oscar.castillo | Posts: 17

Virtual OTP Delivery Method

0 votes

Hi,

I am testing on the Sandbox the /generate-votp service I successfully tested the Email Flow, but when i tried to test the SMS  i recived the following error:"status": 500, "error": "Internal Server Error", "message": "Unable to execute request", "service": "authenticator-management",


My Questions are:

Is SMS sending flow enabled on the sandbox?

What should i put on the "mdcProfile" field if i am from Latin America?

 

Thanks


Hakim Aldaoub | Posts: 54

Reply to: Virtual OTP Delivery Method

0 votes

Hi Oscar,

I will look into that. Could you please attach the payload that caused the error?

Hakim


oscar.castillo | Posts: 17

Reply to:

0 votes

Hi Hakim,

The payload that I am Using is :

{
  "deliveryMethod": "SMS",
  "emailAddress": "[email protected]",
  "mdcProfile": "EUROPE",
  "mobilePhoneNumber": "+569 94898217"
}

And The response I got was:

{
  "status": 409,
  "error": "Conflict",
  "message": "No device registered",
  "service": "authenticator-provisioning",
  "logCorrelationID": "58dd78f4-f258-428b-af5c-083b4100410c",
  "timestamp": "2020-06-02T20:51:10.966+0000"
}

I want to higlight the following authenticator's charactheristics:

"authenticatorType": "VIR10",

and the application is: PASSWORD

Thanks!

 


Hakim Aldaoub | Posts: 54

Reply to: Virtual OTP Delivery Method

1 votes

Hi Oscar,

It seems that MDC is not supported for your location on Sandbox, but since you had the deliveryMethod for an email working that should give you an idea how it would work. Please let me know if you have more questions.

Regards,

Hakim


oscar.castillo | Posts: 17

Reply to: Virtual OTP Delivery Method

0 votes

HI Hakim

I have another question reggarding the virtual OTP

I have review the documentation but i cannot find the answer or an example on the matter so i decide to ask my question here:

What service should I use to validate a virtual OTP?

I can validate the Virtual  OTP through the service "test" on the Authenticator section but i am not sure if this service in production will do...

Thanks a Lot for your help


Hakim Aldaoub | Posts: 54

Reply to: Virtual OTP Delivery Method

0 votes

Hi Oscar, 

I will get to your question on Monday.  Have a good weekend!

 

Hakim


Hakim Aldaoub | Posts: 54

Reply to: Virtual OTP Delivery Method

0 votes

Hi Oscar,

If I understand your question correctly, the OTP will be sent for a specific activity that requires authentication within its payload.  So based on the solution purchased, the endpoint call for an the activity, for example Login, will encompass the OTP as an attribute of the authenticator, that has been already activated.  Then, after the API call reaches the specific resource on OneSpan Trusted Identity Platform, the OTP will be validated and the response payload will give you the result of the validation. 

I hope this helps. Please let us know if you have more questions.

Hakim

 


oscar.castillo | Posts: 17

Reply to:

0 votes

Hi Hakim,

Thanks for your answer, i tested out the login service as you said. I can now simulate a user login using the virtual OTP or DIGIPASS OTP

But now i think i am kindda cofused about the flow of other events, i was looking at shcema of the validate event service but i cannot find a field to pass the OTP that the client get.
 
For example if i want to offer to my client's company a flow for the user change his personal data but using OTP for confirm the change ¿What services should i use?

Thanks!


Hakim Aldaoub | Posts: 54

Reply to: Virtual OTP Delivery Method

0 votes

Hi Oscar,

Good news that the Login with OTP worked for you!

You will need to find the right service to use depending on the context of your solution. Is it for your mobile application or web application, do you need the authentication to be completed offline or online and so on...Then you will see if you could use events/validate, transactions/validate or another endpoint. For your example above, did you mean when the user is already logged-in using OTP or 2 factor authentication, do they need to authenticate with an OTP a second time when your customer changes their personal data? What's the context? Are you planning to use the Intelligent Adaptive authentication service with Risk Analytics?

Thanks,

Hakim


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off