Client SDKs

Integrating AuthSafe using REST API

To integrate AuthSafe using REST API: 

Add the below lines where you want the SDK to be instantiated:  

require_once("PATH TO AUTHSAFE PHP SDK/autoload.php");  

obj = new AuthSafe\AuthSafe([

'property_id' => '1234567891234567',  

'property_secret' => 'xxxxxxxxxxxxxxxx'  

]);  

NOTE:  

Instead of required_once, you can call the autoloader any other way you want, but it needs to be called first before calling any APIs or functions.  

Now, the login attempt and reset password attempt calls:  

Login Attempt/Logout:  

res = obj->loginAttempt( STATUS, USERID, as_request_string, array( 'email' => '[email protected]', 'username' => $username ) );  

STATUS   

Specifies the status of the attempt. There are three statuses, login_succeeded, login_failed, and logout

USERID  

Specifies the user’s unique identification id.  

NOTE: If the event result is login_failed and the entered username/email does not exist, you can send an empty string here. 

as_request_string 

This is the value that we receive from point (1) part of JavaScript. The boldened part is optional but we encourage users to provide that information as well so we can keep information presentable and get better results. The array has two values.  

email  

Specify the user’s email address.  

Username 

Specify the user’s username. 

RESPONSE 

The RESPONSE will be in JSON format with the following values: 

a) status = allow, challenge, deny 

allow Allows the users to login 
challenge The user shows some suspicious activities. An alert will be sent through an email, or asking them some queries to confirm if it is the user, or giving some challenge. 
deny The user’s device is compromised and the system has denied the user login. The user should not be allowed to login unless he verifies it physically or via email or phone number. 

b) severity = low, medium, high, critical  

The severity field will be empty when status is allow. 

low Indicates safe login and can be ignored 
medium Indicates some suspicious activities and details are shown 
high Indicates severe suspicious activities are shown over a period of time 
critical This means its critical and user should be given a very tough challenge to verify 

c) message = This will contain a message suggesting the reason if deny or challenge. 
d) device = Device’s information. 

  1. device_id = device’s unique identification id you can use this while calling device 
    management APIs 
  1. name = device name in “Browser on OS” format, its to be used as it as for device name. 
  1. ip = IP address of visitor 
  1. location = Location string with city, state and country. To be used as it is for location 

B] Reset Password Attempt: 
$res = $obj->passwordResetAttempt ( STATUS, USERID, as_request_string, array( ’email’ => 
[email protected]’, ‘username’ => $username ) ); 
STATUS = This can have 2 values: reset_password_succeeded, reset_password_failed 
USERID = This argument must have user’s unique identification id. . NOTE: In case the even is 
reset_password_failed and the entered username/email doesn’t exist you can send empty string 
here. 
as_request_string = This is the value that we receive from the point (1) part of javascript. 
The boldened part is optional but we encourage our customers to provide those information as well 
so we can keep information presentable and to get better results. The array has 2 values as you can 
see. 
‘email’ = user’s email to be provided here 
‘username’ = user’s username to be provided here 

RESPONSE: 
RESPONSE will be in JSON format with following values: 
a) status = allow, challenge, deny 

allow Allow the user to login 
challenge User has show some suspicious activities. You can let them now by sending an 
email about it, or asking them some queries to confirm it is them or giving some 
challenge. 
deny We are sure that this user’s device is compromised he has to be denied login. The 
user shouldn’t be allow to login unless he verifies it physically or via email or 
phone number. 

 
b) severity = low, medium, high, critical (it will be empty when status is allow) 

low This is usually a safe one so can be ignored 
medium This means some suspicious activities are shown 
high This means some severe suspicious activities are shown over a period of time 
critical This means its critical and user should be given a very tough challenge to verify 

c) message = This will contain a message suggesting the reason if deny or challenge. 
d) device = Device’s information. 

  1. device_id = device’s unique identification id you can use this while calling device 
    management APIs 
  1. name = device name in “Browser on OS” format, its to be used as it as for device name. 
  1. ip = IP address of visitor 
  1. location = Location string with city, state and country. To be used as it is for location. 
Updated on April 1, 2022

Was this article helpful?

Related Articles

Leave a Comment