Transaction sealing API
This document describes the API calls used for transaction sealing operations.
To be able to use transaction sealing, parameter "Transaction sealing" must be set to "yes" in the "Service parameters" of your inWebo administration console.
If this parameter is not available/displayed in your console, please contact your sales representative at inWebo.
InWebo supports authentication with transactions sealing.
The sealing process is materialized by the following API calls:
SealVerify → Verification after OTP generation
sealDeferredVerify → Verification later
SealVerify (REST)
https://api.myinwebo.com/FS?action=sealVerify + parametersMandatory parameters:
&serviceId= <id of the service> //integer
&userId=<login> //string
&token=<OTP received from the client app> //string
&data=<sealed data> //stringOptional parameters:
&format=json→ allows to get the API response in json format instead of XML format
Response:
By default, response is in XML. It contains:
err: operation result (« OK » or « NOK:<cause> ;»)
name: name of the device that performed the sealing
alias: alias of the device that performed the sealing
version: version of the device that performed the sealing
platform: platform of the device (the one you passed to mAccess)
type: will be “mac” (your application developed with mAccess)
timestamp: timestamp of the API call
If the ID of the service set in the URL is not valid the returned error code is: « NOK:srv unknown ». If the login set is not a valid login of the service the returned error code is: « NOK:account unknown ».
Other error codes:
NOK:NoKey: user does not have a sealing key. This means that he has not activated your app
NOK:BadData: The data sealing in the OTP is different from the one sent in as an input parameter. Potential MITM.
NOK:FORBIDDEN: Sealing option is not authorized for your account. Contact inWebo Sales.
NOK: other errors
Format of XML response:
<sealVerify>
<err>Error Code</err>
<name>appname</name>
<alias>device alias</alias>
<version>app version</version>
<platform>Platform</platform>
<type>mac</type>
<timestamp>timestamp</timestamp>
</sealVerify>Format of JSON response:
{"err":"","name":"","alias":"","type":"","version":"","platform":"","timestamp":""}sealDeferredVerify (REST)
URL:
https://api.myinwebo.com/FS?action=sealDeferredVerify + parametersMandatory parameters:
&serviceId= <id of the service> //integer
&userId=<login> //string
&token=<OTP received from the client app> //string
&data=<sealed data> //string
&date=<seal date> // timestamp unix (nombre de seconde depuis 01/01/1970)Optional parameters:
&format=json→ allows to get the API response in json format instead of XML format
Response:
By default, response is in XML. It contains:
err: operation result (« OK » or « NOK:<cause> ;»)
name: name of the device that performed the sealing
alias: alias of the device that performed the sealing
version: version of the device that performed the sealing
platform: platform of the device (the one you passed to mAccess)
type: will be “mac” (your application developed with mAccess)
timestamp: timestamp of the API call
If the ID of the service set in the URL is not valid the returned error code is: « NOK:srv unknown ». If the login set is not a valid login of the service the returned error code is: « NOK:account unknown ».
Other error codes:
NOK:NoKey: user does not have a sealing key. This means that he has not activated your app
NOK:BadData: The data sealing in the OTP is different from the one sent in as an input parameter. Potential MITM.
NOK:FORBIDDEN: Sealing option is not authorized for your account. Contact inWebo Sales.
NOK: other errors
Format of XML response:
<sealDeferredVerify>
<err>Error Code</err>
<name>appname</name>
<alias>device alias</alias>
<version>app version</version>
<platform>Platform</platform>
<type>mac</type>
<timestamp>timestamp</timestamp>
</sealDeferredVerify>Format of JSON response:
{"err":"","name":"","alias":"","type":"","version":"","platform":"","timestamp":""}PushSeal (REST)
Requests inWebo platform to send a Push notification to an identified user’s device, for an authentication with seal.
URL
https://api.myinwebo.com/FS?action=pushSeal + parametersMandatory parameters
&serviceId=<service id>→ (integer) The service identifier&userId=<userId>→ (string) The login of the authenticated user&data=<data>→ (string) The sealed data
Optional parameters
&withoutpin=1→ when set to 1, push is sent without asking for PIN (overriding global PIN policy). In this case CheckPushResult must also be invoked with 'withoutpin=1'. Default value: 0.&format=json→ allows to get the API response in json format instead of XML format.&toolalias=<alias of the tool>→ allows to specify the tool where to send the push, if several tools have been enrolled by the user. 'toolalias' can be obtained with 'loginQuery' request.
Response
By default, API response is in XML. It contains:
err : the notification result (“OK” or “NOK:<cause>” or “NOK” (=other errors))
name: name of the device that performed the authentication
alias: alias of the device that performed the authentication
version: version of the application that performed the authentication
platform: platform of the device (the one you passed to mAccess)
type: will be “mac” (your application developed with mAccess)
sessionId: the 32-char-long Session identifier that will allow you to check Authentication result (to be used in checkPushResult)
timestamp: timestamp of the API call
Possible error codes
NOK:NOPUSH ==> user’s mobile app does not support Push (inWebo Code)
NOK:NOMA ==> user does not have any inWebo mobile app available
NOK:NOLOGIN ==> user does not exist, or is still pending activation
NOK:SN ==> syntax error in input parameters
NOK:srv unknown ==> serviceId is wrong
NOK:NoKey: user does not have a sealing key. This means that he has not activated your app
NOK:FORBIDDEN: Sealing option is not authorized for your account. Contact inWebo Sales.
NOK ==> Temporary error. In such a case, try to reiterate the API call.
JSON response format
{"timestamp":"",
"platform":"",
"sessionId":"",
"alias":"",
"name":"",
"err":"",
"type":"",
"version":"",
}