| USER_NOT_FOUND | \nThe user does not exist. | \n
| ACCOUNT_NOT_FOUND | \n \t\t\tThe user has no Airlock 2FA account. | \n \t\t
| USER_NOT_FOUND | \n \t\t\tThe user does not exist. | \n \t\t
| ACCOUNT_NOT_FOUND | \n \t\t\tThe user has no Airlock 2FA account. | \n \t\t
| USER_NOT_FOUND | \n \t\t\tThe user does not exist. | \n \t\t
| ACCOUNT_NOT_FOUND | \n \t\t\tThe user has no Airlock 2FA account. | \n \t\t
| USER_NOT_FOUND | \n \t\t\tThe user does not exist. | \n \t\t
| USER_NOT_FOUND | \n\t\tThe user does not exist. | \n\t
\n
| VALIDATION_FAILED | \nThe supplied attributes could not be validated successfully. See validation failures for detail codes. | \n
| USER_NOT_UNIQUE | \nThe supplied username already exists. | \n
Separate endpoints are available to lock or unlock a technical client.
\n\n
\nAll technical clients returned by this endpoint also contain the subscription\nand api-keys relationships if available on the specific technical client. An example can be found\non the endpoint that retrieves a single technical client.\n
\n\nSupported filter parameters are:\n
\nExample:\n
\nGET /rest/tokens/airlock-2fa/hardware-tokens?filter=assigned==false&filter=archived==false&filter=serialNumber=@abc\nretrieves all unarchived tokens that are not assigned to a user\nand contain abc in their serial number.\n
\n\n\nDevices can be related to other objects by means of relationships.\nSuch relationships (if available) are expressed by a \"relationships\" element within \"data\".\nA device can be either unassigned or assigned to a number of different users. This\nrelationship is modeled in the \"assignees\" element.\n
\n\nprevious-device and next-device relationships are available on user-specific Vasco device\nendpoints only.\n
\n\nSee example response for more details.\n
\n\nAll devices returned by this endpoint also contain the assignees\nrelationship if available on the specific device. An example can be found\non the endpoint that retrieves a single device.\n
\n| ITEM_NOT_FOUND | \nThe user does not have any remember-me cookies. | \n
| USER_NOT_FOUND | \nThe user does not exist. | \n
| PASSWORD_POLICY_VIOLATED | \nThe password violates the password policy. See password policy violation detail codes. | \n
| USER_NOT_UNIQUE | \nThe supplied username already exists. | \n
| USER_NOT_FOUND | \nThe user does not exist. | \n
| USER_NOT_FOUND | \nThe user does not exist. | \n
\nNote that the attributes referring to the token attributes listed below cannot be supplied upon\ncreation or update. They are managed by the system and / or dedicated REST URIs.\n
\nTokens can be related by a 'previous'/'next' relationship. I.e. a token can be succeeded by\nanother token (e.g. after expiration). This relationship (if available) is expressed by\na \"relationships\" element within \"data\". The \"relationships\" element can contain a \"next\"\nand/or \"previous\" element that refer to one or many token resource(s). See example response for more details.\n
\n\nNote that the attributes referring to the token attributes listed below cannot be supplied upon\ncreation or update. They are managed by the system and / or dedicated REST URIs.\n
| ACCOUNT_NOT_FOUND | \n \t\t\tThe user has no Airlock 2FA account. | \n \t\t
| USER_NOT_FOUND | \n \t\t\tThe user does not exist. | \n \t\t
| ACCOUNT_NOT_FOUND | \n \t\t\tThe user has no Airlock 2FA account. | \n \t\t
| USER_NOT_FOUND | \n \t\t\tThe user does not exist. | \n \t\t
| ACCOUNT_NOT_FOUND | \n\t\t\tThe user has no Airlock 2FA account and therefore no activation letters. | \n\t\t
| USER_NOT_FOUND | \n\t\t\tThe user does not exist. | \n\t\t
| ACCOUNT_NOT_FOUND | \n\t\t\tThe user has no Airlock 2FA account and therefore no activation letter can be created. | \n\t\t
| USER_NOT_FOUND | \n\t\t\tThe user does not exist. | \n\t\t
| ACCOUNT_NOT_FOUND | \n\t\t\tThe user has no Airlock 2FA account and therefore no activation letters. | \n\t\t
| USER_NOT_FOUND | \n\t\t\tThe user does not exist. | \n\t\t
| ACCOUNT_NOT_FOUND | \n\t\t\tThe user has no Airlock 2FA account and therefore no activation letter can be created. | \n\t\t
| USER_NOT_FOUND | \n\t\t\tThe user does not exist. | \n\t\t
The factors an app device may support are:
\nONE_TOUCH | \nOnline push notification based factor One-Touch. | \n
PASSCODE | \nOffline factor involving the user typing in a passcode (i.e. TOTP). | \n
QR_CODE | \nOffline QR Code with OTP. | \n
MOBILE_ONLY | \nMobile-only (SDK or app-to-app). | \n
| ACCOUNT_NOT_FOUND | \n\t\t\tThe user has no Airlock 2FA account and therefore no app devices. | \n\t\t
| USER_NOT_FOUND | \n\t\t\tThe user does not exist. | \n\t\t
The factors a hardware device may support are:
\nPASSCODE | \nOffline factor involving the user typing in a passcode (i.e. TOTP). | \n
QR_CODE | \nOffline QR Code with OTP. | \n
| ACCOUNT_NOT_FOUND | \n\t\t\tThe user has no Airlock 2FA account and therefore no app devices. | \n\t\t
| USER_NOT_FOUND | \n\t\t\tThe user does not exist. | \n\t\t
| USER_NOT_FOUND | \nThe user does not exist. | \n
\nExample of an optional 'included' element for OTP verification:\n
\"included\": {\n\t\"id\": \"user123\",\n\t\"type\": \"user.token.mtan.otp\",\n\t\"attributes\": {\n\t\t\"verificationValue\": \"qVSK4z9s\"\n\t}\n}\nDevices can be related by a 'previous'/'next' relationship. I.e. a device can be succeeded by\nanother device. When a \"next\" device is first used for authentication, its \"previous\" device is\nautomatically disabled.\nThis relationship (if available) is expressed by a \"relationships\" element within \"data\".\nThe \"relationships\" element can contain a \"next-device\" and/or \"previous-device\" element\nthat refers to a resource object. See response examples for more details.\n
\nAll devices returned by this endpoint also contain the previous-device and next-device\nrelationships if available on the specific device. An example can be found on the endpoint that retrieves\na single device.\n
\n\nThe data element must be a resource identifier of type user.token.vasco.device or null.\nSee example requests for more details.\n
\n\nThe data element must be a resource identifier of type user.token.vasco.device or null.\nSee example request for more details.\n
\n| EXISTING_PASSWORD_WRONG | \nThe existing password is wrong. | \n
| PASSWORD_POLICY_VIOLATED | \nThe new password violates the password policy. See password policy violation detail codes. | \n
\nNote that the request body must contain a resource identifier referring to an existing tech-client that the\nnew API key should be assigned to. See example request for more details.\n
\n\nNote that the request body must contain a resource identifier referring to an existing subscription that the\nnew Plan-Usage should be assigned to. See example request for more details.\n
\n\nNote that the request body must contain a resource identifier referring to an existing tech-client that the\nnew subscription should be assigned to. See examples for more details.\n
\n\nThe synchronization is only possible for hardware tokens that support the PASSCODE factor.\n
\n| ACCOUNT_NOT_FOUND | \n\t\t\tThe user has no Airlock 2FA account and therefore no activation letter can be created. | \n\t\t
| USER_NOT_FOUND | \n\t\t\tThe user does not exist. | \n\t\t
| ACCOUNT_NOT_FOUND | \n \t\t\tThe user has no Airlock 2FA account. | \n \t\t
| USER_NOT_FOUND | \n \t\t\tThe user does not exist. | \n \t\t
| ACCOUNT_NOT_FOUND | \n \t\t\tThe user has no Airlock 2FA account. | \n \t\t
| USER_NOT_FOUND | \n \t\t\tThe user does not exist. | \n \t\t
\nThe data array in the request must contain resource identifiers of type token.airlock-2fa.hardware-token\nonly. For available tokens, refer to /tokens/airlock-2fa/hardware-tokens.\n
\n\nSee example request on how to assign the hardware tokens with IDs 42 and 43 to the user.\n
\n| USER_NOT_FOUND | \nThe user does not exist. | \n
| ACCOUNT_NOT_FOUND | \nThe user does not have an Airlock 2FA account. | \n
| NO_VASCO_LICENSE_AVAILABLE | \nNo unused Vasco license is available. Import more licenses. | \n
| USER_NOT_FOUND | \n\t\tThe user does not exist. | \n\t
| USER_NOT_FOUND | \n\t\tThe user does not exist. | \n\t
\nExample of an optional 'included' element for OTP verification:\n
\"included\": {\n\t\"id\": \"user123\",\n\t\"type\": \"user.token.mtan.otp\",\n\t\"attributes\": {\n\t\t\"verificationValue\" : \"qVSK4z9s\"\n\t}\n}| PASSWORD_POLICY_VIOLATED | \nThe new password violates the password policy. See password policy violation detail codes. | \n
\nThe data array must contain resource identifiers of type token.vasco.device only.\n
\n\nDepending on the configuration, the following key/value pairs can or must be supplied\nin the meta element of a resource identifier:\n
\nSee example request on how to assign devices with serial numbers 13 and 14 to the user.\n
\n\nThe data array must contain resource identifiers of type token.vasco.device only. See examples for more details.\n
\nThe allowed factors of an account may be:
\nONE_TOUCH | \nOnline push notification based factor One-Touch. | \n
PASSCODE | \nOffline factor involving the user typing in a passcode (i.e. TOTP). | \n
QR_CODE | \nOffline QR Code with OTP. | \n
MOBILE_ONLY | \nMobile-only (SDK or app-to-app). | \n
ONLINE_QR_CODE | \nOnline QR Code | \n
The possible values for the account status are:
\nENABLED | \nThe account is enabled and can be used for Airlock 2FA authentication. | \n
ENABLED_WITH_BYPASS | \n\nThe account is enabled and in bypass mode. I.e., any authentication attempt would\nimmediately succeed without an actual factor check.\n | \n
LOCKED | \n\nThe account is locked because it has been explicitly locked by an administrator or an\nexcessive amount of failed authentication attempts has been reached.\n | \n
DISABLED | \nThe account is disabled because there are no enrolled devices. | \n
PERMANENTLY_DISABLED | \nThe account is permanently disabled. | \n