Skip to main content

2 posts tagged with "authentication"

View All Tags

· One min read

Effective:

  • 27 February 2024 on Sandbox
  • 19 March 2024 on Live

The Step up - Issue one time password endpoint now allows the end-user to re-send a new OTP up to one time, if the first issue a step-up challenge attempt resulted unsuccessful.

To be able to issue another step-up challenge, you need to wait 15 seconds (or more) from the first attempt.

  • Triggering the step-up challenge API after 15 seconds from the first attempt then the first attempt will be invalidated and the user will need to respond to the new challenge.
  • Triggering the step-up challenge API before 15 seconds will return an HTTP 409 RETRY_IN_15SEC.
  • The step-up challenge can be retried 2 times after which an HTTP 400 INVALID_REQUEST will be returned. The user will have to logout and login again to issue a new step-up challenge.

Note: If the end-user receives both the first SMS and the second one at the same time (e.g. a delay in telecom delivering the messages), only the more recent OTP will work.

Affected API endpoints:

More details on how to step-up a token are available in our documentation.

· One min read

Effective:

  • 27 February 2024 on Sandbox
  • 20 March 2024 on Live

To reduce the risk of fraud, we are now limiting the number of times a one-time-password can be submitted incorrectly.

Secure UI Components

When the user inputs a wrong OTP, they will be shown an error message and will be allowed to re-enter a new OTP. If they reach the last try, a message will be shown specifying that is the last try. Once a wrong OTP is inputted for the last try the Secure UI Component will return an error event with code CHALLENGE_LIMIT_EXCEEDED.

Affected Secure UI Components:

API endpoints

We have introduced 2 new error codes for the HTTP 409 response:

  • ONE_CHALLENGE_LIMIT_REMAINING - returned when the user has one try left
  • CHALLENGE_LIMIT_EXCEEDED - returned when the user has exceeded their OTP retries

Affected API endpoints: