PingOne Platform APIs

Validate OTP for Device

POST {{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}

The multi-factor authentication flow uses a one-time passcode (OTP) sent to the user’s device to continue the flow. The user receives the OTP on a specified device and submits it as a step in the authentication process.

The following sample shows the POST /{{envID}}/deviceAuthentications/{{deviceAuthID}} operation to validate the OTP. This operation uses the application/vnd.pingidentity.otp.check+json custom media type as the content type in the request header, and the request body specifies the OTP value sent to the user’s device.

Prerequisites

Request Model
Property Type Required?

otp

String

Required

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/vnd.pingidentity.otp.check+json

Body

raw ( application/vnd.pingidentity.otp.check+json )

{
    "otp": "555555"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}' \
--header 'Content-Type: application/vnd.pingidentity.otp.check+json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "otp": "555555"
}'
var options = new RestClientOptions("{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/vnd.pingidentity.otp.check+json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""otp"": ""555555""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}"
  method := "POST"

  payload := strings.NewReader(`{
    "otp": "555555"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/vnd.pingidentity.otp.check+json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /{{envID}}/deviceAuthentications/{{deviceAuthID}} HTTP/1.1
Host: {{authPath}}
Content-Type: application/vnd.pingidentity.otp.check+json
Authorization: Bearer {{accessToken}}

{
    "otp": "555555"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/vnd.pingidentity.otp.check+json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"otp\": \"555555\"\n}");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}")
  .method("POST", body)
  .addHeader("Content-Type", "application/vnd.pingidentity.otp.check+json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/vnd.pingidentity.otp.check+json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "otp": "555555"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}',
  'headers': {
    'Content-Type': 'application/vnd.pingidentity.otp.check+json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "otp": "555555"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}"

payload = json.dumps({
  "otp": "555555"
})
headers = {
  'Content-Type': 'application/vnd.pingidentity.otp.check+json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/vnd.pingidentity.otp.check+json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "otp": "555555"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/vnd.pingidentity.otp.check+json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "otp": "555555"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"otp\": \"555555\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/deviceAuthentications/{{deviceAuthID}}")!,timeoutInterval: Double.infinity)
request.addValue("application/vnd.pingidentity.otp.check+json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

200 OK

{
    "_links": {
        "self": {
            "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/deviceAuthentications/03e1897e-33b0-40b9-b54e-68236769b1fa"
        }
    },
    "_embedded": {
        "devices": [
            {
                "id": "ea055ca3-2b5b-4766-9628-95fc03f4ec9b",
                "type": "EMAIL",
                "status": "ACTIVE",
                "email": "j****@pingidentity.com"
            }
        ]
    },
    "id": "03e1897e-33b0-40b9-b54e-68236769b1fa",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "status": "COMPLETED",
    "policy": {
        "id": "9761c24a-208d-0499-1bf6-39905184a4e1"
    },
    "selectedDevice": {
        "id": "ea055ca3-2b5b-4766-9628-95fc03f4ec9b"
    },
    "user": {
        "id": "788d4931-6936-43f2-82ff-178f5762298a"
    },
    "authenticators": [
        "mfa",
        "email"
    ],
    "createdAt": "2021-11-16T19:35:54.554Z",
    "updatedAt": "2021-11-16T19:40:59.396Z"
}