Access Token

Overview

The HYPR Control Center exposes an extensive set of APIs which use access tokens as an authentication and authorization mechanism.

API access tokens can be created and revoked by Control Center admin users as described below. Tokens have an expiration period (TTL) of 30 days. The expiration date is reset to the current date+TTL each time you use the token, so if you don't use the token for more than 30 days it will expire and you'll need to generate a new one.

๐Ÿ“˜

Note

Every token is bound to a specific RP Application. Any operation within the RP Application is allowed in the presence of a valid token.

Create Access Token

  1. Click Access Tokens in the selected RP application left menu, then click Generate Token.
33463346
  1. In the pop-up box, provide a token name. When finished, click Create Token.
10801080

๐Ÿ“˜

Note

Choosing a unique name for an access token helps avoid confusion.

  1. This step provides the option for the admin to copy the generated access token. This is a one-time action as the admin will not see the tokens beyond this dialog. Click Done when finished.
10801080
  1. The following table displays:
Field NameDescription
Token NameName of the token
Date CreatedDate of creation
Last UsedLast used by the clients for registration/authentication and de-registration
DeleteDelete the token
33313331

Use the Access Token

An access token is provided on every request to the HYPR API HTTP endpoint. The request will fail if the token is missing or does not have permissions for the requested operation. The request will also fail if the token has expired, been revoked, or is invalid.

The access token must be sent in the Authorization header using the Bearer schema.

Here is an example of how to pass an access token using the cURL command. In the following example the access token is 7c839b65-9d28-4037-afc6-993fc5595cbf

curl https://staging1.gethypr.com/cc/api/stats/authenticator/logins \
  -H 'Authorization: Bearer 7c839b65-9d28-4037-afc6-993fc5595cbf'

Access Tokens in HYPR Java SDK

The following commands are examples to show how access tokens can be used in Java SDK:

//Registration
java -jar java-client-<version>.jar REGISTER https://<your_hypr_server_url>.com <api_access_token> highlandsBank username

//Authentication
java -jar java-client-<version>.jar AUTHENTICATE https://<your_hypr_server_url>.com <api_access_token> highlandsBank username

//Transaction
java -jar java-client-<version>.jar TRANSACTION https://<your_hypr_server_url>.com <api_access_token> highlandsBank username actionId transactionType transactionText

Registration

Navigate to the folder where the Java SDK package is downloaded (or placed). To register the username, use the command below:

java -jar java-client-<version>.jar REGISTER https://<your_hypr_server_url>.com <api_access_token> highlandsBank username
For example: java -jar java-client-3.8.0-20200117.161944-11.jar REGISTER https://awsdevelop1.biometric.software 001fc0cf-0703-fb7d-ad44-07c7e3334bcb highlandsBank [email protected]

๐Ÿ“˜

Note

The access token has to be generated in the Control Centerโ€™s 'Access Tokens Section' for the respective app which is being tested, e.g. https://awsdevelop1.biometric.software/cc/app/highlandsBank/accessTokens

A QR code will be generated in your HOME directory.

14941494

QR code file:

664664

Authentication

To authenticate the registered username (which can be an e-mail address) use the following command:

java -jar java-client-<version>.jar AUTHENTICATE https://<your_hypr_server_url>.com <api_access_token> highlandsBank username
For example: java -jar java-client-3.8.0-20200117.161944-11.jar AUTHENTICATE https://awsdevelop1.biometric.software 001fc0cf-0703-fb7d-ad44-07c7e3334bcb highlandsBank [email protected]

A PUSH notification is generated and the user accepts. After a successful authentication with HYPR, the user is granted access.

Transaction

To post a transaction on the registered username, use the command shown below:

java -jar java-client-<version>.jar TRANSACTION https://<your_hypr_server_url>.com <api_access_token> highlandsBank username actionId transactionType transactionText
For example: java -jar java-client-3.8.0-20200117.161944-11.jar TRANSACTION https://awsdevelop1.biometric.software 001fc0cf-0703-fb7d-ad44-07c7e3334bcb highlandsBank [email protected] completeMediumTransaction Wire $500

actionId: Policy name
transactionType & transactionText: Enter custom text