Digipass Activation Workflow with Platform API's

0 votes

I'm trying to piece all of the elements together to build workflows with your APIs, but there are some gaps in my understanding that I need to fill in. The workflows I'm trying to build are Digipass Activation and Login/Challenge/Response. I'll post my questions about the Login/Challenge/Response in another thread.

I'm using Integrating End-User Registration and Digipass Activation as a guide. While the sequence diagrams that are very helpful, I'm not able to match all of the steps to API calls.

This is what I think I have so far for the Digipass Activation workflow.

  1. Call /users/register to put the user into the system.
    * I get activationPassword, riskResponse, and serialNumber, but I don't get a registrationID. Is this expected? I think I might not need it since I get one when I call /registrations in step 3.
    * I'm not sure what to do with the activationPassword. None of the other API's I think I need for this workflow seem to require it.
  2. Call either /authenticators/{serialNumber}/generate-activation-data or /authenticators/{serialNumber}/generate-activation-message, using the serialNumber from /users/register.
    * What is the difference between /authenticators/{serialNumber}/generate-activation-data and /authenticators/{serialNumber}/generate-activation-message? When would I use one vs the other?
    * Is this where I get the deviceCode I will need to call /registrations?

  3. Call /registrations with the activationData or activationMessage from step 2 as the deviceCode and the serialNumber from step 1.
    * I'm not sure about steps 2 and 3. I believe I need to call this one to get a registrationID, but I'm not sure what I need to pass in as the deviceCode parameter. If it isn't the activationData or activationMessage from step 2, then where do I get the deviceCode?
  4. Call /visualcodes/render with the activationMessage2 as the message parameter to generate the CRONTO image.
    * Is this the correct value to use as the message parameter, or where else should I get this?
  5. Display the CRONTO image to the user through my application.
  6. Does the device become activated automatically when the user scans the CRONTO image, or do I need to poll /registrations/check-status until I get an activationStatus of "activated" and then call /registrations/{registrationID}/activate myself?


Reply to: Digipass Activation Workflow with Platform API's

1 votes


I am trying to test the same flow but i have some differences:

  1. Register user pretty much as you do
  2. In step 2 i call /authenticators/{serialNumber}/generate-activation-message
  3. The response from Step 2 is pass down to render the CRONTO image.
  4. Then i should call /registrations and put the code readed from the CRONTO image as deviceCode
  5. Make a new call to render CRONTO image using activationMessage2 returned in registrations response
  6. call /registrations/{registrationID}/activate

I attached two images showing the flow i am trying to implement

I am currently at step 3 trying to get de code from CRONTO image so i have not tested the entire flow.

Hope this will help you out!



flow 1.png59.21 KB
flow2.png57.33 KB

Reply to: Digipass Activation Workflow with Platform API's

0 votes

Hi Josh,

In order to help you with your questions, could you please provide the JSON payload for the calls, to see the registration flow that you have followed?

Thank you!



Reply to: Digipass Activation Workflow with Platform API's

0 votes

Request and response bodies for /user/register are attached.

My question is more about what workflow to follow to activate a digipass. The API sandbox lists all of the API's, but I can't find a doc that says what order I need to call them to implement specific workflows, and I have questions about what I'm supposed to pass in for some of the arguments.


Reply to: Digipass Activation Workflow with Platform API's

0 votes

Hi Josh, 

It seems that you are following an online activation flow.  For that, you won't need the DeviceCode or the /registrations endpoint call.  All you need to do for a secure activation is to enter your userID and the activationPassword that you acquired from/users/register endpoint, into the mobile app that you have the Orchestration SDK integrated to. The deviceCode will then be embedded in the orchestration command, and the device will be automatically activated in this flow.

Please notice that the activationPassword is time limited to 10 minutes after the generation.

I hope that helps


Reply to: Digipass Activation Workflow with Platform API's

0 votes

Digipass Activation Workflow with Platform API's 


I'm attempting to test a similar stream yet I have a few contrasts: 

Register client practically as you do 

In sync 2 I call/authenticators/{serialNumber}/create actuation message 

The reaction from Step 2 is pass down to deliver the CRONTO picture. 

Then, at that point I should call/enlistments and put the code readed from the CRONTO picture as deviceCode 

Settle on another decision to deliver CRONTO picture utilizing activationMessage2 returned in enrollments reaction 


I appended two pictures showing the stream I'm attempting to carry out 

I'm as of now at stage 3 attempting to get de code from CRONTO picture so I have not tried the whole stream. 

Expectation this will take care of you! 


Much obliged!

Reply to: Digipass Activation Workflow with Platform API's

0 votes

Josh, Oscar, Hiyef,


It seems you're mixing both the /users/register flows and the /authenticators flows, which are different use cases.

Historically when using our on-premise solutions you would have to puzzle an enrollment together "manually":

  • Create a user
  • Look up a free authenticator
  • Assign the authenticator
  • Do the activation (for authenticators that need activation)

This exact same process is still possible in the platform API by using:

  • PUT on /users (not /users/register, I'll come to that later)
  • GET /authenticators to query for a free license
  • /authenticators/{serialNumber}/assign
  • etc, etc

However, especially when wanting to enroll a mobile device, this is all overkill.

We've created /users/register to overcome all of this. This will create a user, find a license, assign it and immediately start the activation.

By default, you get an activationPassword back. This is mean to be plugged into the mobile app and registration will complete fully.

You can find a demo mobile app here:


If you have further questions, don't hesitate to reach out to our sales engineers, who will happily help you.


Kind regards,



Peter Vanderborght


Reply to: Digipass Activation Workflow with Platform API's

0 votes

That is the thing that I was searching for, what a data present here at this site, thank you administrator.

Reply to: Digipass Activation Workflow with Platform API's

0 votes

Greetings Josh,

It appears to be that you are following a web-based initiation stream. For that, you won't require the DeviceCode or the/enlistments endpoint call. All you want to accomplish for a protected initiation is to enter your userID and the activationPassword that you obtained from/clients/register endpoint, into the versatile application that you have the Organization SDK incorporated to. The deviceCode will then be implanted in the organization order, and the gadget will be naturally actuated in this stream.

If it's not too much trouble, notice that the activationPassword is time restricted to 10 minutes after the age.

I trust that makes a difference


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off