Transaction approval REST API

The transaction approval module exposes a REST API that allows a delegating entity to verify transactions with the user's 2nd authentication factor such as Airlock 2FA.

By delegating entity we refer to 3rd party application such as e-banking systems.

The transaction approval interface is intended to be used in an internal infrastructure. e.g. invoked from an e-banking system acting as a delegating entity on behalf of a user.

It is not intended to be exposed directly to the internet.

Transaction Approval requires a separate license bundle ("TRANSACTION APPROVAL").

The transaction approval process is organized and configured as a sequence of steps.

A typical transaction approval flow is as follows:

1.
20.1.1. User identifying step: Identifies the user to IAM.
2.
20.1.2. Parameter step and message providers: Send transaction detail to IAM.
3.
20.1.3. Selection of authentication token and AuthTokenId usage (optional): If the user has multiple tokens, one must be selected for transaction approval.
4.
20.1.4. Approval steps: An authentication token (e.g. Airlock 2FA, mTAN or Cronto) is used to send transaction details to the user and have them approved. The transaction details are formatted using a message provider.

Flow concepts

The transaction approval REST API is built on the "flow engine".

Please refer to the general documentation about flows for further information:

Chapter content

20.1.1. User identifying step

20.1.2. Parameter step and message providers

20.1.3. Selection of authentication token and AuthTokenId usage

20.1.4. Approval steps

20.1.5. Message provider configuration

20.1.6. Authentication of the delegating entity (REST client authentication)

20.1.7. Transaction approval with Airlock 2FA

20.1.8. Transaction approval with mTAN (SMS)

20.1.9. Transaction approval with Cronto Push