OTP enters encryption as a UTF8 byte array
Verify SMS transaction
- transaction verification with
code = (encrypted) SMS code from previous step
- used parameters:
| Parameter |
Description |
Required |
Value example |
caseId |
transaction identifier |
true |
41QHE14SDOdId+d+g9isQVRgpkPKRRAoYWcaLVt//BdW4VjjSf0QfEmMMPzRGo6wl1TCcx5GUtGFr8sfh315Tuj4AT/ea4sSyv9z7Tgklo2RhV9zMhDOh7bBI5vp+uPf |
code |
transaction verification code |
false |
kuxejDzuNbSh1z6VGzYqo7Bv90IpfRavzGfxBYN9yl6D549zaSawq6+Cb0RDQLUz+vpFCgPBMHs73AQO1TpkVCACO/XiDfAf6P2ad61pPlXN02+L6fARtxXcOqowuM5AdPQioV4Byo1/guSjsT/BGNL0MpIjw5NgMtpB5NNw24+2PYx+8lzZM25NPTNaylTJNXBiCL3kBV/p68hc2p4EDzSSRjgA0uTH1oNMIqyNXXPOFGCKU9RSylrBnwLpCUkq |
methodType |
type of used method |
true |
["PASSWORD","ACTIVATION_CODE","SMS","CM","SPNEGO","TLS_CLIENT"] |
muid |
user identifier |
true |
cg2t1 |
tenant |
organisation name, if not supplied, default value from configuration is taken |
false |
Monet+ |
- REST API callback:
IAPI/verifyTransaction
POST http://${BASE_URL}/case-iapi/v1/verifyTransaction
{
"tenant": "idport",
"muid": "cg2t1",
"methodType": "SMS",
"caseId": "HSO6PLbi7/J+OCgcx5bvGP1S191lbjuPeBAMaP4EqrVVsktG9V1E7ZrAhNiLjc9pDtALXAldJZBj64ZI7AkOK+RFe/ngmN5wHxI8qpINOA1ugfTWG3SiCUv+dmLqIMUu",
"code": "PiuCbivRrMeW5WPBXjmfHoU7N7/WLWVrOHx6a9q1Qq0vtR5VPPzkVeXoHYe/M3TcfS8rjplMXHFCW3cnRYb8sjVwaCppSBxjYXLm0jQAqiDkwnoQw6jZTXgx8H5ERIAwIZhWOXjAKfRx9TO4daWvULJs7kjXb+FYCjrCZsILxdbatk8PSDLBuwBjB+CmbN26G9YvcN9Ax2+dhUPuZi/YlgbPJ3J24Z2UPeyMZHSPWfFPwNCp4jMLYbrV2+zKkii2"
}
{
"status": "success",
"data": {
"instanceInfo": {
"@type": "cz.monetplus.idport.component.model.InstanceInfo",
"instanceId": "SMS:482e2ae1-b1e3-4377-a5d8-c887d4094a91:cg2t1",
"state": "ACTIVE",
"instanceName": "JMTest - 2020-07-29 08-23-44.357",
"lastAccess": "2020-07-30T00:23:44.482445Z"
}
}
}