Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Evaluate risk with auth feedback

Authentication Feedback

search

Please Note:

Authentication Feedback

The authentication feedback is called by the Bank back-end once the authentication is finished. Its purpose is to give IdCloud Fraud Prevention feedback about the result of the user authentication that just took place; if it was successful or not, and what authentication method was used in the end.

This additional data is used by IdCloud Fraud Prevention to keep a record of the authentications for devices and users. This log allows the use of conditions based on authentication history.

The following authentication methods are allowed:

  • Password: User logged in with a password
  • OTP: User logged in with an OTP
  • 1FA: User logged in with a custom authentication method managed by the bank
  • 2FA: User logged in with a custom authentication method managed by the bank
  • 3FA: User logged in with a custom authentication method managed by the bank

The sample below provides an example of such feedback. The user was presented with a password login method and successfully authenticated.

In the example below, several values need to be updated with your configuration.

  • eyJ0…3jig - the base 64 encoded JWT used to authorise the request to the OIP Risk Management service.
  • 12345678-90ab-cdef-1234-567890abcdef : The API key identifies a customer to IdCloud for quota and monitoring purposes.
PATCH /scs/v1/scenarios/5b54d59f-a747-4913-ae03-c4ba54b79bde/state/steps/WaitForAuth
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJ0...3jig
X-API-KEY: 12345678-90ab-cdef-1234-567890abcdef

{
  "name": "Evaluate_Risk_With_Authentication_Feedback",
  "input":
    {
        "risk": {
            "method": "password",
            "result": "success",
            "stepUp": false
        }
    }
}

The response is fairly straightfoward and only the results of the operation need to be checked:

  • HTTP/1.1 202: Scenario was successfully patched
  • status: Finished - The scenario is finished.
  • state.result.code: 0 - The last update completed successfully. If an error had happened, the object state.result.object.fpp would contain more details on the error.
HTTP/1.1 202
status: 202
Date: Thu, 20 Dec 2018 15:53:22 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 231

{
  "id": "5b54d59f-a747-4913-ae03-c4ba54b79bde",
  "name": "Evaluate_Risk_With_Authentication_Feedback",
  "status": "Finished",
  "state": {
    "result": {
       "code": "0",
       "message": "Risk operation completed",
       "type": "Risk_Response",
       "object": {
           "fpp": {
              "result": "OK"
           }
       }
    }
}

REST API documentation

This API is documented in the following page: Evaluate risk with authentication feedback

On this page