The following REST call sequence shows how to use the transaction approval API from a REST client's point of view.
- For simplicity, in this example:
- authentication information (e.g. Basic Auth header) and other HTTP headers are not shown.
- the user's Airlock 2FA app is online and therefore capable to do One-Touch.
REST interaction 1 – Step 3 in the above diagram: |
---|
HTTP Request - Flow selection | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/flows/my-flow-1/select
|
HTTP Response - User identification required after flow selection | HTTP/1.1 200 OK
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2022-07-17T11:05:10.408+01:00"
},
"data": {
"type": "transaction-approval.session",
"id": "121849797510425576",
"attributes": {
"nextStep": "USERNAME_REQUIRED"
}
}
}
|
REST interaction 2 - Step 4 in the above diagram: |
---|
HTTP Request - User identifying step | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/user/identify/
{
"username" : "jdoe"
} |
HTTP Response - User identifying step | HTTP/1.1 200 OK
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2020-03-17T11:05:12.408+01:00"
},
"data": {
"type": "transaction-approval.session",
"id": "121849797510425576",
"attributes": {
"nextStep": "PARAMETERS_REQUIRED"
}
}
}
|
REST interaction 3 - Step 5 in the above diagram: |
---|
HTTP Request - Send transaction details | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/parameters/
{
"authTokenId" : "123456abcdef",
"messageParameters" :
{
"accountNumber" : "0123456",
"amount" : "9999",
"currency" : "CHF"
}
} |
HTTP Response - Send transaction details | HTTP/1.1 200 OK
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2020-03-17T11:05:15.185+01:00"
},
"data": {
"type": "transaction-approval.session",
"id": "121849797510425576",
"attributes": {
"nextStep": "AIRLOCK_2FA_POLLING_OR_OTP_REQUIRED"
}
}
} |
At this point, polling for the result (approval or denying) starts.
REST interaction 4 - Step 6 in the above diagram: |
---|
HTTP Request - Polling in approval step | POST https://internal-iam-host.com/auth-transaction-approval/rest/transaction-approval/airlock-2fa/status/poll/ |
HTTP Response - Polling in approval step | HTTP/1.1 200 OK
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2020-03-17T11:05:19.251+01:00"
},
"data": {
"type": "transaction-approval.session",
"id": "121849797510425576",
"attributes": {
"nextStep": "AIRLOCK_2FA_POLLING_OR_OTP_REQUIRED"
}
}
} |
The system keeps polling until approved or denied.