0.1eset用户名
eset用户名 时间:2021-02-18 阅读:()
ESETSECUREAUTHENTICATIONAPIUserGuide(intendedforproductversion2.
7)ClickheretonavigatetothelatestversionofthisdocumentationESETSECUREAUTHENTICATIONCopyright2018byESET,spol.
sr.
o.
ESETSecureAuthenticationwasdevelopedbyESET,spol.
sr.
o.
Formoreinformationvisitwww.
eset.
com.
Allrightsreserved.
Nopartofthisdocumentationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwisewithoutpermissioninwritingfromtheauthor.
ESET,spol.
sr.
o.
reservestherighttochangeanyofthedescribedapplicationsoftwarewithoutpriornotice.
CustomerCare:www.
eset.
com/supportREV.
9/4/2018Contents4Introduction1.
5IntegrationOverview2.
6Configuration3.
7AuthenticationAPI4.
7Step1:Start2-FactorAuthentication4.
17Request4.
1.
17Response4.
1.
28Step2:Authenticate4.
28Request4.
2.
18Response4.
2.
29UserManagementAPI5.
9GetUserProfile5.
19Request5.
1.
19Response5.
1.
210Unlock5.
210Request5.
2.
110Response5.
2.
211Deprovision5.
311Request5.
3.
111Response5.
3.
211ProvisionMobileApplication5.
411Request5.
4.
112Response5.
4.
212ProvisionTextMessage5.
512Request5.
5.
112Response5.
5.
213ErrorHandling6.
13APIErrors6.
113HTTPErrors6.
241.
IntroductionInmostweb-basedapplications,usersareauthenticatedbeforebeinggrantedaccesstoprotectedresources.
Byaskingforanadditionalauthenticationfactorduringthelogonprocess,suchapplicationsgainanadditionallayerofsecurity.
TheESETSecureAuthenticationAPIisaREST-basedwebservicethatcanbeusedtoeasilyaddtwo-factorauthentication(2FA)toexistingapplications.
ThefullAPIdocumentationfordevelopersisavailableonthesameURLaddressasESAWebConsole,butfollowedby"/apidoc"withoutquotationmarks.
Forexample,iftheESAWebConsoleisavailableathttps://120.
0.
0.
1:8001/,theAPIdocumentationisavailableathttps://127.
0.
0.
1:8001/apidoc52.
IntegrationOverviewTheAPIconsistsoftwoendpoints:1.
TheAuthAPI,formerAuthenticationAPI,foradding2FAtoexistingapplications.
2.
TheUserManagementAPI,formanaging2FAusers.
TheAPIoperatesusingmethodswhicharecalledbyPOSTingJSON-formattedtexttotherelevantAPIURLs.
AllresponsesarealsoencodedasJSON-formattedtextcontainingthemethodresultandanyapplicableerrormessages.
TheAPIisavailableonallserverswheretheAuthenticationCorecomponentisinstalledandrunsoverthesecureHTTPSprotocolonport8001,unlessyouchangedtheportduringinstallationofAuthenticationServer.
TheAPIisasubcomponentofthestandardESAAuthenticationService.
Assuch,afunctionalESAinstallationisprerequisitetousingtheAPI.
TheauthenticationAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andtheManagementAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/v2/.
BothendpointsareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsbeforeprocessinganyrequest.
63.
ConfigurationTheAPIisdisabledbydefaultandmustbeenabledbeforeuse.
EachsetofAPIcredentialscanbeenabledfortheAuthAPI,theUserManagementAPIorbothendpoints.
Onceenabled,APIcredentialsmustbecreatedtoauthorizerequests:EnablingAPIandconfiguringAPIcredentialsinESAWebConsole1.
LaunchtheESETSecureAuthenticationWebConsoleandnavigatetotheSettings>APICredentials.
2.
SelecttheEnabledcheckbox.
Savethechanges.
3.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
4.
Enterthedesiredname,selecttheAuthAPIorManagementAPIcheckboxorboth.
ClickSave.
5.
TheaccountIDandpassworddisplays.
Besuretosavethepasswordsecurely,itcannotbedisplayedagain.
EnablingAPIandconfiguringAPIcredentialsinMMCConsole1.
LaunchtheESETSecureAuthenticationManagementConsoleandnavigatetotheAdvancedSettingsnodeforyourdomain.
2.
ExpandtheAPIsectionandchecktheAPIisenabledcheckbox.
Savethechanges.
3.
OpenthestandardWindowsServicesConsoleandrestarttheESETSecureAuthenticationCoreserviceforthechangetotakeeffect.
4.
NavigatetothenewlyvisibleAPICredentialsnodeforyourdomain.
5.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
6.
Double-clickonthenewlycreatedcredentialstogettheusernameandpasswordthataretobeusedforAPIauthentication.
7.
ChecktheEnabledforAuthAPIcheckbox,theEnabledforUserManagementAPIcheckboxorboth.
ManysetsofAPIcredentialsmaybecreated.
Itisrecommendedtocreatedifferentsetsforeachapplicationbeingprotected,aswellasfortesting.
IftheAPIisenabled,allserverswiththeAuthenticationServercomponentinstalledwillrespondtoauthorizedAPIrequestsaftertheyarerestarted.
ThereisnoneedtorestarttheESACoreservicewhencredentialsarecreatedordeleted.
74.
AuthenticationAPIAllAuthAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheAuthenticationAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
4.
1Step1:Start2-FactorAuthenticationAssoonastheexistingapplicationhasverifiedauser'susernameandpassword,theStartTwoFactorAuthenticationmethodmustbecalledinordertodeterminewhethertwo-factorauthenticationhasbeenenabledfortheuser.
Ifrequired,apushnotificationorSMSOTPwillautomaticallybesenttotheuseratthistime.
4.
1.
1RequestTobeginthe2FAprocess,makeanHTTPPOSTrequesttothefollowingURI:auth/v2/StartTwoFactorAuthenticationThefollowingJSONstringmustbeposted:{"username":"USERNAME"}Incaseofadomainuser,theusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticated.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
4.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"expected_otp":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplay"ERROR_NONE".
PleaseseetheErrorHandlingsectionforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveafriendlydescriptionoftheerror,ifapplicable.
8Theexpected_otpfieldisanarrayandspecifiestheOTP(One-timepassword)typesthatcanbeexpectedfromtheuser.
ThisvaluecanassistwithUIcreation,forexample,itwillindicateiftheusershouldexpectanSMSornot.
IfthearrayisemptythennoOTPisrequired(i.
e.
2FAisnotenabled)andtheusershouldbeloggedinimmediately.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasalreadyinstalledtheESAapplicationontheirmobilephoneandshouldgenerateanOTPusingtheapplication.
·SMS–theuserhasnotinstalledtheapplicationandhasbeensentanSMSwithanOTP.
·HARD_TOKEN–theuserhasbeenassignedahardtokenandshouldgenerateanOTPusingthedevice.
4.
2Step2:Authenticate4.
2.
1RequestToauthenticateauser,makeanHTTPPOSTrequesttothefollowingURI:/auth/v1/authenticateThefollowingJSONstringmustbeposted:{"username":"USERNAME","otp":"123456"}TheusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticatedandtheotpfieldastringwiththeOTPenteredbytheuser.
4.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"authenticated":true,"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheauthenticatedfieldisaBooleanthatspecifieswhetherthesuppliedOTPisvalid.
Iftheauthenticatedvalueistrue,theuser'sOTPhasbeensuccessfullyvalidatedandtheusershouldbeloggedin.
95.
UserManagementAPIAllUserManagementAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/users/v1/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheUserManagementAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
5.
1GetUserProfileThismethodreturns2FAinformationaboutauseraccount.
5.
1.
1RequestTogetthe2FAprofileofauser,makeanHTTPGETrequesttothefollowingURI:/manage/users/v1/profile/USERNAMEWhereUSERNAMEisastringwiththesamAccountNameoftheusertofetchtheprofileof.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
TheusernamemustbeURL-encoded.
5.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"username":"USERNAME","mobile_number":"2700000","is_locked":false,"last_success":"2014-01-01T00:00:00","last_failure":null,"consecutive_failures":0,"credential_type":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheusernamefieldisaStringcontainingthesamAccountNameoftheuser.
Themobile_numberfieldisaStringcontainingthemobilenumberoftheuser.
Theis_lockedfieldisaBooleanthatspecifiesiftheuserhasbeenlockedfor2FAduetotoomanyfailedauthenticationattempts.
10Thelast_successfieldisaDatethatspecifiesthelasttimethattheuserperformedasuccessfulauthentication.
Thisfieldcanbenull.
Thelast_failurefieldisaDatethatspecifiesthelasttimethattheuserperformedafailedauthentication.
Thisfieldcanbenull.
Theconsecutive_failuresfieldisanIntegerthatspecifiesthethenumberofconsecutivefailedauthenticationattemptsperformedbytheuser.
Thecredential_typefieldisanarrayandspecifiestheOTP(One-timepassword)typesthathavebeenenabledfortheuser.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasbeenenabledfortheESAMobileApp.
·SMS–theuserhasbeenenabledforSMSOTPs.
·HARD_TOKEN–theuserhasbeenenabledforhardtokenOTPs.
5.
2UnlockThismethodwillunlockthe2FAaccessofauser.
ItwillnotunlockanaccountlockedbyActiveDirectory.
5.
2.
1RequestTounlockauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/unlockThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertounlock.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
115.
3DeprovisionThismethodwilldisable2FAforauser.
5.
3.
1RequestTodisable2FAforauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/deprovisionThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertodisable2FAfor.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
3.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
5.
4ProvisionMobileApplicationThismethodwillenableauserforMobileApplicationOTPs.
AtextmessagewiththeinstallationURLforthemobileapplicationwillbesenttotheuser.
5.
4.
1RequestToprovisionauserfortheMobileApplication,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisionmobileappThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
125.
4.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"installation_url":"http://.
.
.
","error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
Theinstallation_urlfieldisaStringthatcontainstheinstallationURLfortheMobileApplication.
5.
5ProvisionTextMessageThismethodwillenableauserfortextmessageOTPs.
5.
5.
1RequestToprovisionauserforthetextmessageOTPs,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisiontextmessageThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
5.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
136.
ErrorHandling6.
1APIErrorsAllAPIerrorswillbereturnedasaresponsewithanHTTP200(OK)statuscode.
TheerrorfieldintheJSONresponsewillindicatetheerrorcode,whichisaliteralstringvalue.
Thefollowingerrorcodesaredefined:·ERROR_NONE:Noerrorhasoccurred·ERROR_USER_NOT_FOUND:Thesuppliedusernamedoesnotexistinthesystem·ERROR_FAULT:AnunspecifiederrorhasoccurredInadditiontotheerrorfield,anerror_messageisalsoprovidedwithafriendlydescriptionoftheerror.
Onlytheerrorfieldshouldbeusedtodetermineerrorconditionsastheerror_messagefieldisonlyinformationalandissubjecttochangewithoutnotice.
6.
2HTTPErrorsAllHTTPerrorswillbereturnedasresponseswithanemptybodyandanHTTPstatuscodeotherthanthenormal200(OK).
ThefollowingerroneousHTTPstatuscodecanbereturned:·HTTP500(InternalServerError):TheAPIserviceexperiencedanunknown,fatalerror·HTTP400(BadRequest):Theformatofthe"Authorization"headerintheHTTPrequestisinvalid·HTTP401(Unauthorized):NoAPIcredentialsweresuppliedwiththeHTTPrequest·HTTP403(Forbidden):CredentialssuppliedwiththeHTTPrequestareinvalid.
7)ClickheretonavigatetothelatestversionofthisdocumentationESETSECUREAUTHENTICATIONCopyright2018byESET,spol.
sr.
o.
ESETSecureAuthenticationwasdevelopedbyESET,spol.
sr.
o.
Formoreinformationvisitwww.
eset.
com.
Allrightsreserved.
Nopartofthisdocumentationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwisewithoutpermissioninwritingfromtheauthor.
ESET,spol.
sr.
o.
reservestherighttochangeanyofthedescribedapplicationsoftwarewithoutpriornotice.
CustomerCare:www.
eset.
com/supportREV.
9/4/2018Contents4Introduction1.
5IntegrationOverview2.
6Configuration3.
7AuthenticationAPI4.
7Step1:Start2-FactorAuthentication4.
17Request4.
1.
17Response4.
1.
28Step2:Authenticate4.
28Request4.
2.
18Response4.
2.
29UserManagementAPI5.
9GetUserProfile5.
19Request5.
1.
19Response5.
1.
210Unlock5.
210Request5.
2.
110Response5.
2.
211Deprovision5.
311Request5.
3.
111Response5.
3.
211ProvisionMobileApplication5.
411Request5.
4.
112Response5.
4.
212ProvisionTextMessage5.
512Request5.
5.
112Response5.
5.
213ErrorHandling6.
13APIErrors6.
113HTTPErrors6.
241.
IntroductionInmostweb-basedapplications,usersareauthenticatedbeforebeinggrantedaccesstoprotectedresources.
Byaskingforanadditionalauthenticationfactorduringthelogonprocess,suchapplicationsgainanadditionallayerofsecurity.
TheESETSecureAuthenticationAPIisaREST-basedwebservicethatcanbeusedtoeasilyaddtwo-factorauthentication(2FA)toexistingapplications.
ThefullAPIdocumentationfordevelopersisavailableonthesameURLaddressasESAWebConsole,butfollowedby"/apidoc"withoutquotationmarks.
Forexample,iftheESAWebConsoleisavailableathttps://120.
0.
0.
1:8001/,theAPIdocumentationisavailableathttps://127.
0.
0.
1:8001/apidoc52.
IntegrationOverviewTheAPIconsistsoftwoendpoints:1.
TheAuthAPI,formerAuthenticationAPI,foradding2FAtoexistingapplications.
2.
TheUserManagementAPI,formanaging2FAusers.
TheAPIoperatesusingmethodswhicharecalledbyPOSTingJSON-formattedtexttotherelevantAPIURLs.
AllresponsesarealsoencodedasJSON-formattedtextcontainingthemethodresultandanyapplicableerrormessages.
TheAPIisavailableonallserverswheretheAuthenticationCorecomponentisinstalledandrunsoverthesecureHTTPSprotocolonport8001,unlessyouchangedtheportduringinstallationofAuthenticationServer.
TheAPIisasubcomponentofthestandardESAAuthenticationService.
Assuch,afunctionalESAinstallationisprerequisitetousingtheAPI.
TheauthenticationAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andtheManagementAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/v2/.
BothendpointsareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsbeforeprocessinganyrequest.
63.
ConfigurationTheAPIisdisabledbydefaultandmustbeenabledbeforeuse.
EachsetofAPIcredentialscanbeenabledfortheAuthAPI,theUserManagementAPIorbothendpoints.
Onceenabled,APIcredentialsmustbecreatedtoauthorizerequests:EnablingAPIandconfiguringAPIcredentialsinESAWebConsole1.
LaunchtheESETSecureAuthenticationWebConsoleandnavigatetotheSettings>APICredentials.
2.
SelecttheEnabledcheckbox.
Savethechanges.
3.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
4.
Enterthedesiredname,selecttheAuthAPIorManagementAPIcheckboxorboth.
ClickSave.
5.
TheaccountIDandpassworddisplays.
Besuretosavethepasswordsecurely,itcannotbedisplayedagain.
EnablingAPIandconfiguringAPIcredentialsinMMCConsole1.
LaunchtheESETSecureAuthenticationManagementConsoleandnavigatetotheAdvancedSettingsnodeforyourdomain.
2.
ExpandtheAPIsectionandchecktheAPIisenabledcheckbox.
Savethechanges.
3.
OpenthestandardWindowsServicesConsoleandrestarttheESETSecureAuthenticationCoreserviceforthechangetotakeeffect.
4.
NavigatetothenewlyvisibleAPICredentialsnodeforyourdomain.
5.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
6.
Double-clickonthenewlycreatedcredentialstogettheusernameandpasswordthataretobeusedforAPIauthentication.
7.
ChecktheEnabledforAuthAPIcheckbox,theEnabledforUserManagementAPIcheckboxorboth.
ManysetsofAPIcredentialsmaybecreated.
Itisrecommendedtocreatedifferentsetsforeachapplicationbeingprotected,aswellasfortesting.
IftheAPIisenabled,allserverswiththeAuthenticationServercomponentinstalledwillrespondtoauthorizedAPIrequestsaftertheyarerestarted.
ThereisnoneedtorestarttheESACoreservicewhencredentialsarecreatedordeleted.
74.
AuthenticationAPIAllAuthAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheAuthenticationAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
4.
1Step1:Start2-FactorAuthenticationAssoonastheexistingapplicationhasverifiedauser'susernameandpassword,theStartTwoFactorAuthenticationmethodmustbecalledinordertodeterminewhethertwo-factorauthenticationhasbeenenabledfortheuser.
Ifrequired,apushnotificationorSMSOTPwillautomaticallybesenttotheuseratthistime.
4.
1.
1RequestTobeginthe2FAprocess,makeanHTTPPOSTrequesttothefollowingURI:auth/v2/StartTwoFactorAuthenticationThefollowingJSONstringmustbeposted:{"username":"USERNAME"}Incaseofadomainuser,theusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticated.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
4.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"expected_otp":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplay"ERROR_NONE".
PleaseseetheErrorHandlingsectionforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveafriendlydescriptionoftheerror,ifapplicable.
8Theexpected_otpfieldisanarrayandspecifiestheOTP(One-timepassword)typesthatcanbeexpectedfromtheuser.
ThisvaluecanassistwithUIcreation,forexample,itwillindicateiftheusershouldexpectanSMSornot.
IfthearrayisemptythennoOTPisrequired(i.
e.
2FAisnotenabled)andtheusershouldbeloggedinimmediately.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasalreadyinstalledtheESAapplicationontheirmobilephoneandshouldgenerateanOTPusingtheapplication.
·SMS–theuserhasnotinstalledtheapplicationandhasbeensentanSMSwithanOTP.
·HARD_TOKEN–theuserhasbeenassignedahardtokenandshouldgenerateanOTPusingthedevice.
4.
2Step2:Authenticate4.
2.
1RequestToauthenticateauser,makeanHTTPPOSTrequesttothefollowingURI:/auth/v1/authenticateThefollowingJSONstringmustbeposted:{"username":"USERNAME","otp":"123456"}TheusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticatedandtheotpfieldastringwiththeOTPenteredbytheuser.
4.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"authenticated":true,"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheauthenticatedfieldisaBooleanthatspecifieswhetherthesuppliedOTPisvalid.
Iftheauthenticatedvalueistrue,theuser'sOTPhasbeensuccessfullyvalidatedandtheusershouldbeloggedin.
95.
UserManagementAPIAllUserManagementAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/users/v1/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheUserManagementAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
5.
1GetUserProfileThismethodreturns2FAinformationaboutauseraccount.
5.
1.
1RequestTogetthe2FAprofileofauser,makeanHTTPGETrequesttothefollowingURI:/manage/users/v1/profile/USERNAMEWhereUSERNAMEisastringwiththesamAccountNameoftheusertofetchtheprofileof.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
TheusernamemustbeURL-encoded.
5.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"username":"USERNAME","mobile_number":"2700000","is_locked":false,"last_success":"2014-01-01T00:00:00","last_failure":null,"consecutive_failures":0,"credential_type":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheusernamefieldisaStringcontainingthesamAccountNameoftheuser.
Themobile_numberfieldisaStringcontainingthemobilenumberoftheuser.
Theis_lockedfieldisaBooleanthatspecifiesiftheuserhasbeenlockedfor2FAduetotoomanyfailedauthenticationattempts.
10Thelast_successfieldisaDatethatspecifiesthelasttimethattheuserperformedasuccessfulauthentication.
Thisfieldcanbenull.
Thelast_failurefieldisaDatethatspecifiesthelasttimethattheuserperformedafailedauthentication.
Thisfieldcanbenull.
Theconsecutive_failuresfieldisanIntegerthatspecifiesthethenumberofconsecutivefailedauthenticationattemptsperformedbytheuser.
Thecredential_typefieldisanarrayandspecifiestheOTP(One-timepassword)typesthathavebeenenabledfortheuser.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasbeenenabledfortheESAMobileApp.
·SMS–theuserhasbeenenabledforSMSOTPs.
·HARD_TOKEN–theuserhasbeenenabledforhardtokenOTPs.
5.
2UnlockThismethodwillunlockthe2FAaccessofauser.
ItwillnotunlockanaccountlockedbyActiveDirectory.
5.
2.
1RequestTounlockauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/unlockThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertounlock.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
115.
3DeprovisionThismethodwilldisable2FAforauser.
5.
3.
1RequestTodisable2FAforauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/deprovisionThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertodisable2FAfor.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
3.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
5.
4ProvisionMobileApplicationThismethodwillenableauserforMobileApplicationOTPs.
AtextmessagewiththeinstallationURLforthemobileapplicationwillbesenttotheuser.
5.
4.
1RequestToprovisionauserfortheMobileApplication,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisionmobileappThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
125.
4.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"installation_url":"http://.
.
.
","error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
Theinstallation_urlfieldisaStringthatcontainstheinstallationURLfortheMobileApplication.
5.
5ProvisionTextMessageThismethodwillenableauserfortextmessageOTPs.
5.
5.
1RequestToprovisionauserforthetextmessageOTPs,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisiontextmessageThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
5.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
136.
ErrorHandling6.
1APIErrorsAllAPIerrorswillbereturnedasaresponsewithanHTTP200(OK)statuscode.
TheerrorfieldintheJSONresponsewillindicatetheerrorcode,whichisaliteralstringvalue.
Thefollowingerrorcodesaredefined:·ERROR_NONE:Noerrorhasoccurred·ERROR_USER_NOT_FOUND:Thesuppliedusernamedoesnotexistinthesystem·ERROR_FAULT:AnunspecifiederrorhasoccurredInadditiontotheerrorfield,anerror_messageisalsoprovidedwithafriendlydescriptionoftheerror.
Onlytheerrorfieldshouldbeusedtodetermineerrorconditionsastheerror_messagefieldisonlyinformationalandissubjecttochangewithoutnotice.
6.
2HTTPErrorsAllHTTPerrorswillbereturnedasresponseswithanemptybodyandanHTTPstatuscodeotherthanthenormal200(OK).
ThefollowingerroneousHTTPstatuscodecanbereturned:·HTTP500(InternalServerError):TheAPIserviceexperiencedanunknown,fatalerror·HTTP400(BadRequest):Theformatofthe"Authorization"headerintheHTTPrequestisinvalid·HTTP401(Unauthorized):NoAPIcredentialsweresuppliedwiththeHTTPrequest·HTTP403(Forbidden):CredentialssuppliedwiththeHTTPrequestareinvalid.
热网互联33元/月,香港/日本/洛杉矶/韩国CN2高速线路云主机
热网互联怎么样?热网互联(hotiis)是随客云计算(Suike.Cloud)成立于2009年,增值电信业务经营许可证:B1-20203716)旗下平台。热网互联云主机是CN2高速回国线路,香港/日本/洛杉矶/韩国CN2高速线路云主机,最低33元/月;热网互联国内BGP高防服务器,香港服务器,日本服务器全线活动中,大量七五折来袭!点击进入:热网互联官方网站地址热网互联香港/日本/洛杉矶/韩国cn2...
HostDare($33.79/年)CKVM和QKVM套餐 可选CN2 GIA线路
关于HostDare服务商在之前的文章中有介绍过几次,算是比较老牌的服务商,但是商家背景财力不是特别雄厚,算是比较小众的个人服务商。目前主流提供CKVM和QKVM套餐。前者是电信CN2 GIA,不过库存储备也不是很足,这不九月份发布新的补货库存活动,有提供九折优惠CN2 GIA,以及六五折优惠QKVM普通线路方案。这次活动截止到9月30日,不清楚商家这次库存补货多少。比如 QKVM基础的五个方案都...
HostSlim,双E5-2620v2/4x 1TB SATA大硬盘,荷兰服务器60美元月
hostslim美国独立日活动正在进行中,针对一款大硬盘荷兰专用服务器:双E5-2620v2/4x 1TB SATA硬盘,活动价60美元月。HostSlim荷兰服务器允许大人内容,不过只支持电汇、信用卡和比特币付款,商家支持7天内退款保证,有需要欧洲服务器的可以入手试试,记得注册的时候选择中国,这样不用交20%的税。hostslim怎么样?HostSlim是一家成立于2008年的荷兰托管服务器商,...
eset用户名为你推荐
-
推广方法如何做推广?中国论坛大全甘肃论坛都有哪些?微信如何建群微信可以建立两个人的群吗?有一个是自己伪静态静态与伪静态的区别?唱吧电脑版官方下载电脑上可以安装唱吧吗?网店推广网站怎么免费推广淘宝店铺?开机滚动条谁会调开机的滚动条ejb开发EJB是啥玩意了二层交换机什么是三层交换机?什么是二层叫交换机?有什么区别?iphone6上市时间苹果6什么时候出?多少钱