0.1eset用户名
eset用户名 时间:2021-02-18 阅读:()
ESETSECUREAUTHENTICATIONAPIUserGuide(intendedforproductversion2.
7)ClickheretonavigatetothelatestversionofthisdocumentationESETSECUREAUTHENTICATIONCopyright2018byESET,spol.
sr.
o.
ESETSecureAuthenticationwasdevelopedbyESET,spol.
sr.
o.
Formoreinformationvisitwww.
eset.
com.
Allrightsreserved.
Nopartofthisdocumentationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwisewithoutpermissioninwritingfromtheauthor.
ESET,spol.
sr.
o.
reservestherighttochangeanyofthedescribedapplicationsoftwarewithoutpriornotice.
CustomerCare:www.
eset.
com/supportREV.
9/4/2018Contents4Introduction1.
5IntegrationOverview2.
6Configuration3.
7AuthenticationAPI4.
7Step1:Start2-FactorAuthentication4.
17Request4.
1.
17Response4.
1.
28Step2:Authenticate4.
28Request4.
2.
18Response4.
2.
29UserManagementAPI5.
9GetUserProfile5.
19Request5.
1.
19Response5.
1.
210Unlock5.
210Request5.
2.
110Response5.
2.
211Deprovision5.
311Request5.
3.
111Response5.
3.
211ProvisionMobileApplication5.
411Request5.
4.
112Response5.
4.
212ProvisionTextMessage5.
512Request5.
5.
112Response5.
5.
213ErrorHandling6.
13APIErrors6.
113HTTPErrors6.
241.
IntroductionInmostweb-basedapplications,usersareauthenticatedbeforebeinggrantedaccesstoprotectedresources.
Byaskingforanadditionalauthenticationfactorduringthelogonprocess,suchapplicationsgainanadditionallayerofsecurity.
TheESETSecureAuthenticationAPIisaREST-basedwebservicethatcanbeusedtoeasilyaddtwo-factorauthentication(2FA)toexistingapplications.
ThefullAPIdocumentationfordevelopersisavailableonthesameURLaddressasESAWebConsole,butfollowedby"/apidoc"withoutquotationmarks.
Forexample,iftheESAWebConsoleisavailableathttps://120.
0.
0.
1:8001/,theAPIdocumentationisavailableathttps://127.
0.
0.
1:8001/apidoc52.
IntegrationOverviewTheAPIconsistsoftwoendpoints:1.
TheAuthAPI,formerAuthenticationAPI,foradding2FAtoexistingapplications.
2.
TheUserManagementAPI,formanaging2FAusers.
TheAPIoperatesusingmethodswhicharecalledbyPOSTingJSON-formattedtexttotherelevantAPIURLs.
AllresponsesarealsoencodedasJSON-formattedtextcontainingthemethodresultandanyapplicableerrormessages.
TheAPIisavailableonallserverswheretheAuthenticationCorecomponentisinstalledandrunsoverthesecureHTTPSprotocolonport8001,unlessyouchangedtheportduringinstallationofAuthenticationServer.
TheAPIisasubcomponentofthestandardESAAuthenticationService.
Assuch,afunctionalESAinstallationisprerequisitetousingtheAPI.
TheauthenticationAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andtheManagementAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/v2/.
BothendpointsareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsbeforeprocessinganyrequest.
63.
ConfigurationTheAPIisdisabledbydefaultandmustbeenabledbeforeuse.
EachsetofAPIcredentialscanbeenabledfortheAuthAPI,theUserManagementAPIorbothendpoints.
Onceenabled,APIcredentialsmustbecreatedtoauthorizerequests:EnablingAPIandconfiguringAPIcredentialsinESAWebConsole1.
LaunchtheESETSecureAuthenticationWebConsoleandnavigatetotheSettings>APICredentials.
2.
SelecttheEnabledcheckbox.
Savethechanges.
3.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
4.
Enterthedesiredname,selecttheAuthAPIorManagementAPIcheckboxorboth.
ClickSave.
5.
TheaccountIDandpassworddisplays.
Besuretosavethepasswordsecurely,itcannotbedisplayedagain.
EnablingAPIandconfiguringAPIcredentialsinMMCConsole1.
LaunchtheESETSecureAuthenticationManagementConsoleandnavigatetotheAdvancedSettingsnodeforyourdomain.
2.
ExpandtheAPIsectionandchecktheAPIisenabledcheckbox.
Savethechanges.
3.
OpenthestandardWindowsServicesConsoleandrestarttheESETSecureAuthenticationCoreserviceforthechangetotakeeffect.
4.
NavigatetothenewlyvisibleAPICredentialsnodeforyourdomain.
5.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
6.
Double-clickonthenewlycreatedcredentialstogettheusernameandpasswordthataretobeusedforAPIauthentication.
7.
ChecktheEnabledforAuthAPIcheckbox,theEnabledforUserManagementAPIcheckboxorboth.
ManysetsofAPIcredentialsmaybecreated.
Itisrecommendedtocreatedifferentsetsforeachapplicationbeingprotected,aswellasfortesting.
IftheAPIisenabled,allserverswiththeAuthenticationServercomponentinstalledwillrespondtoauthorizedAPIrequestsaftertheyarerestarted.
ThereisnoneedtorestarttheESACoreservicewhencredentialsarecreatedordeleted.
74.
AuthenticationAPIAllAuthAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheAuthenticationAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
4.
1Step1:Start2-FactorAuthenticationAssoonastheexistingapplicationhasverifiedauser'susernameandpassword,theStartTwoFactorAuthenticationmethodmustbecalledinordertodeterminewhethertwo-factorauthenticationhasbeenenabledfortheuser.
Ifrequired,apushnotificationorSMSOTPwillautomaticallybesenttotheuseratthistime.
4.
1.
1RequestTobeginthe2FAprocess,makeanHTTPPOSTrequesttothefollowingURI:auth/v2/StartTwoFactorAuthenticationThefollowingJSONstringmustbeposted:{"username":"USERNAME"}Incaseofadomainuser,theusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticated.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
4.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"expected_otp":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplay"ERROR_NONE".
PleaseseetheErrorHandlingsectionforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveafriendlydescriptionoftheerror,ifapplicable.
8Theexpected_otpfieldisanarrayandspecifiestheOTP(One-timepassword)typesthatcanbeexpectedfromtheuser.
ThisvaluecanassistwithUIcreation,forexample,itwillindicateiftheusershouldexpectanSMSornot.
IfthearrayisemptythennoOTPisrequired(i.
e.
2FAisnotenabled)andtheusershouldbeloggedinimmediately.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasalreadyinstalledtheESAapplicationontheirmobilephoneandshouldgenerateanOTPusingtheapplication.
·SMS–theuserhasnotinstalledtheapplicationandhasbeensentanSMSwithanOTP.
·HARD_TOKEN–theuserhasbeenassignedahardtokenandshouldgenerateanOTPusingthedevice.
4.
2Step2:Authenticate4.
2.
1RequestToauthenticateauser,makeanHTTPPOSTrequesttothefollowingURI:/auth/v1/authenticateThefollowingJSONstringmustbeposted:{"username":"USERNAME","otp":"123456"}TheusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticatedandtheotpfieldastringwiththeOTPenteredbytheuser.
4.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"authenticated":true,"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheauthenticatedfieldisaBooleanthatspecifieswhetherthesuppliedOTPisvalid.
Iftheauthenticatedvalueistrue,theuser'sOTPhasbeensuccessfullyvalidatedandtheusershouldbeloggedin.
95.
UserManagementAPIAllUserManagementAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/users/v1/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheUserManagementAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
5.
1GetUserProfileThismethodreturns2FAinformationaboutauseraccount.
5.
1.
1RequestTogetthe2FAprofileofauser,makeanHTTPGETrequesttothefollowingURI:/manage/users/v1/profile/USERNAMEWhereUSERNAMEisastringwiththesamAccountNameoftheusertofetchtheprofileof.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
TheusernamemustbeURL-encoded.
5.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"username":"USERNAME","mobile_number":"2700000","is_locked":false,"last_success":"2014-01-01T00:00:00","last_failure":null,"consecutive_failures":0,"credential_type":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheusernamefieldisaStringcontainingthesamAccountNameoftheuser.
Themobile_numberfieldisaStringcontainingthemobilenumberoftheuser.
Theis_lockedfieldisaBooleanthatspecifiesiftheuserhasbeenlockedfor2FAduetotoomanyfailedauthenticationattempts.
10Thelast_successfieldisaDatethatspecifiesthelasttimethattheuserperformedasuccessfulauthentication.
Thisfieldcanbenull.
Thelast_failurefieldisaDatethatspecifiesthelasttimethattheuserperformedafailedauthentication.
Thisfieldcanbenull.
Theconsecutive_failuresfieldisanIntegerthatspecifiesthethenumberofconsecutivefailedauthenticationattemptsperformedbytheuser.
Thecredential_typefieldisanarrayandspecifiestheOTP(One-timepassword)typesthathavebeenenabledfortheuser.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasbeenenabledfortheESAMobileApp.
·SMS–theuserhasbeenenabledforSMSOTPs.
·HARD_TOKEN–theuserhasbeenenabledforhardtokenOTPs.
5.
2UnlockThismethodwillunlockthe2FAaccessofauser.
ItwillnotunlockanaccountlockedbyActiveDirectory.
5.
2.
1RequestTounlockauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/unlockThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertounlock.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
115.
3DeprovisionThismethodwilldisable2FAforauser.
5.
3.
1RequestTodisable2FAforauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/deprovisionThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertodisable2FAfor.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
3.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
5.
4ProvisionMobileApplicationThismethodwillenableauserforMobileApplicationOTPs.
AtextmessagewiththeinstallationURLforthemobileapplicationwillbesenttotheuser.
5.
4.
1RequestToprovisionauserfortheMobileApplication,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisionmobileappThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
125.
4.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"installation_url":"http://.
.
.
","error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
Theinstallation_urlfieldisaStringthatcontainstheinstallationURLfortheMobileApplication.
5.
5ProvisionTextMessageThismethodwillenableauserfortextmessageOTPs.
5.
5.
1RequestToprovisionauserforthetextmessageOTPs,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisiontextmessageThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
5.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
136.
ErrorHandling6.
1APIErrorsAllAPIerrorswillbereturnedasaresponsewithanHTTP200(OK)statuscode.
TheerrorfieldintheJSONresponsewillindicatetheerrorcode,whichisaliteralstringvalue.
Thefollowingerrorcodesaredefined:·ERROR_NONE:Noerrorhasoccurred·ERROR_USER_NOT_FOUND:Thesuppliedusernamedoesnotexistinthesystem·ERROR_FAULT:AnunspecifiederrorhasoccurredInadditiontotheerrorfield,anerror_messageisalsoprovidedwithafriendlydescriptionoftheerror.
Onlytheerrorfieldshouldbeusedtodetermineerrorconditionsastheerror_messagefieldisonlyinformationalandissubjecttochangewithoutnotice.
6.
2HTTPErrorsAllHTTPerrorswillbereturnedasresponseswithanemptybodyandanHTTPstatuscodeotherthanthenormal200(OK).
ThefollowingerroneousHTTPstatuscodecanbereturned:·HTTP500(InternalServerError):TheAPIserviceexperiencedanunknown,fatalerror·HTTP400(BadRequest):Theformatofthe"Authorization"headerintheHTTPrequestisinvalid·HTTP401(Unauthorized):NoAPIcredentialsweresuppliedwiththeHTTPrequest·HTTP403(Forbidden):CredentialssuppliedwiththeHTTPrequestareinvalid.
7)ClickheretonavigatetothelatestversionofthisdocumentationESETSECUREAUTHENTICATIONCopyright2018byESET,spol.
sr.
o.
ESETSecureAuthenticationwasdevelopedbyESET,spol.
sr.
o.
Formoreinformationvisitwww.
eset.
com.
Allrightsreserved.
Nopartofthisdocumentationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwisewithoutpermissioninwritingfromtheauthor.
ESET,spol.
sr.
o.
reservestherighttochangeanyofthedescribedapplicationsoftwarewithoutpriornotice.
CustomerCare:www.
eset.
com/supportREV.
9/4/2018Contents4Introduction1.
5IntegrationOverview2.
6Configuration3.
7AuthenticationAPI4.
7Step1:Start2-FactorAuthentication4.
17Request4.
1.
17Response4.
1.
28Step2:Authenticate4.
28Request4.
2.
18Response4.
2.
29UserManagementAPI5.
9GetUserProfile5.
19Request5.
1.
19Response5.
1.
210Unlock5.
210Request5.
2.
110Response5.
2.
211Deprovision5.
311Request5.
3.
111Response5.
3.
211ProvisionMobileApplication5.
411Request5.
4.
112Response5.
4.
212ProvisionTextMessage5.
512Request5.
5.
112Response5.
5.
213ErrorHandling6.
13APIErrors6.
113HTTPErrors6.
241.
IntroductionInmostweb-basedapplications,usersareauthenticatedbeforebeinggrantedaccesstoprotectedresources.
Byaskingforanadditionalauthenticationfactorduringthelogonprocess,suchapplicationsgainanadditionallayerofsecurity.
TheESETSecureAuthenticationAPIisaREST-basedwebservicethatcanbeusedtoeasilyaddtwo-factorauthentication(2FA)toexistingapplications.
ThefullAPIdocumentationfordevelopersisavailableonthesameURLaddressasESAWebConsole,butfollowedby"/apidoc"withoutquotationmarks.
Forexample,iftheESAWebConsoleisavailableathttps://120.
0.
0.
1:8001/,theAPIdocumentationisavailableathttps://127.
0.
0.
1:8001/apidoc52.
IntegrationOverviewTheAPIconsistsoftwoendpoints:1.
TheAuthAPI,formerAuthenticationAPI,foradding2FAtoexistingapplications.
2.
TheUserManagementAPI,formanaging2FAusers.
TheAPIoperatesusingmethodswhicharecalledbyPOSTingJSON-formattedtexttotherelevantAPIURLs.
AllresponsesarealsoencodedasJSON-formattedtextcontainingthemethodresultandanyapplicableerrormessages.
TheAPIisavailableonallserverswheretheAuthenticationCorecomponentisinstalledandrunsoverthesecureHTTPSprotocolonport8001,unlessyouchangedtheportduringinstallationofAuthenticationServer.
TheAPIisasubcomponentofthestandardESAAuthenticationService.
Assuch,afunctionalESAinstallationisprerequisitetousingtheAPI.
TheauthenticationAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andtheManagementAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/v2/.
BothendpointsareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsbeforeprocessinganyrequest.
63.
ConfigurationTheAPIisdisabledbydefaultandmustbeenabledbeforeuse.
EachsetofAPIcredentialscanbeenabledfortheAuthAPI,theUserManagementAPIorbothendpoints.
Onceenabled,APIcredentialsmustbecreatedtoauthorizerequests:EnablingAPIandconfiguringAPIcredentialsinESAWebConsole1.
LaunchtheESETSecureAuthenticationWebConsoleandnavigatetotheSettings>APICredentials.
2.
SelecttheEnabledcheckbox.
Savethechanges.
3.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
4.
Enterthedesiredname,selecttheAuthAPIorManagementAPIcheckboxorboth.
ClickSave.
5.
TheaccountIDandpassworddisplays.
Besuretosavethepasswordsecurely,itcannotbedisplayedagain.
EnablingAPIandconfiguringAPIcredentialsinMMCConsole1.
LaunchtheESETSecureAuthenticationManagementConsoleandnavigatetotheAdvancedSettingsnodeforyourdomain.
2.
ExpandtheAPIsectionandchecktheAPIisenabledcheckbox.
Savethechanges.
3.
OpenthestandardWindowsServicesConsoleandrestarttheESETSecureAuthenticationCoreserviceforthechangetotakeeffect.
4.
NavigatetothenewlyvisibleAPICredentialsnodeforyourdomain.
5.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
6.
Double-clickonthenewlycreatedcredentialstogettheusernameandpasswordthataretobeusedforAPIauthentication.
7.
ChecktheEnabledforAuthAPIcheckbox,theEnabledforUserManagementAPIcheckboxorboth.
ManysetsofAPIcredentialsmaybecreated.
Itisrecommendedtocreatedifferentsetsforeachapplicationbeingprotected,aswellasfortesting.
IftheAPIisenabled,allserverswiththeAuthenticationServercomponentinstalledwillrespondtoauthorizedAPIrequestsaftertheyarerestarted.
ThereisnoneedtorestarttheESACoreservicewhencredentialsarecreatedordeleted.
74.
AuthenticationAPIAllAuthAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheAuthenticationAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
4.
1Step1:Start2-FactorAuthenticationAssoonastheexistingapplicationhasverifiedauser'susernameandpassword,theStartTwoFactorAuthenticationmethodmustbecalledinordertodeterminewhethertwo-factorauthenticationhasbeenenabledfortheuser.
Ifrequired,apushnotificationorSMSOTPwillautomaticallybesenttotheuseratthistime.
4.
1.
1RequestTobeginthe2FAprocess,makeanHTTPPOSTrequesttothefollowingURI:auth/v2/StartTwoFactorAuthenticationThefollowingJSONstringmustbeposted:{"username":"USERNAME"}Incaseofadomainuser,theusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticated.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
4.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"expected_otp":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplay"ERROR_NONE".
PleaseseetheErrorHandlingsectionforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveafriendlydescriptionoftheerror,ifapplicable.
8Theexpected_otpfieldisanarrayandspecifiestheOTP(One-timepassword)typesthatcanbeexpectedfromtheuser.
ThisvaluecanassistwithUIcreation,forexample,itwillindicateiftheusershouldexpectanSMSornot.
IfthearrayisemptythennoOTPisrequired(i.
e.
2FAisnotenabled)andtheusershouldbeloggedinimmediately.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasalreadyinstalledtheESAapplicationontheirmobilephoneandshouldgenerateanOTPusingtheapplication.
·SMS–theuserhasnotinstalledtheapplicationandhasbeensentanSMSwithanOTP.
·HARD_TOKEN–theuserhasbeenassignedahardtokenandshouldgenerateanOTPusingthedevice.
4.
2Step2:Authenticate4.
2.
1RequestToauthenticateauser,makeanHTTPPOSTrequesttothefollowingURI:/auth/v1/authenticateThefollowingJSONstringmustbeposted:{"username":"USERNAME","otp":"123456"}TheusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticatedandtheotpfieldastringwiththeOTPenteredbytheuser.
4.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"authenticated":true,"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheauthenticatedfieldisaBooleanthatspecifieswhetherthesuppliedOTPisvalid.
Iftheauthenticatedvalueistrue,theuser'sOTPhasbeensuccessfullyvalidatedandtheusershouldbeloggedin.
95.
UserManagementAPIAllUserManagementAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/users/v1/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheUserManagementAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
5.
1GetUserProfileThismethodreturns2FAinformationaboutauseraccount.
5.
1.
1RequestTogetthe2FAprofileofauser,makeanHTTPGETrequesttothefollowingURI:/manage/users/v1/profile/USERNAMEWhereUSERNAMEisastringwiththesamAccountNameoftheusertofetchtheprofileof.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
TheusernamemustbeURL-encoded.
5.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"username":"USERNAME","mobile_number":"2700000","is_locked":false,"last_success":"2014-01-01T00:00:00","last_failure":null,"consecutive_failures":0,"credential_type":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheusernamefieldisaStringcontainingthesamAccountNameoftheuser.
Themobile_numberfieldisaStringcontainingthemobilenumberoftheuser.
Theis_lockedfieldisaBooleanthatspecifiesiftheuserhasbeenlockedfor2FAduetotoomanyfailedauthenticationattempts.
10Thelast_successfieldisaDatethatspecifiesthelasttimethattheuserperformedasuccessfulauthentication.
Thisfieldcanbenull.
Thelast_failurefieldisaDatethatspecifiesthelasttimethattheuserperformedafailedauthentication.
Thisfieldcanbenull.
Theconsecutive_failuresfieldisanIntegerthatspecifiesthethenumberofconsecutivefailedauthenticationattemptsperformedbytheuser.
Thecredential_typefieldisanarrayandspecifiestheOTP(One-timepassword)typesthathavebeenenabledfortheuser.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasbeenenabledfortheESAMobileApp.
·SMS–theuserhasbeenenabledforSMSOTPs.
·HARD_TOKEN–theuserhasbeenenabledforhardtokenOTPs.
5.
2UnlockThismethodwillunlockthe2FAaccessofauser.
ItwillnotunlockanaccountlockedbyActiveDirectory.
5.
2.
1RequestTounlockauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/unlockThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertounlock.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
115.
3DeprovisionThismethodwilldisable2FAforauser.
5.
3.
1RequestTodisable2FAforauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/deprovisionThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertodisable2FAfor.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
3.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
5.
4ProvisionMobileApplicationThismethodwillenableauserforMobileApplicationOTPs.
AtextmessagewiththeinstallationURLforthemobileapplicationwillbesenttotheuser.
5.
4.
1RequestToprovisionauserfortheMobileApplication,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisionmobileappThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
125.
4.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"installation_url":"http://.
.
.
","error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
Theinstallation_urlfieldisaStringthatcontainstheinstallationURLfortheMobileApplication.
5.
5ProvisionTextMessageThismethodwillenableauserfortextmessageOTPs.
5.
5.
1RequestToprovisionauserforthetextmessageOTPs,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisiontextmessageThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
5.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
136.
ErrorHandling6.
1APIErrorsAllAPIerrorswillbereturnedasaresponsewithanHTTP200(OK)statuscode.
TheerrorfieldintheJSONresponsewillindicatetheerrorcode,whichisaliteralstringvalue.
Thefollowingerrorcodesaredefined:·ERROR_NONE:Noerrorhasoccurred·ERROR_USER_NOT_FOUND:Thesuppliedusernamedoesnotexistinthesystem·ERROR_FAULT:AnunspecifiederrorhasoccurredInadditiontotheerrorfield,anerror_messageisalsoprovidedwithafriendlydescriptionoftheerror.
Onlytheerrorfieldshouldbeusedtodetermineerrorconditionsastheerror_messagefieldisonlyinformationalandissubjecttochangewithoutnotice.
6.
2HTTPErrorsAllHTTPerrorswillbereturnedasresponseswithanemptybodyandanHTTPstatuscodeotherthanthenormal200(OK).
ThefollowingerroneousHTTPstatuscodecanbereturned:·HTTP500(InternalServerError):TheAPIserviceexperiencedanunknown,fatalerror·HTTP400(BadRequest):Theformatofthe"Authorization"headerintheHTTPrequestisinvalid·HTTP401(Unauthorized):NoAPIcredentialsweresuppliedwiththeHTTPrequest·HTTP403(Forbidden):CredentialssuppliedwiththeHTTPrequestareinvalid.
美国Cera 2核4G 20元/45天 香港CN2 E5 20M物理机服务器 150元 日本CN2 E5 20M物理机服务器 150元 提速啦
提速啦 成立于2012年,作为互联网老兵我们一直为用户提供 稳定 高速 高质量的产品。成立至今一直深受用户的喜爱 荣获 “2021年赣州安全大赛第三名” “2020创新企业入围奖” 等殊荣。目前我司在美国拥有4.6万G总内存云服务器资源,香港拥有2.2万G总内存云服务器资源,阿里云香港机房拥有8000G总内存云服务器资源,国内多地区拥有1.6万G总内存云服务器资源,绝非1 2台宿主机的小商家可比。...
10gbiz($2.36/月),香港/洛杉矶CN2 GIA线路VPS,香港/日本独立服务器
10gbiz发布了9月优惠方案,针对VPS、独立服务器、站群服务器、高防服务器等均提供了一系列优惠方面,其中香港/洛杉矶CN2 GIA线路VPS主机4折优惠继续,优惠后最低每月仅2.36美元起;日本/香港独立服务器提供特价款首月1.5折27.43美元起;站群/G口服务器首月半价,高防服务器永久8.5折等。这是一家成立于2020年的主机商,提供包括独立服务器租用和VPS主机等产品,数据中心包括美国洛...
DogYun27.5元/月香港/韩国/日本/美国云服务器,弹性云主机
DogYun怎么样?DogYun是一家2019年成立的国人主机商,称为狗云,提供VPS及独立服务器租用,其中VPS分为经典云和动态云(支持小时计费及随时可删除),DogYun云服务器基于Kernel-based Virtual Machine(Kvm)硬件的完全虚拟化架构,您可以在弹性云中,随时调整CPU,内存,硬盘,网络,IPv4路线(如果该数据中心接入了多条路线)等。DogYun弹性云服务器优...
eset用户名为你推荐
-
百度k站百度是怎么样k站的呢?绵阳电信绵阳电信宽带套餐资费推荐金山杀毒怎么样用金山毒霸杀毒好吗?伪静态什么是伪静态网站?伪静态网站有什么优势手机区号手机号码办公协同软件协同企业办公的软件有哪些?保护气球气球保护液可以用什么来代替?ejb开发什么是EJB?它是干什么的?和JAVA,JSP有关系吗?他们各有什么特点和用途?ios系统ios系统和安卓系统对比起来有什么优点和缺点?ios系统ios系统的手机有哪些?