Applications (CardAuth) REST API

The Application/CardAuth endpoint allows creating and managing all the definitions (device type, credential type and authentication policy) required for contactless card authentication.

Note: The API version supported by HID Authentication Service is 10.2.0.

To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.

Previous versions of the API are also supported with the corresponding functionality. For details of the version updates, see SCIM API Revision History.

Method Details

HTTPS Method Entity Action Request URI Description

GET

Read

/configuration/{tenant}/v2/Application/CardAuth

Retrieve the list of all CardAuth Applications

GET

Read

/configuration/{tenant}/v2/ Application/CardAuth /{uid}

Retrieve a CardAuth Application

POST

Create

/configuration/{tenant}/v2/ Application/CardAuth

Create a CardAuth Application

DELETE

Delete

/configuration/{tenant}/v2/ Application/CardAuth /{uid}

Delete a CardAuth Application

Required Permissions

Function Required Permissions

GET ALL

  • Read reference data

GET

  • Read reference data

CREATE

  • Read reference data

  • Manage adapter configuration

  • Channel configuration

  • Read authentication type

  • Update authentication type

REPLACE

  • Read reference data

  • Manage adapter configuration

  • Channel configuration

  • Read authentication type

  • Update authentication type

DELETE

  • Read reference data

  • Manage adapter configuration

  • Channel configuration

  • Read authentication type

  • Update authentication type

Get All CardAuth Applications

GET /Application/CardAuth

Copy

Sample Request URI

GET /configuration/{tenant}/v2/Application/CardAuth
Copy

Sample Request

GET /configuration/{tenant}/v2/Application/CardAuth
Copy

Sample Response

{
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
    "totalResults": 1,
    "resources": [
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:application:CardAuth"],
            "id": "APP_CARD",
            "meta": {
                "resourceType": "Card Auth Application",
                "location": "https://[base-server-url]/scim/tenant/v2/Application/CardAuth/APP_CARD",
                "version": "1"
            },
            "name": "MiFare cards application",
            "notes": "Application for MiFare 1K Contactless Writable cards",
            "type": "MiFare Standard 1K, Contactless Writable",
            "credentialType": {
                "id": "CT_CARD"
            },
            "deviceType": {
                "id": "DT_CARD",
                "maximumDevicePerUser": 5
            },
            "authenticatorPolicy": {
                "id": "AT_CARD",
                "disableThreshold": 5,
                "defaultExpiryThreshold": -1,
                "sessionTimeout": 3600000,
                "sessionValidPeriod": 86400000,
                "disabledTimeReset": 0,
                "levelOfAssurance": "urn:hidaaas:policy:at_card"
            }
        }
    ]
}

Get a CardAuth Application

GET /Application/CardAuth/{uid}

where {uid} is the application id.

Copy

Sample Request

GET /configuration/{tenant}/v2/Application/CardAuth/APP_CARD
Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:application:CardAuth"],
    "id": "APP_CARD",
    "meta": {
        "resourceType": "Card Auth Application",
        "location": "https://[base-server-url]/scim/tenant/v2/Application/CardAuth/APP_CARD",
        "version": "1"
    },
    "name": "MiFare cards application",
    "notes": "Application for MiFare 1K Contactless Writable cards",
    "type": "MiFare Standard 1K, Contactless Writable",
    "credentialType": {
        "id": "CT_CARD"
    },
    "deviceType": {
        "id": "DT_CARD",
        "maximumDevicePerUser": 5
    },
    "authenticatorPolicy": {
        "id": "AT_CARD",
        "disableThreshold": 5,
        "defaultExpiryThreshold": -1,
        "sessionTimeout": 3600000,
        "sessionValidPeriod": 86400000,
        "disabledTimeReset": 0,
        "levelOfAssurance": "urn:hidaaas:policy:at_card1"
    }
}

Create a CardAuth Application

POST /Application/CardAuth

Copy

Sample Request URI

POST /configuration/{tenant}/v2/Application/CardAuth

Attributes for compatible applications are:

Attribute Description

deviceType

  • id - code of the device type to create for the new card application

  • maximumDevicePerUser - maximum number of this type of device that can be assigned to a user (default value is 5)

credentialType

  • id - code of the credential type to create for the new card application

authenticatorPolicy

  • id - code of the authentication policy for device authentication

    If it already exists, it is re-used. Otherwise, the new policy is created and bound to the default channel (CH_EXTRAPP)

  • disableThreshold - maximum number of successive failures before disabling/locking the authenticator (default value is 5)

  • defaultExpiryThreshold - maximum number of usage of the authenticator (default value is -1)

  • sessionTimeout - session inactivity timeout (default value is 3600000 milliseconds)

  • sessionValidPeriod - session validity (default value is 86400000 milliseconds)

  • disabledTimeReset - auto unlock (default value is 0)

  • levelOfAssurance - level of authenticator / ACR value (default value is urn:hidaaas:policy:at_card)
Copy

Sample Request

{
    "id": "APP_CARD",
    "type": "MiFare Standard 1K, Contactless Writable",
    "name": "MiFare cards application",
    "notes": "Application for MiFare 1K Contactless Writable cards",
    "deviceType": {
        "id": "DT_CARD",
        "maximumDevicePerUser": 16
    },
    "credentialType": {
        "id": "CT_CARD"
    },
    "authenticatorPolicy": {
        "id": "AT_CARD",
        "disableThreshold": -1,
        "defaultExpiryThreshold": -1,
        "sessionTimeout": 1000000,
        "sessionValidPeriod": 10000000,
        "disabledTimeReset": -1,
    "levelOfAssurance": "1"
     }
}

The authentication type is bound to the:

  • Channel - CH_EXTRAPP

  • User type - UT_EMP

The application definitions are created with the following names and notes:

  • Authentication Policy:

    • "name": “Contactless Card Policy”

    • "notes": “Contactless card authentication policy”

  • Device Type:

    • "name": “Contactless Card Device”

    • "notes": “Generic device for readable and writable contactless cards”

  • Credential Type:

    • "name": “Contactless Card Credential”

    • "notes": “Generic credential for readable and writable contactless cards”

Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:application:CardAuth"],
    "id": "APP_CARD",
    "meta": {
        "resourceType": "Card Auth Application",
        "location": "https://[base-server-url]/scim/tenant/v2/Application/CardAuth/APP_CARD",
        "version": "1"
    },
    "name": "MiFare cards application",
    "notes": "Application for MiFare 1K Contactless Writable cards",
    "type": "MiFare Standard 1K, Contactless Writable",
    "credentialType": {
        "id": "CT_CARD"
    },
    "deviceType": {
        "id": "DT_CARD",
        "maximumDevicePerUser": 16
    },
    "authenticatorPolicy": {
        "id": "AT_CARD",
        "disableThreshold": -1,
        "defaultExpiryThreshold": -1,
        "sessionTimeout": 1000000,
        "sessionValidPeriod": 10000000,
        "disabledTimeReset": -1,
        "levelOfAssurance": "1"
    }
}

Delete a CardAuth Application

DELETE /Application/CardAuth/{uid}

Where {uid} is the adapter id.

Copy

Sample Request URI

DELETE /configuration/{tenant}/v2/Application/CardAuth/CardAuth/APP_CARD
Copy

Sample Response

HTTP 204 No Content