Authentic
FR
version française
EN
english version

OAuthentic API

What is the OAuthentic API?

For most of us authentication is a pain

  • For end users, it generally means a form to fill, some password to remember and the risk to discover that they have been hacked.
  • For service providers, it is each time a challenge to take care of both security and user experience.

But for OAuthentic it is just easy and secure

No form No password JUST ONE-TIME QR CODE SCAN

OAuthentic users know how it is easy to login to the Web App just by scanning a One Time QR Code to retrieve their private data in a trice.

Biometrics-enabled 2FA MITM-proof

In addition:

  • It brings smartphone-based biometric checking at each connection.
  • It prevents Man-In-The-Middle attack as it uses an alternate communication channel to authenticate.
QR-code based OAuthentication
QR-code based OAuthentication

OAuthentic API: Bringing easy and secure login to any service

The OAuthentic API is the productized version of the OAuthentication process:

  • End users just need the standard OAuthentic mobile app to both authenticate and manage their sensistive data.
  • Service Providers and DevOps just have to integrate the OAuthentic standard REST API with websockets and callbacks for asynchronous communication.

Have a look at the home page web app video or sign up to experience easy and secure login.

OAuthentic API is free

As the other OAuthentic apps and services, the API is and will remain free.

what's in it for you in the OAuthentic API?

➀ Developer Dashboard

It is a new component of the web app open to any OAuthentic user who wants to use the API as individual or business user. When connected, see the Developer Dashboard button in the toolbar which leads to the following sections:

  • Home: A few explanations about the dashboard and the API.
  • Account: Some optional profile data and the IP addresses of servers that call the API.
  • Services: The place where you define as many OAuthentication services as you want with their various properties (IP, webhook, biometric checking...).
  • Logs: A simple tool to display logs of your services that you can also get with the /admin/log endpoint.

➁ REST API

The REST API contains the following endpoints:

In addition to these endpoints, the OAuthentic API also includes some asynchronous notification mechanisms based on both websocket (client side) and webhook URL (server side). See the video below and the OAuthentic GitHub repo for further details.

➂ Open Source Libraries

A couple of open source libraries (MIT licence) are provided in the OAuthentic GitHub repo to integrate the OAuthentic API like a breeze.

  • PHP client: It is a small utility for server side token creation and its transmission to client side.
  • JavaScript client: This library takes care of the sequence of operations and QR-code display for HTML/JavaScript integration. Especially it includes websocket communication with the OAuthentic API servers (api.oauthentic.com and socket.oauthentic.com). Websockets are not mandatory to make the magic happen (webhooks are fine too), but they are convenient to follow the asynchronous authentication progress. This library requires the Socket.io client 2.1.1.
OAuthentication sequence

For issues and requests, please use the GitHub repo.

OAuthentication Demo

  • Download and install OAuthentic mobile app (links in home page).
  • Scan the following QR code with it.
  • Check the result in the console below. Please Note: the numbered steps are the same as in the video sequence above.
Console

            

Endpoint documentation

/token/create

URI https://api.oauthentic.com/token/create
purpose To create an ephemeral token for an oauthentication service.
PLEASE NOTE: Requests must be sent from an IP address as defined in the developer dashboard.
method POST
parameters
  • name:key
  • description:service key
  • example:6743ae3748_my_key_3b846c73ffc99d
  • name:secret
  • description:service secret
  • example:6743ae3748_my_secret_3b86c73c99d
  • name:lifetime
  • description:token lifetime in minute(s)
  • example:10
response type JSON
response example

                    
response codes
200 OK
501 Endpoint error
600 Unknown parameter
601 Too long parameter
602 Invalid parameter
603 Missing parameter
800 IP address is not allowed
801 Service key or secret is unknown

/token/read

URI https://api.oauthentic.com/token/read
purpose To read token data while token is alive i.e. before its expire.
method POST
parameters
  • name:key
  • description:service key
  • example:6743ae3748_my_key_3b846c73ffc99d
  • name:token
  • description:Token code
  • example:6743ae3748_my_token_3b846c73c99d
response type JSON
response example

                    
response codes
200 OK
501 Endpoint error
600 Unknown parameter
601 Too long parameter
602 Invalid parameter
603 Missing parameter
802 Token is not known, not alive or not related to the key

/admin/log

URI https://api.oauthentic.com/admin/log
purpose To get the oauthentication log in paged mode for a service.
A page is defined by its length (number of items) and its index (which starts at 0).
The endpoint returns the required number of items (max. 500 per page) and the total number of items.
PLEASE NOTE: Requests must be sent from an IP address as defined in the developer dashboard.
method POST
parameters
  • name:key
  • description:service key
  • example:6743ae3748_my_key_3b846c73ffc99d
  • name:secret
  • description:service secret
  • example:6743ae3748_my_secret_3b86c73c99d
  • name:len
  • description:Page length
  • example:25
  • name:idx
  • description:Page index
  • example:0
response type JSON
response example

                    
response codes
200 OK
501 Endpoint error
600 Unknown parameter
601 Too long parameter
602 Invalid parameter
603 Missing parameter
800 IP address is not allowed
801 Service key or secret is unknown
PARTAGER
Partager sur Facebook Partager sur LinkedIn Partager sur Twitter Partager par email