When a REST API request responds to the API requests:
Login Attempt
Status response based on the severity.
One of the following status displays:
- Allow: If the severity is low
- Allow: If the severity is medium, allow the user to log in but send an email in the below format.
- Deny: If Severity is high, present a challenge to user. Challenges such as sending OTP to the email address or mobile, sending password reset email, or asking security questions.
Challenge Responses:
Send an OTP over email/phone
If challenge is cleared, then call approve device function from the SDK:
$obj->approveDevice(DEVICEID);
If a challenge is failed, then allow him to retry three times, if he fails the calling device deny function from the SDK:
$obj->denyDevice(DEVICEID);
Send a password reset email
A user has been denied login and sends a password reset email to force the user to change the password. The password reset mail should have a link that helps users directly change the password and not make for entering the same username/email again.
Asks security questions
If challenge is cleared, then call approve device function from the SDK:
$obj->approveDevice(DEVICEID);
If a challenge is failed, then allow him to retry three times, if he fails the calling device deny function from the SDK:
$obj->denyDevice(DEVICEID);
Webhook trigger
Status = deny, severity = critical:-
A user has been denied login and sends a password reset email to force the user to change the password. The password reset mail should have a link that helps users directly change the password and not make for entering the same username/email again.