Device Type REST API

The Device/Type endpoint allows creating and managing push-based authentication device types, including customization. This endpoint also enables defining devices with specific graphical/cryptographic customizations for subsets of users in the same tenant.

HID Authentication Service includes a set of default device types.

Note: The API version supported by HID Authentication Service is 10.3.0.

To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.

Previous versions of the API are also supported with the corresponding functionality. For details of the version updates, see SCIM API Revision History.

Method Details

HTTPS Method Entity Action Request URI Description

GET

Read

/configuration/{tenant}/v2/Device/Type

Retrieve all the device types

GET

Read

/configuration/{tenant}/v2/Device/Type/{id}

Retrieve a known device type

POST

Create

/configuration/{tenant}/v2/Device/Type

Create a device type

PUT

Replace

/configuration/{tenant}/v2/Device/Type/{id}

Update a known device type

DELETE

Delete

/configuration/{tenant}/v2/Device/Type/{id}

Delete a known device type

Required Permissions

Function Required Permissions

GET

  • Get device type

  • Read reference data

GET ALL

  • Read reference data

CREATE

  • Get device type

  • Create device type

  • Read reference data

REPLACE

  • Get device type

  • Update device type

  • Read reference data

DELETE

  • Delete device type

Get All Device Types

[GET] /Device/Type

Note: The response does not include the urn:hid:scim:api:idp:2.0:device:type:Push device type extension, even for device types with the correct adapter. Use Get Device Type to obtain all the information for a device type with the “TDS provisioning V4” adapter.
Copy

Sample Request URI

[GET] /configuration/{tenant}/v2/Device/Type
Copy

Sample Response

{
    "ignored": "string",
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
    "totalResults": 1,
    "startIndex": 0,
    "resources": [
        {
            "ignored": "string",
            "schemas": ["string"],
            "meta": {
                "resourceType": "TheResource",
                "created": "2023-02-08T16:25:38.098Z",
                "location": "https://[base-server-url]/configuration/{tenant}/v2/<pathToResource>/<id>",
                "version": 1
            },
            "copyFrom": "string",
            "id": "string",
            "name": "string",
            "notes": "string",
            "readOnly": false,
            "manufacturer": "string",
            "defaultCredentialTypeCode": "string",
            "maximumDevicePerUser": -1,
            "allowedCredentialTypes": ["string"],
            "urn:hid:scim:api:idp:2.0:device:type:Token": {
                "deviceFormFactor": "urn:hid:scim:api:idp:2.0:device:type:Token",
                "challengeLength": 0,
                "supportedAuthenticationMethod": "BOTH",
                "syncAuthenticationCodeLength": -1,
                "asyncAuthenticationCodeLength": -1,
                "supportsUnlock": false,
                "unlockChallengeLength": -1,
                "supportsSynch": "SUPPORT_ALL",
                "synchronisationBase": "BOTH",
                "autoSynchEventCounter": 200,
                "autoSynchStartTime": -3600,
                "autoSynchEndTime": 3600,
                "supportsSignatureVerification": false,
                "supportsSoftPin": false,
                "pinMinLength": 4,
                "pinMaxLength": 8"pinPosition": "NONE",
                "allowedCredentialNumber": 100,
                "defaultPin": "string"
            },
            "urn:hid:scim:api:idp:2.0:device:type:Virtual": {
                "deviceFormFactor": "urn:hid:scim:api:idp:2.0:device:type:Virtual"
            },
            "urn:hid:scim:api:idp:2.0:device:type:Fido": {
                "deviceFormFactor": "urn:hid:scim:api:idp:2.0:device:type:FIDO:Generic",
                "challengeLength": 0
            }
            <--truncated output-->
        }
    ]
}

Get Device Type

[GET] /Device/Type/{id}

Copy

Sample Request URI

[GET] /configuration/{tenant}/v2/Device/Type/DT_TDSV4
Copy

Sample Response

{
    "schemas": [
        "urn:hid:scim:api:idp:2.0:device:Type",
        "urn:hid:scim:api:idp:2.0:device:type:Push"
    ],
    "id": "DT_TDSV4",
    "meta": {
        "resourceType": "DeviceType",
        "location": "https://[base-server-url]/configuration/{tenant}/v2/Device/Type/DT_TDSV4",
        "version": "1"
    },
    "readOnly": true,
    "name": "Mobile push based Validation",
    "notes": "Device type for Mobile push based Validation Application",
    "manufacturer": "HID",
    "defaultCredentialTypeCode": "CT_SMKV4",
    "maximumDevicePerUser": -1,
    "allowedCredentialTypes": [
        "any"
    ],
    "urn:hid:scim:api:idp:2.0:device:type:Push": {
        "deviceFormFactor": "urn:hid:scim:api:idp:2.0:device:type:Push",
        "supportedAuthenticationMethod": "BOTH",
        "syncAuthenticationCodeLength": -1,
        "asyncAuthenticationCodeLength": -1,
        "challengeLength": 6,
        "serverTLSCertificate": "_CERTIFICATE_",
        "provisioningProtocol": {
            "version": "v5",
            "kdfLen": 10,
            "kdfCharset": "ALPHA",
            "pushNotif": true,
            "forceInstallation": false
        },
        "containerProfile": [
            {
                "keyType": "SMK",
                "keyId": "KEY1",
                "credId": "CT_SMKV4",
                "authPolicyCode": "AT_SMK",
                "channelCode": "CH_SMK"
            },
            {
                "keyType": "OTP",
                "keyId": "KEY2",
                "credId": "CT_TDSOE",
                "authPolicyCode": "AT_EMPOTPI",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "OTP",
                "keyId": "KEY3",
                "credId": "CT_TDSOAECR",
                "authPolicyCode": "AT_EMPOTP",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "OTP",
                "keyId": "KEY4",
                "credId": "CT_TDSOAESIGN",
                "authPolicyCode": "AT_EMPOTP",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "RSA",
                "keyId": "KEY5",
                "credId": "CT_PASAV4",
                "authPolicyCode": "AT_PASA",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "RSA",
                "keyId": "KEY6",
                "credId": "CT_TDSV4",
                "authPolicyCode": "AT_TDS",
                "channelCode": "CH_TDS"
            },
            {
                "keyType": "RSA",
                "keyId": "KEY7",
                "credId": "CT_PASAIDP",
                "authPolicyCode": "AT_PASAIDP",
                "channelCode": "CH_PASA"
            }
        ],
        "policyRule": "\"rules\": {\n \"refreshinterval\": 1440,\n \"version\": 1,\n \"provisioning\": [{\n \"ruleid\": 1,\n \"phonestates\": [{\n \"isRooted\": \"true\"\n }],\n \"outcome\": \"deny\",\n \"message\": \"Not allowed to provision for Rooted device\"\n }]\n}",
        "keysProtectionPolicy": {
            "type": "devicelockorpassword",
            "lockPolicy": {
                "type": "delay",
                "initialDelay": 2,
                "maxCounterValue": 6
            },
            "passwordPolicy": {
                "minLength": 6,
                "maxLength": 8,
                "restriction": {
                    "minUpperCase": 0,
                    "minLowerCase": 0,
                    "minNumeric": 6,
                    "minAlpha": 0,
                    "minNonAlpha": 0,
                    "maxUpperCase": 0,
                    "maxLowerCase": 0,
                    "maxNumeric": 8,
                    "maxAlpha": 0,
                    "maxNonAlpha": 0
                },
                "historyPolicy": {
                    "maxHistory": 1,
                    "minAge": 1,
                    "maxAge": 180
                }
            },
            "cachingPolicy": {}
        },
        "custoFile": "HID_Approve_customization.json",
        "appid": "",
        "transactionHistory": "none"
    }
}

Create a Device Type

[POST] /Device/Type

Accept: application/scim+json

Important: You cannot create an Device Type from scratch. You must use the copyFrom parameter to specify another Device Type ID from which to copy the configuration and modify the parameters as required.

For details of the extension, see urn:hid:scim:api:idp:2.0:device:Type

Copy

Sample Request URI

[POST] /configuration/{tenant}/v2/Device/Type
Copy

Sample request where a new device type with the id DT_TDSV4a is created based on DT_TDSV4. The Name, notes , passwordPolicy parameters are modified (see previous Get Device Type sample response for reference).

{
    "copyFrom": "DT_TDSV4",
    "id": "DT_TDSV4a",
    "name": "Custom Mobile push based Validation",
    "notes": "Custom Device type for Mobile push based Validation Application",
    "urn:hid:scim:api:idp:2.0:device:type:Push": {
        "keysProtectionPolicy": {
            "type": "devicelockorpassword",
            "lockPolicy": {
                "type": "delay",
                "initialDelay": 2,
                "maxCounterValue": 6
            },
            "passwordPolicy": {
                "minLength": 6,
                "maxLength": 10,
                "restriction": {
                    "minUpperCase": 1,
                    "minLowerCase": 0,
                    "minNumeric": 6,
                    "minAlpha": 0,
                    "minNonAlpha": 0,
                    "maxUpperCase": 0,
                    "maxLowerCase": 0,
                    "maxNumeric": 8,
                    "maxAlpha": 0,
                    "maxNonAlpha": 0
                },
                "historyPolicy": {
                    "maxHistory": 1,
                    "minAge": 1,
                    "maxAge": 180
                }
            },
        }
    }
}
Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:device:Type"],
    "id": "DT_TDSV4a",
    "meta": {
        "resourceType": "DeviceType",
        "location": "https://[base-server-url]/configuration/{tenant}/v2/Device/Type/DT_TDSV4a",
        "version": "1"
    },
    "name": "Custom Mobile push based Validation",
    "notes": "Custom Device type for Mobile push based Validation Application",
    "urn:hid:scim:api:idp:2.0:device:type:Push": {
        "challengeLength": 6,
        "supportedAuthenticationMethod": "BOTH",
        "syncAuthenticationCodeLength": -1,
        "asyncAuthenticationCodeLength": -1,
        "serverTLSCertificate": "_CERTIFICATE_",
        "provisioningProtocol": {
            "version": "v5",
            "kdfLen": 10,
            "kdfCharset": "ALPHA",
            "pushNotif": true,
            "forceInstallation": false
        },
        "containerProfile": [
            {
                "keyType": "SMK",
                "keyId": "KEY1",
                "credId": "CT_SMKV4",
                "authPolicyCode": "AT_SMK",
                "channelCode": "CH_SMK"
            },
            {
                "keyType": "OTP",
                "keyId": "KEY2",
                "credId": "CT_TDSOE",
                "authPolicyCode": "AT_EMPOTPI",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "OTP",
                "keyId": "KEY3",
                "credId": "CT_TDSOAECR",
                "authPolicyCode": "AT_EMPOTP",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "OTP",
                "keyId": "KEY4",
                "credId": "CT_TDSOAESIGN",
                "authPolicyCode": "AT_EMPOTP",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "RSA",
                "keyId": "KEY5",
                "credId": "CT_PASAV4",
                "authPolicyCode": "AT_PASA",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "RSA",
                "keyId": "KEY6",
                "credId": "CT_TDSV4",
                "authPolicyCode": "AT_TDS",
                "channelCode": "CH_TDS"
            },
            {
                "keyType": "RSA",
                "keyId": "KEY7",
                "credId": "CT_PASAIDP",
                "authPolicyCode": "AT_PASAIDP",
                "channelCode": "CH_PASA"
            },
        ]
        "policyRule": "\"rules\": {\n \"refreshinterval\": 1440,\n \"version\": 1,\n \"provisioning\": [{\n \"ruleid\": 1,\n \"phonestates\": [{\n \"isRooted\": \"true\"\n }],\n \"outcome\": \"deny\",\n \"message\": \"Not allowed to provision for Rooted device\"\n }]\n}",
        "keysProtectionPolicy": {
            "type": "devicelockorpassword",
            "lockPolicy": {
                "type": "delay",
                "initialDelay": 2,
                "maxCounterValue": 6
            },
            "passwordPolicy": {
                "minLength": 6,
                "maxLength": 10,
                "restriction": {
                    "minUpperCase": 1,
                    "minLowerCase": 0,
                    "minNumeric": 6,
                    "minAlpha": 0,
                    "minNonAlpha": 0,
                    "maxUpperCase": 0,
                    "maxLowerCase": 0,
                    "maxNumeric": 8,
                    "maxAlpha": 0,
                    "maxNonAlpha": 0
                },
                "historyPolicy": {
                    "maxHistory": 1,
                    "minAge": 1,
                    "maxAge": 180
                }
            },
            "cachingPolicy": {}
        },
        "custoFile": "",
        "appid": "CustomApprove",
        "transactionHistory": "none"
    }
}
Note:  

Replace Device Type

[PUT] /Device/Type/{id}

Accept: application/scim+json

Note: As a best practice, use GET to retrieve the current data for the resource before using PUT.
Copy

Sample Request URI

[PUT] /configuration/{tenant}/v2/Device/Type/DT_TDSV4a
Copy

Sample request where only the pushNotif for provisioningProtocol is changed from true to false indicating that push notifications are not sent via the gateway (supported with API version 8 or later, see the previous Create a Device Type sample response for reference).

{
    "schemas": ["urn:hid:scim:api:idp:2.0:device:Type"],
    "id": "DT_TDSV4a",
    "urn:hid:scim:api:idp:2.0:device:type:Push"{
        "provisioningProtocol": {
            "pushNotif": "false"
        }
    }
}
Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:device:Type"],
    "id": "DT_TDSV4a",
    "meta": {
        "resourceType": "DeviceType",
        "location": "https://[base-server-url]/configuration/{tenant}/v2/Device/Type/DT_TDSV4a",
        "version": "1"
    },
    "name": "Custom Mobile push based Validation",
    "notes": "Custom Device type for Mobile push based Validation Application",
    "urn:hid:scim:api:idp:2.0:device:type:Push": {
        "challengeLength": 6,
        "supportedAuthenticationMethod": "BOTH",
        "syncAuthenticationCodeLength": -1,
        "asyncAuthenticationCodeLength": -1,
        "serverTLSCertificate": "_CERTIFICATE_",
        "provisioningProtocol": {
            "version": "v5",
            "kdfLen": 10,
            "kdfCharset": "ALPHA",
            "pushNotif": false,
            "forceInstallation": false
        },
        "containerProfile": [
            {
                "keyType": "SMK",
                "keyId": "KEY1",
                "credId": "CT_SMKV4",
                "authPolicyCode": "AT_SMK",
                "channelCode": "CH_SMK"
            },
            {
                "keyType": "OTP",
                "keyId": "KEY2",
                "credId": "CT_TDSOE",
                "authPolicyCode": "AT_EMPOTPI",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "OTP",
                "keyId": "KEY3",
                "credId": "CT_TDSOAECR",
                "authPolicyCode": "AT_EMPOTP",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "OTP",
                "keyId": "KEY4",
                "credId": "CT_TDSOAESIGN",
                "authPolicyCode": "AT_EMPOTP",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "RSA",
                "keyId": "KEY5",
                "credId": "CT_PASAV4",
                "authPolicyCode": "AT_PASA",
                "channelCode": "CH_PASA"
            },
            {
                "keyType": "RSA",
                "keyId": "KEY6",
                "credId": "CT_TDSV4",
                "authPolicyCode": "AT_TDS",
                "channelCode": "CH_TDS"
            },
            {
                "keyType": "RSA",
                "keyId": "KEY7",
                "credId": "CT_PASAIDP",
                "authPolicyCode": "AT_PASAIDP",
                "channelCode": "CH_PASA"
            },
        "policyRule": "\"rules\": {\n \"refreshinterval\": 1440,\n \"version\": 1,\n \"provisioning\": [{\n \"ruleid\": 1,\n \"phonestates\": [{\n \"isRooted\": \"true\"\n }],\n \"outcome\": \"deny\",\n \"message\": \"Not allowed to provision for Rooted device\"\n }]\n}",
        "keysProtectionPolicy": {
            "type": "password",
            "lockPolicy": {
                "type": "delay",
                "initialDelay": 2,
                "maxCounterValue": 6
            },
            "passwordPolicy": {
                "minLength": 6,
                "maxLength": 10,
                "restriction": {
                    "minUpperCase": 1,
                    "minLowerCase": 0,
                    "minNumeric": 6,
                    "minAlpha": 0,
                    "minNonAlpha": 0,
                    "maxUpperCase": 0,
                    "maxLowerCase": 0,
                    "maxNumeric": 8,
                    "maxAlpha": 0,
                    "maxNonAlpha": 0
                },
                "historyPolicy": {
                    "maxHistory": 1,
                    "minAge": 1,
                    "maxAge": 180
                }
            },
            "cachingPolicy": {}
        },
        "custoFile": "",
        "appid": "CustomApprove",
        "transactionHistory": "none"
 }
}
Note:  

Delete Device Type

Important: You cannot delete the default device types.

All the delete endpoints follow the same standard pattern and can be reached through the following URL pattern:

Copy

Delete entity

DELETE https://[base-server-url]/scim/{tenant}/v2/ENTITY_TYPE/{id}

Accept: application/scim+json

Copy

Sample Response

HTTP/1.1 204 No content