How to Register a User – Auth Armor

Endpoint: https://api.authanywhere.autharmor.com/v2/invite

Method: POST

Authenticator App

Users must have the Auth Armor authenticator app installed on their mobile device. The apps are located below:

iOS App Store: https://apps.apple.com/us/app/auth-armor-authenticator/id1502837764

Google Play Store: https://play.google.com/store/apps/details?id=com.autharmor.authenticator

QR Codes
After invite generation, a QR code can be displayed that the Auth Armor app can scan. Registration is fast, easy, and follows the same flow as TOTP registration to keep things familiar.

Using the Invite API

Using the API, make a POST request to generate an invite so you can register a user. The request requires a nickname for your user. This is used to make auth requests for this user and send push messages, etc.

Request Example:

xxxxxxxxxx

POST https://api.authanywhere.autharmor.com/v2/invite HTTP/1.1
Content-Type: application/json
Content-Length: [dynmaic]
Authorization: "Bearer [OauthTokenGoesHere]"
​
{
  "nickname": "username/email",
  "reference_id": "optional id of your choice"
}

Request Properties:

nickname - Required
A unique Nickname for your user to easily identify. You will use this value to send auth requests to this user. A Nickname can have whitespace, numbers, letter, symbols and punctuation. A nickname can not have control characters.
reference_id - Optional
An Optional value you can set to refer to later, such as an internal database id.
full_reset - Optional
An Optional value you can set to reset and re-invite a user. When you set this to true, the system will remove all enrollments and linked devices and un-associate the user that is currently linked to the invite, then a new invite will be created. If no user is associated (the user/invite is in a pending state), then the existing pending invite will be invalidated and a new invite will be created. This should only be used if you have lost the existing invite, or, if the user account needs to be reset and re-invited due to some other issue.
revoke_previous_invites - Optional
An optional value you can set to revoke all previous invites when generating a new invite. By default, un-used invites are valid until revoked or the account has been setup.

Response Example:

6

x

{
    "nickname": "username_or_nickname",
    "auth_profile_id": "6cb9cd12-3781-4011-6a29-fae816ac7b71",
    "invite_code": "e690d78b-0c96-433f-aaa6-e359b039f290",
    "date_expires": "2021-10-16T00:05:06.06",
    "invite_type": "WebInvite",
    "invite_status": "Pending",
    "qr_code_data": "https://invite.autharmor.com/app/profile/v1/e690d78b0c96433faaa6e359b039f290/83E71953BC998B1592BF0D8E62AB8B0E77974F3C62388A477649BC4D8948111C",
    "aa_sig": "83E71953BC998B1592BF0D8E62AB8B0E77974F3C62388A477649BC4D8948111C"
}

Response Properties:

nickname
Echoing back this value from the request
auth_profile_id
Auth Armor ID for this profile - you can choose to store if you'd like but it is not required
invite_code
This is the unique invite code for this invite
date_expires
The UTC date/time when the invite expires. Invites are valid for 24 hours after creation
invite_type
The type of invite this can be used for. Currently, all invites are valid for both QR codes and invite links
invite_status
The status of the invite
aa_sig
This value helps prevent abuse and is required in both QR codes and invite links
qr_code_data
The URL that should be used to display as a QR code. This allows the Auth Armor app, or a camera app to scan this QR code.

Creating a QR code invite

To create a QR code that the app can scan, or a camera app, simply take the qr_code_data field and turn that into a QR code.

Invite Status and list

You can get the invite status by making a GET request with the invite code that was returned in the response. You can also get a list of invites for a specific nickname. To learn more, please read the article How to get invite status