Create session
post
https://oaainstall-host/risk-analyzer/session/v1
Creates new OARM session for the user authentication request.
Request
There are no request parameters for this operation.
Supported Media Types
- application/xml
- application/json
Root Schema : schema
Type:
objectRequest object for creating the session
Show Source
-
fpList: array
DeviceFingerprintDataList
List of the device fingerprint data
-
ip: object
IPData
IP related data used during authentication
-
requestId: string
requestId for the request. If not populated will be generated in the server and returned in the response.
-
requestTime: string
(date-time)
Date time string in the format rfc3339 sec 5.6. https://tools.ietf.org/html/rfc3339#section-5.6 e.g format 2021-08-13T01:29:29.768Z
-
sessionData: object
SessionData
Session data present in the request.
-
user: object
SessionRiskUserData
User related data. loginName is mandatory parameter.
If the client has canonical userId that can uniquely identify the user, in all API calls that take canonical userId, the canonical userId should be provided. If the client does not have canonical userId to identify the user, OARM system will generate the canonical id when user is created. In all subsequent API calls for that user, the generated canonical userId should be provided for that user.
If canonical userId is not provided, or a canonical userId that is non-existent in the system is provided, a new user may be created in the system. User records are discovered in the system based on the provided canonical userId.
Canonical userIds can be discovered in OARM system by making a call to user preferences using loginName and groupName.
Nested Schema : DeviceFingerprintDataList
Type:
arrayList of the device fingerprint data
Show Source
-
Array of:
object DeviceFingerprintData
Device fingerprint data that is present in the request
Nested Schema : IPData
Type:
objectIP related data used during authentication
Show Source
-
latitude: number
The latitude of the location. Min value is -90 (negative values for sounthern hemisphere) and max value is +90 (positive values for northern hemisphere)
-
locationAccuracy: number
This attribute describes the accuracy of the location information (longitude, latitude pair). This attribute along with location accuracy units will indicate the accuracy. Typical example will be say within 2 meters of the indicated co-ordinates. For this example the value of this attribute will be 2.0 and the value of location accuracy type will be a enumeration pointing to metere.
-
locationAccuracyUnits: integer
Required when locationAccuracy is present. This attribute along with locationAccuracy attribute describes the accuracy of the location information (longitude, latitude pair). This attribute along with location accuracy units will indicate the accuracy. Typical example will be say within 2 meters of the indicated co-ordinates. For this example the value of this attribute will be a enumeration pointing to meter and value of locationAccuracy attribute will be 2.0.
-
locationAcquireTime: string
(date-time)
Date time string in the format rfc3339 sec 5.6. https://tools.ietf.org/html/rfc3339#section-5.6 e.g format 2021-08-13T01:29:29.768Z
-
locationAcquireType: integer
Required when locationAccuracy is present. This attribute indicates the type / method by which location was acquired. This is enumeration of the type location.source.type.enum. Some of the possible integer values will correspond to gps, asisted gps, wifi hotspot etc.
-
longitude: number
The longitude of the location. Min value is -180 (negative values for western hemisphere) and max value is +180 (positive values for eastern hemispehre).
-
proxyIP: string
This attribute is the proxy IP address of the session if proxy is present. (in A.B.C.D format)
-
remoteHost: string
This attribute captures the remote Host machine name from which the request somes in.
-
remoteIP(required): string
This attribute captures the IP address of the session in String format. (A.B.C.D)
Nested Schema : SessionData
Type:
objectSession data present in the request.
Show Source
-
analyzePatterns: boolean
Flag to indicate if autolearnin should be at this point.
-
authenticationStatus(required): integer
authentication status. One of the config value from auth.status.enum.
-
clientApplication: string
The client application of the user's session.
-
clientType(required): integer
The client type of the user's session. (client.type.enum)
-
clientVersion: string
Version of the client software / browser / device etc.
-
externalDeviceId: string
Exiernal device id if client wants to populate.
-
registerDevice: boolean
Attribute is flag when true will result in registering the device for the user.
-
requestId(required): string
requestId for the request
Nested Schema : SessionRiskUserData
Type:
objectUser related data. loginName is mandatory parameter.
If the client has canonical userId that can uniquely identify the user, in all API calls that take canonical userId, the canonical userId should be provided. If the client does not have canonical userId to identify the user, OARM system will generate the canonical id when user is created. In all subsequent API calls for that user, the generated canonical userId should be provided for that user.
If canonical userId is not provided, or a canonical userId that is non-existent in the system is provided, a new user may be created in the system. User records are discovered in the system based on the provided canonical userId.
Canonical userIds can be discovered in OARM system by making a call to user preferences using loginName and groupName.
Show Source
If the client has canonical userId that can uniquely identify the user, in all API calls that take canonical userId, the canonical userId should be provided. If the client does not have canonical userId to identify the user, OARM system will generate the canonical id when user is created. In all subsequent API calls for that user, the generated canonical userId should be provided for that user.
If canonical userId is not provided, or a canonical userId that is non-existent in the system is provided, a new user may be created in the system. User records are discovered in the system based on the provided canonical userId.
Canonical userIds can be discovered in OARM system by making a call to user preferences using loginName and groupName.
-
groupName(required): string
group name. The combination of loginName and groupName must be unique.
-
loginName(required): string
Login name used for authentication.
-
userId: string
Canonical user identifier. This user id will be the mechanism of identifying user if provided. If this parameter is not provided, a combination of loginName and groupName will be used to locate the user.
Nested Schema : DeviceFingerprintData
Type:
objectDevice fingerprint data that is present in the request
Show Source
-
cookie: string
cookie in the request
-
cookieType: integer
cookie type value from the enum configuration vcrypt.fingerprint.type.enum.
-
fingerprint: string
device fingerprint
Root Schema : schema
Type:
objectRequest object for creating the session
Show Source
-
fpList: array
DeviceFingerprintDataList
List of the device fingerprint data
-
ip: object
IPData
IP related data used during authentication
-
requestId: string
requestId for the request. If not populated will be generated in the server and returned in the response.
-
requestTime: string
(date-time)
Date time string in the format rfc3339 sec 5.6. https://tools.ietf.org/html/rfc3339#section-5.6 e.g format 2021-08-13T01:29:29.768Z
-
sessionData: object
SessionData
Session data present in the request.
-
user: object
SessionRiskUserData
User related data. loginName is mandatory parameter.
If the client has canonical userId that can uniquely identify the user, in all API calls that take canonical userId, the canonical userId should be provided. If the client does not have canonical userId to identify the user, OARM system will generate the canonical id when user is created. In all subsequent API calls for that user, the generated canonical userId should be provided for that user.
If canonical userId is not provided, or a canonical userId that is non-existent in the system is provided, a new user may be created in the system. User records are discovered in the system based on the provided canonical userId.
Canonical userIds can be discovered in OARM system by making a call to user preferences using loginName and groupName.
Nested Schema : DeviceFingerprintDataList
Type:
arrayList of the device fingerprint data
Show Source
-
Array of:
object DeviceFingerprintData
Device fingerprint data that is present in the request
Nested Schema : IPData
Type:
objectIP related data used during authentication
Show Source
-
latitude: number
The latitude of the location. Min value is -90 (negative values for sounthern hemisphere) and max value is +90 (positive values for northern hemisphere)
-
locationAccuracy: number
This attribute describes the accuracy of the location information (longitude, latitude pair). This attribute along with location accuracy units will indicate the accuracy. Typical example will be say within 2 meters of the indicated co-ordinates. For this example the value of this attribute will be 2.0 and the value of location accuracy type will be a enumeration pointing to metere.
-
locationAccuracyUnits: integer
Required when locationAccuracy is present. This attribute along with locationAccuracy attribute describes the accuracy of the location information (longitude, latitude pair). This attribute along with location accuracy units will indicate the accuracy. Typical example will be say within 2 meters of the indicated co-ordinates. For this example the value of this attribute will be a enumeration pointing to meter and value of locationAccuracy attribute will be 2.0.
-
locationAcquireTime: string
(date-time)
Date time string in the format rfc3339 sec 5.6. https://tools.ietf.org/html/rfc3339#section-5.6 e.g format 2021-08-13T01:29:29.768Z
-
locationAcquireType: integer
Required when locationAccuracy is present. This attribute indicates the type / method by which location was acquired. This is enumeration of the type location.source.type.enum. Some of the possible integer values will correspond to gps, asisted gps, wifi hotspot etc.
-
longitude: number
The longitude of the location. Min value is -180 (negative values for western hemisphere) and max value is +180 (positive values for eastern hemispehre).
-
proxyIP: string
This attribute is the proxy IP address of the session if proxy is present. (in A.B.C.D format)
-
remoteHost: string
This attribute captures the remote Host machine name from which the request somes in.
-
remoteIP(required): string
This attribute captures the IP address of the session in String format. (A.B.C.D)
Nested Schema : SessionData
Type:
objectSession data present in the request.
Show Source
-
analyzePatterns: boolean
Flag to indicate if autolearnin should be at this point.
-
authenticationStatus(required): integer
authentication status. One of the config value from auth.status.enum.
-
clientApplication: string
The client application of the user's session.
-
clientType(required): integer
The client type of the user's session. (client.type.enum)
-
clientVersion: string
Version of the client software / browser / device etc.
-
externalDeviceId: string
Exiernal device id if client wants to populate.
-
registerDevice: boolean
Attribute is flag when true will result in registering the device for the user.
-
requestId(required): string
requestId for the request
Nested Schema : SessionRiskUserData
Type:
objectUser related data. loginName is mandatory parameter.
If the client has canonical userId that can uniquely identify the user, in all API calls that take canonical userId, the canonical userId should be provided. If the client does not have canonical userId to identify the user, OARM system will generate the canonical id when user is created. In all subsequent API calls for that user, the generated canonical userId should be provided for that user.
If canonical userId is not provided, or a canonical userId that is non-existent in the system is provided, a new user may be created in the system. User records are discovered in the system based on the provided canonical userId.
Canonical userIds can be discovered in OARM system by making a call to user preferences using loginName and groupName.
Show Source
If the client has canonical userId that can uniquely identify the user, in all API calls that take canonical userId, the canonical userId should be provided. If the client does not have canonical userId to identify the user, OARM system will generate the canonical id when user is created. In all subsequent API calls for that user, the generated canonical userId should be provided for that user.
If canonical userId is not provided, or a canonical userId that is non-existent in the system is provided, a new user may be created in the system. User records are discovered in the system based on the provided canonical userId.
Canonical userIds can be discovered in OARM system by making a call to user preferences using loginName and groupName.
-
groupName(required): string
group name. The combination of loginName and groupName must be unique.
-
loginName(required): string
Login name used for authentication.
-
userId: string
Canonical user identifier. This user id will be the mechanism of identifying user if provided. If this parameter is not provided, a combination of loginName and groupName will be used to locate the user.
Nested Schema : DeviceFingerprintData
Type:
objectDevice fingerprint data that is present in the request
Show Source
-
cookie: string
cookie in the request
-
cookieType: integer
cookie type value from the enum configuration vcrypt.fingerprint.type.enum.
-
fingerprint: string
device fingerprint
Response
Supported Media Types
- application/xml
- application/json
- text/plain
201 Response
Create the session for the request.
Root Schema : CreateSessionResponse
Type:
objectsession create response
Show Source
-
cookieSet: object
CookieSet
-
statusResponse: object
StatusResponse
Status information for API call
Nested Schema : CookieSet
Type:
Show Source
object-
digitalCookie: string
Digital cookie
-
requestId: string
Request identifier
-
secureCookie: string
secure cookie
Nested Schema : StatusResponse
Type:
objectStatus information for API call
Show Source
-
responseCode: string
status code of the request
-
responseMessage: string
response message related to the response code if needed.
-
sessionId: string
session id of the authentcation.
-
status: boolean
authentication update request status
-
transactionId: number
transactionId in case of transaction data.
-
userData: object
SessionUserData
user related data
Nested Schema : SessionUserData
Type:
objectuser related data
Show Source
-
groupName(required): string
group name
-
loginName(required): string
Login name used for authentication
-
userId: string
user identifier.
400 Response
Invalid input
Root Schema : StatusResponse
Type:
objectStatus information for API call
Show Source
-
responseCode: string
status code of the request
-
responseMessage: string
response message related to the response code if needed.
-
sessionId: string
session id of the authentcation.
-
status: boolean
authentication update request status
-
transactionId: number
transactionId in case of transaction data.
-
userData: object
SessionUserData
user related data
Nested Schema : SessionUserData
Type:
objectuser related data
Show Source
-
groupName(required): string
group name
-
loginName(required): string
Login name used for authentication
-
userId: string
user identifier.
401 Response
Unauthorized
500 Response
Internal server error
503 Response
Service Unavailable
Examples
The following example shows a sample request and response for creating an OARM session for a user authentication request.
cURL Command to Create an OARM Session in JSON Format
curl --location --request POST '<RISK>/risk-analyzer/session/v1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic <Base64Encoded(<username>:<password>)>' \
--data '{
"user": {
"loginName": "user1",
"groupName": "financeapp",
"userId": "22a29071-16f2-4b69-a94c-73be672e34eb"
},
"ip": {
"remoteIP": "10.175.171.219",
"remoteHost": "TESTCLIENT",
"proxyIP": "10.175.171.219"
},
"fpList": [
{
"cookie": "",
"fingerprint": "accept-encoding#^#gzip, deflate, br#^#accept-language#^#en-GB,en;q=0.9#^#userAgent#^#Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/112.0.0.0 Safari/537.36",
"cookieType": "1"
},
{
"cookie": "",
"fingerprint": "acn#^#Mozilla#^#ah#^#1040#^#an#^#Netscape#^#av#^#5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36#^#aw#^#1920#^#cd#^#24#^#ce#^#true#^#gl#^#51.4108518,-0.8705637,16.634#^#h#^#1080#^#je#^#false#^#l#^#en-GB#^#mt#^#application/pdf,text/pdf#^#o#^#true#^#p#^#Win32#^#pd#^#24#^#pl#^#PDF Viewer,Chrome PDF Viewer,Chromium PDF Viewer,Microsoft Edge PDF Viewer,WebKit built-in PDF#^#prod#^#Gecko#^#prods#^#20030107#^#tzo#^#0#^#ua#^#Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.6#^#w#^#1920",
"cookieType": "4"
}
],
"sessionData": {
"authenticationStatus": "999",
"registerDevice": "false",
"clientApplication": "OAA",
"clientType": "0",
"clientVersion": "12.2.1.4.0",
"analyzePatterns": "true"
}
}
'Sample Response in JSON Format
{
"cookieSet": {
"digitalCookie": "2c5eae23-96f6-4721-997e-059748e70165",
"secureCookie": "c65230e1-d909-4f13-8c91-9c72e555e3a3",
"requestId": "9cc1b37c-2ce9-49b6-8103-85d0e59a7f1f"
},
"statusResponse": {
"responseCode": "0",
"responseMessage": "",
"status": true,
"sessionId": "9cc1b37c-2ce9-49b6-8103-85d0e59a7f1f"
}
}
cURL Command to Create an OARM Session in XML Format
curl --location --request POST '<RISK>/risk-analyzer/session/v1' \
--header 'Content-Type: application/xml' \
--header 'Accept: application/xml' \
--header 'Authorization: Basic <Base64Encoded(<username>:<password>)>' \
--data '
<?xml version="1.0" encoding="UTF-8" ?>
<CreateSessionRequest>
<user>
<loginName>user1</loginName>
<groupName>financeapp</groupName>
<userId>22a29071-16f2-4b69-a94c-73be672e34eb</userId>
</user>
<ip>
<remoteIP>10.175.171.219</remoteIP>
<remoteHost>TESTCLIENT</remoteHost>
<proxyIP>10.175.171.219</proxyIP>
</ip>
<fpList>
<cookie></cookie>
<fingerprint>accept-encoding#^#gzip, deflate, br#^#accept-language#^#en-GB,en;q=0.9#^#userAgent#^#Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/112.0.0.0 Safari/537.36</fingerprint>
<cookieType>1</cookieType>
</fpList>
<fpList>
<cookie></cookie>
<fingerprint>acn#^#Mozilla#^#ah#^#1040#^#an#^#Netscape#^#av#^#5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36#^#aw#^#1920#^#cd#^#24#^#ce#^#true#^#gl#^#51.4108518,-0.8705637,16.634#^#h#^#1080#^#je#^#false#^#l#^#en-GB#^#mt#^#application/pdf,text/pdf#^#o#^#true#^#p#^#Win32#^#pd#^#24#^#pl#^#PDF Viewer,Chrome PDF Viewer,Chromium PDF Viewer,Microsoft Edge PDF Viewer,WebKit built-in PDF#^#prod#^#Gecko#^#prods#^#20030107#^#tzo#^#0#^#ua#^#Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.6#^#w#^#1920</fingerprint>
<cookieType>4</cookieType>
</fpList>
<sessionData>
<authenticationStatus>999</authenticationStatus>
<registerDevice>false</registerDevice>
<clientApplication>OAA</clientApplication>
<clientType>0</clientType>
<clientVersion>12.2.1.4.0</clientVersion>
<analyzePatterns>true</analyzePatterns>
</sessionData>
</CreateSessionRequest>'Sample Response in XML Format
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CreateSessionResponse>
<cookieSet>
<digitalCookie>47d96150-783e-4c67-94a8-4e17d0d67748</digitalCookie>
<secureCookie>5e65f8c5-51e7-435f-89ad-379ab014bc5d</secureCookie>
<requestId>8b39a615-51f8-4ca9-b8d8-f5b0e71e6ca6</requestId>
</cookieSet>
<statusResponse>
<responseCode>0</responseCode>
<responseMessage></responseMessage>
<status>true</status>
<sessionId>8b39a615-51f8-4ca9-b8d8-f5b0e71e6ca6</sessionId>
</statusResponse>
</CreateSessionResponse>