REST services for OTP secret keys

We can use the REST services capability to help manage mobile data, such as HOTP and TOTP secret keys. To help prevent unauthorized users from confiscating and resetting the secrets keys that belong to authorized users, the administrator must complete the following steps:

  1. Write a policy that requires a form of two-factor authentication other than the following authentication types:

  2. Attach the policy to the OTP management URLs.

The user must authenticate to use the REST services capability.

REST services usage scenarios

Depending on your usage scenario, type the following URLs into the web page that calls the REST services:

Method URL Response Response type
GET https://hostname/mga/sps/mga/user/mgmt/otp/{otpType} Valid values for otpType include the following values:

  1. totp
  2. hotp

{"username": username, "secretKey": secretKey, "secretKeyUrl": secretKeyUrl}

If the request completes successfully, the HTTP response code is 200.

If the request does not complete successfully, the HTTP response is 500.

application/json
GET https://hostname/mga/sps/mga/user/mgmt/otp/qr/{otpType} Valid values for otpType include the following values:

  1. totp
  2. hotp

Quick response (QR) code

If the request completes successfully, the HTTP response code is 200.

If the request does not complete successfully, the HTTP response is 500.

image/gif
DELETE https://hostname/mga/sps/mga/user/mgmt/otp/{otpType} Valid values for otpType include the following values:

  1. totp
  2. hotp

{"result": message}

If the request completes successfully, the HTTP response code is 200.

If the request does not complete successfully, the HTTP response is 500. The following message is in the JSON response: FBTRBA168E The HMAC OTP secret key could not be reset.

application /json

Parent topic: Developing for Advanced Access Control