IB Challenge POST

Request MFA code for selected device

# ENDPOINT
/oauth/v2/challenge
# REQUEST BODY
Schema: challenge
Type: object
Variable Name Type Format Usage Description
challenge_type Challenge Type string M List of authorization devices
client_id Client Id string The client identifier issued to the client during the registration process
client_timezone Client Timezone string M Client timezone offset (to GMT)
ip IP string Client IP address
mfa_token MFA Token string M Multi-factor authentication token
redirect_uri Redirect URI string Indicates the URI to return the user to after authorization is complete
response_type Response Type string M Indicates that your server expects to receive an authorization code. Values: "access_token","code","sign_token"
scope Scope of Access string Scope of access
source_system Source system string Source system. For Internetbank please setup "IB"
state State string M Client server session id (to prevent MITM requests)
# REQUEST BODY EXAMPLE
							{
    "response_type":"code",
    "client_id":"ib_localhost",
    "redirect_uri":"http:\/\/localhost",
    "scope":"CUSTOMER:FULL",
    "state":"5e982a097260d146803b5da13b1a19c2",
"mfa_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImN0eSI6IiJ9.eyJpc3MiOiJodHRwczpcL1wvYXBpLm4wLmVsY29pbi5jby51a1wvIiwic3ViIjoiRU4wMDAwMENZIiwiZXhwIjoxNjI2OTMyOTE3LCJqdGkiOiJlMjk4ZDM3OC03ZTlkLTI4OTMtODQxNC0zNTAxYTAzMTQxYmYiLCJzaWQiOiJlMjk4ZDM3OC03ZTlkLTI4OTMtODQxNC0zNTAxMTgxMTNmYmYiLCJjbGllbnRfaWQiOiJpYl9sb2NhbGhvc3QiLCJzY29wZSI6IkNVU1RPTUVSOkZVTEwiLCJ0b2tlbl90eXBlIjoiYmVhcmVyIiwiZXhwaXJlcyI6IjIwMjEtMDctMjJUMDU6NDg6MzcuMDAwLTAwOjAwIiwiaXNzdWVkX2F0IjoiMTk3MC0wMS0wMVQwMDowMDowMC4wMDAtMDA6MDAifQ.rGPWoavuR7vfH_1x8HHgehAIojX_ZHPRwYEAY-pIoNc",
    "challenge_type":"oob:email:b*1@gmail.com",
    "ip":"::1",
    "client_timezone":"-3",
    "source_system":"IB"
}						
# POSITIVE RESPONSE

200 - Response successfully when status is OK

200 - Response successfully when status is OK

If error = mfa_code_required then code contains verification code which should be displaied for customer and mfa_token contains one time token for code confimation

Schema: HeaderResponseStatusOkChallenge
Type: application/json
Variable Name Type Format Description
error Error Code string Error code
error_description Error Description string Description of error
mfa_token MFA Token string Multi-factor authentication token
code Verification code integer The verification code that was sent to the MFA device
# RESPONSE POSITIVE EXAMPLE
							{
    "mfa_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImN0eSI6IiJ9.eyJpc3MiOiJodHRwczpcL1wvYXBpLm4wLmVsY29pbi5jby51a1wvIiwic3ViIjoiRU4wMDAwMENZIiwiYWN0Ijp7InN1YiI6IkVOMDAwMDBDWSJ9LCJleHAiOjE2MjY5MzQzMDUsImp0aSI6ImUyOThkMzc4LTdlOWQtMjg5My04NDE0LTc2MDEyODMzYzg2OCIsInNpZCI6ImUyOThkMzc4LTdlOWQtMjg5My04NDE0LTc1MDEzODg2ODNiNCIsImFtciI6Im9vYjplbWFpbDpiKjFAZ21haWwuY29tIiwiY2xpZW50X2lkIjoiaWJfbG9jYWxob3N0Iiwic2NvcGUiOiJtZmFfdG9rZW46OTU5NiIsInRva2VuX3R5cGUiOiJiZWFyZXIiLCJleHBpcmVzIjoiMjAyMS0wNy0yMlQwNjoxMTo0NS4wMDAtMDA6MDAiLCJpc3N1ZWRfYXQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwLjAwMC0wMDowMCJ9.rf6iPhreu1lzEGFCQocFV6UN0pkCJO1pl9J_5eBxfG0",
    "code": "9596",
    "error": "mfa_code_required",
    "error_description": "Please confirm challenge with sent code"
}						
# NEGATIVE RESPONSE

400 - Response with error when status is ERROR

400 - Response with error when status is ERROR

Schema: HeaderResponseStatusErrorOAuth
Type: object
Variable Name Type Format Description
error_description Error Description string Description of error
error Error Code string Error code
# RESPONSE NEGATIVE EXAMPLE
							{
    "error": "invalid_token",
    "error_description": "Invalid token."
}