--- title: Create MFA User Device (WhatsApp) description: This example adds WhatsApp as an MFA method for the specified user: component: pingone-api page_id: pingone-api:mfa:users/mfa-devices/create_mfa_user_device_whatsapp canonical_url: https://developer.pingidentity.com/pingone-api/mfa/users/mfa-devices/create_mfa_user_device_whatsapp.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create MFA User Device (WhatsApp) ## ```none POST {{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices ``` This example adds WhatsApp as an MFA method for the specified user: `POST {{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices` The `type` field is set to WHATSAPP and the user's telephone number is provided for `phone`. The value of `policy.id` is the ID of an existing MFA policy that includes WhatsApp as an allowed authentication method. The phone number must be provided in international format (includes a leading + character), for example, +14155552671. Always include the country code in the value you provide for the `phone` parameter. You can use any of the following formats: ```none +1.5125551234 +15125551234 +1.512.555.1234 +1 (512) 555-1234 ``` The `status` parameter is optional. Use cases: 1. If the actor makes the request on behalf of another user, the value assigned to `status` can be one of: * `ACTIVE` (default, if not provided): The device is pre-paired for the user. The user is not required to activate the device before performing the first authentication. * `ACTIVATION_REQUIRED`: The user must activate the device before performing the first authentication. 2. If the actor making the request is the user for whom the device is being created, the status can only be `ACTIVATION_REQUIRED` (default, if not provided). In this case, the user is required to activate the device before performing the first authentication. If the status is `ACTIVATION_REQUIRED`, you can use the `notification` property during device creation to create a custom device pairing notification. This is only applicable with SMS, Voice, Email, and WhatsApp devices. This property is not returned with `GET` operations and cannot be used with `PUT` operations. For more information, refer to [Custom device pairing notification with device creation](#mfa-devices-custom-device-pairing-notification-with-device-creation). | | | | - | ---------------------------------------------------------------------------------------------------- | | | An actor making a self-request must have an access token that includes the `p1:create:device` scope. | ### Prerequisites * Refer to [MFA Devices](#mfa-devices) for important overview information. > **Collapse: Request Model** > > | Property | Type | Required? | > | ----------- | ------ | --------- | > | `type` | String | Required | > | `phone` | String | Required | > | `policy.id` | String | Required | > > Refer to the [Device properties](#device-properties) data models for full property descriptions. ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "type": "WHATSAPP", "phone": "+1.5125551234", "policy": { "id": "{{deviceAuthenticationPolicyID}}" } } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "type": "WHATSAPP", "phone": "+1.5125551234", "policy": { "id": "{{deviceAuthenticationPolicyID}}" } }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""type"": ""WHATSAPP""," + "\n" + @" ""phone"": ""+1.5125551234""," + "\n" + @" ""policy"": {" + "\n" + @" ""id"": ""{{deviceAuthenticationPolicyID}}""" + "\n" + @" }" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices" method := "POST" payload := strings.NewReader(`{ "type": "WHATSAPP", "phone": "+1.5125551234", "policy": { "id": "{{deviceAuthenticationPolicyID}}" } }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/users/{{userID}}/devices HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "type": "WHATSAPP", "phone": "+1.5125551234", "policy": { "id": "{{deviceAuthenticationPolicyID}}" } } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"type\": \"WHATSAPP\",\n \"phone\": \"+1.5125551234\",\n \"policy\": {\n \"id\": \"{{deviceAuthenticationPolicyID}}\"\n }\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "type": "WHATSAPP", "phone": "+1.5125551234", "policy": { "id": "{{deviceAuthenticationPolicyID}}" } }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "type": "WHATSAPP", "phone": "+1.5125551234", "policy": { "id": "{{deviceAuthenticationPolicyID}}" } }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices" payload = json.dumps({ "type": "WHATSAPP", "phone": "+1.5125551234", "policy": { "id": "{{deviceAuthenticationPolicyID}}" } }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "type": "WHATSAPP",\n "phone": "+1.5125551234",\n "policy": {\n "id": "{{deviceAuthenticationPolicyID}}"\n }\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "type": "WHATSAPP", "phone": "+1.5125551234", "policy": { "id": "{{deviceAuthenticationPolicyID}}" } }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"type\": \"WHATSAPP\",\n \"phone\": \"+1.5125551234\",\n \"policy\": {\n \"id\": \"{{deviceAuthenticationPolicyID}}\"\n }\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/b30ac647-e33e-464f-a6ea-0275082d4c26/devices/cd44c285-2375-4c17-9c54-47dea4438e11" }, "environment": { "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "user": { "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/b30ac647-e33e-464f-a6ea-0275082d4c26" } }, "id": "cd44c285-2375-4c17-9c54-47dea4438e11", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "user": { "id": "b30ac647-e33e-464f-a6ea-0275082d4c26" }, "type": "WHATSAPP", "status": "ACTIVE", "createdAt": "2024-11-21T11:20:18.259Z", "updatedAt": "2024-11-21T11:20:18.259Z", "phone": "+1.5125551234" } ```