Changes 2026.03.05

What's New

POST /api/identity-store/stores/{storeName}/users/{userId}/pushNotifications/relyingParties/{rpId}

Send push notification to user devices with registered appkeys for the specified relying party. The user is identified by internal ID.

POST /api/identity-store/stores/{storeName}/users/{userExtId}/pushNotifications/relyingParties/{rpId}/ext

Send push notification to user devices with registered appkeys for the specified relying party. The user is identified by external ID.

GET /api/identity-store/stores/{storeName}/users/{userId}/pushNotifications

List active push notifications grouped by relying party ID and device ID for the specified user. The user is identified by internal ID.

GET /api/identity-store/stores/{storeName}/users/{userExtId}/pushNotifications/{id}/ext

Get a push notification record for a user. The record is identified by the ID returned by the list user push notifications API. The user is identified by external ID.

GET /api/identity-store/stores/{storeName}/pushNotificationPolicy/{rpId}

Get an existing Push Notification policy by relying party

POST /api/identity-store/stores/{storeName}/pushNotificationPolicy/{rpId}

Update an existing Push Notification policy for relying party

DELETE /api/identity-store/stores/{storeName}/pushNotificationPolicy/{rpId}

Delete an existing Push Notification policy with relying party

GET /api/identity-store/stores/{storeName}/users/{userExtId}/pushNotifications/ext

List active push notifications grouped by relying party ID and device ID for the specified user. The user is identified by external ID.

GET /api/identity-store/stores/{storeName}/users/{userId}/pushNotifications/{id}

Get a push notification record for a user. The record is identified by the ID returned by the list user push notifications API. The user is identified by internal ID.

GET /api/identity-store/stores/{storeName}/pushNotifications/relyingParties

Get a list of valid relying parties for push notifications. Relying parties can be filtered by their configuration status.

POST /api/identity-store/stores/{storeName}/pushNotificationPolicy

Create a new Push Notification policy within an identity store for relying party

DELETE /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/preferredDevices/ext

Clear the preferred device for notifications relating to a relying party's apps. The user is identified by its external ID.

DELETE /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/preferredDevices

Clear the preferred device for notifications relating to a relying party's apps. The user is identified by its internal ID.

What's Changed

DELETE /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/preferredDevice/{deviceId}

Return Type:

Changed response : 200 OK

Preferred device deleted from user
  • New content type : application/json

DELETE /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/preferredDevice/{deviceId}/ext

Return Type:

Changed response : 200 OK

Preferred device deleted from user
  • New content type : application/json

GET /api/identity-store/events/queries/{executionId}/result

Return Type:

Changed response : 200 OK

Query results returned successfully
  • Changed content type : application/json
  • Changed property results (array) > A list of results

Changed items (object): > Identity store event information resulting from a query

  • Added property parentProcessDefnId (string) > The parent process definition ID.

  • Added property parentProcessDefnName (string) > The parent process definition name.

  • Added property parentProcessDefnVersion (integer) > The parent process definition version.

  • Added property parentProcessInstanceId (string) > The parent process instance ID.

  • Added property childProcessDefnName (string) > The child process definition name.

  • Added property childProcessDefnVersion (integer) > The child process definition version.

  • Added property childProcessDefnTag (string) > The child process definition tag.

POST /api/identity-store/events/queries/start

Request:

Changed content type : application/json

  • Added property parentProcessDefnId (string) > The parent process definition ID. Query value must exactly match the event value.

  • Added property parentProcessDefnName (string) > The parent process definition name. Query value is matched as being LIKE the event value.

  • Added property parentProcessDefnVersion (integer) > The parent process definition version. Query value must exactly match the event value.

  • Added property parentProcessInstanceId (string) > The parent process instance ID. Query value must exactly match the event value.

  • Added property childProcessDefnName (string) > The child process definition name. Query value is matched as being LIKE the event value.

  • Added property childProcessDefnVersion (integer) > The child process definition version. Query value must exactly match the event value.

  • Added property childProcessDefnTag (string) > The child process definition tag. Query value is matched as being LIKE the event value.

POST /api/identity-store/stores/{storeName}/users/{extId}/biometrics/{type}/ext

Return Type:

Changed response : 200 OK

User biometric updated successfully

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, appkeys and passkeys.

  • Changed property appkeys (array) > A list of appkeys registered to the user

Changed items (object): > Summary information about an appkey registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

POST /api/identity-store/stores/{storeName}/users

Request:

Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, appkeys and passkeys.

  • Changed property appkeys (array) > A list of appkeys registered to the user

Changed items (object): > Summary information about an appkey registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

Return Type:

Changed response : 201 Created

User created successfully

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, appkeys and passkeys.

  • Changed property appkeys (array) > A list of appkeys registered to the user

Changed items (object): > Summary information about an appkey registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

GET /api/process-manager/processTokens

Parameters:

Changed: processTokenSearch in query

POST /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/preferredDevices/ext

Return Type:

Changed response : 200 OK

User updated with the preferred device

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/preferredDevices

Return Type:

Changed response : 200 OK

User updated with the preferred device

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userExtId}/biometrics/authentications/failure/ext

Return Type:

Changed response : 200 OK

Failed biometric authentication recorded successfully

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}/biometrics/authentications/failure

Return Type:

Changed response : 200 OK

Failed biometric authentication recorded successfully

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

GET /api/identity-store/stores/{storeName}/users/{userId}

Return Type:

Changed response : 200 OK

User retrieved successfully

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}

Request:

Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, appkeys and passkeys.

  • Changed property appkeys (array) > A list of appkeys registered to the user

Changed items (object): > Summary information about an appkey registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

Return Type:

Changed response : 200 OK

User updated successfully

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

GET /api/identity-store/stores/{storeName}/users/{extId}/ext

Return Type:

Changed response : 200 OK

User retrieved successfully

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{extId}/ext

Request:

Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, appkeys and passkeys.

  • Changed property appkeys (array) > A list of appkeys registered to the user

Changed items (object): > Summary information about an appkey registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

Return Type:

Changed response : 200 OK

User updated successfully

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}/biometrics/{type}

Return Type:

Changed response : 200 OK

User biometric updated successfully

  • Changed content type : application/json

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

DELETE /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/registrations/keyIds/{keyId}

Return Type:

Changed response : 200 OK

User appkey(s) deleted successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/deregistrations

Return Type:

Changed response : 200 OK

User appkey(s) deleted successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/passkeys/registrations/sessions/{sessionId}

Return Type:

Changed response : 200 OK

Passkey registration completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}/totps/registrations/{policyName}

Return Type:

Changed response : 201 Created

TOTP registration started successfully - QR code string created

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}/totps/authentications/{policyName}

Return Type:

Changed response : 200 OK

TOTP authentication successful

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userExtId}/totps/authentications/{policyName}/ext

Return Type:

Changed response : 200 OK

TOTP authentication successful

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}/totps/deregistrations/{policyName}

Return Type:

Changed response : 200 OK

User TOTP deregistered successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/appkeys/authentications/sessions/{sessionId}

Return Type:

Changed response : 400 Bad Request

An error occurred either on the server or the client. Not all the error codes are listed here as there are many and a lot of them are unlikely to occur when integrating with a validated appkey client.

NOTE For convenience the updated user object is returned when there is an authentication error because it may contain updated information about the user lock state.

Some of the more likely errors are:

  • 502: The user associated with this authentication is not active- 1014: Session data was provided but session management for this authentication is configured as internal
  • 1017: The supplied client response message is not an authentication, it's a registration for example
  • 1026: The application on the client device is not registered in the trusted facets list of the appkey policy
  • 1029: The session challenge does not match the challenge in the client response
  • 1035: The appkey type is not supported- 1058: No appkey was found which matched the appkey key ID supplied in the authentication assertion
  • 1059: The appkey referenced in the authentication assertion was not registered to the expected user
  • 1060: The appkey referenced in the authentication assertion is not active
  • 1061: Potential appkey clone detected, the signature count is lower than expected.
  • 1090: The single-shot challenge timestamp is outside the valid time window
  • 1091: Malformed authentication response message from the client
  • 1092: Client response message contains no authentication responses
  • 1093: Client response message contains multiple authentication responses
  • 1102: Malformed authentication failure response message from the client
  • 1104: The authentication failed on the client
  • 1105: The authentication was cancelled by the client
  • 1115: Operation success/failure response data not provided
  • 2100: The user is locked. Authentication cannot proceed.
  • 2101: The user appkey modality is locked. Authentication cannot proceed.

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

Changed response : 200 OK

Appkey authentication completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userExtId}/totps/registrations/{policyName}/complete/ext

Return Type:

Changed response : 200 OK

TOTP registration completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/deregistrations/ext

Return Type:

Changed response : 200 OK

User appkey(s) deleted successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}/totps/registrations/{policyName}/complete

Return Type:

Changed response : 200 OK

TOTP registration completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{extId}/biometrics/authentications/face/ext

Return Type:

Changed response : 400 Bad Request

An error occurred - including the face match failing.

NOTE For convenience the updated user object is returned when there is a face match failure because it may contain updated information about the user lock state.

Possible error codes:

  • 8: Face algorithm not supported
  • 2005: The biometric type is not supported
  • 2006: The biometric subtype is not supported
  • 2100: The user is locked so authentication cannot be performed
  • 2101: The face modality is locked so authentication cannot be performed
  • 2102: The user is disabled so authentication cannot be performed
  • 2103: The presented biometric is disabled so authentication cannot be performed
  • 20114: Biometric data is not supplied in the request
  • 20115: The specified biometric type is not supported
  • 20120: An unexpected error occurred while generating face template
  • 20121: An error occurred while attempting to perform a face match
  • 20122: There is no suitable face data available for matching against the presented sample
  • 20123: The matching process data is missing from the request
  • 20124: The matching algorithm is missing from the request
  • 20125: The matching threshold must be between 0 and 1
  • 20126: The internal matching threshold must be between 0 and 1

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

Changed response : 200 OK

Face matched successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/passkeys/authentications

Return Type:

Changed response : 400 Bad Request

An error occurred either on the server or the client. Not all the error codes are listed here as there are many and a lot of them are unlikely to occur when integrating a validated passkey client.

NOTE For convenience the updated user object is returned when there is an authentication error because it may contain updated information about the user lock state.

Some of the more likely errors are:

  • 348: The passkey matching the supplied credential ID is not active
  • 352: The supplied client response message is not an authentication, it's a registration
  • 353: The provided challenge is not the same as the challenge signed in the assertion
  • 354: The origin in the client response is not in the restricted origins list
  • 356: Token binding in the client response does not match the expected value
  • 356: Token binding status missing from client response
  • 362: No passkey was found matching the supplied credential ID
  • 363: The passkey matching the supplied credential ID does not match the expected user
  • 364: The authentication credential is not in the allowed credentials list
  • 364: There is not user handle for this passkey and relying party ID found for the user
  • 365: The user handle in the assertion does not match the expected user handle
  • 372: Possible cloned authenticator. The signature counter is out of synch.
  • 382: The origin in the client response does not start with https
  • 383: The origin in the client response does not match the relying party ID
  • 384: Session data not provided
  • 386: Session data is missing the challenge
  • 387: Session data is missing the relying party ID
  • 394: Session data is missing authentication policy name
  • 395: Operation success/failure response data not provided
  • 397: Passkey authentication failed on the client
  • 398: Passkey authentication was cancelled on the client
  • 403: Passkey authentication timed out on the client
  • 502: The user associated with this authentication is not active- 2100: The user is locked. Authentication cannot proceed.
  • 2101: The user passkey modality is locked. Authentication cannot proceed.

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

Changed response : 200 OK

Passkey authentication completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userId}/biometrics/authentications/face

Return Type:

Changed response : 400 Bad Request

An error occurred - including the face match failing.

NOTE For convenience the updated user object is returned when there is a face match failure because it may contain updated information about the user lock state.

Possible error codes:

  • 8: Face algorithm not supported
  • 2005: The biometric type is not supported
  • 2006: The biometric subtype is not supported
  • 2100: The user is locked so authentication cannot be performed
  • 2101: The face modality is locked so authentication cannot be performed
  • 2102: The user is disabled so authentication cannot be performed
  • 2103: The presented biometric is disabled so authentication cannot be performed
  • 20114: Biometric data is not supplied in the request
  • 20115: The specified biometric type is not supported
  • 20120: An unexpected error occurred while generating face template
  • 20121: An error occurred while attempting to perform a face match
  • 20122: There is no suitable face data available for matching against the presented sample
  • 20123: The matching process data is missing from the request
  • 20124: The matching algorithm is missing from the request
  • 20125: The matching threshold must be between 0 and 1
  • 20126: The internal matching threshold must be between 0 and 1

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

Changed response : 200 OK

Face matched successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

DELETE /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/registrations/keyIds/{keyId}/ext

Return Type:

Changed response : 200 OK

User appkey(s) deleted successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userExtId}/totps/registrations/{policyName}/ext

Return Type:

Changed response : 201 Created

TOTP registration started successfully - QR code string created

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/appkeys/registrations/sessions/{sessionId}

Return Type:

Changed response : 200 OK

Appkey registration completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/passkeys/registrations

Return Type:

Changed response : 200 OK

Passkey registration completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/users/{userExtId}/totps/deregistrations/{policyName}/ext

Return Type:

Changed response : 200 OK

User TOTP deregistered successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/passkeys/authentications/sessions/{sessionId}

Return Type:

Changed response : 400 Bad Request

An error occurred either on the server or the client. Not all the error codes are listed here as there are many and a lot of them are unlikely to occur when integrating a validated passkey client.

NOTE For convenience the updated user object is returned when there is an authentication error because it may contain updated information about the user lock state.

Some of the more likely errors are:

  • 348: The passkey matching the supplied credential ID is not active
  • 352: The supplied client response message is not an authentication, it's a registration
  • 353: The provided challenge is not the same as the challenge signed in the assertion
  • 354: The origin in the client response is not in the restricted origins list
  • 356: Token binding in the client response does not match the expected value
  • 356: Token binding status missing from client response
  • 362: No passkey was found matching the supplied credential ID
  • 363: The passkey matching the supplied credential ID does not match the expected user
  • 364: The authentication credential is not in the allowed credentials list
  • 364: There is not user handle for this passkey and relying party ID found for the user
  • 365: The user handle in the assertion does not match the expected user handle
  • 372: Possible cloned authenticator. The signature counter is out of synch.
  • 382: The origin in the client response does not start with https
  • 383: The origin in the client response does not match the relying party ID
  • 388: Session data was provided but session management for this authentication is configured as internal
  • 395: Operation success/failure response data not provided
  • 397: Passkey authentication failed on the client
  • 398: Passkey authentication was cancelled on the client
  • 403: Passkey authentication timed out on the client
  • 502: The user associated with this authentication is not active- 2100: The user is locked. Authentication cannot proceed.
  • 2101: The user passkey modality is locked. Authentication cannot proceed.

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

Changed response : 200 OK

Passkey authentication completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/appkeys/authentications

Return Type:

Changed response : 400 Bad Request

An error occurred either on the server or the client. Not all the error codes are listed here as there are many and a lot of them are unlikely to occur when integrating a validated appkey client.

NOTE For convenience the updated user object is returned when there is an authentication error because it may contain updated information about the user lock state.

Some of the more likely errors are:

  • 502: The user associated with this authentication is not active- 1009: Session data not provided
  • 1011: Session data is missing the challenge
  • 1012: Session data is missing the relying party ID
  • 1017: The supplied client response message is not an authentication, it's a registration for example
  • 1026: The application on the client device is not registered in the trusted facets list of the appkey policy
  • 1029: The session challenge does not match the challenge in the client response
  • 1035: The appkey type is not supported- 1055: Session data is missing the policy
  • 1056: Session data is missing authentication policy name
  • 1058: No appkey was found which matched the appkey key ID supplied in the authentication assertion
  • 1059: The appkey referenced in the authentication assertion was not registered to the expected user
  • 1060: The appkey referenced in the authentication assertion is not active
  • 1061: Potential appkey clone detected, the signature count is lower than expected.
  • 1090: The single-shot challenge timestamp is outside the valid time window
  • 1091: Malformed authentication response message from the client
  • 1092: Client response message contains no authentication responses
  • 1093: Client response message contains multiple authentication responses
  • 1102: Malformed authentication failure response message from the client
  • 1104: The authentication failed on the client
  • 1105: The authentication was cancelled by the client
  • 1115: Operation success/failure response data not provided
  • 2100: The user is locked. Authentication cannot proceed.
  • 2101: The user appkey modality is locked. Authentication cannot proceed.

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

Changed response : 200 OK

Appkey authentication completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/appkeys/registrations

Return Type:

Changed response : 200 OK

Appkey registration completed successfully

  • Changed content type : application/json

  • Changed property user (object) > A user in an identity store.

  • Changed property summaryInfo (object) > Summary information about items registered to the user such as biometrics, device keys and passkeys.

  • Changed property devices (array)

Changed items (object): > Summary information about a device containing keys registered to the user. > > NOTE The device information is only available if the DEVICE_INFO extension is enabled in the appkey registration policy.

  • Added property invalidToken (boolean) > Present and true if the push notification token has been used for a previous push notification and is marked as unusable (invalid or unregistered).

  • Changed property keys (object) > A map of appkey types to list of key summary information where the key types are: > - DEVICE: A device appkey which authenticates the device without user input. > - BIOMETRIC: A biometric appkey which authenticates the user using a biometric. > List is here to support "more than one app keys of the same type" concept, but in most cases we expect the size of it will be one.

POST /api/identity-store/stores/{storeName}/appkeyConfig/{rpId}

Return Type:

Changed response : 200 OK

Appkey relying party configuration updated successfully in the store

  • Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

POST /api/identity-store/stores/{storeName}/appkeyConfig

Return Type:

Changed response : 201 Created

Store with new appkey config created successfully

  • Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

POST /api/identity-store/stores/{storeName}/totpPolicy/{policyName}

Return Type:

Changed response : 200 OK

TOTP policy configuration updated successfully in the store

  • Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

GET /api/identity-store/stores/{storeName}

Return Type:

Changed response : 200 OK

Store retrieved successfully

  • Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

POST /api/identity-store/stores/{storeName}

Request:

Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

Return Type:

Changed response : 200 OK

Store updated successfully

  • Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

POST /api/identity-store/stores/{storeName}/passkeyConfig

Return Type:

Changed response : 201 Created

Store with new passkey config created successfully

  • Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

POST /api/identity-store/stores

Request:

Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

Return Type:

Changed response : 201 Created

Store created successfully

  • Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

POST /api/identity-store/stores/{storeName}/totpPolicy

Return Type:

Changed response : 201 Created

Store with new TOTP policy created successfully

  • Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

POST /api/identity-store/stores/{storeName}/passkeyConfig/{rpId}

Return Type:

Changed response : 200 OK

Passkey relying party configuration updated successfully in the store

  • Changed content type : application/json

  • Changed property configuration (object) > Identity Store configuration settings. Contains global settings, user locking configuration and policies for face, appkey and passkey registration and authentication

  • Added property pushNotificationPolicies (object) > Map of Push Notification policies keyed by relying party ID. Required for push notifications.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Changes 2026.04.20
On This Page
Changes 2026.03.05What's NewPOST /api/identity-store/stores/{storeName}/users/{userId}/pushNotifications/relyingParties/{rpId}POST /api/identity-store/stores/{storeName}/users/{userExtId}/pushNotifications/relyingParties/{rpId}/extGET /api/identity-store/stores/{storeName}/users/{userId}/pushNotificationsGET /api/identity-store/stores/{storeName}/users/{userExtId}/pushNotifications/{id}/extGET /api/identity-store/stores/{storeName}/pushNotificationPolicy/{rpId}POST /api/identity-store/stores/{storeName}/pushNotificationPolicy/{rpId}DELETE /api/identity-store/stores/{storeName}/pushNotificationPolicy/{rpId}GET /api/identity-store/stores/{storeName}/users/{userExtId}/pushNotifications/extGET /api/identity-store/stores/{storeName}/users/{userId}/pushNotifications/{id}GET /api/identity-store/stores/{storeName}/pushNotifications/relyingPartiesPOST /api/identity-store/stores/{storeName}/pushNotificationPolicyDELETE /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/preferredDevices/extDELETE /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/preferredDevicesWhat's ChangedDELETE /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/preferredDevice/{deviceId}Return Type:DELETE /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/preferredDevice/{deviceId}/extReturn Type:GET /api/identity-store/events/queries/{executionId}/resultReturn Type:POST /api/identity-store/events/queries/startRequest:POST /api/identity-store/stores/{storeName}/users/{extId}/biometrics/{type}/extReturn Type:POST /api/identity-store/stores/{storeName}/usersRequest:Return Type:GET /api/process-manager/processTokensParameters:POST /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/preferredDevices/extReturn Type:POST /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/preferredDevicesReturn Type:POST /api/identity-store/stores/{storeName}/users/{userExtId}/biometrics/authentications/failure/extReturn Type:POST /api/identity-store/stores/{storeName}/users/{userId}/biometrics/authentications/failureReturn Type:GET /api/identity-store/stores/{storeName}/users/{userId}Return Type:POST /api/identity-store/stores/{storeName}/users/{userId}Request:Return Type:GET /api/identity-store/stores/{storeName}/users/{extId}/extReturn Type:POST /api/identity-store/stores/{storeName}/users/{extId}/extRequest:Return Type:POST /api/identity-store/stores/{storeName}/users/{userId}/biometrics/{type}Return Type:DELETE /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/registrations/keyIds/{keyId}Return Type:POST /api/identity-store/stores/{storeName}/users/{userId}/appkeys/relyingParties/{rpId}/deregistrationsReturn Type:POST /api/identity-store/stores/{storeName}/passkeys/registrations/sessions/{sessionId}Return Type:POST /api/identity-store/stores/{storeName}/users/{userId}/totps/registrations/{policyName}Return Type:POST /api/identity-store/stores/{storeName}/users/{userId}/totps/authentications/{policyName}Return Type:POST /api/identity-store/stores/{storeName}/users/{userExtId}/totps/authentications/{policyName}/extReturn Type:POST /api/identity-store/stores/{storeName}/users/{userId}/totps/deregistrations/{policyName}Return Type:POST /api/identity-store/stores/{storeName}/appkeys/authentications/sessions/{sessionId}Return Type:POST /api/identity-store/stores/{storeName}/users/{userExtId}/totps/registrations/{policyName}/complete/extReturn Type:POST /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/deregistrations/extReturn Type:POST /api/identity-store/stores/{storeName}/users/{userId}/totps/registrations/{policyName}/completeReturn Type:POST /api/identity-store/stores/{storeName}/users/{extId}/biometrics/authentications/face/extReturn Type:POST /api/identity-store/stores/{storeName}/passkeys/authenticationsReturn Type:POST /api/identity-store/stores/{storeName}/users/{userId}/biometrics/authentications/faceReturn Type:DELETE /api/identity-store/stores/{storeName}/users/{extUserId}/appkeys/relyingParties/{rpId}/registrations/keyIds/{keyId}/extReturn Type:POST /api/identity-store/stores/{storeName}/users/{userExtId}/totps/registrations/{policyName}/extReturn Type:POST /api/identity-store/stores/{storeName}/appkeys/registrations/sessions/{sessionId}Return Type:POST /api/identity-store/stores/{storeName}/passkeys/registrationsReturn Type:POST /api/identity-store/stores/{storeName}/users/{userExtId}/totps/deregistrations/{policyName}/extReturn Type:POST /api/identity-store/stores/{storeName}/passkeys/authentications/sessions/{sessionId}Return Type:POST /api/identity-store/stores/{storeName}/appkeys/authenticationsReturn Type:POST /api/identity-store/stores/{storeName}/appkeys/registrationsReturn Type:POST /api/identity-store/stores/{storeName}/appkeyConfig/{rpId}Return Type:POST /api/identity-store/stores/{storeName}/appkeyConfigReturn Type:POST /api/identity-store/stores/{storeName}/totpPolicy/{policyName}Return Type:GET /api/identity-store/stores/{storeName}Return Type:POST /api/identity-store/stores/{storeName}Request:Return Type:POST /api/identity-store/stores/{storeName}/passkeyConfigReturn Type:POST /api/identity-store/storesRequest:Return Type:POST /api/identity-store/stores/{storeName}/totpPolicyReturn Type:POST /api/identity-store/stores/{storeName}/passkeyConfig/{rpId}Return Type: