Applications (CardAuth) REST API
The Application/CardAuth endpoint allows creating and managing all the definitions (device type, credential type and authentication policy) required for contactless card authentication.
The API version supported by HID Authentication Service is
Previous versions of the API are also supported with the corresponding functionality.
Method Details
HTTPS Method | Entity Action | Request URI | Description |
---|---|---|---|
Read |
/configuration/{tenant}/v2/Application/CardAuth |
Retrieve the list of all CardAuth Applications |
|
Read |
/configuration/{tenant}/v2/ Application/CardAuth /{uid} |
Retrieve a CardAuth Application |
|
Create |
/configuration/{tenant}/v2/ Application/CardAuth |
Create a CardAuth Application |
|
Delete |
/configuration/{tenant}/v2/ Application/CardAuth /{uid} |
Delete a CardAuth Application |
Get All CardAuth Applications
GET /Application/CardAuth
Sample Response
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults": 1,
"resources": [
{
"schemas": ["urn:hid:scim:api:idp:2.0:application:CardAuth"],
"id": "APP_CARD",
"meta": {
"resourceType": "Card Auth Application",
"location": "https://[base-server-url]/scim/tenant/v2/Application/CardAuth/APP_CARD",
"version": "1"
},
"name": "MiFare cards application",
"notes": "Application for MiFare 1K Contactless Writable cards",
"type": [ "MIFARE Classic", "Seos" ],
"deviceType": {
"devicetypeId": "APP_CARD_DT_CARD",
"name": "Contactless Card Device",
"notes": "Generic device for contactless cards",
"maximumDevicePerUser": 5
},
"authenticatorPolicy": {
"authenticatorPolicyId": "APP_CARD_AT_CARD",
"disableThreshold": 5,
"defaultExpiryThreshold": -1,
"sessionTimeout": 3600000,
"sessionValidPeriod": 86400000,
"disabledTimeReset": 0,
"levelOfAssurance": "urn:hidaaas:policy:at_card"
}
}
]
}
Get a CardAuth Application
GET /Application/CardAuth/{uid}
where {uid} is the application id.
Sample Response
{
"schemas": ["urn:hid:scim:api:idp:2.0:application:CardAuth"],
"id": "APP_CARD",
"meta": {
"resourceType": "Card Auth Application",
"location": "https://[base-server-url]/scim/tenant/v2/Application/CardAuth/APP_CARD",
"version": "1"
},
"name": "MiFare cards application",
"notes": "Application for MiFare 1K Contactless Writable cards",
"type": [ "MIFARE Classic", "Seos" ],
"deviceType": {
"devicetypeId": "APP_CARD_DT_CARD",
"name": "Contactless Card Device",
"notes": "Generic device for contactless cards",
"maximumDevicePerUser": 5
},
"authenticatorPolicy": {
"authenticatorPolicyId": "APP_CARD_AT_CARD",
"disableThreshold": 5,
"defaultExpiryThreshold": -1,
"sessionTimeout": 3600000,
"sessionValidPeriod": 86400000,
"disabledTimeReset": 0,
"levelOfAssurance": "urn:hidaaas:policy:at_card"
}
}
Create a CardAuth Application
POST /Application/CardAuth
Attributes for compatible applications are:
Attribute | Description |
---|---|
id |
The unique identifier of the application (optional)
|
type |
The identifiers of the card technologies to allow during enrollment and authentication (optional)
|
deviceType |
|
authenticatorPolicy |
|
Sample Request
{
"id": "APP_CARD",
"name": "MiFare cards application",
"notes": "Application for MiFare 1K Contactless Writable cards",
"type": [ "MIFARE Classic", "Seos" ],
"deviceType": {
"name": "Contactless Card Device",
"notes": "Generic device for contactless cards",
"maximumDevicePerUser": 5
},
"authenticatorPolicy": {
"disableThreshold": 5,
"defaultExpiryThreshold": -1,
"sessionTimeout": 3600000,
"sessionValidPeriod": 86400000,
"disabledTimeReset": 0,
"levelOfAssurance": "urn:hidaaas:policy:at_card"
}
The authentication type is bound to the:
-
Channel - CH_EXTRAPP
-
User type - UT_EMP
The application definition is created with the following values:
-
Device Type:
-
id - identifier generated by the back end in the format <card application ID>_DT_CARD (for example, APP_CARD_DT_CARD)
-
-
Authentication Policy:
-
id - identifier generated by the back end in the format <card application ID>_AT_CARD (for example, APP_CARD_AT_CARD)
-
validCredentialPolicies is also updated with the generated credential types based on the defined typelist
-
-
Credential Type:
For every typelisted, a credentialtype is created (if not already present) in the format CT_CARD_<type>.
Sample Response
{
"schemas": ["urn:hid:scim:api:idp:2.0:application:CardAuth"],
"id": "APP_CARD",
"meta": {
"resourceType": "Card Auth Application",
"location": "https://[base-server-url]/scim/tenant/v2/Application/CardAuth/APP_CARD",
"version": "1"
},
"name": "MiFare cards application",
"notes": "Application for MiFare 1K Contactless Writable cards",
"type": [ "MIFARE Classic", "Seos" ],
"deviceType": {
"devicetypeId": "APP_CARD_DT_CARD",
"name": "Contactless Card Device",
"notes": "Generic device for contactless cards",
"maximumDevicePerUser": 5
},
"authenticatorPolicy": {
"authenticatorPolicyId": "APP_CARD_AT_CARD",
"disableThreshold": 5,
"defaultExpiryThreshold": -1,
"sessionTimeout": 3600000,
"sessionValidPeriod": 86400000,
"disabledTimeReset": 0,
"levelOfAssurance": "urn:hidaaas:policy:at_card"
}
}
Delete a CardAuth Application
DELETE /Application/CardAuth/{uid}
Where {uid} is the adapter id.
This will delete the application's authentication policy and device type.
If the authentication is still in use (by user authenticators that have already been enrolled), the policy's validCredentialPolicies parameter is set to empty (so the authenticators can no longer be used).
The credential types are not modified or deleted.