• OTP Options Resource
  • Endpoint
    • Parameters
  • Response
    • Status Codes (HTTP)

#OTP Options Resource

When Two-factor Authentication is enabled for logins or password resets, SSOfy sends a request to the resource server to obtain available OTP options for verifying the user's identity by sending a confirmation code to their preferred method (email, sms or voice call).

When a user selects an OTP option, SSOfy sends an event to the resource server requesting that an Email or SMS be sent to the user. To clarify, SSOfy does not send SMS or emails directly. Instead, it is the responsibility of your application to handle this task using your preferred method and service provider.

#Endpoint

Consider the following specs in designing your OTP Options endpoint:

#Parameters

#Response

#Status Codes (HTTP)

The response should be json array containing a list of user's available OTP options with the following structure:

[
    {
        "id": "sandbox-user-authorization-sms-1",
        "type": "sms",
        "to": "+441234567890",
        "hint": "+4*********90",
        "user_id": "sandbox-user",
        "action": "authentication"
    },
    {
        "id": "sandbox-user-authorization-call-1",
        "type": "call",
        "to": "+441234567890",
        "hint": "+4*********90",
        "user_id": "sandbox-user",
        "action": "authentication"
    },
    {
        "id": "sandbox-user-authorization-email-1",
        "type": "email",
        "to": "guest@ssofy.com",
        "hint": "***st@***fy.com",
        "user_id": "sandbox-user",
        "action": "authentication"
    }
]

Valid options for the type property are:

• email
• sms
• call

SSOfy strictly verifies the structure of the response you generate, therefore having properties other than those defined in the schema is not allowed.