OTP Options Resource

When Two-factor Authentication is enabled for logins or password resets, SSOfy sends a request to the resource server to obtain available OTP options for verifying the user's identity by sending a confirmation code to their preferred method (email, sms or voice call).

📌 Info

It is optional to implement this endpoint.

When a user selects an OTP option, SSOfy sends an event to the resource server requesting that an Email or SMS be sent to the user. To clarify, SSOfy does not send SMS or emails directly. Instead, it is the responsibility of your application to handle this task using your preferred method and service provider.

Consider the following specs in designing your OTP Options endpoint:

URLanything
MethodPOST
HeadersContent-Type, Signature
FormatJSON
AttributeTypeRequiredValues
actionenumYesauthentication, password_reset, password_renew
methodenumYesusername, email, phone
identifierstringYes
ipstringNo
CodeDescription
200Success
401Unauthorized / Account not found
400Signature/Input validation Failed

The response should be json array containing a list of user's available OTP options with the following structure:

[
    {
        "id": "sandbox-user-authorization-sms-1",
        "type": "sms",
        "to": "+441234567890",
        "hint": "+4*********90",
        "user_id": "sandbox-user",
        "action": "authentication"
    },
    {
        "id": "sandbox-user-authorization-call-1",
        "type": "call",
        "to": "+441234567890",
        "hint": "+4*********90",
        "user_id": "sandbox-user",
        "action": "authentication"
    },
    {
        "id": "sandbox-user-authorization-email-1",
        "type": "email",
        "to": "guest@ssofy.com",
        "hint": "***st@***fy.com",
        "user_id": "sandbox-user",
        "action": "authentication"
    }
]

Valid options for the type property are:

  • email
  • sms
  • call

💡️ Tip

For a deeper understanding of the structure and optional properties, refer to the schema.

SSOfy strictly verifies the structure of the response you generate, therefore having properties other than those defined in the schema is not allowed.

ssofy Knowledge Base
At our core, we believe that staying up-to-date with the latest trends and advancements in Authentication and related areas is essential. That's why we take great pride in keeping you informed with the latest insights, updates, and news in this rapidly evolving landscape.


Do you need support?
SSOfy is by Cubelet Ltd.
Copyright © 2024 Cubelet Ltd. All rights reserved.