PingFederate Authentication API support
The PingFederate Authentication API provides access to the current state of the authentication flow as a user steps through the PingFederate authentication policy. You can use the PingFederate Authentication API to integrate the One-Time Passcode IdP Adapter into your application.
You can also explore the process using the PingFederate Authentication API Explorer. Learn more in the following sections of the PingFederate documentation:
HTTP method contract:
|
To integrate the One-Time Passcode IdP Adapter into your authentication flow, configure your application based on the information in this section.
Models, objects, and error codes
When using the One-Time Passcode Integration Kit through the PingFederate Authentication API, the adapter uses the following state models, action models, objects, and error codes.
State models
Status | Request model | Action | Description |
---|---|---|---|
|
|
|
Indicates that device selection is required because the user might have more than one device. To continue, the user must select a device for multi-factor authentication (MFA). |
|
|
|
Indicates that a one-time passcode (OTP) is required. To continue, the user must enter the OTP sent to them through either SMS, voice call, or email. |
|
This state has no model. |
|
Indicates that the user has completed MFA using an OTP. |
|
|
|
Indicates a dead end in the authentication flow. The API client can proceed in the flow by calling |
Action models
Status | Request model | Action | Description |
---|---|---|---|
|
|
|
Starts an authentication flow with the specified For example: { "deviceRef": { "id": "<device ID>" } } |
|
|
|
Validates the submitted OTP. |
|
This action has no model. |
|
Re-sends an OTP to the previously selected device. |
|
This action has no model. |
This action has no errors. |
This action continues the current authentication flow. |
|
This action has no model. |
This action has no errors. |
This action cancels the current authentication step. |
Objects
Device object
Parameter Name | Type | Description |
---|---|---|
id |
String |
The unique identifier for this object. |
type |
String |
The device delivery method type. The available options are |
target |
String |
The device’s masked email address or phone number. |
User object
Parameter Name | Type | Description |
---|---|---|
username |
String |
The user’s username that was mapped into the adapter. |
- userData object
-
Object with dynamic data populated based on adapter configuration.
Resource reference (ResourceRef) object
Parameter Name | Type | Description |
---|---|---|
id |
String |
The resource’s identifier. |
Error codes
An error code is returned if the call flow state hasn’t reached a dead end and the user can still authenticate with a device.
In cases where a flow reaches a dead end, the MFA_FAILED
state is returned with a corresponding code.
Top level error codes
Error code | Message | HTTP status |
---|---|---|
|
One or more validation errors occured. |
|
|
The request couldn’t be completed. There was an issue processing the request. |
|
Detail level error codes
Error code | Message | userMessageKey | Parent code | ||
---|---|---|---|---|---|
|
An invalid or expired OTP was provided. |
|
|
||
|
The OTP has been re-sent the maximum number of times. |
|
|
||
|
An invalid device was provided. |
|
MFA_FAILED
codes
Error code | Message | userMessageKey | ||
---|---|---|---|---|
|
The OTP has been re-sent the maximum number of times. |
|
||
|
An invalid device was provided. |