Endpoint: https://api.authanywhere.autharmor.com/v2/auth
Method: POST
Making an Auth Request
The Auth Anywhere API allows you to make an auth request that will instantly reply with the request details. After making the initial POST to make the request, you then need to call a GET route to get the status of the request. This article is for making the POST auth request. To read about Getting Auth Info, click here
Types of Auth Requests
Auth Anywhere supports various methods to request authentication and authorization from a user.
Push Message
You can send an instant push message directly to your user. Sending a push message enables fast and easy authentication for your users - the app will receive the notification and automatically open the Auth Armor authenticator. The app will display your projects logo in the push message notification, as well as the title and short text to give the user context of the auth request. Push messages are easy, fast and intuitive. To send a push message, you must know the nickname of the user you wish to send the message to, and also set the send_push value to true.
QR Code
You can generate a QR code that can be scanned by the Auth Armor authenticator app. The QR code can be scanned by the phones camera app, or directly with the Auth Armor authenticator app. Both methods will trigger the Auth Armor app to display the same auth screen as a push message - your projects logo will appear, as well as the title and short text to give the user context of the auth request. Every auth request will return a QR code. There are two types of QR codes supported. See below for more info.
Direct or Targeted QR code
A direct or targeted QR code can only be used by the specific user that was specified in the request. Even if you send a push message directly to a user, you will still get a QR code back in the response. You do not have to use it. It is a good idea to display the QR code as a backup in the event the push message does not arrive.
Usernameless QR code
A usernameless QR code can be generated by simply omitting the nickname field on the auth request. This will automatically generate a usernamess QR code auth request.
A usernameless QR code can be scanned by any user that is a member of the project. Once a usernameless QR code is scanned, the Auth Armor authenticator app will check to ensure there is an eligible profile that can be used for this QR code. If there is more than one, the app will present the user with a selection list of what profile to use to authenticate with.
Once the usernameless auth request is completed, the nickname of the user who responded to the request will be present in the response details. Using this information, you can know the user who just authenticated with the usernameless QR code.
Basic Request Example:
More JSON Body Payload Examples:
You can specify more options in your request body.
Example 1:
- Target a specific user
- Send push message
- Location derived from client_ip
- Set timeout for 60 seconds
Example 2:
- Target a specific user
- Send push message
- Location derived from lat/lon
- Set timeout for 60 seconds