Create a new credential

Creates a new credential linked to the specified person in your organization. This credential will then be available for use in future authentication challenges.

Path Parameters

• person_id string required

  The person ID

  Example: 903c1ff9-f2cc-435c-b242-9d8a690fcf0a

Header Parameters

• SlashID-OrgID string required

  The organization ID

  Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1

application/json

Request Body required

The credential creation request

oneOf
• MOD1
• MOD2
• MOD3
---
type string required
Possible values: [public-key, password, totp]
The type of the credential
params object required
webauthn_credential_id string required
The ID of the webauthn credential
public_key string required
Base64-encoded public key
attestation_type string required
The attestation type for the public key (defaults to "none")
authenticator object required
aaguid string required
Base64-encoded AAGUID of the authenticator device
sign_count integer
clone_warning boolean
label string
type string required
Possible values: [public-key, password, totp]
The type of the credential
params object required
password_hash string required
A hash of a password, in the one of the formats accepts by SlashID. SlashID supports the following hashing functions:
• pbkdf2
• bcrypt
• argon2i
• argon2id Hashes created using a function not listed here will be rejected. In all of these cases, SlashID accepts hashes in the format described here. The only departure from the specification described is that the hashing function version can include the characters [a-z0-9], to accommodate bcrypt versions (2, 2a, 2b, 2x, 2y). SlashID also accepts password hashes in the format used by bcrypt. If a password hash matches this format, it is assumed that the hashing function used was bcrypt. If any other hashing function was used to hash the password, the hash must be in the SlashID hash format.
label string
type string required
Possible values: [public-key, password, totp]
The type of the credential
params object required
key_uri string required
The TOTP key URI of the authenticator you wish to import, in Google Authenticator / Yubico format:
otpauth://totp/[Issuer]:[Account name]?secret=[Secret key]&issuer=[Issuer]&algorithm=[Algorithm]&digits=[Digits number]&period=[Period in seconds]
where:
• Issuer: a string value indicating the provider or service this account is associated with, URL-encoded according to RFC 3986. When users register TOTP authenticators with SlashID this value is the Organization name. It is strongly recommended that the same value is used in both the Account name prefix and in the issuer parameter to maximize compatibility across different authenticator apps/devices.
• Account name: a string value usually diplayed by authenticators to end users to help them distinguish between their TOTP keys. When users register TOTP authenticators with SlashID this value is the handle (e-mail address or phone number) the user authenticated with when they registered the TOTP credential.
• Secret key: an arbitrary key value encoded in Base32 according to RFC 3548. The padding specified in RFC 3548 section 2.2 is not required and should be omitted.
• Algorithm (optional): the hashing algorithm to use. Valid values are SHA1, SHA256, SHA512. Defaults to SHA1.
• Digits number (optional): determines the length of the one-time passcode displayed to the user. Valid values are 6, 8. Defaults to 6.
• Period in seconds (optional): defines the period that a TOTP code will be valid for, in seconds. Defaults to 30.
An example with all optional parameters supplied:
otpauth://totp/ACME%20Co:john.doe@email.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30
recovery_codes_total integer required
The total number of recovery codes originally issued to the given person.
unused_recovery_codes string[] required
The list of recovery codes the given person can still use in the future in place of TOTP codes. Once imported these codes will be treated as single-use.
label string

Responses

• 201
• 400
• 404

---

Created

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string
• result object

  oneOf

  • MOD1
  • MOD2
  • MOD3

  ---

  id string

  The ID of the credential

  last_used date-time

  The time when the credential was last used to authenticate successfully

  type string

  Possible values: [public-key, password, totp]

  The type of the credential

  params object

  webauthn_credential_id string

  The ID of the webauthn credential

  public_key string

  Base64-encoded public key

  attestation_type string

  The attestation type for the public key (defaults to "none")

  authenticator object

  aaguid string

  Base64-encoded AAGUID of the authenticator device

  sign_count integer

  clone_warning boolean

  label string

  id string

  The ID of the credential

  last_used date-time

  The time when the credential was last used to authenticate successfully

  type string

  Possible values: [public-key, password, totp]

  The type of the credential

  params object

  password_hash string

  A hash of a password, in the one of the formats accepts by SlashID. SlashID supports the following hashing functions:

  • pbkdf2
  • bcrypt
  • argon2i
  • argon2id Hashes created using a function not listed here will be rejected. In all of these cases, SlashID accepts hashes in the format described here. The only departure from the specification described is that the hashing function version can include the characters [a-z0-9], to accommodate bcrypt versions (2, 2a, 2b, 2x, 2y). SlashID also accepts password hashes in the format used by bcrypt. If a password hash matches this format, it is assumed that the hashing function used was bcrypt. If any other hashing function was used to hash the password, the hash must be in the SlashID hash format.

  label string

  id string

  The ID of the credential

  last_used date-time

  The time when the credential was last used to authenticate successfully

  type string

  Possible values: [public-key, password, totp]

  The type of the credential

  params object

  recovery_codes_total integer

  The total number of recovery codes originally issued to the given person.

  recovery_codes_unused integer

  The total number of recovery codes still unused by the given person.

  label string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ],
  "result": {
    "id": "string",
    "last_used": "2024-05-17",
    "type": "public-key",
    "params": {
      "webauthn_credential_id": "string",
      "public_key": "string",
      "attestation_type": "string",
      "authenticator": {
        "aaguid": "string",
        "sign_count": 0,
        "clone_warning": true
      }
    },
    "label": "string"
  }
}

Bad Request

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ]
}

Not Found

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ]
}