The Device/Type endpoint allows creating and managing push-based authentication device types, including customization. This endpoint also enables defining devices with specific graphical/cryptographic customizations for subsets of users in the same
HID Authentication Service includes a set of default device types.
To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.
Previous versions of the API are also supported with the corresponding functionality.
Method Details
| HTTPS Method | Entity Action | Request URI | Description |
|---|---|---|---|
|
Read |
/configuration/{tenant}/v2/Device/Type |
Retrieve all the device types |
|
|
Read |
/configuration/{tenant}/v2/Device/Type/{id} |
Retrieve a known device type |
|
|
Create |
/configuration/{tenant}/v2/Device/Type |
Create a device type |
|
|
Replace |
/configuration/{tenant}/v2/Device/Type/{id} |
Update a known device type |
|
|
Delete |
/configuration/{tenant}/v2/Device/Type/{id} |
Delete a known device type |
Required Permissions
| Function | Required Permissions |
|---|---|
|
GET |
|
|
GET ALL |
|
|
CREATE |
|
|
REPLACE |
|
|
DELETE |
|
Get All Device Types
[GET] /Device/Type
Sample Response
{
"ignored": "string",
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults": 1,
"startIndex": 0,
"resources": [
{
"ignored": "string",
"schemas": ["string"],
"meta": {
"resourceType": "TheResource",
"created": "2023-02-08T16:25:38.098Z",
"location": "https://[base-server-url]/configuration/{tenant}/v2/<pathToResource>/<id>",
"version": 1
},
"copyFrom": "string",
"id": "string",
"name": "string",
"notes": "string",
"readOnly": false,
"manufacturer": "string",
"defaultCredentialTypeCode": "string",
"maximumDevicePerUser": -1,
"allowedCredentialTypes": ["string"],
"urn:hid:scim:api:idp:2.0:device:type:Token": {
"deviceFormFactor": "urn:hid:scim:api:idp:2.0:device:type:Token",
"challengeLength": 0,
"supportedAuthenticationMethod": "BOTH",
"syncAuthenticationCodeLength": -1,
"asyncAuthenticationCodeLength": -1,
"supportsUnlock": false,
"unlockChallengeLength": -1,
"supportsSynch": "SUPPORT_ALL",
"synchronisationBase": "BOTH",
"autoSynchEventCounter": 200,
"autoSynchStartTime": -3600,
"autoSynchEndTime": 3600,
"supportsSignatureVerification": false,
"supportsSoftPin": false,
"pinMinLength": 4,
"pinMaxLength": 8"pinPosition": "NONE",
"allowedCredentialNumber": 100,
"defaultPin": "string"
},
"urn:hid:scim:api:idp:2.0:device:type:Virtual": {
"deviceFormFactor": "urn:hid:scim:api:idp:2.0:device:type:Virtual"
},
"urn:hid:scim:api:idp:2.0:device:type:Fido": {
"deviceFormFactor": "urn:hid:scim:api:idp:2.0:device:type:FIDO:Generic",
"challengeLength": 0
}
<--truncated output-->
}
]
}Get Device Type
[GET] /Device/Type/{id}
Sample Response
{
"schemas": [
"urn:hid:scim:api:idp:2.0:device:Type",
"urn:hid:scim:api:idp:2.0:device:type:Push"
],
"id": "DT_TDSV4",
"meta": {
"resourceType": "DeviceType",
"location": "https://[base-server-url]/configuration/{tenant}/v2/Device/Type/DT_TDSV4",
"version": "1"
},
"readOnly": true,
"name": "Mobile push based Validation",
"notes": "Device type for Mobile push based Validation Application",
"manufacturer": "HID",
"defaultCredentialTypeCode": "CT_SMKV4",
"maximumDevicePerUser": -1,
"allowedCredentialTypes": [
"any"
],
"urn:hid:scim:api:idp:2.0:device:type:Push": {
"deviceFormFactor": "urn:hid:scim:api:idp:2.0:device:type:Push",
"supportedAuthenticationMethod": "BOTH",
"syncAuthenticationCodeLength": -1,
"asyncAuthenticationCodeLength": -1,
"challengeLength": 6,
"serverTLSCertificate": "_CERTIFICATE_",
"provisioningProtocol": {
"version": "v5",
"kdfLen": 10,
"kdfCharset": "ALPHA",
"pushNotif": true,
"forceInstallation": false
},
"containerProfile": [
{
"keyType": "SMK",
"keyId": "KEY1",
"credId": "CT_SMKV4",
"authPolicyCode": "AT_SMK",
"channelCode": "CH_SMK"
},
{
"keyType": "OTP",
"keyId": "KEY2",
"credId": "CT_TDSOE",
"authPolicyCode": "AT_EMPOTPI",
"channelCode": "CH_PASA"
},
{
"keyType": "OTP",
"keyId": "KEY3",
"credId": "CT_TDSOAECR",
"authPolicyCode": "AT_EMPOTP",
"channelCode": "CH_PASA"
},
{
"keyType": "OTP",
"keyId": "KEY4",
"credId": "CT_TDSOAESIGN",
"authPolicyCode": "AT_EMPOTP",
"channelCode": "CH_PASA"
},
{
"keyType": "RSA",
"keyId": "KEY5",
"credId": "CT_PASAV4",
"authPolicyCode": "AT_PASA",
"channelCode": "CH_PASA"
},
{
"keyType": "RSA",
"keyId": "KEY6",
"credId": "CT_TDSV4",
"authPolicyCode": "AT_TDS",
"channelCode": "CH_TDS"
},
{
"keyType": "RSA",
"keyId": "KEY7",
"credId": "CT_PASAIDP",
"authPolicyCode": "AT_PASAIDP",
"channelCode": "CH_PASA"
}
],
"policyRule": "\"rules\": {\n \"refreshinterval\": 1440,\n \"version\": 1,\n \"provisioning\": [{\n \"ruleid\": 1,\n \"phonestates\": [{\n \"isRooted\": \"true\"\n }],\n \"outcome\": \"deny\",\n \"message\": \"Not allowed to provision for Rooted device\"\n }]\n}",
"keysProtectionPolicy": {
"type": "devicelockorpassword",
"lockPolicy": {
"type": "delay",
"initialDelay": 2,
"maxCounterValue": 6
},
"passwordPolicy": {
"minLength": 6,
"maxLength": 8,
"restriction": {
"minUpperCase": 0,
"minLowerCase": 0,
"minNumeric": 6,
"minAlpha": 0,
"minNonAlpha": 0,
"maxUpperCase": 0,
"maxLowerCase": 0,
"maxNumeric": 8,
"maxAlpha": 0,
"maxNonAlpha": 0
},
"historyPolicy": {
"maxHistory": 1,
"minAge": 1,
"maxAge": 180
}
},
"cachingPolicy": {}
},
"custoFile": "HID_Approve_customization.json",
"appid": "",
"transactionHistory": "none"
}
}Create a Device Type
[POST] /Device/Type
Accept: application/scim+json
For details of the extension, see urn:hid:scim:api:idp:2.0:device:Type
Sample request where a new device type with the id DT_TDSV4a is created based on DT_TDSV4. The Name, notes , passwordPolicy parameters are modified (see previous Get Device Type sample response for reference).
{
"copyFrom": "DT_TDSV4",
"id": "DT_TDSV4a",
"name": "Custom Mobile push based Validation",
"notes": "Custom Device type for Mobile push based Validation Application",
"urn:hid:scim:api:idp:2.0:device:type:Push": {
"keysProtectionPolicy": {
"type": "devicelockorpassword",
"lockPolicy": {
"type": "delay",
"initialDelay": 2,
"maxCounterValue": 6
},
"passwordPolicy": {
"minLength": 6,
"maxLength": 10,
"restriction": {
"minUpperCase": 1,
"minLowerCase": 0,
"minNumeric": 6,
"minAlpha": 0,
"minNonAlpha": 0,
"maxUpperCase": 0,
"maxLowerCase": 0,
"maxNumeric": 8,
"maxAlpha": 0,
"maxNonAlpha": 0
},
"historyPolicy": {
"maxHistory": 1,
"minAge": 1,
"maxAge": 180
}
},
}
}
}Sample Response
{
"schemas": ["urn:hid:scim:api:idp:2.0:device:Type"],
"id": "DT_TDSV4a",
"meta": {
"resourceType": "DeviceType",
"location": "https://[base-server-url]/configuration/{tenant}/v2/Device/Type/DT_TDSV4a",
"version": "1"
},
"name": "Custom Mobile push based Validation",
"notes": "Custom Device type for Mobile push based Validation Application",
"urn:hid:scim:api:idp:2.0:device:type:Push": {
"challengeLength": 6,
"supportedAuthenticationMethod": "BOTH",
"syncAuthenticationCodeLength": -1,
"asyncAuthenticationCodeLength": -1,
"serverTLSCertificate": "_CERTIFICATE_",
"provisioningProtocol": {
"version": "v5",
"kdfLen": 10,
"kdfCharset": "ALPHA",
"pushNotif": true,
"forceInstallation": false
},
"containerProfile": [
{
"keyType": "SMK",
"keyId": "KEY1",
"credId": "CT_SMKV4",
"authPolicyCode": "AT_SMK",
"channelCode": "CH_SMK"
},
{
"keyType": "OTP",
"keyId": "KEY2",
"credId": "CT_TDSOE",
"authPolicyCode": "AT_EMPOTPI",
"channelCode": "CH_PASA"
},
{
"keyType": "OTP",
"keyId": "KEY3",
"credId": "CT_TDSOAECR",
"authPolicyCode": "AT_EMPOTP",
"channelCode": "CH_PASA"
},
{
"keyType": "OTP",
"keyId": "KEY4",
"credId": "CT_TDSOAESIGN",
"authPolicyCode": "AT_EMPOTP",
"channelCode": "CH_PASA"
},
{
"keyType": "RSA",
"keyId": "KEY5",
"credId": "CT_PASAV4",
"authPolicyCode": "AT_PASA",
"channelCode": "CH_PASA"
},
{
"keyType": "RSA",
"keyId": "KEY6",
"credId": "CT_TDSV4",
"authPolicyCode": "AT_TDS",
"channelCode": "CH_TDS"
},
{
"keyType": "RSA",
"keyId": "KEY7",
"credId": "CT_PASAIDP",
"authPolicyCode": "AT_PASAIDP",
"channelCode": "CH_PASA"
},
]
"policyRule": "\"rules\": {\n \"refreshinterval\": 1440,\n \"version\": 1,\n \"provisioning\": [{\n \"ruleid\": 1,\n \"phonestates\": [{\n \"isRooted\": \"true\"\n }],\n \"outcome\": \"deny\",\n \"message\": \"Not allowed to provision for Rooted device\"\n }]\n}",
"keysProtectionPolicy": {
"type": "devicelockorpassword",
"lockPolicy": {
"type": "delay",
"initialDelay": 2,
"maxCounterValue": 6
},
"passwordPolicy": {
"minLength": 6,
"maxLength": 10,
"restriction": {
"minUpperCase": 1,
"minLowerCase": 0,
"minNumeric": 6,
"minAlpha": 0,
"minNonAlpha": 0,
"maxUpperCase": 0,
"maxLowerCase": 0,
"maxNumeric": 8,
"maxAlpha": 0,
"maxNonAlpha": 0
},
"historyPolicy": {
"maxHistory": 1,
"minAge": 1,
"maxAge": 180
}
},
"cachingPolicy": {}
},
"custoFile": "",
"appid": "CustomApprove",
"transactionHistory": "none"
}
}When applying or updating a customization package for HID Approve, first encode the JSON file in base64 and then define the encoded value in the custoFile parameter.
For further information about defining the policy rules for HID Approve, see Customize the Devices Allowed for Service Registration.
Replace Device Type
[PUT] /Device/Type/{id}
Accept: application/scim+json
Sample request where only the pushNotif for provisioningProtocol is changed from true to false indicating that push notifications are not sent via the gateway (supported with API version 8 or later, see the previous Create a Device Type sample response for reference).
{
"schemas": ["urn:hid:scim:api:idp:2.0:device:Type"],
"id": "DT_TDSV4a",
"urn:hid:scim:api:idp:2.0:device:type:Push": {
"provisioningProtocol": {
"pushNotif": "false"
}
}
}Sample Response
{
"schemas": ["urn:hid:scim:api:idp:2.0:device:Type"],
"id": "DT_TDSV4a",
"meta": {
"resourceType": "DeviceType",
"location": "https://[base-server-url]/configuration/{tenant}/v2/Device/Type/DT_TDSV4a",
"version": "1"
},
"name": "Custom Mobile push based Validation",
"notes": "Custom Device type for Mobile push based Validation Application",
"urn:hid:scim:api:idp:2.0:device:type:Push": {
"challengeLength": 6,
"supportedAuthenticationMethod": "BOTH",
"syncAuthenticationCodeLength": -1,
"asyncAuthenticationCodeLength": -1,
"serverTLSCertificate": "_CERTIFICATE_",
"provisioningProtocol": {
"version": "v5",
"kdfLen": 10,
"kdfCharset": "ALPHA",
"pushNotif": false,
"forceInstallation": false
},
"containerProfile": [
{
"keyType": "SMK",
"keyId": "KEY1",
"credId": "CT_SMKV4",
"authPolicyCode": "AT_SMK",
"channelCode": "CH_SMK"
},
{
"keyType": "OTP",
"keyId": "KEY2",
"credId": "CT_TDSOE",
"authPolicyCode": "AT_EMPOTPI",
"channelCode": "CH_PASA"
},
{
"keyType": "OTP",
"keyId": "KEY3",
"credId": "CT_TDSOAECR",
"authPolicyCode": "AT_EMPOTP",
"channelCode": "CH_PASA"
},
{
"keyType": "OTP",
"keyId": "KEY4",
"credId": "CT_TDSOAESIGN",
"authPolicyCode": "AT_EMPOTP",
"channelCode": "CH_PASA"
},
{
"keyType": "RSA",
"keyId": "KEY5",
"credId": "CT_PASAV4",
"authPolicyCode": "AT_PASA",
"channelCode": "CH_PASA"
},
{
"keyType": "RSA",
"keyId": "KEY6",
"credId": "CT_TDSV4",
"authPolicyCode": "AT_TDS",
"channelCode": "CH_TDS"
},
{
"keyType": "RSA",
"keyId": "KEY7",
"credId": "CT_PASAIDP",
"authPolicyCode": "AT_PASAIDP",
"channelCode": "CH_PASA"
},
"policyRule": "\"rules\": {\n \"refreshinterval\": 1440,\n \"version\": 1,\n \"provisioning\": [{\n \"ruleid\": 1,\n \"phonestates\": [{\n \"isRooted\": \"true\"\n }],\n \"outcome\": \"deny\",\n \"message\": \"Not allowed to provision for Rooted device\"\n }]\n}",
"keysProtectionPolicy": {
"type": "password",
"lockPolicy": {
"type": "delay",
"initialDelay": 2,
"maxCounterValue": 6
},
"passwordPolicy": {
"minLength": 6,
"maxLength": 10,
"restriction": {
"minUpperCase": 1,
"minLowerCase": 0,
"minNumeric": 6,
"minAlpha": 0,
"minNonAlpha": 0,
"maxUpperCase": 0,
"maxLowerCase": 0,
"maxNumeric": 8,
"maxAlpha": 0,
"maxNonAlpha": 0
},
"historyPolicy": {
"maxHistory": 1,
"minAge": 1,
"maxAge": 180
}
},
"cachingPolicy": {}
},
"custoFile": "",
"appid": "CustomApprove",
"transactionHistory": "none"
}
}When applying or updating a customization package for HID Approve, first encode the JSON file in base64 and then define the encoded value in the custoFile parameter.
For further information about defining the policy rules for HID Approve, see Customize the Devices Allowed for Service Registration.
Delete Device Type
All the delete endpoints follow the same standard pattern and can be reached through the following URL pattern:
Accept: application/scim+json
