Passcode

We support 2 types of end-user passwords:

• Password made up of at least 8 alphanumeric and symbol characters
• Passcode made up of 4 digits

If you already require your customers to authenticate to use your application, you can authenticate your customers with Weavr using a passcode instead of a password.

info

Contact our support team if you are interested to set up your application to use passcodes instead of a passwords.

1. Embed the passcode UI Component

The Passcode UI component lets you collect your customer’s passcode securely and converts it into a token, which you can safely send to Weavr using the API.

tip

To use Weavr UI components, you must first set up our UI library in your application.

warning

Due to requirements related to strong customer authentication, your authentication token is required to be stepped-up when calling this UI to update the passcode.

<!-- Define a form in which you will ask your customer to input their passcode -->
<form onSubmit="onSubmit(); return false;">
  <!-- Normal input to accept the user name-->
  Username: <input type="input" name="user" />
  <!-- Div to be replaced with the pass code component -->
  Passcode:
  <div id="passcode"></div>

  <input type="submit" value="Login" />
</form>

<script>
  const passcodeComponent = weavrComponents.capture.passCode(
    "{{ component name }}",
    {
      placeholder: "Pass Code",
    }
  );

  passcodeComponent.mount("#passcode");

  function onSubmit() {
    passcodeComponent
      .createToken()
      .then((res) => {
        // Successfully created token
        console.log(res);

        // Outputs:
        // {
        //   "tokens": {
        //     "{{ component name }}": "{{ token }}"
        //   }
        // }
      })
      .catch((e) => {
        // Error while creating the token
      });
  }
</script>

2. Authenticate the user

Now that you have the tokenizedTokenize Replace a card's primary account number (PAN) with a unique digital token that stands in for the real card during a transaction. When a cardholder adds a card to Apple Pay or Google Pay via push provisioning, the wallet provider stores a device-specific token rather than the underlying PAN, so the real card number isn't exposed on the device or shared with merchants. passcode, you can authenticate the user using the tokenizedTokenize Replace a card's primary account number (PAN) with a unique digital token that stands in for the real card during a transaction. When a cardholder adds a card to Apple Pay or Google Pay via push provisioning, the wallet provider stores a device-specific token rather than the underlying PAN, so the real card number isn't exposed on the device or shared with merchants. passcode.

caution

You must perform this step on the server side of your application.

POST/login_with_passwordTry it

Request

{
  "email": "[email protected]",
  "password": {
    "value": "pa$$word"
  }
}

Response

{
  "token": "string",
  "tokenType": "NO_TYPE",
  "identity": {
    "type": "CONSUMER",
    "id": "string"
  },
  "credentials": {
    "type": "ROOT",
    "id": "string"
  }
}

After a successful login, you receive the user authentication token as token in the response. You must then use this token to authenticate the user in all subsequent API calls.