Access Token

Overview

The HYPR Control Center exposes an extensive set of APIs which use access tokens as an authentication and authorization mechanism.

API access tokens can be created and revoked by Control Center admin users as described below. Tokens have an expiration period (TTL) of 30 days. The expiration date is reset to the current date+TTL each time you use the token, so if you don't use the token for more than 30 days it will expire and you'll need to generate a new one.

📘

Note

Every token is bound to a specific RP Application. Any operation within the RP Application is allowed in the presence of a valid token.

Create Access Token

Step 1, 2: Click on the 'Access Tokens' section in the selected RP application and click on 'Generate Token'.

Step 3: In the pop-up box, provide a token name. Then click 'Create Token'.

📘

Note

Choosing a unique name for an access token helps avoid confusion.

Step 4: This step enables the admin to copy the access token generated. This is a one-time action as the admin will not see the tokens after clicking Done.

Step5: After clicking 'Done' the following table is shown, which contains these columns:

Field Name

Description

Token Name

Name of the token

Date Created

Date of creation

Last Used

Last used by the clients for registration/authentication and de-registration

Delete

Delete the token

Use the Access Token

An access token is provided on every request to the HYPR API HTTP endpoint. The request will fail if the token is missing or does not have permissions for the requested operation. The request will also fail if the token has expired, been revoked, or is invalid.

The access token must be sent in the Authorization header using Bearer schema.

Here is an example of how to pass an access token using the cURL command. In the following example the access token is 7c839b65-9d28-4037-afc6-993fc5595cbf

curl https://staging1.gethypr.com/cc/api/stats/authenticator/logins \
  -H 'Authorization: Bearer 7c839b65-9d28-4037-afc6-993fc5595cbf'

Access Tokens in HYPR Java SDK

The following commands are examples to show how access tokens can be used in Java SDK:

//Registration
java -jar java-client-<version>.jar REGISTER https://<your_hypr_server_url>.com <api_access_token> highlandsBank username

//Authentication
java -jar java-client-<version>.jar AUTHENTICATE https://<your_hypr_server_url>.com <api_access_token> highlandsBank username

//Transaction
java -jar java-client-<version>.jar TRANSACTION https://<your_hypr_server_url>.com <api_access_token> highlandsBank username actionId transactionType transactionText

Registration

Navigate to the folder where the Java SDK package is downloaded (or placed). To register the username, use the command as seen below:

java -jar java-client-<version>.jar REGISTER https://<your_hypr_server_url>.com <api_access_token> highlandsBank username
For example: java -jar java-client-3.8.0-20200117.161944-11.jar REGISTER https://awsdevelop1.biometric.software 001fc0cf-0703-fb7d-ad44-07c7e3334bcb highlandsBank [email protected]

📘

Note

The access token has to be generated in the Control Center’s 'Access Tokens Section' for the respective app which is being tested, e.g. https://awsdevelop1.biometric.software/cc/app/highlandsBank/accessTokens

A QR code will be generated in your HOME directory

QR code file:

Authentication

To authenticate the registered username (which can be an e-mail address) use the following command:

java -jar java-client-<version>.jar AUTHENTICATE https://<your_hypr_server_url>.com <api_access_token> highlandsBank username
For example: java -jar java-client-3.8.0-20200117.161944-11.jar AUTHENTICATE https://awsdevelop1.biometric.software 001fc0cf-0703-fb7d-ad44-07c7e3334bcb highlandsBank [email protected]

A PUSH notification is generated and the user accepts. After a successful authentication with HYPR, the user is granted access.

Transaction

To post a transaction on the registered username, use the command shown below:

java -jar java-client-<version>.jar TRANSACTION https://<your_hypr_server_url>.com <api_access_token> highlandsBank username actionId transactionType transactionText
For example: java -jar java-client-3.8.0-20200117.161944-11.jar TRANSACTION https://awsdevelop1.biometric.software 001fc0cf-0703-fb7d-ad44-07c7e3334bcb highlandsBank [email protected] completeMediumTransaction Wire $500

actionId: Policy name
transactionType & transactionText: Enter custom text