Create a new credential
Creates a new credential linked to the specified person in your organization. This credential will then be available for use in future authentication challenges.
Path Parameters
- person_id string required
The person ID
Example: 903c1ff9-f2cc-435c-b242-9d8a690fcf0a
Header Parameters
- SlashID-OrgID string required
The organization ID
Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1
- application/json
Request Body required
The credential creation request
- MOD1
- MOD2
- MOD3
- type string required
Possible values: [
public-key
,password
,totp
]The type of the credential
params object required
webauthn_credential_id string requiredThe ID of the webauthn credential
public_key string requiredBase64-encoded public key
attestation_type string requiredThe attestation type for the public key (defaults to "none")
authenticator object required
aaguid string requiredBase64-encoded AAGUID of the authenticator device
sign_count integerclone_warning boolean- label string
- type string required
Possible values: [
public-key
,password
,totp
]The type of the credential
params object required
password_hash string requiredA hash of a password, in the one of the formats accepts by SlashID. SlashID supports the following hashing functions:
- pbkdf2
- bcrypt
- argon2i
- argon2id Hashes created using a function not listed here will be rejected. In all of these cases, SlashID accepts hashes in the format described here. The only departure from the specification described is that the hashing function version can include the characters [a-z0-9], to accommodate bcrypt versions (2, 2a, 2b, 2x, 2y). SlashID also accepts password hashes in the format used by bcrypt. If a password hash matches this format, it is assumed that the hashing function used was bcrypt. If any other hashing function was used to hash the password, the hash must be in the SlashID hash format.
- label string
- type string required
Possible values: [
public-key
,password
,totp
]The type of the credential
params object required
key_uri string requiredThe TOTP key URI of the authenticator you wish to import, in Google Authenticator / Yubico format:
otpauth://totp/[Issuer]:[Account name]?secret=[Secret key]&issuer=[Issuer]&algorithm=[Algorithm]&digits=[Digits number]&period=[Period in seconds]
where:
Issuer
: a string value indicating the provider or service this account is associated with, URL-encoded according to RFC 3986. When users register TOTP authenticators with SlashID this value is the Organization name. It is strongly recommended that the same value is used in both theAccount name
prefix and in theissuer
parameter to maximize compatibility across different authenticator apps/devices.Account name
: a string value usually diplayed by authenticators to end users to help them distinguish between their TOTP keys. When users register TOTP authenticators with SlashID this value is the handle (e-mail address or phone number) the user authenticated with when they registered the TOTP credential.Secret key
: an arbitrary key value encoded in Base32 according to RFC 3548. The padding specified in RFC 3548 section 2.2 is not required and should be omitted.Algorithm
(optional): the hashing algorithm to use. Valid values areSHA1
,SHA256
,SHA512
. Defaults toSHA1
.Digits number
(optional): determines the length of the one-time passcode displayed to the user. Valid values are6
,8
. Defaults to6
.Period in seconds
(optional): defines the period that a TOTP code will be valid for, in seconds. Defaults to30
.
An example with all optional parameters supplied:
otpauth://totp/ACME%20Co:john.doe@email.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30
recovery_codes_total integer requiredThe total number of recovery codes originally issued to the given person.
unused_recovery_codes string[] requiredThe list of recovery codes the given person can still use in the future in place of TOTP codes. Once imported these codes will be treated as single-use.
- label string
- 201
- 400
- 404
Created
- application/json
- Schema
- Example (from schema)
Schema
meta object
pagination object
limit integeroffset integertotal_count int64errors object[]
httpcode integermessage stringresult object
oneOf- MOD1
- MOD2
- MOD3
id stringThe ID of the credential
last_used date-timeThe time when the credential was last used to authenticate successfully
type stringPossible values: [
public-key
,password
,totp
]The type of the credential
params object
webauthn_credential_id stringThe ID of the webauthn credential
public_key stringBase64-encoded public key
attestation_type stringThe attestation type for the public key (defaults to "none")
authenticator object
aaguid stringBase64-encoded AAGUID of the authenticator device
sign_count integerclone_warning booleanlabel stringid stringThe ID of the credential
last_used date-timeThe time when the credential was last used to authenticate successfully
type stringPossible values: [
public-key
,password
,totp
]The type of the credential
params object
password_hash stringA hash of a password, in the one of the formats accepts by SlashID. SlashID supports the following hashing functions:
- pbkdf2
- bcrypt
- argon2i
- argon2id Hashes created using a function not listed here will be rejected. In all of these cases, SlashID accepts hashes in the format described here. The only departure from the specification described is that the hashing function version can include the characters [a-z0-9], to accommodate bcrypt versions (2, 2a, 2b, 2x, 2y). SlashID also accepts password hashes in the format used by bcrypt. If a password hash matches this format, it is assumed that the hashing function used was bcrypt. If any other hashing function was used to hash the password, the hash must be in the SlashID hash format.
label stringid stringThe ID of the credential
last_used date-timeThe time when the credential was last used to authenticate successfully
type stringPossible values: [
public-key
,password
,totp
]The type of the credential
params object
recovery_codes_total integerThe total number of recovery codes originally issued to the given person.
recovery_codes_unused integerThe total number of recovery codes still unused by the given person.
label string
{
"meta": {
"pagination": {
"limit": 0,
"offset": 0,
"total_count": 0
}
},
"errors": [
{
"httpcode": 0,
"message": "string"
}
],
"result": {
"id": "string",
"last_used": "2005-12-24T18:29:30.033157Z",
"type": "public-key",
"params": {
"webauthn_credential_id": "string",
"public_key": "string",
"attestation_type": "string",
"authenticator": {
"aaguid": "string",
"sign_count": 0,
"clone_warning": true
}
},
"label": "string"
}
}
Bad Request
- application/json
- Schema
- Example (from schema)
Schema
meta object
pagination object
limit integeroffset integertotal_count int64errors object[]
httpcode integermessage string
{
"meta": {
"pagination": {
"limit": 0,
"offset": 0,
"total_count": 0
}
},
"errors": [
{
"httpcode": 0,
"message": "string"
}
]
}
Not Found
- application/json
- Schema
- Example (from schema)
Schema
meta object
pagination object
limit integeroffset integertotal_count int64errors object[]
httpcode integermessage string
{
"meta": {
"pagination": {
"limit": 0,
"offset": 0,
"total_count": 0
}
},
"errors": [
{
"httpcode": 0,
"message": "string"
}
]
}