Using QRLogin in the API client

To use the qrlogin password less API as the authentication method for your application (API client), follow the prerequisites and use Client for URLs (cURL) to get or send the API requests.

Procedure

To use QRCode login in your API client, follow these steps.
  1. Comply with the Prerequisites.
  2. Initiate a new QR Login. See Initiate a new QRLogin.
  3. Poll for completion of an existing QR Login verification. See Poll for completion of an existing QRLogin verification.
  4. Verify an existing QR Login verification. See Verify an existing QRLogin verification.
  5. Retrieve successfully verified QR Login request. See Retrieve successfully verified QR Login request.
  6. Delete a specific verification. See Delete QR Login verification.

Initiate a new QRLogin

To create a new QR code login verification record, use the following cURL command to initiate a new QR login verification request.
Note: Replace the {{profile.id}} with a valid an IBM Verify registered profile identifier. See Managing registration profiles.
cURL command
'https://{{tenant}}/v2.0/factors/qr/authenticate?profileId={{profile.id}}' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json'
Example
curl -X GET \
  'https://companyAppTest.verify.ibm.com/v2.0/factors/qr/authenticate?profileId=9fe42f1c-3d22-4d2c-99a0-8ff08c93c4b0' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json'
Example output response
{
    "lsi": "zj4lyRfYFlnJcxZYPxKJXR0OB",
    "created": "2019-04-01T00:35:18.951Z",
    "type": "qr",
    "serviceName": "IBM Verify",
    "qrCode": " iVBORw0KEUgAAASwAAAEsCAIAAAD2HxkiA",
    "profileId": "9fe42f1c-3d22-4d2c-99a0-8ff08c93c4b0",
    "location": "https://companyAppTest.verify.ibm.com/v2.0/factors/qr/77348a7f-03b2-494f-a5d4-9a1603ae1592",
    "id": "77348a7f-03b2-494f-a5d4-9a1603ae1592",
    "expiry": "2019-04-01T00:36:18.951Z",
    "state": "PENDING",
    "dsi": "NxyVx0412btOrdx1xZJqTPfVPoCRHq3wG1s5udzt",
    "updated": "2019-04-01T00:35:18.951Z",
    "tenant": " companyAppTest.verify.ibm.com "
}
Note: Generate the QR code image by copying and pasting the value of b64QRCode in a Base64-encoded QR Code text converter.

Poll for completion of an existing QRLogin verification

Use the following cURL command to retrieve qrlogin request to poll for completion of an existing QR Login verification from an unauthenticated context.

cURL command
curl -X GET \
  'https://{{tenant}}/v2.0/factors/qr /{{qrlogin.ci.id}}?dsi={{qrlogin.dsi}}' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json'
Note: Replace the {{qrlogin.ci.id}} and {{qrlogin.dsi}} with the values of cloud identifier ID, and device session index that are returned when you initiated a new qrlogin request.
Example
curl -X GET \
  'https://companyAppTest.verify.ibm.com/v2.0/factors/qr/authenticate/77348a7f-03b2-494f-a5d4-9a1603ae1592?dsi=IJL1IM9GFJLL3NK39MM2E3HN39IGH8LENENGIG2G' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json'
Example output response
{
    "created": "2019-04-01T00:42:44.456Z",
    "profileId": "9fe42f1c-3d22-4d2c-99a0-8ff08c93c4b0",
    "location": "https://companyAppTest.verify.ibm.com/v2.0/factors/qr/77348a7f-03b2-494f-a5d4-9a1603ae1592",
    "id": "77348a7f-03b2-494f-a5d4-9a1603ae1592",
    "expiry": "2019-04-01T00:43:44.456Z",
    "state": "PENDING",
    "type": "qr",
    "serviceName": "IBM Verify",
    "updated": "2019-04-01T00:42:44.456Z",
    "tenant": "companyAppTest.verify.ibm.com"
}

Verify an existing QRLogin verification

The verifyAuthenticator API security entitlement is required to verify and existing QRLogin verification.

To verify an existing QRLogin verification, create a verify-qrlogin-payload.json file that contains
{
	"lsi": "{{qrlogin.lsi}}"
}
Note: Replace the {{qrlogin.lsi}} with the digits of the login session index (LSI) that you received after initiation of new qrlogin request. The length of the LSI is a variable that is based on the configuration. For example,
{
  "lsi": “B1CAE3”
}
cURL command
curl -X POST \
  https://{{tenant}}/v2.0/factors/qr/{{qrlogin.ci.id}} \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {{authenticator_access_token}}' \
  -H 'Content-Type: application/json' \
  -d @verify-qrlogin-payload.json
Note:
  • The authenticator_access_token must be the one from the IBM Security Verify registration.
  • Replace the {{qrlogin.ci.id}} with the value of cloud identifier ID that is returned when you initiated a new qrlogin request.
Example
curl -X POST \
  https://companyAppTest.verify.ibm.com/v2.0/factors/qr/77348a7f-03b2-494f-a5d4-9a1603ae1592 \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer 4hFZq9U73P3MPEA40KcF54i77Z0mDhZba0InrzUe' \
  -H 'Content-Type: application/json' \
  -d @verify-qrlogin-payload.json
Example output response
Status Code: 204

Retrieve successfully verified QR Login request

Use the following cURL command to retrieve qrlogin request to poll for completion of an existing QR Login verification from an unauthenticated context.

cURL command
curl -X GET \
  'https://{{tenant}}/v2.0/factors/qr /{{qrlogin.ci.id}}?dsi={{qrlogin.dsi}}' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json'
Note: Replace the {{qrlogin.ci.id}} with the value of cloud identifier ID that is returned when you initiated a new qrlogin request.
Example
curl -X GET \
  'https://companyAppTest.verify.ibm.com/v2.0/factors/qr/authenticate/77348a7f-03b2-494f-a5d4-9a1603ae1592?dsi=IJL1IM9GFJLL3NK39MM2E3HN39IGH8LENENGIG2G' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json'
Example output response
{
    "updatedBy": "50FNK72W4C",
    "created": "2019-04-01T00:45:13.441Z",
    "profileId": "9fe42f1c-3d22-4d2c-99a0-8ff08c93c4b0",
    "location": "https://companyAppTest.verify.ibm.com/v2.0/factors/qr/77348a7f-03b2-494f-a5d4-9a1603ae1592",
    "id": "9df8af9c-b5eb-4b47-b518-725ac43ccccc",
    "expiry": "2019-04-01T00:46:13.441Z",
    "state": "SUCCESS",
    "type": "qr",
    "serviceName": "IBM Verify",
    "userId": "50FNK72W4C",
    "updated": "2019-04-01T00:45:19.256Z",
    "tenant": "companyAppTest.verify.ibm.com"
}

Delete QR Login verification

The authnAnyUser API security entitlement is required to delete an existing QRLogin verification.

Use the following cURL command to delete a qrlogin verification record.

cURL command
curl -X DELETE \
  https://{{tenant}}/v2.0/factors/qr/{{qrlogin.ci.id}} \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {{access_token}}' \
  -H 'Content-Type: application/json'
Note: Replace the {{qrlogin.ci.id}} with the value of cloud identifier ID that is returned when you initiated a new qrlogin request.
Example
curl -X DELETE \
  https://companyAppTest.verify.ibm.com/v2.0/factors/qr/9df8af9c-b5eb-4b47-b518-725ac43ccccc \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer 4hFZq9U73P3MPEA40KcF54i77Z0mDhZba0InrzUe ' \
  -H 'Content-Type: application/json'
Example output response
Status Code: 204