The following REST requests and responses show how the device token registration and authentication works.
It is based on the following assumptions:
- The second factor is MTAN (for initial authentication and as an alternative to device tokens). It works as well with all other 2nd factors supported by the Loginapp REST API.
- The access controller configuration of the Loginapp REST API is such, that the "register device token" call is possible after authenticating with username + password + MTAN.
- The "default" application is used. Therefore, the initial call to
/public/authentication/applications/[applicationId]/access/omitted when starting a new authentication flow.