Authentication

The AXN Verify API is secured with OAuth2. You’ll need to use your client ID and secret to obtain a short lived access token, which you can then use to make requests. All resources in this document require a valid access token.

The api key used to obtain your OAuth2 token will dictate which service will be evaluated by the AXN. It is important to use the API key for the service you’ve created in AXN Admin. This way, the system knows which attributes will be accepted, which Attribute Providers to use, and which Assertions to respond with.

Sample interaction

Using data from an RP Service in AXN Admin, you can obtain a short lived OAuth2 access token. This can then be used to interact with the API.

Attribute Name

Description

API Key

String. Key to trigger a specific policy on the AXN.

Shared secret

String. Unique ID of the user to be verified, will be used to generate AXN ID (MBUN.)

Redirect URL

Array. Includes multiple “user attribute” objects (depending on policy.)

Request

URL: https://api.preprod.iddataweb.com/v1/token?grant_type=client_credentials
Method :  Post 
Headers : 
  Authorization = value":"Basic <your Base 64 encoded “apiKey”:”sharedSecret” here>

Response

{
    "errorCode": "",
    "errorDescription": "",
    "access_token": "HXaIThPrEwQ0IejcDVKGsBUvR10A9uodkxqgG_U-7kU",
    "expires_in": "600",
    "token_type": "Bearer"
}

The token is good for 10 minutes by default, and can be adjusted on a per-API key basis. A single access token can be reused for the entirety of the lifetime.

For subsequest requests, include the following header:

Header : 
  Authorization: Bearer <valid access token here.>

📘

API Technical Reference

The AXN Verify API Reference includes all of the technical details you'll need to integrate your system.