Mapping Flow steps to REST API next step codes

When using the REST API exposed by an IAM flow, the set of possible Next Step Codes are of particular interest.

Next Step Codes in the REST API

When developing a single page application (SPA) or a mobile app to allow a user to use an IAM flow, it is very important to know which REST calls can be made at any time in this flow. Airlock IAM provides the client with a Next Step Code in every REST Response to tell the REST client which REST calls are possible to continue the flow.

Because the possible next steps of a REST endpoint are (at least partly) defined by the configured sequence of steps, it is not possible to list all possible next steps for each REST endpoint. Therefore the REST API specification globally lists all possible Next Step Codes per flow type.

Example: In Loginapp REST API Reference see the chapters:

  • Next Auth Step Codes
  • Next Self-Registraton Step Codes
  • Next Password Reset Step Codes
  • Next Public Self-Service Step Codes
  • Next Self-Service Step Codes
  • Next Technical Client Registraton Step Codes

Using the Config Editor documentation

Interactive flow steps document what Next Step Codes they return in the plugin documentation. Looking at a particular flow, it is possible to extract all possible Next Step Codes this flow will ever return and communicate this list to the developer of an SPA or mobile app.

To see the possible Next Step Codes returned by a flow step, open the configured flow step configuration in the Config Editor and click on the blue (i) icon right of the plugin Type.

The plugin documentation lists all possible Next Step Codes.

The following example shows the possible Next Step Codes reported by the Airlock 2FA Step for Authentication (as of IAM 7.6).