Create device TOTP

POST /user/devices/totp

A device TOTP token is created within 5 minutes of registration without PIN, password or an user OTP or it is created using either PIN, password or an user OTP. In case the PIN, password or OTP is invalid 403 is returned. If multiple values are provided first the OTP is checked, then the password, then the PIN. In case the one of the provided values is correct, a TOTP will be created.

application/vnd.api+json

Body Required

  • data object
    Hide data attributes Show data attributes
    • type string

      Value is deviceTOTP.

    • id string(uuid)

      The ID of the device totp

    • Hide attributes attributes Show attributes attributes

Responses

  • 201 application/vnd.api+json

    TOTP created.

    Hide response attribute Show response attribute object
    • data object
      Hide data attributes Show data attributes
      • type string

        Value is deviceTOTP.

      • id string(uuid)

        The ID of the device totp

      • Hide attributes attributes Show attributes attributes
        • secret string

          TOTP secret to generate TOTP tokens (encoded base32)

        • period integer

          Number of seconds a TOTP hash is valid for.

        • digits integer

          Required length of the generated OTP

        • Algorithm to use for HMAC

          Values are SHA1, SHA256, SHA512, or MD5.

  • 401 application/vnd.api+json

    OAuth token missing or invalid or a linked identity is missing.

    Linked identity missing is a special case where you need to make sure that the user has additionally logged in / authorized with a third-party.

    This is not relevant for most use-cases.

    The specific error code that identifies a missing linked identity is missing-linked-identity

    Example:

      {
          "errors": [
              {
                  "id": "cbgmhslmp1o9or9kh1p0",
                  "title": "Missing linked identity for authorized access",
                  "detail": "Linked identity is needed to access this resource, please check why the user does not have a linked identity",
                  "status": "401",
                  "code": "missing-linked-identity"
              }
          ]
      }
    
    Hide response attribute Show response attribute object

    Error objects provide additional information about problems encountered while performing an operation. Errors also contain codes besides title and message which can be used for checks even if the detailed messages might change.

    * 1000: generic error * 1001: payment processing temporarily unavailable * 1002: requested amount exceeds the authorized amount of the provided token * 1003: implicit payment methods cannot be modified * 1004: payment method rejected by provider * provider:payment-method-rejected: payment method rejected by provider (identical to 1004) * rule:product-denied: Product restrictions forbid transaction, e.g., forbidden fuel type - token authorized only for Diesel but attempted to fuel Super.

    • errors array[object]
      Hide errors attributes Show errors attributes object
      • id string

        A unique identifier for this particular occurrence of the problem.

      • status string

        the HTTP status code applicable to this problem, expressed as a string value.

      • code string

        an application-specific error code, expressed as a string value.

      • title string

        A short, human-readable summary of the problem that SHOULD NOT change from occurrence to occurrence of the problem, except for purposes of localization.

      • detail string

        a human-readable explanation specific to this occurrence of the problem. Like title, this field’s value can be localized.

      • source object

        An object containing references to the source of the error.

        Hide source attributes Show source attributes
        • pointer string

          A JSON Pointer [RFC6901] to the associated entity in the request document [e.g. "/data" for a primary data object, or "/data/attributes/title" for a specific attribute].

        • A string indicating which URI query parameter caused the error.

      • meta object

        a meta object containing non-standard meta-information about the error.

        Hide meta attribute Show meta attribute
  • 403 application/vnd.api+json

    Forbidden

    Hide response attribute Show response attribute object

    Error objects provide additional information about problems encountered while performing an operation. Errors also contain codes besides title and message which can be used for checks even if the detailed messages might change.

    * 1000: generic error * 1001: payment processing temporarily unavailable * 1002: requested amount exceeds the authorized amount of the provided token * 1003: implicit payment methods cannot be modified * 1004: payment method rejected by provider * provider:payment-method-rejected: payment method rejected by provider (identical to 1004) * rule:product-denied: Product restrictions forbid transaction, e.g., forbidden fuel type - token authorized only for Diesel but attempted to fuel Super.

    • errors array[object]
      Hide errors attributes Show errors attributes object
      • id string

        A unique identifier for this particular occurrence of the problem.

      • status string

        the HTTP status code applicable to this problem, expressed as a string value.

      • code string

        an application-specific error code, expressed as a string value.

      • title string

        A short, human-readable summary of the problem that SHOULD NOT change from occurrence to occurrence of the problem, except for purposes of localization.

      • detail string

        a human-readable explanation specific to this occurrence of the problem. Like title, this field’s value can be localized.

      • source object

        An object containing references to the source of the error.

        Hide source attributes Show source attributes
        • pointer string

          A JSON Pointer [RFC6901] to the associated entity in the request document [e.g. "/data" for a primary data object, or "/data/attributes/title" for a specific attribute].

        • A string indicating which URI query parameter caused the error.

      • meta object

        a meta object containing non-standard meta-information about the error.

        Hide meta attribute Show meta attribute
  • 406 application/vnd.api+json

    The specified accept header is invalid

    Hide response attribute Show response attribute object

    Error objects provide additional information about problems encountered while performing an operation. Errors also contain codes besides title and message which can be used for checks even if the detailed messages might change.

    * 1000: generic error * 1001: payment processing temporarily unavailable * 1002: requested amount exceeds the authorized amount of the provided token * 1003: implicit payment methods cannot be modified * 1004: payment method rejected by provider * provider:payment-method-rejected: payment method rejected by provider (identical to 1004) * rule:product-denied: Product restrictions forbid transaction, e.g., forbidden fuel type - token authorized only for Diesel but attempted to fuel Super.

    • errors array[object]
      Hide errors attributes Show errors attributes object
      • id string

        A unique identifier for this particular occurrence of the problem.

      • status string

        the HTTP status code applicable to this problem, expressed as a string value.

      • code string

        an application-specific error code, expressed as a string value.

      • title string

        A short, human-readable summary of the problem that SHOULD NOT change from occurrence to occurrence of the problem, except for purposes of localization.

      • detail string

        a human-readable explanation specific to this occurrence of the problem. Like title, this field’s value can be localized.

      • source object

        An object containing references to the source of the error.

        Hide source attributes Show source attributes
        • pointer string

          A JSON Pointer [RFC6901] to the associated entity in the request document [e.g. "/data" for a primary data object, or "/data/attributes/title" for a specific attribute].

        • A string indicating which URI query parameter caused the error.

      • meta object

        a meta object containing non-standard meta-information about the error.

        Hide meta attribute Show meta attribute
  • 415 application/vnd.api+json

    The specified content type header is invalid

    Hide response attribute Show response attribute object

    Error objects provide additional information about problems encountered while performing an operation. Errors also contain codes besides title and message which can be used for checks even if the detailed messages might change.

    * 1000: generic error * 1001: payment processing temporarily unavailable * 1002: requested amount exceeds the authorized amount of the provided token * 1003: implicit payment methods cannot be modified * 1004: payment method rejected by provider * provider:payment-method-rejected: payment method rejected by provider (identical to 1004) * rule:product-denied: Product restrictions forbid transaction, e.g., forbidden fuel type - token authorized only for Diesel but attempted to fuel Super.

    • errors array[object]
      Hide errors attributes Show errors attributes object
      • id string

        A unique identifier for this particular occurrence of the problem.

      • status string

        the HTTP status code applicable to this problem, expressed as a string value.

      • code string

        an application-specific error code, expressed as a string value.

      • title string

        A short, human-readable summary of the problem that SHOULD NOT change from occurrence to occurrence of the problem, except for purposes of localization.

      • detail string

        a human-readable explanation specific to this occurrence of the problem. Like title, this field’s value can be localized.

      • source object

        An object containing references to the source of the error.

        Hide source attributes Show source attributes
        • pointer string

          A JSON Pointer [RFC6901] to the associated entity in the request document [e.g. "/data" for a primary data object, or "/data/attributes/title" for a specific attribute].

        • A string indicating which URI query parameter caused the error.

      • meta object

        a meta object containing non-standard meta-information about the error.

        Hide meta attribute Show meta attribute
  • 422 application/vnd.api+json

    The request was well-formed but was unable to be followed due to semantic errors.

    Hide response attribute Show response attribute object

    Error objects provide additional information about problems encountered while performing an operation. Errors also contain codes besides title and message which can be used for checks even if the detailed messages might change.

    * 1000: generic error * 1001: payment processing temporarily unavailable * 1002: requested amount exceeds the authorized amount of the provided token * 1003: implicit payment methods cannot be modified * 1004: payment method rejected by provider * provider:payment-method-rejected: payment method rejected by provider (identical to 1004) * rule:product-denied: Product restrictions forbid transaction, e.g., forbidden fuel type - token authorized only for Diesel but attempted to fuel Super.

    • errors array[object]
      Hide errors attributes Show errors attributes object
      • id string

        A unique identifier for this particular occurrence of the problem.

      • status string

        the HTTP status code applicable to this problem, expressed as a string value.

      • code string

        an application-specific error code, expressed as a string value.

      • title string

        A short, human-readable summary of the problem that SHOULD NOT change from occurrence to occurrence of the problem, except for purposes of localization.

      • detail string

        a human-readable explanation specific to this occurrence of the problem. Like title, this field’s value can be localized.

      • source object

        An object containing references to the source of the error.

        Hide source attributes Show source attributes
        • pointer string

          A JSON Pointer [RFC6901] to the associated entity in the request document [e.g. "/data" for a primary data object, or "/data/attributes/title" for a specific attribute].

        • A string indicating which URI query parameter caused the error.

      • meta object

        a meta object containing non-standard meta-information about the error.

        Hide meta attribute Show meta attribute
  • 500 application/vnd.api+json

    Internal server error

    Hide response attribute Show response attribute object

    Error objects provide additional information about problems encountered while performing an operation. Errors also contain codes besides title and message which can be used for checks even if the detailed messages might change.

    * 1000: generic error * 1001: payment processing temporarily unavailable * 1002: requested amount exceeds the authorized amount of the provided token * 1003: implicit payment methods cannot be modified * 1004: payment method rejected by provider * provider:payment-method-rejected: payment method rejected by provider (identical to 1004) * rule:product-denied: Product restrictions forbid transaction, e.g., forbidden fuel type - token authorized only for Diesel but attempted to fuel Super.

    • errors array[object]
      Hide errors attributes Show errors attributes object
      • id string

        A unique identifier for this particular occurrence of the problem.

      • status string

        the HTTP status code applicable to this problem, expressed as a string value.

      • code string

        an application-specific error code, expressed as a string value.

      • title string

        A short, human-readable summary of the problem that SHOULD NOT change from occurrence to occurrence of the problem, except for purposes of localization.

      • detail string

        a human-readable explanation specific to this occurrence of the problem. Like title, this field’s value can be localized.

      • source object

        An object containing references to the source of the error.

        Hide source attributes Show source attributes
        • pointer string

          A JSON Pointer [RFC6901] to the associated entity in the request document [e.g. "/data" for a primary data object, or "/data/attributes/title" for a specific attribute].

        • A string indicating which URI query parameter caused the error.

      • meta object

        a meta object containing non-standard meta-information about the error.

        Hide meta attribute Show meta attribute
POST /user/devices/totp
curl \
 -X POST https://api.pace.cloud/user/2024-1/user/devices/totp \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/vnd.api+json"
Request examples
{
  "data": {
    "type": "deviceTOTP",
    "id": "738e379f-fe30-45ab-819c-ba88804b6368",
    "attributes": {
      "pin": "8299",
      "password": "superSecret12345!",
      "otp": "526271"
    }
  }
}
Response examples (201)
{
  "data": {
    "type": "deviceTOTP",
    "id": "738e379f-fe30-45ab-819c-ba88804b6368",
    "attributes": {
      "secret": "PBVDSNDDKZ4HGZ3UG5CHUUSEMJCTCSCU",
      "period": 30,
      "digits": 6,
      "algorithm": "SHA1"
    }
  }
}
Response examples (401)
{
  "errors": [
    {
      "id": "string",
      "links": {
        "about": "string"
      },
      "status": "string",
      "code": "string",
      "title": "string",
      "detail": "string",
      "source": {
        "pointer": "string",
        "parameter": "string"
      },
      "meta": {}
    }
  ]
}
Response examples (403)
{
  "errors": [
    {
      "id": "string",
      "links": {
        "about": "string"
      },
      "status": "string",
      "code": "string",
      "title": "string",
      "detail": "string",
      "source": {
        "pointer": "string",
        "parameter": "string"
      },
      "meta": {}
    }
  ]
}
Response examples (406)
{
  "errors": [
    {
      "id": "string",
      "links": {
        "about": "string"
      },
      "status": "string",
      "code": "string",
      "title": "string",
      "detail": "string",
      "source": {
        "pointer": "string",
        "parameter": "string"
      },
      "meta": {}
    }
  ]
}
Response examples (415)
{
  "errors": [
    {
      "id": "string",
      "links": {
        "about": "string"
      },
      "status": "string",
      "code": "string",
      "title": "string",
      "detail": "string",
      "source": {
        "pointer": "string",
        "parameter": "string"
      },
      "meta": {}
    }
  ]
}
Response examples (422)
{
  "errors": [
    {
      "id": "string",
      "links": {
        "about": "string"
      },
      "status": "string",
      "code": "string",
      "title": "string",
      "detail": "string",
      "source": {
        "pointer": "string",
        "parameter": "string"
      },
      "meta": {}
    }
  ]
}
Response examples (500)
{
  "errors": [
    {
      "id": "string",
      "links": {
        "about": "string"
      },
      "status": "string",
      "code": "string",
      "title": "string",
      "detail": "string",
      "source": {
        "pointer": "string",
        "parameter": "string"
      },
      "meta": {}
    }
  ]
}