TOTP API - SSO

TOTP API is supported by Ubisecure SSO as of version 8.6

Introduction

TOTP API enables administrators to manage the TOTP secrets of the users. With TOTP API it's possible to manage the secrets for users in other types of directories in addition to Ubilogin Directory.

Recommendation

We do not recommend password.method users (External usersaccessing TOTP API because enabling TOTP API for password.authentication method meansexternal users can access other user's data and can update their TOTP secret data.


The API calls available are:

  • PUT /totp/api/v1/methods/{method} - Configures the TOTP method for a user
  • DELETE /totp/api/v1/methods/{method} - Deletes the TOTP method from a user
  • GET /totp/api/v1/methods/{method} - Gets the TOTP method status for a user

API documentation

TOTP API is documented using Swagger. In order to access the API specification, you can enable the API documentation as instructed in TOTP API configuration chapter Enable API documentation. Documentation is accessible in https://<sso-base-url>/totp/swagger-ui/ and it defines the endpoints, payloads, and responses. You can also use the Swagger UI to test the API.

Swagger API specification

The API specification for your installation is available in https://<sso-base-url>/totp/v2/api-docs

Testing the API with the documentation webpage

The Swagger UI "Try it out" feature will call the real API endpoints with the parameters provided thus making permanent changes to SSO.

The Swagger UI has a feature for trying out the different endpoints. A valid access token is required in order to call the endpoints. See TOTP API configuration chapter Verify the API works for instructions on acquiring an access token.

In order to provide an access token to be used in the API calls, click the following button

and write Bearer followed by an access token in the input field and click Authorize.

After this you can try the different endpoints.

Related content