OAuthentic API

What is the OAuthentic API?

For most of us authentication is a pain

• For end users, it generally means a form to fill, some password to remember and the risk to discover that they have been hacked.
• For service providers, it is each time a challenge to take care of both security and user experience.

But for OAuthentic it is just easy and secure

No form • No password • JUST ONE-TIME QR CODE SCAN

OAuthentic users know how it is easy to login to the Web App just by scanning a One Time QR Code to retrieve their private data in a trice.

Biometrics-enabled • 2FA • MITM-proof

In addition:

• It brings smartphone-based biometric checking at each connection.
• It prevents Man-In-The-Middle attack as it uses an alternate communication channel to authenticate.

QR-code based OAuthentication

OAuthentic API: Bringing easy and secure login to any service

The OAuthentic API is the productized version of the OAuthentication process:

• End users just need the standard OAuthentic mobile app to both authenticate and manage their sensistive data.
• Service Providers and DevOps just have to integrate the OAuthentic standard REST API with websockets and callbacks for asynchronous communication.

Have a look at the home page web app video or sign up to experience easy and secure login.

OAuthentic API is free

As the other OAuthentic apps and services, the API is and will remain free.

what's in it for you in the OAuthentic API?

➀ Developer Dashboard

It is a new component of the web app open to any OAuthentic user who wants to use the API as individual or business user. When connected, see the Developer Dashboard button in the toolbar which leads to the following sections:

• Home: A few explanations about the dashboard and the API.
• Account: Some optional profile data and the IP addresses of servers that call the API.
• Services: The place where you define as many OAuthentication services as you want with their various properties (IP, webhook, biometric checking...).
• Logs: A simple tool to display logs of your services that you can also get with the /admin/log endpoint.

➁ REST API

The REST API contains the following endpoints:

• /token/create
• /token/read
• /admin/log

In addition to these endpoints, the OAuthentic API also includes some asynchronous notification mechanisms based on both websocket (client side) and webhook URL (server side). See the video below and the OAuthentic GitHub repo for further details.

➂ Open Source Libraries

A couple of open source libraries (MIT licence) are provided in the OAuthentic GitHub repo to integrate the OAuthentic API like a breeze.

• PHP client: It is a small utility for server side token creation and its transmission to client side.
• JavaScript client: This library takes care of the sequence of operations and QR-code display for HTML/JavaScript integration. Especially it includes websocket communication with the OAuthentic API servers (api.oauthentic.com and socket.oauthentic.com). Websockets are not mandatory to make the magic happen (webhooks are fine too), but they are convenient to follow the asynchronous authentication progress. This library requires the Socket.io client 2.1.1.

For issues and requests, please use the GitHub repo.

OAuthentication Demo

• Download and install OAuthentic mobile app (links in home page).
• Scan the following QR code with it.
• Check the result in the console below. Please Note: the numbered steps are the same as in the video sequence above.

Endpoint documentation

/token/create

/token/read

/admin/log