This API validates the password entered by the customer. The API triggers after validating the OTP from the MFA flow. It uses the session ID generated from the /mfa/token/generate API.

Note: After validating the MFA OTP, regenerate the MFA session ID using /mfa/token/generate. Use the new session ID to validate the password.

The flow chart below illustrates the steps.

API endpoint example

<https://eu.api.capillarytech.com/auth/v1/mfa/password/validate>

Resource information


URI	auth/v1/mfa/password/validate
HTTP method	POST
Pagination supported?	NA
Rate limit	NA
Batch support	NA

Request body parameters

Parameter \n(Parameters marked with * are mandatory)	Data Type	Description
deviceId*	String	Unique ID of the device used for password validation. It should be the same device used to generate the token.
brand*	String	Name of the brand or organisation that needs verification.
sessionId*	String	Unique ID created from `/mfa/token/generate` API. After validating the MFA OTP, regenerate the MFA session ID using the `/mfa/token/generate`. Use the new session ID to validate the password.
password*	String	Password that needs validation.
identifierType*	String	Type of identifier to identify the customer. Values: MOBILE, EMAIL, USERNAME, EXTERNALID
identifierValue*	String	Value of the identifier.

curl --location 'https://eu.api.capillarytech.com/auth/v1/mfa/password/validate' \
--header 'Content-Type: application/json' \
--header 'Cookie: _cfuvid=SFXPZtlcKGm5C7TLTY.Z6GYvm_rJFRPKAVc07.hnnEc-1716977297258-0.0.1.1-604800000' \
--data '{
    "deviceId":"1234",
    "brand":"Bukl",
    "sessionId":"P-f1f3ccd7-0fe9-4159-ab23-2eb33e42f512",
    "password":"12345",
    "identifierType":"MOBILE",
    "identifierValue":"18767431754"
}'

Response parameters

Parameter	Data Type	Description
status	object	Object containing status information.
- success	boolean	Boolean indicating the status of the request.
- code	integer	HTTP status code indicating the result. Example: 200 indicates success.
- message	string	Message describing the status of the request.
auth	object	Object containing authentication details.
- token	string	String representing the authentication token. By default, the token is valid for 15 minutes.
- key	string	String representing the authentication key.
identifiers	object	Object containing identifier details.
- identifierList	string	List of identifiers.
user	object	Object containing user details.
- appRegistered	boolean	Indicates if the user is registered in the app.
- sessionId	string	Session ID for MFA flow. The session ID is valid for 15 minutes by default.
- role	string	Indicates the user's role. Example: VIEW, USER.
- userRegisteredForPassword	boolean	Indicates if the user is registered for a password.

{
    "status": {
        "success": true,
        "code": 200,
        "message": "SUCCESS"
    },
    "auth": {
        "token": "eyJpZHYiOlsiTU9CSUxFfDE4NzY3NDMxNzU0Il0sImRldiI6IjEyMzQiLCJvcmciOiJCVUtMIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOiIxNzgwNzc2IiwiaXNzIjoiQ0FQSUxMQVJZIFRFQ0hOT0xPR0lFUyIsImlzYyI6ImZhbHNlIiwib2djIjpbIjEwMDQ1OHxidWtsLmluZC5zb2x1dGlvbiJdLCJleHAiOjE3MTY5NzgzNjEsImlhdCI6MTcxNjk3NzQ2MSwicm9sIjoiVVNFUiJ9.8_qJ7TFcGUQEbsvRHMQ8fosX9Vwn0UUkFLqtH5tOcQ4",
        "key": "eyJpZHYiOlsiTU9CSUxFfDE4NzY3NDMxNzU0Il0sImRldiI6IjEyMzQiLCJvcmciOiJCVUtMIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOiIxNzgwNzc2IiwiaXNzIjoiQ0FQSUxMQVJZIFRFQ0hOT0xPR0lFUyIsIm1mYSI6dHJ1ZSwiaWF0IjoxNzE2OTYyNTU3LCJyb2wiOiJBVVRIIn0.89CmFeLl_zfUBuv2Ea4eQIc3Wy8fJzlcRQad8UcqK-4"
    },
    "identifiers": {
        "identifierList": null
    },
    "user": {
        "appRegistered": false,
        "sessionId": null,
        "role": "USER",
        "userRegisteredForPassword": true
    }
}