1. Home
  2. API Reference
  3. Response Handling

Response Handling

When a REST API request responds to the API requests: 

Login Attempt

Status response based on the severity.

One of the following status displays:

  • Allow: If the severity is low
  • Allow: If the severity is medium, allow the user to log in but send an email in the below format.
  • Deny: If Severity is high, present a challenge to user. Challenges such as sending OTP to the email address or mobile, sending password reset email, or asking security questions. 

Challenge Responses:

Send an OTP over email/phone 

If challenge is cleared, then call approve device function from the SDK: 
$obj->approveDevice(DEVICEID);

If a challenge is failed, then allow him to retry three times, if he fails the calling device deny function from the SDK: 
$obj->denyDevice(DEVICEID); 


Send a password reset email

A user has been denied login and sends a password reset email to force the user to change the password. The password reset mail should have a link that helps users directly change the password and not make for entering the same username/email again.  

Asks security questions

If challenge is cleared, then call approve device function from the SDK: 
$obj->approveDevice(DEVICEID);

If a challenge is failed, then allow him to retry three times, if he fails the calling device deny function from the SDK: 
$obj->denyDevice(DEVICEID); 

Webhook trigger 

Status = deny, severity = critical:-

A user has been denied login and sends a password reset email to force the user to change the password. The password reset mail should have a link that helps users directly change the password and not make for entering the same username/email again. 

Updated on March 31, 2022

Was this article helpful?

Related Articles

Leave a Comment