Skip to content

Mobile Token API

Jump to bottom
Roman Štrobl edited this page Apr 8, 2018 · 37 revisions

The generated REST API documentation in deployed Web Flow:

http[s]://[host]:[port]/powerauth-webflow/swagger-ui.html

Mobile API Error Codes

List of error codes in Mobile Token API:

Code Description HTTP Status Code
INVALID_REQUEST Invalid request sent - missing request object in request 400
INVALID_ACTIVATION Activation is not valid (it is different from configured activation) 400
POWERAUTH_AUTH_FAIL PowerAuth authentication failed 401
OPERATION_ALREADY_FINISHED Operation is already finished 400
OPERATION_ALREADY_FAILED Operation is already failed 400
OPERATION_EXPIRED Operation is expired 400

Localization

In order to get a correctly localized response, please use the Accept-Language HTTP header in your request.

Mobile Token API Endpoints

Get Pending Operations

Get the list with all operations that are pending confirmation.

Method POST
Resource URI /api/auth/token/app/operation/list

Request

  • Headers:
    • Content-Type: application/json
    • Accept-Language: en-US
    • X-PowerAuth-Token: ...
{}

Response

  • Status Code: 200
  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": [
    {
      "id": "10de0b9c-791f-4e9f-93c4-e2203951c307",
      "data": "{\"amount\":\"100.00\",\"currency\":\"CZK\",\"account\":\"CZ1200000055000000000123\"}",
      "timestampCreated": "2018-03-21T15:37:37Z",
      "timestampExpires": "2018-03-21T15:47:37Z",
      "allowedSignatureType": {
          "type": "2FA",
          "variants": ["possession_knowledge", "possession_biometry"]
      },
      "formData": {
          "title": "Confirm payment",
          "message": "Please confirm payment of 100 CZK to account 1234567890/5500.",
          "attributes": [
             {
               "type": "AMOUNT",
               "id": "payment.amount",
               "label": "Amount",
               "amount": 100.00,
               "currency": "CZK"
             },
             {
               "type": "KEY_VALUE",
               "id": "payment.account",
               "label": "To Account",
               "value": "1234567890/5500"
             },
             {
               "type": "NOTE",
               "id": "payment.note",
               "label": "Note",
               "note": "Rent - May 2018"
             }
          ]
      }
    }
  ]
}

Confirm Operation

Confirms an operation with given ID and data. This endpoint requires a signature of a type specified by the operation.

Method POST
Resource URI /api/auth/token/app/operation/authorize

Request

  • Headers:
    • Content-Type: application/json
    • X-PowerAuth-Signature: ...
{
  "requestObject": {
      "id": "10de0b9c-791f-4e9f-93c4-e2203951c307",
      "data": "{\"amount\":\"100.00\",\"currency\":\"CZK\",\"account\":\"CZ1200000055000000000123\"}"
  }
}

Response

  • Status Code: 200
  • Headers:
    • Content-Type: application/json
{
  "status": "OK"
}

Reject Operation

Reject an operation with given ID, with a provided reason.

Method POST
Resource URI /api/auth/token/app/operation/cancel

Request

  • Headers:
    • Content-Type: application/json
    • X-PowerAuth-Signature: ...
{
  "requestObject": {
      "id": "10de0b9c-791f-4e9f-93c4-e2203951c307",
      "reason": "INCORRECT_DATA"
  }
}

Response

  • Status Code: 200
  • Headers:
    • Content-Type: application/json
{
  "status": "OK"
}

Enumerations

Form Attribute Types

Type Description
AMOUNT Form field representing an amount with currency.
KEY_VALUE Form field representing a key value item, where items are displayed next to each other. This realistically impose limitation on value length - it should fit into the single line.
NOTE Form field representing a generic text note, where label is displayed above the note. As a result, note can be of an arbitrary length and can be multi-line.

Operation Rejection Reasons

Type Description
UNKNOWN User decided not to tell us the operation rejection reason.
INCORRECT_DATA User claims incorrect data was presented in mToken app.
UNEXPECTED_OPERATION User claims he/she did not expect any operation.

Allowed Signature Types

Type Description
1FA One-factor signature - user just has to tap "Confirm" button to confirm it.
2FA Two-factor signature - user needs to use either password of biometry as addition to possession factor. The variants key then determines what signature type is allowed for the given operation.
ECDSA ECDSA signature with device private key.

Overview

Applications

REST APIs

Deployment

Customizing Web Flow

Technical Notes

Development

Releases

Clone this wiki locally