Authentication API (SOAP API)

This document describes the list of Web Services forming TrustBuilder MFA authentication API. The SOAP API is described by the following WSDL files: Authenticate.wsdl used for authentication requests.

Access to TrustBuilder MFA API is 2-factor secured. Configuration is done in the Administration Console:

• Restrict authorized IP addresses allowed to submit SOAP requests

• Implement SSL client certificate authentication

Some API methods are also proposed in REST format.

For sealing transactions, please refer to Transaction sealing API (REST API).

Authentication with SOAP API

There are 2 possible authentication methods: authenticate and authenticateWithIP.

• Authenticate → will validate a login and an OTP.

• AuthenticateWithIp → will allow to verify the source IP Address of the end-user ( only for authentication with Helium)

Authenticate

authenticate(string login, string serviceId, string token)

Returns a string:

authenticateResponse

This is an object with the following properties:

public string authenticateReturn;

This function allows validating a One-Time Password for a given login. The string returned is a code which can be “OK” (success) or “NOK:<cause>” (error).

AuthenticateWithIp

authenticateWithIp(string userId, string serviceId, string token, string ip)

Returns:

authenticateWithIpResponse

This is an object with the following properties:

public string authenticateReturn;

AuthenticateWithIp provides an additional MITM detection for OTP generated by TrustBuilder. The behavior of this function is as follows:

• If the OTP is generated by Helium, TrustBuilder server first compares the IP address with the one it knows, then verifies the OTP

• If the OTP is generated by TrustBuilder Authenticator, TrustBuilder server ignores the IP address

The string returned is a code which can be “OK” (success) or “NOK:<cause>” (error).

• Authentication (REST API)

• Push request (REST API)