PingDirectory API Reference

Generate TOTP Shared Secret

The generate TOTP shared secret extended operation is heavily based on the GenerateTOTPSharedSecretExtendedRequest class in the LDAP SDK. This operation causes the server to generate a TOTP shared secret for a user, stores it in that user’s entry, and returns it to the client so that it may be provided to an authenticator application that will generate the time-based one-time password.

The request body is a JSON object with the following field:

  • staticPassword

    An optional string field whose value is the static password for the user. If this is provided, then the POST request will not require an Authorization header, as the request will be authorized as the end user. If this is absent, then the request must have an Authorization header, and its associated identity will be used to authorize the request.

The response is created from the generate TOTP shared secret extended result, and its body is a JSON object with the following fields:

  • resultCode

    A mandatory JSON object that contains the following fields:

    • value — The integer value for the LDAP result code. This is required.

    • name — A name for the LDAP result code. This is optional but recommended.

  • diagnosticMessage

    An optional string field that holds a human-readable message with additional information about the operation.

  • totpSharedSecret

    An optional string field that holds the base32-encoded representation of the TOTP shared secret that was generated by the server. This is present if the generate TOTP shared secret operation completed successfully, and absent if the operation failed.