PingDirectory API Reference

Deregister YubiKey OTP Device

The deregister YubiKey OTP device extended operation can be used to remove a YubiKey device from a user’s account so that the user may no longer use that device to authenticate. This operation is heavily based on the DeregisterYubiKeyOTPDeviceExtendedRequest class in the LDAP SDK.

The request body is a JSON object with the following fields:

  • staticPassword

    An optional string field whose value is the static password for the user. If this is provided, then the POST request will not require an Authorization header, as the request will be authorized as the end user. If this is absent, then the request must have an Authorization header, and its associated identity will be used to authorize the request.

  • otp

    A mandatory string field whose value is a one-time password generated by the YubiKey device to be deregistered from the user’s account.

The response body is a JSON object with the following fields:

  • resultCode

    A mandatory JSON object that contains the following fields:

    • value — The integer value for the LDAP result code. This is required.

    • name — A name for the LDAP result code. This is optional but recommended.

  • diagnosticMessage

    An optional string field that holds a human-readable message with additional information about the operation.