The OTP server manages information about user identifiers and OTP lists. The URI format used with these entities is as follows:
*http://hostname/root/method-name/entity-type/entity-id*

1. http://hostname/root
   The application context. This part of the address is typically http://UAS_URL/otp-server. UAS_URL is defined in win32.config or unix.config.
2. method-name
   Name of SSO server authentication method, example "otp.1"
3. entity-type
   Specifies entity type, one of "otp-list" or "user-info"
4. entity-id
   Unique entity identifierWell known identifiers such as _batch, _query, _all etc. may be used

http://hostname/root/method-name/otp-list/list-id

http://hostname/root/method-name/user-info

Request parameters

Request parameters are given in URL parameters. For HTTP POST messages the message body may also be used using "application/x-www-form-urlencoded " encoding.

In the future other request parameter encodings such as XML or JSON may be supported.

If the message body is used for request parameters then the http request header Content-Type must specify the encoding type.

Response message

The response message is encoded in XML format using the OTP server XML schema. The http response content type is "application/xml".

See page OTP Server XML schema - SSO for XML schema.

Error conditions are indicated by HTTP status codes.

1. 200 OK
   The operation was successful. Response body contains the requested resource.
2. 204 No Content
   The operation was successful. Response body is empty.
3. 401 Unauthorized
   Required by http basic authentication.
4. 403 Forbidden
   The operation is not allowed.
5. 404 Not Found
   The resource was not found.
6. 405 Method Not Allowed
   The http method is not valid
7. 500 Server Error
   Any other unspecified error

If the error response is produced by OTP Server then a <error> element is returned.

POST /otp.notfound/otp-list
<error status="404">Not Found</error>