The following example illustrates the transaction approval of an e-banking system that uses Airlock IAM for authentication and transaction approval with mTAN (SMS).
Flow diagram
(1) |
| |
(2) |
| |
(3) |
| |
(4) |
| |
(5) |
| |
(6) |
|
Configuration
The behavior and steps involved in the process are configured in an Airlock IAM transaction approval flow, similar to the authentication flows in the Loginapp.
- As described above the transaction approval process usually consists of the following steps:
- REST selection request of the back-end application – this has to be configured on the corresponding back-end.
- The User Identification Step, to identify the end-user in IAM.
- The Transaction Approval Parameter Step, in which the back-end sends transaction details to IAM.
- The mTAN Transaction Approval Step, to verify the OTP code towards the corresponding back-end.
The configuration of this example (using MTAN/SMS) is as follows:
Rest call sequence
The following REST call sequence shows how to use the transaction approval API from a REST client's point of view.
- In this simplified example:
- Authentication information (e.g. Basic Auth header) and other HTTP headers are not shown.
- An AuthTokenId is not used in this example.
- The end-user has just one mobile phone number - therefore no number selection step is shown.
According to the flow diagram above, the HTTP REST requests and responses are as follows:
Step | Request/response type | HTTP request/response |
---|---|---|
Step 1 | HTTP request – Flow selection | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/flows/mtan-ta-flow/select/ |
HTTP response - Flow selection | HTTP/1.1 200 OK { "meta": { "type": "jsonapi.metadata.document", "timestamp": "2021-11-09T16:29:14.484+01:00" }, "data": { "type": "transaction-approval.session", "id": "627374595", "attributes": { "nextStep": "USERNAME_REQUIRED" } } } | |
Step 2 | HTTP request – User identifying step | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/end-user/identify/ { "end-username" : "jdoe" } |
HTTP response – User identifying step | HTTP/1.1 200 OK { "meta": { "type": "jsonapi.metadata.document", "timestamp": "2021-11-09T16:29:24.484+01:00" }, "data": { "type": "transaction-approval.session", "id": "627374595", "attributes": { "nextStep": "PARAMETERS_REQUIRED" } } } | |
Step 3 | HTTP request – Send transaction details | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/parameters/ { "messageParameters" : { "accountNumber" : "0123456", "amount" : "9999", "currency" : "CHF" } } |
HTTP response – Send transaction details | HTTP/1.1 200 OK { "meta": { "type": "jsonapi.metadata.document", "timestamp": "2021-11-09T16:37:48.747+01:00" }, "data": { "type": "transaction-approval.session", "id": "627374595", "attributes": { "nextStep": "MTAN_OTP_REQUIRED" } } } | |
Step 4 | HTTP Request - Check OTP | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/mtan/otp/check { "otp" : "123456" } |
HTTP Response - Check OTP | HTTP/1.1 200 OK { "meta": { "type": "jsonapi.metadata.document", "timestamp": "2021-11-09T16:41:29.829+01:00" }, "data": { "type": "transaction-approval.session", "id": "202408261", "attributes": {} } } |