Create a token
POST/api/web/v1/users/:userid/tokens/:type
Create a token of the given type for the given user. Caller requires the TOKENS:ADD permission.
Request
Path Parameters
The UUID of the user for which a token is to be created.
Possible values: [ENTRUST_PHYSICAL_TOKEN
, ENTRUST_SOFT_TOKEN
, GOOGLE_AUTHENTICATOR
, OATH_PHYSICAL_TOKEN
, ENTRUST_LEGACY_TOKEN
]
The type of the token to be created. Only soft tokens can be created so this value must be one of ENTRUST_SOFT_TOKEN or GOOGLE_AUTHENTICATOR.
- application/json
Body
activateParms
object
Optional parameters specifying how the token is to be activated. If not specified, all activation types are used, the QR code is returned and the activation email is sent.
A flag indicating if Identity as a Service should send an activation email including the activation information to the end user. If not specified, this attribute defaults to false.
A flag indicating if the QR code for offline activation is returned. The link encoded in the QR code is always returned for clients that want to encode their own QR code. If not specified, this attribute defaults to false.
Possible values: [CLASSIC
, ONLINE
, OFFLINE
]
The list of activation types that will be performed. Allowed values are: CLASSIC (return activation values that must be manually entered into the mobile application), ONLINE (return a link that when clicked will launch the mobile application) and OFFLINE (return a QR code that can be scanned by the mobile application). If no values are specified in the list, then all activation types are performed.
Responses
- 200
- 400
- 401
- 403
- 404
- 409
Successful
- application/json
- Schema
- Example (from schema)
Schema
Possible values: [AT
, OATH_HOTP
, OATH_OCRA
, OATH_TOTP
, VENDOR
]
The algorithm type used by the token that was created or loaded into the system to generate OTP values.
Possible values: [ACTIVATE
, REACTIVATE
, ACTIVATE_COMPLETE
, DELETE
, UNLOCK
, ENABLE
, DISABLE
, RESET
, ASSIGN
, UNASSIGN
]
Actions that can be performed on this token.
Optional text describing this token.
The UUIDs of groups to which this token belongs. This value is only used for unassigned tokens. Only groups to which the current administrator has access will be returned.
The unique UUID assigned to the token when it is created.
Optional label to identify an assigned token: a String up to 100 characters.
The date on which the token was last used for authentication. This value will be null if the token has never been used.
The date on which the token was created or loaded into the system.
Base-64 encoded logo. If a custom logo is provided by the customer it is returned. Otherwise a system default logo is returned.
An optional name for the token.
The mobile device platform on which an Entrust Soft Token was activated.
A flag indicating if the Entrust Soft Token has registered for transactions. Only tokens that are registered can perform token push authentication.
The serial number of the token either generated when the token was created or loaded into the system.
Possible values: [NEW
, ACTIVATING
, ACTIVE
, INACTIVE
, UNASSIGNED
]
The state of the token. For most tokens, only tokens in the ACTIVE state can be used for authentication. Google Authenticator tokens in the ACTIVATING state can also be used for authentication.
A flag indicating if the Token supports challenge response processing.
A flag indicating if the Token supports response processing.
A flag indicating if the Token supports signature processing.
A flag indicating if the Token supports unlock processing.
A flag indicating if the Token supports unlock using TOTP processing.
Possible values: [ENTRUST_PHYSICAL_TOKEN
, ENTRUST_SOFT_TOKEN
, GOOGLE_AUTHENTICATOR
, OATH_PHYSICAL_TOKEN
, ENTRUST_LEGACY_TOKEN
]
The type of token specified when the token was created or loaded into the system.
If the token is assigned to a user, this value specifies that user's user id.
{
"algorithmType": "AT",
"allowedActions": [
"ACTIVATE"
],
"description": "string",
"groups": [
"string"
],
"id": "string",
"label": "PENDING",
"lastUsedDate": "2019-02-20T10:05:27Z",
"loadDate": "2019-02-19T13:15:27Z",
"logo": "string",
"name": "string",
"platform": "string",
"registeredForTransactions": true,
"serialNumber": "string",
"state": "NEW",
"supportsChallengeResponse": false,
"supportsResponse": true,
"supportsSignature": false,
"supportsUnlock": true,
"supportsUnlockTOTP": false,
"type": "ENTRUST_PHYSICAL_TOKEN",
"userId": "string"
}
Bad Request
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Access denied
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Forbidden
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Not Found
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Conflict
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}