Authorize SMS OTP Transaction Signing
Authentication function that verify username, SMS OTP combination and details parameter against the details when requesting SMS Transaction Signing OTP. User has to request a SMS Transaction Signing OTP before call this function. SMS will be send to the relative user out of band.
Below is the URL to access the API functions:
POST /v2/CentagateWS/webresources/trans/authoriseSmsTrans/{username}Parameters
| No | Parameters | Occurence | Descriptions |
|---|---|---|---|
| 1 | username | Required | Registered Username in CENTAGATE Cloud |
| 2 | transactionId | Required | User's Transaction ID |
| 3 | details | Required | User's Transaction Details |
| 4 | smsOtp | Required | User's SMS OTP |
| 5 | authToken | Required | Previous Generated Auth Token |
| 6 | IntegrationKey | Required | Integration Key from the App that the user wants to authenticate |
| 7 | unixTimeStamp | Required | Current Time in UnixTimeStamp |
| 8 | SupportFido | Optional | FIDO Authentication Option, Pass True To Enable And False To Disable. Or Leave It Empty |
| 9 | IpAddress | Optional | IP Address From Where The Authentication Request Is Originated. |
| 10 | userAgent | Optional | IP Address From Where The Authentication Request Is Originated. |
| 11 | browserFp | Optional | Browser Fingerprint |
| 12 | hmac | Required | Hmac Generated From Combination (Username + TransactionId + Details + SmsOtp + AuthToken + UserAgent + IntegrationKey + SupportFido + BrowserFp + UnixTimeStamp + IpAddress) Using Secretkey (Can Be Obtained From The App Page) As The key |
Sample Code
As in below there are some examples of source code of access the API functions:
Java
public static void main(String[] args) {
ClientConfig config = new DefaultClientConfig ();
Client client = Client.create ( config );
WebResource service = client.resource ("https://<domain_name>/v2/CentagateWS/webresources");
Gson gson = new Gson();
String hmac = convertHmacSha256("secretkey","username" + "details" + "transactionId" + "smsOtp" + "authToken" + "integrationKey" + "unixTimestamp" + "supportFido" + "ipAddress" + "userAgent" + "browserFp");
HashMap<String, String> map = new HashMap<String, String>();
map.put("username", "username");
map.put("details", "details");
map.put("transactionId", "transactionId");
map.put("smsOtp", "smsOtp");
map.put("authToken", "authToken");
map.put("integrationKey", "integrationKey");
map.put("unixTimestamp", "unixTimeStamp");
map.put("ipAddress", "ipAddress");
map.put("userAgent", "userAgent");
map.put("browserFp", "browserFp");
map.put("supportFido", "supportFido");
map.put("hmac", hmac);
ClientResponse response = service.path ("trans").path("authoriseSmsTrans").path("username").accept(MediaType.APPLICATION_JSON).post(ClientResponse.class, gson.toJson(map));
String retJson = response.getEntity(String.class);
HashMap<String, Object> returnData = (HashMap<String, Object>) gson.fromJson(retJson, HashMap.class);
String code = returnData.get("code").toString();
String message = returnData.get("message").toString();
String object = returnData.get("object").toString();
}
public static String convertHmacSha256(String secretKey, String params) throws NoSuchAlgorithmException,
InvalidKeyException,IllegalStateException, SignatureException, NoSuchProviderException, Exception
{
try
{
final SecretKeySpec secret_key = new SecretKeySpec ( StringUtils.getBytesUtf8 ( secretKey ) , "HmacSHA256" );
final Mac mac = Mac.getInstance ( "HmacSHA256" );
mac.init ( secret_key );
final byte[] bytes = mac.doFinal ( StringUtils.getBytesUtf8 ( params ) );
return Hex.encodeHexString ( bytes );
}
catch ( NoSuchAlgorithmException e )
{
throw new NoSuchAlgorithmException ( e );
}
catch ( InvalidKeyException e )
{
throw new InvalidKeyException ( e );
}
catch ( IllegalStateException e )
{
throw new IllegalStateException ( e );
}
catch ( Exception e )
{
throw new Exception ( e );
}
}Node Js
const https = require('https')
var crypto = require('crypto');
var username = "<username>";
var details = "<details>";
var transactionId = "<transactionId>";
var smsOtp = "<smsOtp>";
var integrationKey = "<integration key>";
var time = Math.round((new Date()).getTime() / 1000);
var unixTimestamp = time.toString();
var authToken = "<authToken>";
var supportFido = "<supportFido>";
var ipAddress = "<ipAddress>";
var userAgent = "<userAgent>";
var browserFp = "<browserFp>";
var secretKey = "<secretKey>";
var hmacText = username + details + transactionId + smsOtp + authToken + integrationKey + unixTimestamp + supportFido + ipAddress + userAgent + browserFp;
var hash, hmac;
/* generate hmac value*/
hmac = crypto.createHmac(sha256, secretKey);
hmac.write(hmacText);
hmac.end();
hash = hmac.read().toString('hex');
const data = JSON.stringify({
username: username,
details: details,
transactionId: transactionId,
smsOtp: smsOtp,
authToken: authToken,
integrationKey: integrationKey,
unixTimestamp: unixTimestamp,
ipAddress: ipAddress,
supportFido: supportFido,
userAgent: userAgent,
browserFp: browserFp,
hmac: hash
})
const options = {
hostname: "<domain_name>",
port: 443,
path:'/v2/CentagateWS/webresources/trans/authoriseSmsTrans/'+username,
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
}
}
const req = https.request(options, res =>{
console.log(`HTTP Status Code: ${res.statusCode}`)
var body = '';
res.on('data', function(d){
body += d;
var parsed = JSON.parse(body);
if (parsed.code == 0){
console.log('Authentication Succeed');
console.log('Response:');
console.log(body);
}
else {
console.log('Authentication Fail, ' +'Message:' + parsed.message);
console.log('Code:' + parsed.code);
}
})
})
req.on('ERROR', error => {
console.error(error)
})
req.write(data)
req.end()PHP
<?php
$username ="<username>";
$url = 'https://<domain_name>/v2/CentagateWS/webresources/trans/authoriseSmsTrans/'.$username;
$ch = curl_init($url);
$secretKey = "<secretkey>";
$details = "<details>";
$transactionId = "<transactionId>";
$smsOtp = "<smsOtp>";
$integrationKey = "<integrationkey>";
$time = time(); // get current timestamp
$unixTimestamp = strval($time); //convert timestamp to String
$authToken = "<authToken>";
$supportFido = "<supportFido>";
$ipAddress = "<ipAddress>";
$userAgent = "<userAgent>";
$browserFp = "<browserFp>";
$hmac_text = $username.$details.$transactionId.$smsOtp.$authToken.$integrationKey.$unixTimestamp.$supportFido.$ipAddress.$userAgent.$browserFp;
$hmac = hash_hmac('sha256', $hmac_text, $secretKey); // calculate hmac value
$jsonData = array (
'username'=> $username,
'details'=> $details,
'transactionId'=> $transactionId,
'smsOtp'=> $smsOtp,
'authToken'=> $authToken,
'integrationKey'=> $integrationKey,
'unixTimestamp'=> $unixTimestamp,
'supportFido'=> $supportFido,
'ipAddress'=> $ipAddress,
'userAgent'=> $userAgent,
'browserFp'=> $browserFp,
'hmac' => $hmac
);
$jsonDataEncoded = json_encode($jsonData);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json','Content-Type: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$obj = json_decode($result);
if ($obj->{'code'} != 0){
print "Authentication fail";
print "Message: ".$obj->{'message'};
echo " <br>";
print "Code: ".$obj->{'code'};
}
else {
print "Authentication succeed";
echo " <br>";
print "Message: ".$obj->{'message'};
echo " <br>";
print "Code: ".$obj->{'code'};
echo " <br>";
print "Result:" ;
echo " <br>";
print $result;
}
curl_close($ch);
?>