0.1eset用户名
eset用户名 时间:2021-02-18 阅读:()
ESETSECUREAUTHENTICATIONAPIUserGuide(intendedforproductversion2.
7)ClickheretonavigatetothelatestversionofthisdocumentationESETSECUREAUTHENTICATIONCopyright2018byESET,spol.
sr.
o.
ESETSecureAuthenticationwasdevelopedbyESET,spol.
sr.
o.
Formoreinformationvisitwww.
eset.
com.
Allrightsreserved.
Nopartofthisdocumentationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwisewithoutpermissioninwritingfromtheauthor.
ESET,spol.
sr.
o.
reservestherighttochangeanyofthedescribedapplicationsoftwarewithoutpriornotice.
CustomerCare:www.
eset.
com/supportREV.
9/4/2018Contents4Introduction1.
5IntegrationOverview2.
6Configuration3.
7AuthenticationAPI4.
7Step1:Start2-FactorAuthentication4.
17Request4.
1.
17Response4.
1.
28Step2:Authenticate4.
28Request4.
2.
18Response4.
2.
29UserManagementAPI5.
9GetUserProfile5.
19Request5.
1.
19Response5.
1.
210Unlock5.
210Request5.
2.
110Response5.
2.
211Deprovision5.
311Request5.
3.
111Response5.
3.
211ProvisionMobileApplication5.
411Request5.
4.
112Response5.
4.
212ProvisionTextMessage5.
512Request5.
5.
112Response5.
5.
213ErrorHandling6.
13APIErrors6.
113HTTPErrors6.
241.
IntroductionInmostweb-basedapplications,usersareauthenticatedbeforebeinggrantedaccesstoprotectedresources.
Byaskingforanadditionalauthenticationfactorduringthelogonprocess,suchapplicationsgainanadditionallayerofsecurity.
TheESETSecureAuthenticationAPIisaREST-basedwebservicethatcanbeusedtoeasilyaddtwo-factorauthentication(2FA)toexistingapplications.
ThefullAPIdocumentationfordevelopersisavailableonthesameURLaddressasESAWebConsole,butfollowedby"/apidoc"withoutquotationmarks.
Forexample,iftheESAWebConsoleisavailableathttps://120.
0.
0.
1:8001/,theAPIdocumentationisavailableathttps://127.
0.
0.
1:8001/apidoc52.
IntegrationOverviewTheAPIconsistsoftwoendpoints:1.
TheAuthAPI,formerAuthenticationAPI,foradding2FAtoexistingapplications.
2.
TheUserManagementAPI,formanaging2FAusers.
TheAPIoperatesusingmethodswhicharecalledbyPOSTingJSON-formattedtexttotherelevantAPIURLs.
AllresponsesarealsoencodedasJSON-formattedtextcontainingthemethodresultandanyapplicableerrormessages.
TheAPIisavailableonallserverswheretheAuthenticationCorecomponentisinstalledandrunsoverthesecureHTTPSprotocolonport8001,unlessyouchangedtheportduringinstallationofAuthenticationServer.
TheAPIisasubcomponentofthestandardESAAuthenticationService.
Assuch,afunctionalESAinstallationisprerequisitetousingtheAPI.
TheauthenticationAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andtheManagementAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/v2/.
BothendpointsareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsbeforeprocessinganyrequest.
63.
ConfigurationTheAPIisdisabledbydefaultandmustbeenabledbeforeuse.
EachsetofAPIcredentialscanbeenabledfortheAuthAPI,theUserManagementAPIorbothendpoints.
Onceenabled,APIcredentialsmustbecreatedtoauthorizerequests:EnablingAPIandconfiguringAPIcredentialsinESAWebConsole1.
LaunchtheESETSecureAuthenticationWebConsoleandnavigatetotheSettings>APICredentials.
2.
SelecttheEnabledcheckbox.
Savethechanges.
3.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
4.
Enterthedesiredname,selecttheAuthAPIorManagementAPIcheckboxorboth.
ClickSave.
5.
TheaccountIDandpassworddisplays.
Besuretosavethepasswordsecurely,itcannotbedisplayedagain.
EnablingAPIandconfiguringAPIcredentialsinMMCConsole1.
LaunchtheESETSecureAuthenticationManagementConsoleandnavigatetotheAdvancedSettingsnodeforyourdomain.
2.
ExpandtheAPIsectionandchecktheAPIisenabledcheckbox.
Savethechanges.
3.
OpenthestandardWindowsServicesConsoleandrestarttheESETSecureAuthenticationCoreserviceforthechangetotakeeffect.
4.
NavigatetothenewlyvisibleAPICredentialsnodeforyourdomain.
5.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
6.
Double-clickonthenewlycreatedcredentialstogettheusernameandpasswordthataretobeusedforAPIauthentication.
7.
ChecktheEnabledforAuthAPIcheckbox,theEnabledforUserManagementAPIcheckboxorboth.
ManysetsofAPIcredentialsmaybecreated.
Itisrecommendedtocreatedifferentsetsforeachapplicationbeingprotected,aswellasfortesting.
IftheAPIisenabled,allserverswiththeAuthenticationServercomponentinstalledwillrespondtoauthorizedAPIrequestsaftertheyarerestarted.
ThereisnoneedtorestarttheESACoreservicewhencredentialsarecreatedordeleted.
74.
AuthenticationAPIAllAuthAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheAuthenticationAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
4.
1Step1:Start2-FactorAuthenticationAssoonastheexistingapplicationhasverifiedauser'susernameandpassword,theStartTwoFactorAuthenticationmethodmustbecalledinordertodeterminewhethertwo-factorauthenticationhasbeenenabledfortheuser.
Ifrequired,apushnotificationorSMSOTPwillautomaticallybesenttotheuseratthistime.
4.
1.
1RequestTobeginthe2FAprocess,makeanHTTPPOSTrequesttothefollowingURI:auth/v2/StartTwoFactorAuthenticationThefollowingJSONstringmustbeposted:{"username":"USERNAME"}Incaseofadomainuser,theusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticated.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
4.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"expected_otp":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplay"ERROR_NONE".
PleaseseetheErrorHandlingsectionforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveafriendlydescriptionoftheerror,ifapplicable.
8Theexpected_otpfieldisanarrayandspecifiestheOTP(One-timepassword)typesthatcanbeexpectedfromtheuser.
ThisvaluecanassistwithUIcreation,forexample,itwillindicateiftheusershouldexpectanSMSornot.
IfthearrayisemptythennoOTPisrequired(i.
e.
2FAisnotenabled)andtheusershouldbeloggedinimmediately.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasalreadyinstalledtheESAapplicationontheirmobilephoneandshouldgenerateanOTPusingtheapplication.
·SMS–theuserhasnotinstalledtheapplicationandhasbeensentanSMSwithanOTP.
·HARD_TOKEN–theuserhasbeenassignedahardtokenandshouldgenerateanOTPusingthedevice.
4.
2Step2:Authenticate4.
2.
1RequestToauthenticateauser,makeanHTTPPOSTrequesttothefollowingURI:/auth/v1/authenticateThefollowingJSONstringmustbeposted:{"username":"USERNAME","otp":"123456"}TheusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticatedandtheotpfieldastringwiththeOTPenteredbytheuser.
4.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"authenticated":true,"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheauthenticatedfieldisaBooleanthatspecifieswhetherthesuppliedOTPisvalid.
Iftheauthenticatedvalueistrue,theuser'sOTPhasbeensuccessfullyvalidatedandtheusershouldbeloggedin.
95.
UserManagementAPIAllUserManagementAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/users/v1/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheUserManagementAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
5.
1GetUserProfileThismethodreturns2FAinformationaboutauseraccount.
5.
1.
1RequestTogetthe2FAprofileofauser,makeanHTTPGETrequesttothefollowingURI:/manage/users/v1/profile/USERNAMEWhereUSERNAMEisastringwiththesamAccountNameoftheusertofetchtheprofileof.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
TheusernamemustbeURL-encoded.
5.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"username":"USERNAME","mobile_number":"2700000","is_locked":false,"last_success":"2014-01-01T00:00:00","last_failure":null,"consecutive_failures":0,"credential_type":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheusernamefieldisaStringcontainingthesamAccountNameoftheuser.
Themobile_numberfieldisaStringcontainingthemobilenumberoftheuser.
Theis_lockedfieldisaBooleanthatspecifiesiftheuserhasbeenlockedfor2FAduetotoomanyfailedauthenticationattempts.
10Thelast_successfieldisaDatethatspecifiesthelasttimethattheuserperformedasuccessfulauthentication.
Thisfieldcanbenull.
Thelast_failurefieldisaDatethatspecifiesthelasttimethattheuserperformedafailedauthentication.
Thisfieldcanbenull.
Theconsecutive_failuresfieldisanIntegerthatspecifiesthethenumberofconsecutivefailedauthenticationattemptsperformedbytheuser.
Thecredential_typefieldisanarrayandspecifiestheOTP(One-timepassword)typesthathavebeenenabledfortheuser.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasbeenenabledfortheESAMobileApp.
·SMS–theuserhasbeenenabledforSMSOTPs.
·HARD_TOKEN–theuserhasbeenenabledforhardtokenOTPs.
5.
2UnlockThismethodwillunlockthe2FAaccessofauser.
ItwillnotunlockanaccountlockedbyActiveDirectory.
5.
2.
1RequestTounlockauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/unlockThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertounlock.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
115.
3DeprovisionThismethodwilldisable2FAforauser.
5.
3.
1RequestTodisable2FAforauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/deprovisionThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertodisable2FAfor.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
3.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
5.
4ProvisionMobileApplicationThismethodwillenableauserforMobileApplicationOTPs.
AtextmessagewiththeinstallationURLforthemobileapplicationwillbesenttotheuser.
5.
4.
1RequestToprovisionauserfortheMobileApplication,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisionmobileappThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
125.
4.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"installation_url":"http://.
.
.
","error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
Theinstallation_urlfieldisaStringthatcontainstheinstallationURLfortheMobileApplication.
5.
5ProvisionTextMessageThismethodwillenableauserfortextmessageOTPs.
5.
5.
1RequestToprovisionauserforthetextmessageOTPs,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisiontextmessageThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
5.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
136.
ErrorHandling6.
1APIErrorsAllAPIerrorswillbereturnedasaresponsewithanHTTP200(OK)statuscode.
TheerrorfieldintheJSONresponsewillindicatetheerrorcode,whichisaliteralstringvalue.
Thefollowingerrorcodesaredefined:·ERROR_NONE:Noerrorhasoccurred·ERROR_USER_NOT_FOUND:Thesuppliedusernamedoesnotexistinthesystem·ERROR_FAULT:AnunspecifiederrorhasoccurredInadditiontotheerrorfield,anerror_messageisalsoprovidedwithafriendlydescriptionoftheerror.
Onlytheerrorfieldshouldbeusedtodetermineerrorconditionsastheerror_messagefieldisonlyinformationalandissubjecttochangewithoutnotice.
6.
2HTTPErrorsAllHTTPerrorswillbereturnedasresponseswithanemptybodyandanHTTPstatuscodeotherthanthenormal200(OK).
ThefollowingerroneousHTTPstatuscodecanbereturned:·HTTP500(InternalServerError):TheAPIserviceexperiencedanunknown,fatalerror·HTTP400(BadRequest):Theformatofthe"Authorization"headerintheHTTPrequestisinvalid·HTTP401(Unauthorized):NoAPIcredentialsweresuppliedwiththeHTTPrequest·HTTP403(Forbidden):CredentialssuppliedwiththeHTTPrequestareinvalid.
7)ClickheretonavigatetothelatestversionofthisdocumentationESETSECUREAUTHENTICATIONCopyright2018byESET,spol.
sr.
o.
ESETSecureAuthenticationwasdevelopedbyESET,spol.
sr.
o.
Formoreinformationvisitwww.
eset.
com.
Allrightsreserved.
Nopartofthisdocumentationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwisewithoutpermissioninwritingfromtheauthor.
ESET,spol.
sr.
o.
reservestherighttochangeanyofthedescribedapplicationsoftwarewithoutpriornotice.
CustomerCare:www.
eset.
com/supportREV.
9/4/2018Contents4Introduction1.
5IntegrationOverview2.
6Configuration3.
7AuthenticationAPI4.
7Step1:Start2-FactorAuthentication4.
17Request4.
1.
17Response4.
1.
28Step2:Authenticate4.
28Request4.
2.
18Response4.
2.
29UserManagementAPI5.
9GetUserProfile5.
19Request5.
1.
19Response5.
1.
210Unlock5.
210Request5.
2.
110Response5.
2.
211Deprovision5.
311Request5.
3.
111Response5.
3.
211ProvisionMobileApplication5.
411Request5.
4.
112Response5.
4.
212ProvisionTextMessage5.
512Request5.
5.
112Response5.
5.
213ErrorHandling6.
13APIErrors6.
113HTTPErrors6.
241.
IntroductionInmostweb-basedapplications,usersareauthenticatedbeforebeinggrantedaccesstoprotectedresources.
Byaskingforanadditionalauthenticationfactorduringthelogonprocess,suchapplicationsgainanadditionallayerofsecurity.
TheESETSecureAuthenticationAPIisaREST-basedwebservicethatcanbeusedtoeasilyaddtwo-factorauthentication(2FA)toexistingapplications.
ThefullAPIdocumentationfordevelopersisavailableonthesameURLaddressasESAWebConsole,butfollowedby"/apidoc"withoutquotationmarks.
Forexample,iftheESAWebConsoleisavailableathttps://120.
0.
0.
1:8001/,theAPIdocumentationisavailableathttps://127.
0.
0.
1:8001/apidoc52.
IntegrationOverviewTheAPIconsistsoftwoendpoints:1.
TheAuthAPI,formerAuthenticationAPI,foradding2FAtoexistingapplications.
2.
TheUserManagementAPI,formanaging2FAusers.
TheAPIoperatesusingmethodswhicharecalledbyPOSTingJSON-formattedtexttotherelevantAPIURLs.
AllresponsesarealsoencodedasJSON-formattedtextcontainingthemethodresultandanyapplicableerrormessages.
TheAPIisavailableonallserverswheretheAuthenticationCorecomponentisinstalledandrunsoverthesecureHTTPSprotocolonport8001,unlessyouchangedtheportduringinstallationofAuthenticationServer.
TheAPIisasubcomponentofthestandardESAAuthenticationService.
Assuch,afunctionalESAinstallationisprerequisitetousingtheAPI.
TheauthenticationAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andtheManagementAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/v2/.
BothendpointsareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsbeforeprocessinganyrequest.
63.
ConfigurationTheAPIisdisabledbydefaultandmustbeenabledbeforeuse.
EachsetofAPIcredentialscanbeenabledfortheAuthAPI,theUserManagementAPIorbothendpoints.
Onceenabled,APIcredentialsmustbecreatedtoauthorizerequests:EnablingAPIandconfiguringAPIcredentialsinESAWebConsole1.
LaunchtheESETSecureAuthenticationWebConsoleandnavigatetotheSettings>APICredentials.
2.
SelecttheEnabledcheckbox.
Savethechanges.
3.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
4.
Enterthedesiredname,selecttheAuthAPIorManagementAPIcheckboxorboth.
ClickSave.
5.
TheaccountIDandpassworddisplays.
Besuretosavethepasswordsecurely,itcannotbedisplayedagain.
EnablingAPIandconfiguringAPIcredentialsinMMCConsole1.
LaunchtheESETSecureAuthenticationManagementConsoleandnavigatetotheAdvancedSettingsnodeforyourdomain.
2.
ExpandtheAPIsectionandchecktheAPIisenabledcheckbox.
Savethechanges.
3.
OpenthestandardWindowsServicesConsoleandrestarttheESETSecureAuthenticationCoreserviceforthechangetotakeeffect.
4.
NavigatetothenewlyvisibleAPICredentialsnodeforyourdomain.
5.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
6.
Double-clickonthenewlycreatedcredentialstogettheusernameandpasswordthataretobeusedforAPIauthentication.
7.
ChecktheEnabledforAuthAPIcheckbox,theEnabledforUserManagementAPIcheckboxorboth.
ManysetsofAPIcredentialsmaybecreated.
Itisrecommendedtocreatedifferentsetsforeachapplicationbeingprotected,aswellasfortesting.
IftheAPIisenabled,allserverswiththeAuthenticationServercomponentinstalledwillrespondtoauthorizedAPIrequestsaftertheyarerestarted.
ThereisnoneedtorestarttheESACoreservicewhencredentialsarecreatedordeleted.
74.
AuthenticationAPIAllAuthAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheAuthenticationAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
4.
1Step1:Start2-FactorAuthenticationAssoonastheexistingapplicationhasverifiedauser'susernameandpassword,theStartTwoFactorAuthenticationmethodmustbecalledinordertodeterminewhethertwo-factorauthenticationhasbeenenabledfortheuser.
Ifrequired,apushnotificationorSMSOTPwillautomaticallybesenttotheuseratthistime.
4.
1.
1RequestTobeginthe2FAprocess,makeanHTTPPOSTrequesttothefollowingURI:auth/v2/StartTwoFactorAuthenticationThefollowingJSONstringmustbeposted:{"username":"USERNAME"}Incaseofadomainuser,theusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticated.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
4.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"expected_otp":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplay"ERROR_NONE".
PleaseseetheErrorHandlingsectionforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveafriendlydescriptionoftheerror,ifapplicable.
8Theexpected_otpfieldisanarrayandspecifiestheOTP(One-timepassword)typesthatcanbeexpectedfromtheuser.
ThisvaluecanassistwithUIcreation,forexample,itwillindicateiftheusershouldexpectanSMSornot.
IfthearrayisemptythennoOTPisrequired(i.
e.
2FAisnotenabled)andtheusershouldbeloggedinimmediately.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasalreadyinstalledtheESAapplicationontheirmobilephoneandshouldgenerateanOTPusingtheapplication.
·SMS–theuserhasnotinstalledtheapplicationandhasbeensentanSMSwithanOTP.
·HARD_TOKEN–theuserhasbeenassignedahardtokenandshouldgenerateanOTPusingthedevice.
4.
2Step2:Authenticate4.
2.
1RequestToauthenticateauser,makeanHTTPPOSTrequesttothefollowingURI:/auth/v1/authenticateThefollowingJSONstringmustbeposted:{"username":"USERNAME","otp":"123456"}TheusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticatedandtheotpfieldastringwiththeOTPenteredbytheuser.
4.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"authenticated":true,"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheauthenticatedfieldisaBooleanthatspecifieswhetherthesuppliedOTPisvalid.
Iftheauthenticatedvalueistrue,theuser'sOTPhasbeensuccessfullyvalidatedandtheusershouldbeloggedin.
95.
UserManagementAPIAllUserManagementAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/users/v1/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheUserManagementAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
5.
1GetUserProfileThismethodreturns2FAinformationaboutauseraccount.
5.
1.
1RequestTogetthe2FAprofileofauser,makeanHTTPGETrequesttothefollowingURI:/manage/users/v1/profile/USERNAMEWhereUSERNAMEisastringwiththesamAccountNameoftheusertofetchtheprofileof.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
TheusernamemustbeURL-encoded.
5.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"username":"USERNAME","mobile_number":"2700000","is_locked":false,"last_success":"2014-01-01T00:00:00","last_failure":null,"consecutive_failures":0,"credential_type":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheusernamefieldisaStringcontainingthesamAccountNameoftheuser.
Themobile_numberfieldisaStringcontainingthemobilenumberoftheuser.
Theis_lockedfieldisaBooleanthatspecifiesiftheuserhasbeenlockedfor2FAduetotoomanyfailedauthenticationattempts.
10Thelast_successfieldisaDatethatspecifiesthelasttimethattheuserperformedasuccessfulauthentication.
Thisfieldcanbenull.
Thelast_failurefieldisaDatethatspecifiesthelasttimethattheuserperformedafailedauthentication.
Thisfieldcanbenull.
Theconsecutive_failuresfieldisanIntegerthatspecifiesthethenumberofconsecutivefailedauthenticationattemptsperformedbytheuser.
Thecredential_typefieldisanarrayandspecifiestheOTP(One-timepassword)typesthathavebeenenabledfortheuser.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasbeenenabledfortheESAMobileApp.
·SMS–theuserhasbeenenabledforSMSOTPs.
·HARD_TOKEN–theuserhasbeenenabledforhardtokenOTPs.
5.
2UnlockThismethodwillunlockthe2FAaccessofauser.
ItwillnotunlockanaccountlockedbyActiveDirectory.
5.
2.
1RequestTounlockauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/unlockThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertounlock.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
115.
3DeprovisionThismethodwilldisable2FAforauser.
5.
3.
1RequestTodisable2FAforauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/deprovisionThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertodisable2FAfor.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
3.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
5.
4ProvisionMobileApplicationThismethodwillenableauserforMobileApplicationOTPs.
AtextmessagewiththeinstallationURLforthemobileapplicationwillbesenttotheuser.
5.
4.
1RequestToprovisionauserfortheMobileApplication,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisionmobileappThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
125.
4.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"installation_url":"http://.
.
.
","error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
Theinstallation_urlfieldisaStringthatcontainstheinstallationURLfortheMobileApplication.
5.
5ProvisionTextMessageThismethodwillenableauserfortextmessageOTPs.
5.
5.
1RequestToprovisionauserforthetextmessageOTPs,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisiontextmessageThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
5.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
136.
ErrorHandling6.
1APIErrorsAllAPIerrorswillbereturnedasaresponsewithanHTTP200(OK)statuscode.
TheerrorfieldintheJSONresponsewillindicatetheerrorcode,whichisaliteralstringvalue.
Thefollowingerrorcodesaredefined:·ERROR_NONE:Noerrorhasoccurred·ERROR_USER_NOT_FOUND:Thesuppliedusernamedoesnotexistinthesystem·ERROR_FAULT:AnunspecifiederrorhasoccurredInadditiontotheerrorfield,anerror_messageisalsoprovidedwithafriendlydescriptionoftheerror.
Onlytheerrorfieldshouldbeusedtodetermineerrorconditionsastheerror_messagefieldisonlyinformationalandissubjecttochangewithoutnotice.
6.
2HTTPErrorsAllHTTPerrorswillbereturnedasresponseswithanemptybodyandanHTTPstatuscodeotherthanthenormal200(OK).
ThefollowingerroneousHTTPstatuscodecanbereturned:·HTTP500(InternalServerError):TheAPIserviceexperiencedanunknown,fatalerror·HTTP400(BadRequest):Theformatofthe"Authorization"headerintheHTTPrequestisinvalid·HTTP401(Unauthorized):NoAPIcredentialsweresuppliedwiththeHTTPrequest·HTTP403(Forbidden):CredentialssuppliedwiththeHTTPrequestareinvalid.
丽萨主机:美国CN2 GIA精品网/KVM/9折,美国原生IP,最低27元/月
丽萨主机怎么样?丽萨主机,团队于2017年成立。成立之初主要做的是 CDN 和域名等相关业务。最近开辟新领域,新增了独立服务器出租、VPS 等业务,为了保证业务质量从一开始就选择了中美之间的 CN2 GIA 国际精品网络,三网回程 CN2 GIA,电信去程 CN2 GIA + BGP 直连智能路由,联通移动去程直连,原生IP。适合对网络要求较高的用户,同时价格也比较亲民。点击进入:丽萨主机官方网站...
[黑五]ProfitServer新加坡/德国/荷兰/西班牙VPS五折,不限流量KVM月付2.88美元起
ProfitServer已开启了黑色星期五的促销活动,一直到本月底,商家新加坡、荷兰、德国和西班牙机房VPS直接5折,无码直购最低每月2.88美元起,不限制流量,提供IPv4+IPv6。这是一家始于2003年的俄罗斯主机商,提供虚拟主机、VPS、独立服务器、SSL证书、域名等产品,可选数据中心包括俄罗斯、法国、荷兰、美国、新加坡、拉脱维亚、捷克、保加利亚等多个国家和地区。我们随便以一个数据中心为例...
virmach:AMD平台小鸡,赌一把,单车变摩托?$7.2/年-512M内存/1核/10gSSD/1T流量,多机房可选
virmach送来了夏季促销,价格低到爆炸,而且在低价的基础上还搞首年8折,也就是说VPS低至7.2美元/年。不过,这里有一点要说明:你所购买的当前的VPS将会在09/30/2021 ~ 04/30/2022进行服务器转移,而且IP还会改变,当前的Intel平台会换成AMD平台,机房也会变动(目前来看以后会从colocrossing切换到INAP和Psychz),采取的是就近原则,原来的水牛城可能...
eset用户名为你推荐
-
百度抢票浏览器现在火车票越来越难买了,新版百度手机浏览器,除了抢票外,还有什么其他功能吗?唱吧电脑版官方下载唱吧有电脑版的么? 在哪里下载啊?iphone越狱后怎么恢复苹果手机越狱后怎么恢复网易公开课怎么下载怎么下载网易公开课里的视频 .......怎么点亮qq空间图标QQ空间图标怎么点亮?小米3大概多少钱小米3现在多少钱怎么升级ios6苹果iPhone6怎么升级系统宕机宕机是什么意思bluestackbluestacks安卓模拟器有什么用分词技术搜索引擎采用的是什么技术?