Product Documentation

NOTE: The administrative REST function changeUserName is described in detail here.

Version 3 of SKFS Representational State Transfer (REST) Application Programming Interface (API) supports an array of web services for a variety of functions:

  • Registering new credentials for users with FIDO authenticators
  • Authenticating registered users with their authenticators
  • Authorizing business transactions by getting a confirmation from users
  • Getting registered FIDO keys from the SKFS to enable users to manage their FIDO keys within applications
  • Deleting credentials associated with specific authenticators (in case they are lost or stolen)

All FIDO web services must use Transport Layer Security (TLS)—implemented through the Secure Hyper Text Transfer Protocol (HTTPS)Successful REST web service requests always return a 200 OK with a response payload (if appropriate).

The web service description for REST can be found at the following URL on SKFS: https://<host:port>/skfs/rest/application.wadl. To see an example, click this link on the StrongKey DEMO site: https://demo.strongkey.com/skfs/rest/application.wadl

The registration, authentication, and transaction authorization operations have a preliminary step that requires the SKFS to know some information from the web application supporting FIDO protocols so it may build the appropriate challenge and prepare itself to verify the response in the subsequent web service operation (registration, authentication, and transaction authorization).

The preliminary web services operations are identified with the prefix "pre." This differentiates them from the main web service operations, which includes registering a user's credentials, authenticating them with existing credentials, or obtaining authorization for a business transaction. Hence, it is critical that web applications always call the "pre" web service before calling the actual service operation.

All SKFS web services are implemented as HTTP POST operations. Each REST web service operation requires a single Java Script Object Notation (JSON) object as a parameter that contains embedded JSON objects, while each Simple Object Access Protocol (SOAP) web service operation requires a distinct JSON object for each parameter. See the Request examples in this section for details.