authenticators self
| API Support | Available since | Last updated | Output |
|---|---|---|---|
| 6.2000 | 6.2000 | xml, json |
Description
Create an authenticator for the signed-in member.
The type parameter allows these values provided they are included in the mfaSupport global property:
email-otpfor One-Time Passwords sent by emailsms-otpfor One-Time Passwords sent by emailtotpfor authenticator apps using a Time-based One-Time Password (TOTP) algorithmwebauthnfor security keys, external devices and built-in authenticators like fingerprint scannersrecoveryfor a batch of 10 single-use backup codes
There are limits on the number of authenticators that each member can have:
- 10 Webauthn authenticators
- 3 TOTP authenticators
- 1 for any of type of authenticators
The phone number is required for sms-otp authenticators and it should use the E164 format including the country code.
The name parameter is optional and can be used in place of the default one.
The email address is optional and can be used as an alternative email address to the one the member is registered to. By the default the email-otp authenticator uses the current email address of the member.
The digits parameter lets you set the length of the code for TOTP authenticator apps. Supported values are 6, 7 and 8.
The algorithm parameter lets you set the algorithm to use for TOTP authenticator apps. Supported values are sha1, sha256 and sha512 .
Beware that many authenticator apps only support the defaults from the TOTP algorithm.
The returned XML is as follows:
<authenticator-creation>
<authenticator id="[id]"
public-id="[public id]"
name="[name]"
type="[type]"
member="[member id]"
verified="[true|false]"
created="[created date]"
[last-used="date last used for authentication"]
[data="data"] />
</authenticator-creation>
Parameters
| Name | Description | Required | Type | Default value |
|---|---|---|---|---|
| algorithm | The algorithm to use for totp authenticators | no | string | sha1 |
| attachment | How webauthn is attached (can be 'platform' or 'cross-platform') | no | enum | |
| digits | The number of digits of the totp authenticator | no | string | 6 |
The email address for the email-otp type | conditional | string | ||
| hints | Comma-separated list of webauthn hints (can include 'security-key', 'client-device', 'hybrid') | no | string | |
| name | The name of the authenticator | conditional | string | |
| phone | The phone number for the sms-otp type, required if type is sms-otp | conditional | string | |
| type | The type of authenticator to create | yes | string |
Permission
Only the member themselves can invoke this service.
Response
The returned XML is as follows:
<authenticator-creation>
<authenticator id="[id]"
public-id="[public id]"
name="[name]"
type="[type]"
member="[member id]"
verified="[true|false]"
created="[created date]"
[last-used="date last used for authentication"]
[data="data"] />
</authenticator-creation>
Error handling
No specific errors expected for this generator.