The following example illustrates the transaction approval of an e-banking system that uses Airlock IAM for authentication and transaction approval with Airlock 2FA.
The offline QR code and the mobile-only variants are not shown in this example.
The following example illustrates the transaction approval of an e-banking system that uses Airlock IAM for authentication and transaction approval with Airlock 2FA.
The offline QR code and the mobile-only variants are not shown in this example.
(1) |
| |
(2) |
| |
(3) |
| |
(4) |
| |
(5) |
| |
(6) |
During step (5), the e-banking application may choose to show a QR code and accept an OTP code entered by the user (offline scenario). For simplicity, this is not shown in the diagram. |
The configuration is the same as in mTAN example except that the last step is an Airlock 2FA step:
The following REST call sequence shows how to use the transaction approval API from a REST client's point of view.
REST interaction 1 – Step 3 in the above diagram: | |
---|---|
HTTP Request - Flow selection | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/flows/my-flow-1/select |
HTTP Response - User identification required after flow selection | HTTP/1.1 200 OK { "meta": { "type": "jsonapi.metadata.document", "timestamp": "2022-07-17T11:05:10.408+01:00" }, "data": { "type": "transaction-approval.session", "id": "121849797510425576", "attributes": { "nextStep": "USERNAME_REQUIRED" } } } |
REST interaction 2 - Step 4 in the above diagram: | |
---|---|
HTTP Request - User identifying step | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/user/identify/ { "username" : "jdoe" } |
HTTP Response - User identifying step | HTTP/1.1 200 OK { "meta": { "type": "jsonapi.metadata.document", "timestamp": "2020-03-17T11:05:12.408+01:00" }, "data": { "type": "transaction-approval.session", "id": "121849797510425576", "attributes": { "nextStep": "PARAMETERS_REQUIRED" } } } |
REST interaction 3 - Step 5 in the above diagram: | |
---|---|
HTTP Request - Send transaction details | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/parameters/ { "authTokenId" : "123456abcdef", "messageParameters" : { "accountNumber" : "0123456", "amount" : "9999", "currency" : "CHF" } } |
HTTP Response - Send transaction details | HTTP/1.1 200 OK { "meta": { "type": "jsonapi.metadata.document", "timestamp": "2020-03-17T11:05:15.185+01:00" }, "data": { "type": "transaction-approval.session", "id": "121849797510425576", "attributes": { "nextStep": "AIRLOCK_2FA_POLLING_OR_OTP_REQUIRED" } } } |
At this point, polling for the result (approval or denying) starts.
REST interaction 4 - Step 6 in the above diagram: | |
---|---|
HTTP Request - Polling in approval step | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/airlock-2fa/status/poll/ |
HTTP Response - Polling in approval step | HTTP/1.1 200 OK { "meta": { "type": "jsonapi.metadata.document", "timestamp": "2020-03-17T11:05:19.251+01:00" }, "data": { "type": "transaction-approval.session", "id": "121849797510425576", "attributes": { "nextStep": "AIRLOCK_2FA_POLLING_OR_OTP_REQUIRED" } } } |
The system keeps polling until approved or denied.