API questionnaires

Updated on 24 Sep 2024
2 Minutes to read

Print
Share
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

How can data be encrypted while sending the request to CI?

Cross Identity APIs are incorporated with HTTPS, and all requests are encoded. Clients must also use CI’s encryption utility to encrypt user details, such as passwords, before sending the request via the API. It means Cross Identity provides multiple layers of security when transmitting data between CI and the client application.

Can we manage session handling through the API?

No, Cross Identity APIs are primarily used for centralized authentication and do not provide session management. The target application needs to handle this based on the response received from CI. For example, if the client gets a "Success" response, the target application must create a session for the user. If the response is "Fail," the client should return an error message.

How to prevent duplication or extraction of the session ID?

Cross Identity does not create a session ID; it is generated by the client. The client must have standardized methods to prevent session duplication. They can use dynamic session ID creation, ensure the system generates unique session IDs for each session, or allow only one active session per user at a time.

How to enable standardized SSO?

Cross Identity provides out-of-the-box SSO features supporting federated protocols such as SAML and OAuth/OIDC. To enable standardized SSO, the client application must support federated protocols so that SSO can be established between Cross Identity and the client application.

Does CI support MFA APIs?

Yes, Cross Identity supports MFA APIs. Client applications can invoke these APIs to validate two-factor authentication (2FA). Cross Identity provides the following MFA factors:

• Email OTP

• SMS OTP

• Security Questions

• TOTP

• Passwordless

Is any code change required for integrating the APIs?

Yes, integrating Cross Identity APIs requires certain changes. The AuthReqAPI is mainly used to authenticate users with login details such as username and password. When requesting, the client application must send these details in an encoded format, and the CI encryption utility must be used to encode the data before sending it to Cross Identity.

A flow diagram representing how the Cross Identity AuthReq API works for handling user login requests. Here's a description of the process shown in the diagram:

End User Login: The user initiates the login process by entering their credentials, such as username ("Sandeep.singh") and password ("Password@123").
Encryption: The passwords are encrypted before sending them via the API to ensure that sensitive information, such as passwords, is securely transmitted.
API Call: The client application invokes the AuthReq() API with the encrypted credentials. This API call is routed to the Cross Identity authentication platform.
Cross Identity APIs: These APIs are integrated with HTTPS, ensuring secure communication between the client application and the Cross Identity platform.
Login Request: The encrypted login details are sent over a secure channel to the Cross Identity system for authentication.
Response Handling:
If the authentication is successful, Cross Identity sends a "Success" response.
If the login fails, a "Fail" response is returned.

This process ensures that sensitive user information is protected while authenticating users through Cross Identity services, with multiple layers of security through encryption and secure communication protocols.

Was this article helpful?

What's Next

Appendix-A: Activities to be done on Application