--- title: PushNotificationResponse description: Push Authentication depends on the secure verification of information sent from the server to the client, and from the client to the server. This allows the server to verify that the notification was received by the original device, and for the device to verify that only the server sent out the original request. component: pingam version: 8.1 page_id: pingam:entity-reference:sec-amster-entity-pushnotificationresponse canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-pushnotificationresponse.html section_ids: sec-amster-entity-pushnotificationresponse-realm-ops: Realm Operations sec-amster-entity-pushnotificationresponse-realm-ops-authenticate: authenticate sec-amster-entity-pushnotificationresponse-realm-ops-refresh: refresh sec-amster-entity-pushnotificationresponse-realm-ops-register: register --- # PushNotificationResponse ## Realm Operations Push Authentication depends on the secure verification of information sent from the server to the client, and from the client to the server. This allows the server to verify that the notification was received by the original device, and for the device to verify that only the server sent out the original request. This endpoint provides the place for the device to return responses to the server to requests received either by QR code or by push notification. Resource path: ``` /push/sns/message ``` Resource version: `1.0` ### authenticate Message sent from device to server in response to a request for authentication sent to the device via Push notification. This message is generally sent from the Authenticator app. **Usage** ``` am> action PushNotificationResponse --realm Realm --body body --actionName authenticate ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "messageId" : { "type" : "string", "title" : "Message ID", "description" : "Unique message identifier" }, "jwt" : { "type" : "string", "title" : "JWT", "description" : "Signed JWT containing claims:\n* `response`: Response to challenge (Base64 encoding of the HmacSHA256 hashing of the decoded shared secret and the decoded challenge)\n* `deny`: Indication that this auth attempt should be shut down (boolean)" } }, "required" : [ "messageId", "jwt" ] } ``` ### refresh Request sent from device to server to a request to update the registration token for a device. This request is generally sent from the Mobile SDK or Authenticator app. **Usage** ``` am> action PushNotificationResponse --realm Realm --body body --actionName refresh ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "mechanismUid" : { "type" : "string", "title" : "Mechanism UID", "description" : "The device-specific identifier for the mechanism" }, "username" : { "type" : "string", "title" : "Username", "description" : "The username of the user associated with the mechanism" }, "jwt" : { "type" : "string", "title" : "JWT", "description" : "Signed JWT containing claims:\n* `mechanismUid`: The device-specific identifier for the just-registered mechanism (string)\n* `deviceId`: The registration token used by GCM or APNS (string)\n* `deviceType`: `android` or `ios` (string)\n* `communicationType`: `gcm` or `apns` (string)" } }, "required" : [ "mechanismUid", "jwt" ] } ``` ### register Message sent from device to server in response to a registration message received on the device via a QR code. This message is generally sent from the Authenticator app. **Usage** ``` am> action PushNotificationResponse --realm Realm --body body --actionName register ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "messageId" : { "type" : "string", "title" : "Message ID", "description" : "Unique message identifier" }, "jwt" : { "type" : "string", "title" : "JWT", "description" : "Signed JWT containing claims:\n* `response`: Response to challenge (Base64 encoding of the HmacSHA256 hashing of the decoded shared secret and the decoded challenge)\n* `mechanismUid`: The device-specific identifier for the just-registered mechanism (string)\n* `deviceId`: The registration token used by GCM or APNS (string)\n* `deviceType`: `android` or `ios` (string)\n* `communicationType`: `gcm` or `apns` (string)" } }, "required" : [ "messageId", "jwt" ] } ```