Pre authenticates an account by username and password. Checks if the user should perform secondary authentication and if so, returns the available authentication factor for this user, the campaign contact details, status and session details. If the 2FA is disabled for this user then the credentials are checked against the database and the details are returned along with the session. Possible reasons of rejection with HTTP 200: PasscodeInvalid, ContactLocked or AccessDenied. Possible scenarios of pair (Status, Factor):

• Auth - Passcode - The user is eligible for secondary authentication. The "/v1.1/contacts/{contactId}/authentication/authenticate" must be called as the secondary step which requires a passcode as input. The user will use the time-base one-time codes from a mobile app or a different channel (SMS)
• Auth - Approve - The user is eligible for secondary authentication. The "/v1.1/contacts/{contactId}/authentication/authenticate" must be called as the secondary step
• Auth - QrCode - The user is eligible for secondary authentication. The "/v1.1/contacts/{contactId}/authentication/authenticate" must be called as the secondary step
• Allow - The user is configured to bypass secondary authentication, or is authenticating from a trusted device. The session details are returned and the user will be authenticated without a secondary step

Authenticates an account by username and password. This API is deprecated. Use the following endpoint to pre-authenticate: /v1.1/authentication/pre-authenticate. The GlobalSettings table must support the following settings: 2FAFactor = Passcode and 2FAProvider = MTan.

Performs secondary authentication using one of the available factors. The response of this endpoint depends on the chosen factor. If the two-factor authentication is disabled then the session details will be returned and the contact will be automatically authenticated. Possible reasons of rejection with HTTP 200: PasscodeInvalid, ContactLocked or AccessDenied. Possible scenarios of pair (Status, Factor):

• Allow - Passcode - The session details are returned and the user will be authenticated.
• Allow - Approve - The session details are returned and the user will be authenticated.
• Auth / NULL - Approve - The end-user will approve or reject the authentication request via a 2FA mobile app.
• Auth / NULL - QrCode - The end-user will scan the code received on AsynchronousParameters[QrCodeUrl]. For Auth status a temporary session is returned in order to allow status requests on the current authentication process. A callback is pending to be called by a 2FA provider to complete the authentication.

Checks the authentication status of an account by username and temporary session when async 2FA is enabled. This endpoint can return a response in two different ways:

• It can wait until the authentication session has been completed and return when the result is available.
• It can wait just for the next status update during the authentication session and return the new status. It can then be called once again to either retrieve the next status update or wait for the result to become available (depending on how it’s called this time). If the response is successful session details will be returned and the contact will be able to authenticate.

Authenticates a contact to access onboarding. The authentication is done by mobile number. Use for mobile devices only (from native apps). Pre authenticates an existing contact to gain access to the onboarding using a mobile number as identifier. Triggers sending of second factor (mtan) to the contact to validate the contact. The follow up call with the mtan should be to /contacts/{contactId}/authentication/onboarding/activate.

Sends an activation link to the given contactId provided that the contact exists and the given mtan is valid. If the contact is already marked as active, it will be reset to be not active until the link is clicked by the contact. If the system is in testing mode, due to testing reasons, the new generated activation key is returned. It can be used later in the reset password flow.

Authenticates a contact on a mobile app by user name and password.

Performs single-sign-on authentication based on a JWT token. The provided JWT access token is validated before authentication.

Authenticates an account by username and mTan. If the authentication is successful, a session id along with a JWT access token is returned. This API is deprecated. Use the following endpoint to authenticate via MTan: /v1.1/contacts/{contactId}/authentication/authenticate. The GlobalSettings table must support the following settings: 2FAFactor = Passcode and 2FAProvider = MTan.

Renews an expired or existing session/JWT token. Returns the renewed JWT token along with session id.

Renews an expired or an existing SSO session/JWT token. Returns the renewed JWT token along with session id.

Validates a provided JWT access token (expiration, contactId, memberId, subject, auditContextId). Returns the result type of the validation (Success or one of the invalid result types).

Gets a JWT token for a given sessionId.

Triggers a forgotten password process based on username or email. The username takes the priority over email to identify the campaign contact if both are provided. If the contact is registered, then the details of the campaign contact are returned and an mTan is generated and sent to the contact.

Sends a forgotten password activation link by email to the given contactId provided that the contact exists, is active and that the given mtan is valid. After this call, the previous password, if existing, can no longer be used and the contact can log-in again only after setting a new password. If the system is in testing mode, due to testing reasons, the new generated activation key is returned. It can be used later in the reset password flow.

Sets a password for an existing, active contact which is not authenticated based on the provided activation key. Can be used for first password creation or for password reset as long as the contact is active already. If the activation key is valid, the new password is set for the contact. Once the password is set the contact should be redirected to a login page and use the new password.

Sets a new password for an existing, active contact with password set which is authenticated based on the contact id provided.

Logs off an authenticated account.

Checks whether a contact is locked due to multiple failed authentication attempts (passcode or mTan) and retrieves his status.

Unlocks a contact that was locked due to multiple failed authentication attempts (passcode or mTan). If the contact is not locked an HTTP 200 with Result = ContactAlreadyUnlocked will be returned.

Returns the list of all banks in the system.

Create a new bank

Return a bank by id

Update existing bank

Delete bank

Provides an API a Futurae server can call in order to deliver status updates as well as the result of a particular authentication attempt (also called authentication session). The URL will be called as a POST request with "Content-Type" header being "application/json". The body of the request will be a JSON object containing the following keys and corresponding values: user_id, username, session_id, result, status, status_msg and trusted_device_token. The session ID identifies the particular authentication session and is conditionally returned by /v1.1/authentication/authenticate endpoint.

Provides an API a Futurae server can call in order to inform the application when the enrollment was successfully completed. The body of the request will be a JSON object containing the following keys and corresponding values: user_id, username, activation_code and result. The value of the latter will always be "success", since the callback will only be called when the enrollment is completed successfully.

Performs a health check of the system. Will return "OK" as "text/plain" if everything is working properly.

Returns system settings. If the optional group parameter is passed only settings for this group will be returned, otherwise all available settings.

Returns a specific system setting. The name of the group and the name of the key need to be supplied.

Clears the cache which stores all the global settings.

Clears all caches

Returns campaign configuration data. Returns data about the active campaign of the tenant, including a list of product offers and their products, the list of supported languages and the default language. The language DTOs also contain specifications that can be used for number formatting (NumberDecimalSeparator and NumberGroupSeparator).

Returns the list of all countries in the system.

Returns the list of all lanuages in the system.

Returns the list of all bank branches in the system.

Returns the list of all severity levels in the system.

Returns a list of all available data sources.