HYPR Passwordless API
API Flows are still being defined. In the meantime, see the HYPR Postman API to test out the calls.
Developers can use the HYPR Passwordless API to integrate their own applications with the HYPR platform. Standard REST server endpoints are available to perform device registrations, authenticate logins, manage users, configure RP Applications, review the audit trail, and handle administrative tasks.
BASE URL
For all the HYPR Passwordless API endpoints described in this documentation, replace the base {{baseUrl}} placeholder with the URL of your HYPR Server. For example:
{{baseUrl}}/rp/api/versioned/recoverypin/retrieve
https://highlandsbank.hypr.com/rp/api/versioned/recoverypin/retrieve
REQUEST AUTHORIZATION
The HYPR Passwordless API uses Bearer authentication, so you'll need to send a HYPR-supplied access token in the Authorization header when making requests. For example, in cURL:
--header 'Authorization: Bearer hypap-110f7826-d95e-12d2-42ce-8bd67fb20bb9'
You can generate these access tokens in the HYPR Control Center as described here.
Note that most HYPR API requests use an access token issued for a specific RP Application. However, some API requests require an admin-level access token created under the special Control Center Admin RP Application. The Authorization header shown for each request in this documentation indicates which type of token is required:
Authorization Bearer {{RPAppAccessToken}}
Authorization Bearer {{CCAdminAccessToken}}
API access tokens generated through the Control Center have an expiration period (TTL) of 30 days. Note that the expiration date is reset to the current date+TTL each time you use the token, so if you access the API at least once a month the token won't expire. If you don't use the token for more than 30 days, it will expire and you'll need to generate a new one.