Integrating AuthSafe using REST API
To integrate AuthSafe using REST API:
Add the below lines where you want the SDK to be instantiated:
require_once("PATH TO AUTHSAFE PHP SDK/autoload.php");
obj = new AuthSafe\AuthSafe([
'property_id' => '1234567891234567',
'property_secret' => 'xxxxxxxxxxxxxxxx'
]);
NOTE:
Instead of required_once, you can call the autoloader any other way you want, but it needs to be called first before calling any APIs or functions.
Now, the login attempt and reset password attempt calls:
Login Attempt/Logout:
res = obj->loginAttempt( STATUS, USERID, as_request_string, array( 'email' => '[email protected]', 'username' => $username ) );
STATUS
Specifies the status of the attempt. There are three statuses, login_succeeded, login_failed, and logout.
USERID
Specifies the user’s unique identification id.
NOTE: If the event result is login_failed and the entered username/email does not exist, you can send an empty string here.
as_request_string
This is the value that we receive from point (1) part of JavaScript. The boldened part is optional but we encourage users to provide that information as well so we can keep information presentable and get better results. The array has two values.
Specify the user’s email address.
Username
Specify the user’s username.
RESPONSE
The RESPONSE will be in JSON format with the following values:
a) status = allow, challenge, deny
| allow | Allows the users to login |
| challenge | The user shows some suspicious activities. An alert will be sent through an email, or asking them some queries to confirm if it is the user, or giving some challenge. |
| deny | The user’s device is compromised and the system has denied the user login. The user should not be allowed to login unless he verifies it physically or via email or phone number. |
b) severity = low, medium, high, critical
The severity field will be empty when status is allow.
| low | Indicates safe login and can be ignored |
| medium | Indicates some suspicious activities and details are shown |
| high | Indicates severe suspicious activities are shown over a period of time |
| critical | This means its critical and user should be given a very tough challenge to verify |
c) message = This will contain a message suggesting the reason if deny or challenge.
d) device = Device’s information.
- device_id = device’s unique identification id you can use this while calling device
management APIs
- name = device name in “Browser on OS” format, its to be used as it as for device name.
- ip = IP address of visitor
- location = Location string with city, state and country. To be used as it is for location
B] Reset Password Attempt:
$res = $obj->passwordResetAttempt ( STATUS, USERID, as_request_string, array( ’email’ =>
‘[email protected]’, ‘username’ => $username ) );
STATUS = This can have 2 values: reset_password_succeeded, reset_password_failed
USERID = This argument must have user’s unique identification id. . NOTE: In case the even is
reset_password_failed and the entered username/email doesn’t exist you can send empty string
here.
as_request_string = This is the value that we receive from the point (1) part of javascript.
The boldened part is optional but we encourage our customers to provide those information as well
so we can keep information presentable and to get better results. The array has 2 values as you can
see.
‘email’ = user’s email to be provided here
‘username’ = user’s username to be provided here
RESPONSE:
RESPONSE will be in JSON format with following values:
a) status = allow, challenge, deny
| allow | Allow the user to login |
| challenge | User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge. |
| deny | We are sure that this user’s device is compromised he has to be denied login. The user shouldn’t be allow to login unless he verifies it physically or via email or phone number. |
b) severity = low, medium, high, critical (it will be empty when status is allow)
| low | This is usually a safe one so can be ignored |
| medium | This means some suspicious activities are shown |
| high | This means some severe suspicious activities are shown over a period of time |
| critical | This means its critical and user should be given a very tough challenge to verify |
c) message = This will contain a message suggesting the reason if deny or challenge.
d) device = Device’s information.
- device_id = device’s unique identification id you can use this while calling device
management APIs
- name = device name in “Browser on OS” format, its to be used as it as for device name.
- ip = IP address of visitor
- location = Location string with city, state and country. To be used as it is for location.