0.1eset用户名
eset用户名 时间:2021-02-18 阅读:()
ESETSECUREAUTHENTICATIONAPIUserGuide(intendedforproductversion2.
7)ClickheretonavigatetothelatestversionofthisdocumentationESETSECUREAUTHENTICATIONCopyright2018byESET,spol.
sr.
o.
ESETSecureAuthenticationwasdevelopedbyESET,spol.
sr.
o.
Formoreinformationvisitwww.
eset.
com.
Allrightsreserved.
Nopartofthisdocumentationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwisewithoutpermissioninwritingfromtheauthor.
ESET,spol.
sr.
o.
reservestherighttochangeanyofthedescribedapplicationsoftwarewithoutpriornotice.
CustomerCare:www.
eset.
com/supportREV.
9/4/2018Contents4Introduction1.
5IntegrationOverview2.
6Configuration3.
7AuthenticationAPI4.
7Step1:Start2-FactorAuthentication4.
17Request4.
1.
17Response4.
1.
28Step2:Authenticate4.
28Request4.
2.
18Response4.
2.
29UserManagementAPI5.
9GetUserProfile5.
19Request5.
1.
19Response5.
1.
210Unlock5.
210Request5.
2.
110Response5.
2.
211Deprovision5.
311Request5.
3.
111Response5.
3.
211ProvisionMobileApplication5.
411Request5.
4.
112Response5.
4.
212ProvisionTextMessage5.
512Request5.
5.
112Response5.
5.
213ErrorHandling6.
13APIErrors6.
113HTTPErrors6.
241.
IntroductionInmostweb-basedapplications,usersareauthenticatedbeforebeinggrantedaccesstoprotectedresources.
Byaskingforanadditionalauthenticationfactorduringthelogonprocess,suchapplicationsgainanadditionallayerofsecurity.
TheESETSecureAuthenticationAPIisaREST-basedwebservicethatcanbeusedtoeasilyaddtwo-factorauthentication(2FA)toexistingapplications.
ThefullAPIdocumentationfordevelopersisavailableonthesameURLaddressasESAWebConsole,butfollowedby"/apidoc"withoutquotationmarks.
Forexample,iftheESAWebConsoleisavailableathttps://120.
0.
0.
1:8001/,theAPIdocumentationisavailableathttps://127.
0.
0.
1:8001/apidoc52.
IntegrationOverviewTheAPIconsistsoftwoendpoints:1.
TheAuthAPI,formerAuthenticationAPI,foradding2FAtoexistingapplications.
2.
TheUserManagementAPI,formanaging2FAusers.
TheAPIoperatesusingmethodswhicharecalledbyPOSTingJSON-formattedtexttotherelevantAPIURLs.
AllresponsesarealsoencodedasJSON-formattedtextcontainingthemethodresultandanyapplicableerrormessages.
TheAPIisavailableonallserverswheretheAuthenticationCorecomponentisinstalledandrunsoverthesecureHTTPSprotocolonport8001,unlessyouchangedtheportduringinstallationofAuthenticationServer.
TheAPIisasubcomponentofthestandardESAAuthenticationService.
Assuch,afunctionalESAinstallationisprerequisitetousingtheAPI.
TheauthenticationAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andtheManagementAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/v2/.
BothendpointsareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsbeforeprocessinganyrequest.
63.
ConfigurationTheAPIisdisabledbydefaultandmustbeenabledbeforeuse.
EachsetofAPIcredentialscanbeenabledfortheAuthAPI,theUserManagementAPIorbothendpoints.
Onceenabled,APIcredentialsmustbecreatedtoauthorizerequests:EnablingAPIandconfiguringAPIcredentialsinESAWebConsole1.
LaunchtheESETSecureAuthenticationWebConsoleandnavigatetotheSettings>APICredentials.
2.
SelecttheEnabledcheckbox.
Savethechanges.
3.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
4.
Enterthedesiredname,selecttheAuthAPIorManagementAPIcheckboxorboth.
ClickSave.
5.
TheaccountIDandpassworddisplays.
Besuretosavethepasswordsecurely,itcannotbedisplayedagain.
EnablingAPIandconfiguringAPIcredentialsinMMCConsole1.
LaunchtheESETSecureAuthenticationManagementConsoleandnavigatetotheAdvancedSettingsnodeforyourdomain.
2.
ExpandtheAPIsectionandchecktheAPIisenabledcheckbox.
Savethechanges.
3.
OpenthestandardWindowsServicesConsoleandrestarttheESETSecureAuthenticationCoreserviceforthechangetotakeeffect.
4.
NavigatetothenewlyvisibleAPICredentialsnodeforyourdomain.
5.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
6.
Double-clickonthenewlycreatedcredentialstogettheusernameandpasswordthataretobeusedforAPIauthentication.
7.
ChecktheEnabledforAuthAPIcheckbox,theEnabledforUserManagementAPIcheckboxorboth.
ManysetsofAPIcredentialsmaybecreated.
Itisrecommendedtocreatedifferentsetsforeachapplicationbeingprotected,aswellasfortesting.
IftheAPIisenabled,allserverswiththeAuthenticationServercomponentinstalledwillrespondtoauthorizedAPIrequestsaftertheyarerestarted.
ThereisnoneedtorestarttheESACoreservicewhencredentialsarecreatedordeleted.
74.
AuthenticationAPIAllAuthAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheAuthenticationAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
4.
1Step1:Start2-FactorAuthenticationAssoonastheexistingapplicationhasverifiedauser'susernameandpassword,theStartTwoFactorAuthenticationmethodmustbecalledinordertodeterminewhethertwo-factorauthenticationhasbeenenabledfortheuser.
Ifrequired,apushnotificationorSMSOTPwillautomaticallybesenttotheuseratthistime.
4.
1.
1RequestTobeginthe2FAprocess,makeanHTTPPOSTrequesttothefollowingURI:auth/v2/StartTwoFactorAuthenticationThefollowingJSONstringmustbeposted:{"username":"USERNAME"}Incaseofadomainuser,theusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticated.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
4.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"expected_otp":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplay"ERROR_NONE".
PleaseseetheErrorHandlingsectionforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveafriendlydescriptionoftheerror,ifapplicable.
8Theexpected_otpfieldisanarrayandspecifiestheOTP(One-timepassword)typesthatcanbeexpectedfromtheuser.
ThisvaluecanassistwithUIcreation,forexample,itwillindicateiftheusershouldexpectanSMSornot.
IfthearrayisemptythennoOTPisrequired(i.
e.
2FAisnotenabled)andtheusershouldbeloggedinimmediately.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasalreadyinstalledtheESAapplicationontheirmobilephoneandshouldgenerateanOTPusingtheapplication.
·SMS–theuserhasnotinstalledtheapplicationandhasbeensentanSMSwithanOTP.
·HARD_TOKEN–theuserhasbeenassignedahardtokenandshouldgenerateanOTPusingthedevice.
4.
2Step2:Authenticate4.
2.
1RequestToauthenticateauser,makeanHTTPPOSTrequesttothefollowingURI:/auth/v1/authenticateThefollowingJSONstringmustbeposted:{"username":"USERNAME","otp":"123456"}TheusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticatedandtheotpfieldastringwiththeOTPenteredbytheuser.
4.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"authenticated":true,"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheauthenticatedfieldisaBooleanthatspecifieswhetherthesuppliedOTPisvalid.
Iftheauthenticatedvalueistrue,theuser'sOTPhasbeensuccessfullyvalidatedandtheusershouldbeloggedin.
95.
UserManagementAPIAllUserManagementAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/users/v1/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheUserManagementAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
5.
1GetUserProfileThismethodreturns2FAinformationaboutauseraccount.
5.
1.
1RequestTogetthe2FAprofileofauser,makeanHTTPGETrequesttothefollowingURI:/manage/users/v1/profile/USERNAMEWhereUSERNAMEisastringwiththesamAccountNameoftheusertofetchtheprofileof.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
TheusernamemustbeURL-encoded.
5.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"username":"USERNAME","mobile_number":"2700000","is_locked":false,"last_success":"2014-01-01T00:00:00","last_failure":null,"consecutive_failures":0,"credential_type":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheusernamefieldisaStringcontainingthesamAccountNameoftheuser.
Themobile_numberfieldisaStringcontainingthemobilenumberoftheuser.
Theis_lockedfieldisaBooleanthatspecifiesiftheuserhasbeenlockedfor2FAduetotoomanyfailedauthenticationattempts.
10Thelast_successfieldisaDatethatspecifiesthelasttimethattheuserperformedasuccessfulauthentication.
Thisfieldcanbenull.
Thelast_failurefieldisaDatethatspecifiesthelasttimethattheuserperformedafailedauthentication.
Thisfieldcanbenull.
Theconsecutive_failuresfieldisanIntegerthatspecifiesthethenumberofconsecutivefailedauthenticationattemptsperformedbytheuser.
Thecredential_typefieldisanarrayandspecifiestheOTP(One-timepassword)typesthathavebeenenabledfortheuser.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasbeenenabledfortheESAMobileApp.
·SMS–theuserhasbeenenabledforSMSOTPs.
·HARD_TOKEN–theuserhasbeenenabledforhardtokenOTPs.
5.
2UnlockThismethodwillunlockthe2FAaccessofauser.
ItwillnotunlockanaccountlockedbyActiveDirectory.
5.
2.
1RequestTounlockauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/unlockThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertounlock.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
115.
3DeprovisionThismethodwilldisable2FAforauser.
5.
3.
1RequestTodisable2FAforauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/deprovisionThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertodisable2FAfor.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
3.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
5.
4ProvisionMobileApplicationThismethodwillenableauserforMobileApplicationOTPs.
AtextmessagewiththeinstallationURLforthemobileapplicationwillbesenttotheuser.
5.
4.
1RequestToprovisionauserfortheMobileApplication,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisionmobileappThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
125.
4.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"installation_url":"http://.
.
.
","error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
Theinstallation_urlfieldisaStringthatcontainstheinstallationURLfortheMobileApplication.
5.
5ProvisionTextMessageThismethodwillenableauserfortextmessageOTPs.
5.
5.
1RequestToprovisionauserforthetextmessageOTPs,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisiontextmessageThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
5.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
136.
ErrorHandling6.
1APIErrorsAllAPIerrorswillbereturnedasaresponsewithanHTTP200(OK)statuscode.
TheerrorfieldintheJSONresponsewillindicatetheerrorcode,whichisaliteralstringvalue.
Thefollowingerrorcodesaredefined:·ERROR_NONE:Noerrorhasoccurred·ERROR_USER_NOT_FOUND:Thesuppliedusernamedoesnotexistinthesystem·ERROR_FAULT:AnunspecifiederrorhasoccurredInadditiontotheerrorfield,anerror_messageisalsoprovidedwithafriendlydescriptionoftheerror.
Onlytheerrorfieldshouldbeusedtodetermineerrorconditionsastheerror_messagefieldisonlyinformationalandissubjecttochangewithoutnotice.
6.
2HTTPErrorsAllHTTPerrorswillbereturnedasresponseswithanemptybodyandanHTTPstatuscodeotherthanthenormal200(OK).
ThefollowingerroneousHTTPstatuscodecanbereturned:·HTTP500(InternalServerError):TheAPIserviceexperiencedanunknown,fatalerror·HTTP400(BadRequest):Theformatofthe"Authorization"headerintheHTTPrequestisinvalid·HTTP401(Unauthorized):NoAPIcredentialsweresuppliedwiththeHTTPrequest·HTTP403(Forbidden):CredentialssuppliedwiththeHTTPrequestareinvalid.
7)ClickheretonavigatetothelatestversionofthisdocumentationESETSECUREAUTHENTICATIONCopyright2018byESET,spol.
sr.
o.
ESETSecureAuthenticationwasdevelopedbyESET,spol.
sr.
o.
Formoreinformationvisitwww.
eset.
com.
Allrightsreserved.
Nopartofthisdocumentationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwisewithoutpermissioninwritingfromtheauthor.
ESET,spol.
sr.
o.
reservestherighttochangeanyofthedescribedapplicationsoftwarewithoutpriornotice.
CustomerCare:www.
eset.
com/supportREV.
9/4/2018Contents4Introduction1.
5IntegrationOverview2.
6Configuration3.
7AuthenticationAPI4.
7Step1:Start2-FactorAuthentication4.
17Request4.
1.
17Response4.
1.
28Step2:Authenticate4.
28Request4.
2.
18Response4.
2.
29UserManagementAPI5.
9GetUserProfile5.
19Request5.
1.
19Response5.
1.
210Unlock5.
210Request5.
2.
110Response5.
2.
211Deprovision5.
311Request5.
3.
111Response5.
3.
211ProvisionMobileApplication5.
411Request5.
4.
112Response5.
4.
212ProvisionTextMessage5.
512Request5.
5.
112Response5.
5.
213ErrorHandling6.
13APIErrors6.
113HTTPErrors6.
241.
IntroductionInmostweb-basedapplications,usersareauthenticatedbeforebeinggrantedaccesstoprotectedresources.
Byaskingforanadditionalauthenticationfactorduringthelogonprocess,suchapplicationsgainanadditionallayerofsecurity.
TheESETSecureAuthenticationAPIisaREST-basedwebservicethatcanbeusedtoeasilyaddtwo-factorauthentication(2FA)toexistingapplications.
ThefullAPIdocumentationfordevelopersisavailableonthesameURLaddressasESAWebConsole,butfollowedby"/apidoc"withoutquotationmarks.
Forexample,iftheESAWebConsoleisavailableathttps://120.
0.
0.
1:8001/,theAPIdocumentationisavailableathttps://127.
0.
0.
1:8001/apidoc52.
IntegrationOverviewTheAPIconsistsoftwoendpoints:1.
TheAuthAPI,formerAuthenticationAPI,foradding2FAtoexistingapplications.
2.
TheUserManagementAPI,formanaging2FAusers.
TheAPIoperatesusingmethodswhicharecalledbyPOSTingJSON-formattedtexttotherelevantAPIURLs.
AllresponsesarealsoencodedasJSON-formattedtextcontainingthemethodresultandanyapplicableerrormessages.
TheAPIisavailableonallserverswheretheAuthenticationCorecomponentisinstalledandrunsoverthesecureHTTPSprotocolonport8001,unlessyouchangedtheportduringinstallationofAuthenticationServer.
TheAPIisasubcomponentofthestandardESAAuthenticationService.
Assuch,afunctionalESAinstallationisprerequisitetousingtheAPI.
TheauthenticationAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andtheManagementAPIisavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/v2/.
BothendpointsareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsbeforeprocessinganyrequest.
63.
ConfigurationTheAPIisdisabledbydefaultandmustbeenabledbeforeuse.
EachsetofAPIcredentialscanbeenabledfortheAuthAPI,theUserManagementAPIorbothendpoints.
Onceenabled,APIcredentialsmustbecreatedtoauthorizerequests:EnablingAPIandconfiguringAPIcredentialsinESAWebConsole1.
LaunchtheESETSecureAuthenticationWebConsoleandnavigatetotheSettings>APICredentials.
2.
SelecttheEnabledcheckbox.
Savethechanges.
3.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
4.
Enterthedesiredname,selecttheAuthAPIorManagementAPIcheckboxorboth.
ClickSave.
5.
TheaccountIDandpassworddisplays.
Besuretosavethepasswordsecurely,itcannotbedisplayedagain.
EnablingAPIandconfiguringAPIcredentialsinMMCConsole1.
LaunchtheESETSecureAuthenticationManagementConsoleandnavigatetotheAdvancedSettingsnodeforyourdomain.
2.
ExpandtheAPIsectionandchecktheAPIisenabledcheckbox.
Savethechanges.
3.
OpenthestandardWindowsServicesConsoleandrestarttheESETSecureAuthenticationCoreserviceforthechangetotakeeffect.
4.
NavigatetothenewlyvisibleAPICredentialsnodeforyourdomain.
5.
ClicktheAddCredentialsactiontocreateanewsetofcredentials.
6.
Double-clickonthenewlycreatedcredentialstogettheusernameandpasswordthataretobeusedforAPIauthentication.
7.
ChecktheEnabledforAuthAPIcheckbox,theEnabledforUserManagementAPIcheckboxorboth.
ManysetsofAPIcredentialsmaybecreated.
Itisrecommendedtocreatedifferentsetsforeachapplicationbeingprotected,aswellasfortesting.
IftheAPIisenabled,allserverswiththeAuthenticationServercomponentinstalledwillrespondtoauthorizedAPIrequestsaftertheyarerestarted.
ThereisnoneedtorestarttheESACoreservicewhencredentialsarecreatedordeleted.
74.
AuthenticationAPIAllAuthAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/auth/v2/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheAuthenticationAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
4.
1Step1:Start2-FactorAuthenticationAssoonastheexistingapplicationhasverifiedauser'susernameandpassword,theStartTwoFactorAuthenticationmethodmustbecalledinordertodeterminewhethertwo-factorauthenticationhasbeenenabledfortheuser.
Ifrequired,apushnotificationorSMSOTPwillautomaticallybesenttotheuseratthistime.
4.
1.
1RequestTobeginthe2FAprocess,makeanHTTPPOSTrequesttothefollowingURI:auth/v2/StartTwoFactorAuthenticationThefollowingJSONstringmustbeposted:{"username":"USERNAME"}Incaseofadomainuser,theusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticated.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
4.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"expected_otp":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplay"ERROR_NONE".
PleaseseetheErrorHandlingsectionforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveafriendlydescriptionoftheerror,ifapplicable.
8Theexpected_otpfieldisanarrayandspecifiestheOTP(One-timepassword)typesthatcanbeexpectedfromtheuser.
ThisvaluecanassistwithUIcreation,forexample,itwillindicateiftheusershouldexpectanSMSornot.
IfthearrayisemptythennoOTPisrequired(i.
e.
2FAisnotenabled)andtheusershouldbeloggedinimmediately.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasalreadyinstalledtheESAapplicationontheirmobilephoneandshouldgenerateanOTPusingtheapplication.
·SMS–theuserhasnotinstalledtheapplicationandhasbeensentanSMSwithanOTP.
·HARD_TOKEN–theuserhasbeenassignedahardtokenandshouldgenerateanOTPusingthedevice.
4.
2Step2:Authenticate4.
2.
1RequestToauthenticateauser,makeanHTTPPOSTrequesttothefollowingURI:/auth/v1/authenticateThefollowingJSONstringmustbeposted:{"username":"USERNAME","otp":"123456"}TheusernamefieldisastringwiththesamAccountNameoftheusertobeauthenticatedandtheotpfieldastringwiththeOTPenteredbytheuser.
4.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"authenticated":true,"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheauthenticatedfieldisaBooleanthatspecifieswhetherthesuppliedOTPisvalid.
Iftheauthenticatedvalueistrue,theuser'sOTPhasbeensuccessfullyvalidatedandtheusershouldbeloggedin.
95.
UserManagementAPIAllUserManagementAPImethodsareavailableonURLsoftheformhttps://127.
0.
0.
1:8001/manage/users/v1/andareprotectedfromunauthorizedaccessviastandardHTTPBasicAuthentication,requiringavalidsetofAPICredentialsthatareenabledfortheUserManagementAPIbeforeprocessinganyrequest.
TheContent-Typeheadermustbesettoapplication/jsonforeachrequest.
TheESETSecureAuthenticationinstallerautomaticallyusesanappropriateSSLsecuritycertificateinstalledonthemachine,orgeneratesanewself-signedcertificateifanothercannotbefound.
ReplacingtheSSLcertificateiscoveredintheESAAPISSLCertificatereplacementdocument.
5.
1GetUserProfileThismethodreturns2FAinformationaboutauseraccount.
5.
1.
1RequestTogetthe2FAprofileofauser,makeanHTTPGETrequesttothefollowingURI:/manage/users/v1/profile/USERNAMEWhereUSERNAMEisastringwiththesamAccountNameoftheusertofetchtheprofileof.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
TheusernamemustbeURL-encoded.
5.
1.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"username":"USERNAME","mobile_number":"2700000","is_locked":false,"last_success":"2014-01-01T00:00:00","last_failure":null,"consecutive_failures":0,"credential_type":["APP","SMS"],"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
TheusernamefieldisaStringcontainingthesamAccountNameoftheuser.
Themobile_numberfieldisaStringcontainingthemobilenumberoftheuser.
Theis_lockedfieldisaBooleanthatspecifiesiftheuserhasbeenlockedfor2FAduetotoomanyfailedauthenticationattempts.
10Thelast_successfieldisaDatethatspecifiesthelasttimethattheuserperformedasuccessfulauthentication.
Thisfieldcanbenull.
Thelast_failurefieldisaDatethatspecifiesthelasttimethattheuserperformedafailedauthentication.
Thisfieldcanbenull.
Theconsecutive_failuresfieldisanIntegerthatspecifiesthethenumberofconsecutivefailedauthenticationattemptsperformedbytheuser.
Thecredential_typefieldisanarrayandspecifiestheOTP(One-timepassword)typesthathavebeenenabledfortheuser.
ThefollowingOTPtypescanbeincludedinthearray:·APP–theuserhasbeenenabledfortheESAMobileApp.
·SMS–theuserhasbeenenabledforSMSOTPs.
·HARD_TOKEN–theuserhasbeenenabledforhardtokenOTPs.
5.
2UnlockThismethodwillunlockthe2FAaccessofauser.
ItwillnotunlockanaccountlockedbyActiveDirectory.
5.
2.
1RequestTounlockauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/unlockThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertounlock.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
2.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
115.
3DeprovisionThismethodwilldisable2FAforauser.
5.
3.
1RequestTodisable2FAforauser,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/deprovisionThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertodisable2FAfor.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
3.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
5.
4ProvisionMobileApplicationThismethodwillenableauserforMobileApplicationOTPs.
AtextmessagewiththeinstallationURLforthemobileapplicationwillbesenttotheuser.
5.
4.
1RequestToprovisionauserfortheMobileApplication,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisionmobileappThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
125.
4.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Seebelowforanexampleofastandardresponse:{"installation_url":"http://.
.
.
","error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
Theinstallation_urlfieldisaStringthatcontainstheinstallationURLfortheMobileApplication.
5.
5ProvisionTextMessageThismethodwillenableauserfortextmessageOTPs.
5.
5.
1RequestToprovisionauserforthetextmessageOTPs,makeanHTTPPOSTrequesttothefollowingURI:/manage/users/v1/provisiontextmessageThefollowingJSONstringmustbeposted:{"username":"USERNAME"}TheusernamefieldisastringwiththesamAccountNameoftheusertoprovision.
ItisveryimportantthatthecorrectusernamebesenttotheAPI:thesamAccountNameistheuser'snormallogonnameinActiveDirectory.
5.
5.
2ResponseAlltypicalresponseswillbereturnedwitha200(OK)HTTPstatuscode,eveniftherequestedactionfailed.
TheresponsewillbeaJSONstring.
Theresponsewillonlycontainapossibleerrorcodeandmessage,withoutanyotherdata.
Seebelowforanexampleofastandardresponse:{"error":"ERROR_NONE","error_message":""}Ifnoerrorhasoccurred,thentheerrorfieldwilldisplayERROR_NONE.
PleaseseetheErrorHandlingsectionofthisguideforadescriptionofpossibleerrorcodes.
Theerror_messagefieldwillgiveadescriptionoftheerrorifanerrorhasoccurred.
136.
ErrorHandling6.
1APIErrorsAllAPIerrorswillbereturnedasaresponsewithanHTTP200(OK)statuscode.
TheerrorfieldintheJSONresponsewillindicatetheerrorcode,whichisaliteralstringvalue.
Thefollowingerrorcodesaredefined:·ERROR_NONE:Noerrorhasoccurred·ERROR_USER_NOT_FOUND:Thesuppliedusernamedoesnotexistinthesystem·ERROR_FAULT:AnunspecifiederrorhasoccurredInadditiontotheerrorfield,anerror_messageisalsoprovidedwithafriendlydescriptionoftheerror.
Onlytheerrorfieldshouldbeusedtodetermineerrorconditionsastheerror_messagefieldisonlyinformationalandissubjecttochangewithoutnotice.
6.
2HTTPErrorsAllHTTPerrorswillbereturnedasresponseswithanemptybodyandanHTTPstatuscodeotherthanthenormal200(OK).
ThefollowingerroneousHTTPstatuscodecanbereturned:·HTTP500(InternalServerError):TheAPIserviceexperiencedanunknown,fatalerror·HTTP400(BadRequest):Theformatofthe"Authorization"headerintheHTTPrequestisinvalid·HTTP401(Unauthorized):NoAPIcredentialsweresuppliedwiththeHTTPrequest·HTTP403(Forbidden):CredentialssuppliedwiththeHTTPrequestareinvalid.
digital-vm$80/月,最高10GDigital-VM1Gbps带宽带宽
digital-vm在日本东京机房当前提供1Gbps带宽、2Gbps带宽、10Gbps带宽接入的独立服务器,每个月自带10T免费流量,一个独立IPv4。支持额外购买流量:20T-$30/月、50T-$150/月、100T-$270美元/月;也支持额外购买IPv4,/29-$5/月、/28-$13/月。独立从下单开始一般24小时内可以上架。官方网站:https://digital-vm.com/de...
HostSlim,双E5-2620v2/4x 1TB SATA大硬盘,荷兰服务器60美元月
hostslim美国独立日活动正在进行中,针对一款大硬盘荷兰专用服务器:双E5-2620v2/4x 1TB SATA硬盘,活动价60美元月。HostSlim荷兰服务器允许大人内容,不过只支持电汇、信用卡和比特币付款,商家支持7天内退款保证,有需要欧洲服务器的可以入手试试,记得注册的时候选择中国,这样不用交20%的税。hostslim怎么样?HostSlim是一家成立于2008年的荷兰托管服务器商,...
HostWebis:美国/法国便宜服务器,100Mbps不限流量,高配置大硬盘,$44/月起
hostwebis怎么样?hostwebis昨天在webhosting发布了几款美国高配置大硬盘机器,但报价需要联系客服。看了下该商家的其它产品,发现几款美国服务器、法国服务器还比较实惠,100Mbps不限流量,高配置大硬盘,$44/月起,有兴趣的可以关注一下。HostWebis是一家国外主机品牌,官网宣称1998年就成立了,根据目标市场的不同,以不同品牌名称提供网络托管服务。2003年,通过与W...
eset用户名为你推荐
-
google地球打不开google地球无法打开怎么办阿里云系统阿里云系统怎么样好用吗?邮箱打不开怎么办我的邮箱打不开怎么办bluestacksBlueStacks是什么?在PC上畅玩Android 45万款应用童之磊华硕的四核平板电脑,怎么样?奇虎论坛奇虎论坛最新推荐歌曲列表·创维云电视功能什么是创维云电视啊?创维云电视是什么意思?ios系统苹果手机的系统是什么?安全漏洞什么是安全漏洞攻击??怎么上传音乐如何将电脑上的音乐传到MP3上