PingFederate Authentication API support
The PingFederate Authentication API provides access to the current state of the authentication flow as a user steps through the PingFederate authentication policy. You can use the PingFederate Authentication API to integrate the One-Time Passcode IdP Adapter into your application.
You can also explore the process using the PingFederate Authentication API Explorer. Learn more in the following sections of the PingFederate documentation:
| HTTP method contract: 
 | 
To integrate the One-Time Passcode IdP Adapter into your authentication flow, configure your application based on the information in this section.
Models, objects, and error codes
When using the One-Time Passcode Integration Kit through the PingFederate Authentication API, the adapter uses the following state models, action models, objects, and error codes.
State models
| Status | Request model | Action | Description | 
|---|---|---|---|
| 
 | 
 | 
 | Indicates that device selection is required because the user might have more than one device. To continue, the user must select a device for multi-factor authentication (MFA). | 
| 
 | 
 | 
 | Indicates that a one-time passcode (OTP) is required. To continue, the user must enter the OTP sent to them through either SMS, voice call, or email. | 
| 
 | This state has no model. | 
 | Indicates that the user has completed MFA using an OTP. | 
| 
 | 
 | 
 | Indicates a dead end in the authentication flow. The API client can proceed in the flow by calling  | 
Action models
| Status | Request model | Action | Description | 
|---|---|---|---|
| 
 | 
 | 
 | Starts an authentication flow with the specified  For example: {
  "deviceRef":
  {
     "id":
"<device ID>"
  }
} | 
| 
 | 
 | 
 | Validates the submitted OTP. | 
| 
 | This action has no model. | 
 | Re-sends an OTP to the previously selected device. | 
| 
 | This action has no model. | This action has no errors. | This action continues the current authentication flow. | 
| 
 | This action has no model. | This action has no errors. | This action cancels the current authentication step. | 
Objects
Device object
| Parameter Name | Type | Description | 
|---|---|---|
| id | String | The unique identifier for this object. | 
| type | String | The device delivery method type. The available options are  | 
| target | String | The device’s masked email address or phone number. | 
User object
| Parameter Name | Type | Description | 
|---|---|---|
| username | String | The user’s username that was mapped into the adapter. | 
- userData object
- 
Object with dynamic data populated based on adapter configuration. 
Resource reference (ResourceRef) object
| Parameter Name | Type | Description | 
|---|---|---|
| id | String | The resource’s identifier. | 
Error codes
An error code is returned if the call flow state hasn’t reached a dead end and the user can still authenticate with a device.
In cases where a flow reaches a dead end, the MFA_FAILED state is returned with a corresponding code.
Top level error codes
| Error code | Message | HTTP status | 
|---|---|---|
| 
 | One or more validation errors occured. | 
 | 
| 
 | The request couldn’t be completed. There was an issue processing the request. | 
 | 
Detail level error codes
| Error code | Message | userMessageKey | Parent code | ||
|---|---|---|---|---|---|
| 
 | An invalid or expired OTP was provided. | 
 | 
 | ||
| 
 
 | The OTP has been re-sent the maximum number of times. | 
 | 
 | ||
| 
 | An invalid device was provided. | 
 | 
MFA_FAILED codes
| Error code | Message | userMessageKey | ||
|---|---|---|---|---|
| 
 
 | The OTP has been re-sent the maximum number of times. | 
 | ||
| 
 | An invalid device was provided. |