Token2 TOTPRadius appliance Web API

Token2 API is a RESTful API for enabling two-factor authentication of users of a website or a web application. To start using Token2 TOTPRadius appliance Web API, you will need to have the TOTPRadius appliance installed and reachable. This API uses keys that can be set on TOTPRadius admin panel. The web API is implemented for TOTPRadius appliance v0.2 and above
This page is about Token2 TOTPRadius Web API. This API is only available to be used if you have a TOTPRadius appliance deployed. Refer to this page for Token2 Cloud API.

Create a user

API call to create and return a unique ID as well as secret key for a Token2 enabled user.
http[s]://totpradius_appliance_ip/createuser?api=[api_key]&phone=[mobile_phone]&email=[email]&type=[authentication type]&pin=[pin code]&format=[response format]

This API call requires the following arguments to be provided:
  • api - the API key for the website. Can be obtained or set in the admin panel of the appliance
  • phone - the mobile phone number of the user in e.164 format.
  • email - User's email address
  • type - Authentication type to be used. Following values are possible: 0 - mobile application only (default). There is no other options for TOTPRadius appliance Web API . Kept for backward compatibility with Token2 Cloud API.
  • pin - PIN code, not required for TOTPRadius appliance Web API. Kept for backward compatibility with Token2 Cloud API.
  • format - format of the response data. Values: 1- json, 2- xml, 3- simplified plain text (true or false, no details or description), 0- serialized data (default)
Response
This call return the following data upon successful execution:
  • response - result's description (e.g. "user created")
  • userid - user's unique ID. This ID will need to be stored and associated with your local user database. User ID is required to validate/generate/send OTP codes
  • success - returns "true" if the user was successfully created and assigned a unique Token2 ID
  • hash - User's secret key to be added to the Token2 Mobile Application or any other TOTP Mobile application
  • hashqr - QR Code image URL of user's secret key to be scanned using Token2 Mobile Application

Validate an OTP

API call to validate an OTP password provided by user.
http[s]://totpradius_appliance_ip/validate?api=[api key]&token=[token]&userid=[User's Token2 ID]&format=[response format]

This API call requires the following arguments to be provided:
  • api - the API key for the website. Can be obtained by clicking on the site's name in the control panel
  • userid - User's Token2 ID.
  • token - OTP to be verified
  • format - format of the response data. Values: 1- json, 2- xml, 3- simplified plain text (true or false, no details or description), 0- serialized data (default)
Response
This call return the following data upon successful execution:
  • response - result's description in English (e.g. "OTP generated and sent by SMS")
  • userid - User's Token2 ID
  • validation - returns "true" if OTP provided via API is valid, or "false" if not valid. Use this value to check if user should be authenticated.