PingOne Platform APIs

Activate MFA User Device (FIDO2)

   

POST {{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}

Devices with a status of ACTIVATION_REQUIRED are activated with a valid attestation and origin. The attestation is generated by the browser as a response to a user action, such as a fingerprint or clicks on the security key.

The sample shows the POST {{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}} operation to activate the device specified in the request URL. This operation uses the application/vnd.pingidentity.device.activate+json custom content type in the request header to specify the activation action.

The attestation property passes in the attestation JSON from the browser. The JSON looks like this:

"{\"id\":\"ARacmDOuRE7DJV6L7w\",
\"type\":\"public-key\",
\"rawId\":\"ARacmDOuRE7DJV6L7w=\",
\"response\":
{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\", \"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"}
,
\"clientExtensionResults\":{}}"

When the activation action is completed successfully, the response returns a 200 OK message and the device status property is changed to ACTIVE.

Request Model
Property Type Required?

attestation

String

Read-only

origin

String

Read-only

block.status

String

Optional

block.blockedAt

Date

Optional

lock.status

String

Optional

lock.expiresAt

Date

Optional

policy.id

String

Optional

policy.type

String

Optional

nickname

String

Optional

Refer to the Device properties and FIDO2 devices data models for full property descriptions.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/vnd.pingidentity.device.activate+json

Body

raw ( application/vnd.pingidentity.device.activate+json )

{
    "origin": "https://app.pingone.com",
    "attestation": "{\"id\":\"ARacmDOuRE7DJV6L7w\",\"type\":\"public-key\",\"rawId\":\"ARacmDOuRE7DJV6L7w=\",\"response\":{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"},\"clientExtensionResults\":{}}"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}' \
--header 'Content-Type: application/vnd.pingidentity.device.activate+json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "origin": "https://app.pingone.com",
    "attestation": "{\"id\":\"ARacmDOuRE7DJV6L7w\",\"type\":\"public-key\",\"rawId\":\"ARacmDOuRE7DJV6L7w=\",\"response\":{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"},\"clientExtensionResults\":{}}"
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/vnd.pingidentity.device.activate+json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""origin"": ""https://app.pingone.com""," + "\n" +
@"    ""attestation"": ""{\""id\"":\""ARacmDOuRE7DJV6L7w\"",\""type\"":\""public-key\"",\""rawId\"":\""ARacmDOuRE7DJV6L7w=\"",\""response\"":{\""clientDataJSON\"":\""eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\"",\""attestationObject\"":\""o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\""},\""clientExtensionResults\"":{}}""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}"
  method := "POST"

  payload := strings.NewReader(`{
    "origin": "https://app.pingone.com",
    "attestation": "{\"id\":\"ARacmDOuRE7DJV6L7w\",\"type\":\"public-key\",\"rawId\":\"ARacmDOuRE7DJV6L7w=\",\"response\":{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"},\"clientExtensionResults\":{}}"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/vnd.pingidentity.device.activate+json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/users/{{userID}}/devices/{{deviceID}} HTTP/1.1
Host: {{apiPath}}
Content-Type: application/vnd.pingidentity.device.activate+json
Authorization: Bearer {{accessToken}}

{
    "origin": "https://app.pingone.com",
    "attestation": "{\"id\":\"ARacmDOuRE7DJV6L7w\",\"type\":\"public-key\",\"rawId\":\"ARacmDOuRE7DJV6L7w=\",\"response\":{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"},\"clientExtensionResults\":{}}"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/vnd.pingidentity.device.activate+json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"origin\": \"https://app.pingone.com\",\n    \"attestation\": \"{\\\"id\\\":\\\"ARacmDOuRE7DJV6L7w\\\",\\\"type\\\":\\\"public-key\\\",\\\"rawId\\\":\\\"ARacmDOuRE7DJV6L7w=\\\",\\\"response\\\":{\\\"clientDataJSON\\\":\\\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\\\",\\\"attestationObject\\\":\\\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\\\"},\\\"clientExtensionResults\\\":{}}\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}")
  .method("POST", body)
  .addHeader("Content-Type", "application/vnd.pingidentity.device.activate+json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/vnd.pingidentity.device.activate+json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "origin": "https://app.pingone.com",
    "attestation": "{\"id\":\"ARacmDOuRE7DJV6L7w\",\"type\":\"public-key\",\"rawId\":\"ARacmDOuRE7DJV6L7w=\",\"response\":{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"},\"clientExtensionResults\":{}}"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}',
  'headers': {
    'Content-Type': 'application/vnd.pingidentity.device.activate+json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "origin": "https://app.pingone.com",
    "attestation": "{\"id\":\"ARacmDOuRE7DJV6L7w\",\"type\":\"public-key\",\"rawId\":\"ARacmDOuRE7DJV6L7w=\",\"response\":{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"},\"clientExtensionResults\":{}}"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}"

payload = json.dumps({
  "origin": "https://app.pingone.com",
  "attestation": "{\"id\":\"ARacmDOuRE7DJV6L7w\",\"type\":\"public-key\",\"rawId\":\"ARacmDOuRE7DJV6L7w=\",\"response\":{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"},\"clientExtensionResults\":{}}"
})
headers = {
  'Content-Type': 'application/vnd.pingidentity.device.activate+json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/vnd.pingidentity.device.activate+json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "origin": "https://app.pingone.com",\n    "attestation": "{\\"id\\":\\"ARacmDOuRE7DJV6L7w\\",\\"type\\":\\"public-key\\",\\"rawId\\":\\"ARacmDOuRE7DJV6L7w=\\",\\"response\\":{\\"clientDataJSON\\":\\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\\",\\"attestationObject\\":\\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\\"},\\"clientExtensionResults\\":{}}"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/vnd.pingidentity.device.activate+json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "origin": "https://app.pingone.com",
  "attestation": "{\"id\":\"ARacmDOuRE7DJV6L7w\",\"type\":\"public-key\",\"rawId\":\"ARacmDOuRE7DJV6L7w=\",\"response\":{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"},\"clientExtensionResults\":{}}"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"origin\": \"https://app.pingone.com\",\n    \"attestation\": \"{\\\"id\\\":\\\"ARacmDOuRE7DJV6L7w\\\",\\\"type\\\":\\\"public-key\\\",\\\"rawId\\\":\\\"ARacmDOuRE7DJV6L7w=\\\",\\\"response\\\":{\\\"clientDataJSON\\\":\\\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\\\",\\\"attestationObject\\\":\\\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\\\"},\\\"clientExtensionResults\\\":{}}\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/users/{{userID}}/devices/{{deviceID}}")!,timeoutInterval: Double.infinity)
request.addValue("application/vnd.pingidentity.device.activate+json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()