MIRACL Trust Backend API

# POST /activate/initiate

Creates an MPin Identity and receives an activation token used to activate the identity during the registration process.

# Endpoint authentication

  • Basic - The client ID and secret are used as a username:password pair for the HTTP Basic authentication of the request.
Authorization: "Basic <base64(clientId:clientSecret)>"

# Parameters

Name Type Required Description
userId Body True The user ID for which an identity with the service will be created
deviceName Body False A human readable name of the device on which the identity will be created

# Request example

curl \
    --request POST \
    --user "${clientId}:${clientSecret}"
    --data '{
        "userId":"test@example.com",
        "deviceName":"Test Device"
    }' \
    https://api.mpin.io/activate/initiate

# Response example

{
  "hashMPinId": "ce1eb5b2da42cd5ba0c5f46365e7df0afe44cd1ccf26d880749144cdaa444c6c",
  "actToken": "763c1005ca540c4db8e6811222c207ea",
  "expireTime": 1634890606,
  "redirectURI": ""
}

# POST /verification

This is a beta API and can be a subject of change!

Creates a Verification URL that can be used to enrol any device.

# Endpoint authentication

  • Basic - The client ID and secret are used as a username:password pair for the HTTP Basic authentication of the request.
Authorization: "Basic <base64(clientId:clientSecret)>"

# Parameters

Name Type Required Description
userId Body True The user ID for which an identity with the service will be created
deviceName Body False A human readable name of the device on which the identity will be created
expiration Body False The expiration of the verification URL that will be be generated
delivery Body True Constant, should always be “no”
# Authentication Session Parameters
Name Type Required Description
accessId Body False ID of the authentication session if there is one initiated
stage Body False The stage of the authentication
# OIDC Parameters
Name Type Required Description
clientId Body True
redirectURI Body False
scope Body False
state Body False
nonce Body False

# Request example

curl \
    --request POST \
    --user ${clientId}:${clientSecret} \
    --data '{
        "userId": "test@example.com",
        "deviceName": "Test Device",
        "clientId": "${clientId}",
        "redirectURI": "http://example.com/verification",
        "expiration": ${expiration},
        "scope": ["openid", "email"],
        "delivery": "no"
    }' \
    https://api.mpin.io/verification

# Response example

{
    "verificationURL": "https://api.mpin.io/verification/confirmation?client_id=XXX&code=XXX&redirect_uri=http://example.com/verification&stage=auth&user_id=test@example.com"
}

# GET /api/v1/customers/{customerId}/audit

Customer audit log

# Endpoint authentication

  • Basic - The client ID and secret are used as a username:password pair for the HTTP Basic authentication of the request.

# Parameters

Name Type Required Description
customerId Path True Customer ID
applicationId Query False Application ID
fromDate Query False Start date of the period
toDate Query False End date of the period
userId Query False User ID by which to filter the result set
mpinId Query False MPin ID by which to filter the result set
deviceName Query False Device name by which to filter the result set
offset Query False List offset
limit Query False List response limit

# Request example

curl -X GET --user "${clientId}:${clientSecret}" "https://api.mpin.io/api/v1/customers/${customerId}/audit?fromDate=2021-06-01T00:00:00Z&toDate=2021-07-01T00:00:00Z&userId=test%40example.com&limit=10&offset=0"

# Response example

{
  "total": 1,
  "list": [
    {
      "IPAddress": "87.227.194.151",
      "appID": "353f337f-ed78-4436-8f3c-5389ed83555c",
      "appName": "Test",
      "continent": "EU",
      "country": "UK",
      "createdAt": "2021-10-01T07:52:27.204579Z",
      "deviceName": "Chrome on Linux",
      "eventStatus": "authenticate_success",
      "eventType": "authentication",
      "mpinID": "c324f5e55e377de0343f37019ad5b77b8b01bdfee40014a54d76fd934e36a792",
      "userID": "test@example.com"
    }
  ]
}

# GET /api/v1/customers/{customerId}/mpinids

List MPin IDs

# Endpoint authentication

  • Basic - The client ID and secret are used as a username:password pair for the HTTP Basic authentication of the request.

# Parameters

Name Type Required Description
customerId Path True Customer ID
userId Query False User ID by which to filter the result set
revoked Query False Revocation status by which to filter the result set
offset Query False List offset
limit Query False List response limit

# Request example

curl -X GET --user "${clientId}:${clientSecret}" "https://api.mpin.io/api/v1/customers/${customerId}/mpinids?userId=test%40example.com&revoked=false&limit=10&offset=0"

# Response example

{
  "total": 1,
  "list": [
    {
      "mpinId": "c324f5e55e377de0343f37019ad5b77b8b01bdfee40014a54d76fd934e36a792",
      "customerId": "86cd3e64-f641-416a-bf80-64b9b7eef8ea",
      "userId": "test@example.com",
      "deviceName": "Chrome on Windows",
      "ip": "87.227.194.151",
      "country": "UK",
      "continent": "EU",
      "dvs": false,
      "createdAt": "2021-08-12T14:54:10.817054Z",
      "updatedAt": "2021-08-12T14:54:10.819274Z",
      "revoked": false
    }
  ]
}

# POST /api/v1/customers/{customerId}/mpinids/{mpinId}/revocation

Revoke an identity

# Endpoint authentication

  • Basic - The client ID and secret are used as a username:password pair for the HTTP Basic authentication of the request.

# Parameters

Name Type Required Description
customerId Path True Customer ID
mpinId Path True MPin ID to be revoked
reason Body False Reason for the revocation

# Request example

curl -X POST --user "${clientId}:${clientSecret}" --data '{"reason":"account expiration"}' https://api.mpin.io/api/v1/customers/${customerId}/mpinids/c324f5e55e377de0343f37019ad5b77b8b01bdfee40014a54d76fd934e36a792/revocation

# Response example

{
  "hashMPinID":"c324f5e55e377de0343f37019ad5b77b8b01bdfee40014a54d76fd934e36a792",
  "reason":"account expiration"
}

# POST /dvs/verify

Verify a signature produced by the MIRACL DVS scheme.

# Endpoint authentication

  • Basic - The client ID and secret are used as a username:password pair for the HTTP Basic authentication of the request.

# Parameters

Name Type Required Description
signature Body True Signature object
timestamp Body True Timestamp
type Body True Request type

# Request example

curl -X POST --user "${clientId}:${clientSecret}" --data '{"signature":{"hash":"74657374","u":"041f98fb7ba291883881de0b806dec08b05586dd47c56b6c123e37dcf4fe29d888160b2f53582a78df34329e22867863b633d59d1c043719998651ad2b88060378","v":"040120e4ed4054327e44f39f303ab1b6106d4a8b45986e8b17e3061a3a877628331a087da40ed5777163f60fd384bbbd2d41bb1188f10cd9f04ea47332f0fe89b4","mpinId":"7b22696174223a313634393430343334372c22757365724944223a226976616e2e746f64696e6f76406d697261636c2e636f6d222c22634944223a2238366364336536342d663634312d343136612d626638302d363462396237656566386561222c2273616c74223a22686c566a4b6c4851326b534b304a6542716244305867222c2276223a352c2273636f7065223a5b22647673225d2c22647461223a5b5d2c227674223a22647673227d","publicKey":"17e94f0538c772fc1b6542ffc014d2593b91e65745c4c05333c3d860cbe3c0c2070ec55a66201e1c3962e5230f3334579aaff5f82d4b9c4f0a0c016c57943f32160c1bbc4abed6bffe473b9fe966cb9f49f07bcae1051b6df20079fb15975c8e0a6bd6e09c332a6b59c4f998469bd162522379b1bc1d2faab5c7527163179b3e","dtas":"WyJjNWE0MjIyYTBhN2JiY2ZlNmVhNWI0MTRmMWIwMmFhNTUxN2VkZGFiZTU1ZDBhZDQ1YjZhOGFmMjUzMTk1Yzc1IiwiN2ZmYjFmODE1YWNkMGE4YjMxM2JkZDk1NjQ0MDExODRmNzZkZTgxYThkNDgxZjg5NzVlMDU4ZjM2YjU2MTZmYiJd"},"timestamp":1649401561,"type":"verification"}' https://api.mpin.io/dvs/verify

# Response example

{
  "certificate":"eyJhbGciOiJSUzI1NiIsImtpZCI6InMxIn0.eyJjQXQiOjE2NDk0MDQ1ODAsImV4cCI6MTY0OTQwNDU5MCwiaGFzaCI6Ijc0NjU3Mzc0In0.BoMXXJVdiJ3TNQ1m_qz2GMo9J9EniUHJz14XMmVOBJPBWjw6UWTn2G2henNOauB7t6oBqqtLhRudLr3KY1kLgWorOSXlvISoZicEFGsmUfEXS-hxP3d01acE0cRnqMmi1Au4VXbREdwLy7I7Cwb4ptLrziYvkEVh7KdbAMsD6Bw"
}