API Code Two Factor Authentication Workflow


This section explains how to integrate your web service with Spriv’s API Code workflow. Prerequisites:  create an account for your company. How to create a free account: Getting Started.

First complete the Getting Started steps and start the API phase by adding a username (AddUserToCompany), once the username is added you should pair (SendInvitation) that username with the user’s phone. The pairing process identify for Spriv which username is using a particular phone so that Spriv will be able to send authentication push notification to that user’s phone.

Users management can be automated by using the API options: “Delete user” (DeleteEndUserFromCompany) and “Edit User” (UpdateCompanyEndUser).

Once the pairing completes successfully you can start authenticating the users with the Two Factor Authentication methods:

  1. Adaptive Two Factor Authentication: AddLogin
  2. Allow/Deny Push Notification: AddVerifcation: nMethod=1
  3. Two Way SMS Authentication: AddVerifcation: nMethod=2
  4. TOTP Authentication: AddTotp

 

Integration with Spriv:

All communications are done using secure Https calls. Results are Jason based. The current version will always return Https Status 200 or 500. In order to know the exact http status code, extract the Code property from the returned json.

For your convenience a copy-past code samples are provided at the end of the page.

Add Users

Use the AddUserToCompany API to add a single user to your company. Upon successful completion you will get the ID of the new user. Later you can use this ID to send pairing SMS to that user.

POST https://m.spriv.com/wsM5.asmx/AddUserToCompany
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strAccount=AAATest&nClientID=10048&strFirstName=AAATest&strLastName=AAATest&strEmail=UserEmail&strPersonID=44&strMobilePhone=UserMobile&nStatusID=1&nStatusTimeout=0&bAsHTML=false

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strAccount User login String
nClientID Account’s company ID Integer
strFirstName User first name String
strLastName User last name String
strEmail User E-mail address String
strPersonID user ID on your company system String Can be empty string
strMobilePhone Account’s mobile phone number String
nStatusID Integer should be 1
nStatusTimeout Integer should be 0
bAsHTML Set output formatting as XML / HTML Boolean
C#
public async Task AddUser(string companyUserName, string companyPassword, string endUserName, int clientID, string firstName,
string lastName, string email, string personID, string mobileNumber)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strAccount", endUserName),
new KeyValuePair<string, string>("nClientID", clientID.ToString()),
new KeyValuePair<string, string>("strFirstName", firstName),
new KeyValuePair<string, string>("strLastName", lastName),
new KeyValuePair<string, string>("strEmail", email),
new KeyValuePair<string, string>("strPersonID", personID),
new KeyValuePair<string, string>("strMobilePhone", mobileNumber),
new KeyValuePair<string, string>("nStatusID", "1"),
new KeyValuePair<string, string>("nStatusTimeout", "0"),
new KeyValuePair<string, string>("bAsHTML", "false")
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddUserToCompany", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String addUser(String companyUserName, String companyPassword, String endUserName, int clientID, String firstName, 
							String lastName, String email, String personID, String mobileNumber) 
							throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddUserToCompany");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strAccount", endUserName));
		urlParameters.add(new BasicNameValuePair("nClientID", String.valueOf(clientID)));
		urlParameters.add(new BasicNameValuePair("strFirstName", firstName));
		urlParameters.add(new BasicNameValuePair("strLastName", lastName));
		urlParameters.add(new BasicNameValuePair("strEmail", email));
		urlParameters.add(new BasicNameValuePair("strPersonID", personID));
		urlParameters.add(new BasicNameValuePair("strMobilePhone", mobileNumber));
		urlParameters.add(new BasicNameValuePair("nStatusID", "1"));
		urlParameters.add(new BasicNameValuePair("nStatusTimeout", "0"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);

		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}

Return value samples:

On Success: Info will contain the new user ID at spriv system
{“Result”: “Success”, “Message”: “The operation completed successfully”, “Info”: “10340”}
On Error:
{“Result”: “Error”, “Message”: “The requested account already exists”, “Info”: “0”}

Update User

Use the UpdateCompanyEndUser API to update a single user. Upon successful completion you will get the ID of the new user. Later you can use this ID to send pairing SMS to that user.

POST https://m.spriv.com/wsM5.asmx/UpdateCompanyEndUser
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&lID=20364&strAccount=AAATest&nClientID=10048&strFirstName=AAATest&strLastName=AAATestNew&strEmail=UserEmail&strPersonID=44&strMobilePhone=UserMobile&nStatusID=1&nStatusTimeout=0&bPaired=False&bLockedOut=False

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
lID userID Integer
strAccount User login String
nClientID Account’s company ID Integer
strFirstName User first name String
strLastName User last name String
strEmail User E-mail address String
strPersonID user ID on your company system String Can be empty string
strMobilePhone Account’s mobile phone number String
nStatusID Integer should be 1
nStatusTimeout Integer should be 0
bPaired Boolean
bLockedOut Boolean
C#
public async Task UpdateUser(int userID, string companyUserName, string companyPassword, string endUserName, int clientID, string firstName,
string lastName, string email, string personID, string mobileNumber, bool isPaired, bool isLockedOut)
{
	using (HttpClient webClient = new HttpClient())
	{
		var content = new FormUrlEncodedContent(new[]
		{
			new KeyValuePair<string, string>("strUsername", companyUserName),
			new KeyValuePair<string, string>("strPassword", companyPassword),
			new KeyValuePair<string, string>("lID", userID.ToString()),
			new KeyValuePair<string, string>("strAccount", endUserName),
			new KeyValuePair<string, string>("nClientID", clientID.ToString()),
			new KeyValuePair<string, string>("strFirstName", firstName),
			new KeyValuePair<string, string>("strLastName", lastName),
			new KeyValuePair<string, string>("strEmail", email),
			new KeyValuePair<string, string>("strPersonID", personID),
			new KeyValuePair<string, string>("strMobilePhone", mobileNumber),
			new KeyValuePair<string, string>("nStatusID", "1"),
			new KeyValuePair<string, string>("nStatusTimeout", "0"),
			new KeyValuePair<string, string>("bPaired", isPaired.ToString()),
			new KeyValuePair<string, string>("bLockedOut", isLockedOut.ToString())
		});

		HttpResponseMessage result = await webClient.PostAsync(URL + "UpdateCompanyEndUser", content);
		return await result.Content.ReadAsStringAsync();
	}
}

public String UpdateUser (int userID, String companyUserName, String companyPassword, String endUserName, int clientID, String firstName, String lastName, String email, string personID, String mobileNumber, bool isPaired, bool isLockedOut)throws ClientProtocolException, IOException
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername ", companyUserName),
new KeyValuePair<string, string>("strPassword ", companyPassword),
new KeyValuePair<string, string>("lID ", String.valueOf(userID)),
new KeyValuePair<string, string>("strAccount ", endUserName),
new KeyValuePair<string, string>("nClientID ", String.valueOf(clientID)),
new KeyValuePair<string, string>("strFirstName ", firstName),
new KeyValuePair<string, string>("strLastName ", lastName),
new KeyValuePair<string, string>("strEmail ", email),
new KeyValuePair<string, string>("strPersonID ", personID),
new KeyValuePair<string, string>("strMobilePhone ",mobileNumber),
new KeyValuePair<string, string>("nStatusID ", “1”),
new KeyValuePair<string, string>("nStatusTimeout ", “0”),
new KeyValuePair<string, string>("bPaired ", String.valueOf(isPaired)),
new KeyValuePair<string, string>("bLockedOut ", String.valueOf(isLockedOut)),

                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "UpdateCompanyEndUser ", content);
return await result.Content.ReadAsStringAsync();
            }
        }

Return value samples:
On Success:
{“Result”: “Success”, “Message”: “Update Successful”, “Info”: “”}
On Error:
{“Result”: “Error”, “Message”: “The requested account doesn’t exist”, “Info”: “”}

Delete User
Use DeleteEndUserFromCompany to delete user from the system.

POST https://m.spriv.com/wsM5.asmx/DeleteEndUserFromCompany
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&lID=20364

 

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
lID userID Integer

 

C#
public async Task DeleteUser(int userID, string companyUserName, string companyPassword)
{
	using (HttpClient webClient = new HttpClient())
	{
		var content = new FormUrlEncodedContent(new[]
		{
			new KeyValuePair<string, string>("strUsername", companyUserName),
			new KeyValuePair<string, string>("strPassword", companyPassword),
			new KeyValuePair<string, string>("lID", userID.ToString())
		});

		HttpResponseMessage result = await webClient.PostAsync(URL + "DeleteEndUserFromCompany", content);
		return await result.Content.ReadAsStringAsync();
	}
}
publicStringDeleteUser(int userID, string companyUserName, string companyPassword)) throws ClientProtocolException, IOException
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername ", companyUserName),
new KeyValuePair<string, string>("strPassword ", companyPassword),
new KeyValuePair<string, string>("lID ", String.valueOf(userID)),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "DeleteEndUserFromCompany ", content);
return await result.Content.ReadAsStringAsync();
            }
        }

Return value samples:

On Success:
{“Result”: “Success”, “Message”: “The operation completed successfully”, “Info”: “”}

On Error:
{“Result”: “Error”, “Message”: “The requested account doesn’t exist”, “Info”: “”}

Pairing

Send a paring SMS to a Spriv user (SendInvitation). You must call AddUserToCompany API before calling this API. If a user is already paired to the system, calling to this API will unpair the user in addition to sending SMS.

A crucial data pointer is the user’s cell phone number and Email address, which will be used by the SendInvitation command in order to send an invitation via SMS and Email. The invitation pairs the user’s cell phone with the user’s username. The SMS|Email pairing works by sending a unique 32 bit URL to the user. After receiving the unique URL via SMS|Email, the user can complete the pairing in just two simple clicks:  Click on the URL link and then click on the pair button.

Spriv will send push notification back to your server once the user successfully completes the pairing step and at that point you can start authenticating the user. More information about pairing.

Video: How the pairing process works?

POST https://m.spriv.com/wsM5.asmx/SendInvitation
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsers=10359

 

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
lID userID Integer

 

C#
public async Task SendInvitation(string companyUserName, string companyPassword, string endUserName)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsers", endUserName),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "SendInvitation", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String sendInvitation(String companyUserName, String companyPassword, String endUserIds) throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "SendInvitation");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsers", endUserIds));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}

Return value samples:

On Success:
{“Result”: “Success”, “Message”: “Invitations Sent”, “Info”: “”}
On Error:
{“Result”: “Error”, “Message”: “End user does not exists”, “Info”: “”}

Adaptive Two Factor Authentication

Login Authentication: (AddLogin) The fastest second factor authentication in the world. Upon login your user will get an authentication request sent to his phone, and have the option to Allow or Deny. If the user chooses to Allow Spriv may automate all future transaction if the same particular device fingerprint is identified near the phone.

 

POST https://m.spriv.com/wsM5.asmx/AddLogin
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsername=aaa&strPCFingerprint=Your+PC+Identifier%3A+Ex%3A+MAC+address+or+browser+user+agent&strIPAddress=10.0.0.102&strService=Your+service+description.+Ex%3A+Web+Access&nMethod=1&bAsHTML=false

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strEndUsername User Login String
strPCFingerprint Your PC Identifier: Ex: MAC address or
browser user agent
String
strIPAddress user IP address String
strService The login subject Ex: Web Access String
nMethod Integer should be 1
bAsHTML Boolean should be false
C#
public async Task Login(string companyUserName, string companyPassword, string endUserName)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strPCFingerprint",
                        "Your PC Identifier: Ex: MAC address or browser user agent"),
new KeyValuePair<string, string>("strIPAddress", _ipAddress),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "1"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddLogin", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String login(String companyUserName, String companyPassword, String endUserName) throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddLogin");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strPCFingerprint", "fe80::7171:ac2c:77af:e456%17"));
		urlParameters.add(new BasicNameValuePair("strIPAddress", "176.106.226.134"));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
	
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}

Return value samples:

On Success:
{“Code”: 206, “Message”: “Verifying”, “ID”: “0C54130CEDF14E64A4F195CC729B4042”}
On Error:
{“Code”: 401, “Message”: “Unauthorized”}

Allow / Deny Push Notification

Transaction Authentication via Application: (AddVerfication nMethod=1) Present a custom message with an option to allow or deny. Spriv’s platform allows you to send an authentication message to the user with two options: Allow or Deny. Based on that, you can secure certain operations in your system. There is no option to automate Verification Request.

 

 

POST https://m.spriv.com/wsM5.asmx/AddVerification
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsername=aaa&strMessage=Put+your+verification+msg+here&strService=Your+service+description.+Ex%3A+Web+Access&nMethod=1&bAsHTML=false

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strEndUsername User Login String
strPCFingerprint Your PC Identifier: Ex: MAC address or
browser user agent
String
strIPAddress user IP address String
strService The login subject Ex: Web Access String
nMethod Integer should be 1
bAsHTML Boolean should be false
C#
public async Task Verify(string companyUserName, string companyPassword, string endUserName, string msg)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strMessage", msg),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "1"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddVerification", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String verify(String companyUserName, String companyPassword, String endUserName, String msg) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddVerification");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strMessage", msg));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

public String verify(String companyUserName, String companyPassword, String endUserName, String msg) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddVerification");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strMessage", msg));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

Return value samples:

On Success:
{“Code”: 206, “Message”: “Verifying”, “ID”: “0C54130CEDF14E64A4F195CC729B4042”}
On Error:
{“Code”: 401, “Message”: “Unauthorized”, “ID”: “D58F2AFBF48548DABC35ECD170FDB00F”}

Two Way SMS Authentication

Transaction Authentication via SMS: (AddVerfication nMethod=2) Present a custom SMS message that required a “YES” reply from the user’s mobile phone in order to successfully complete authentication. There is no option to automate Verification Request.

 

POST https://m.spriv.com/wsM5.asmx/AddVerification
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsername=aaa&strMessage=Put+your+verification+msg+here&strService=Your+service+description.+Ex%3A+Web+Access&nMethod=2&bAsHTML=false

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strEndUsername User Login String
strPCFingerprint Your PC Identifier: Ex: MAC address or
browser user agent
String
strIPAddress user IP address String
strService The login subject Ex: Web Access String
nMethod Integer should be 2
bAsHTML Boolean should be false
C#
public async Task Verify(string companyUserName, string companyPassword, string endUserName, string msg)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strMessage", msg),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "2"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddVerification", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String verify(String companyUserName, String companyPassword, String endUserName, String msg) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddVerification");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strMessage", msg));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "2"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

Return value samples:

On Success:
{“Code”: 206, “Message”: “Verifying”, “ID”: “0C54130CEDF14E64A4F195CC729B4042”}
On Error:
{“Code”: 401, “Message”: “Unauthorized”, “ID”: “D58F2AFBF48548DABC35ECD170FDB00F”}

TOTP Authentication

TOTP authentication: (AddTotp) Good old TOTP that we all are familiar with. Works just by having a battery in your mobile device. The TOTP authentication is using the username and the 6-digit code from Spriv’s mobile app. TOTP can be combined with AddLogin in order to provide a three-factor authentication that is as fast and has the same user intervention as other platforms provide for two-factor authentication.

 

 

 

POST https://m.spriv.com/wsM5.asmx/AddTotp
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsername=aaa&strKey=158400&strService=Your+service+description.+Ex%3A+Web+Access

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strEndUsername User Login String
strPCFingerprint Your PC Identifier: Ex: MAC address or
browser user agent
String
strIPAddress user IP address String
strService The login subject Ex: Web Access String
nMethod Integer should be 1
bAsHTML Boolean should be false
C#
public async Task VerifyTotp(string companyUserName, string companyPassword, string endUserName,
string key)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strKey", key),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddTotp", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String verifyTotp(String companyUserName, String companyPassword, String endUserName, String key) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddTotp");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strKey", key));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);

		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

}

Return value samples:

On Success:
{“Code”: 200, “Message”: “OK”}
On Error:
{“Code”: 401, “Message”: “Wrong TOTP”}

Sample of the entire code

C#
C#
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Threading.Tasks;

namespace CompanyIntegration
{
internal class AddLoginReply
    {
public int Code { get; set; }
public string Message { get; set; }
public string ID { get; set; }

public override string ToString()
        {
return string.Format("Code: {0}, Message: {1}, ID: {2}", Code, Message, ID);
        }
    }

internal class SprivAdapter
    {
privateconst string URL = "https://m.spriv.com/wsM5.asmx/";

private static readonly string _ipAddress;
private string _transactionID;

static SprivAdapter()
        {
            _ipAddress = GetIPAddress();
        }


private static string GetIPAddress()
        {
string localIP = "?";
            IPHostEntry host = Dns.GetHostEntry(Dns.GetHostName());
foreach (IPAddress ip in host.AddressList)
            {
if (ip.AddressFamily.ToString() == "InterNetwork")
                {
localIP = ip.ToString();
                }
            }
return localIP;
        }

public async Task Login(string companyUserName, string companyPassword, string endUserName)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strPCFingerprint",
                        "Your PC Identifier: Ex: MAC address or browser user agent"),
new KeyValuePair<string, string>("strIPAddress", _ipAddress),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "1"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddLogin", content);
return await result.Content.ReadAsStringAsync();
            }
        }

public async Task Verify(string companyUserName, string companyPassword, string endUserName, string msg)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strMessage", msg),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "1"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddVerification", content);
return await result.Content.ReadAsStringAsync();
            }
        }

public async Task VerifyTotp(string companyUserName, string companyPassword, string endUserName,
string key)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strKey", key),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddTotp", content);
return await result.Content.ReadAsStringAsync();
            }
        }

public async Task AddUser(string companyUserName, string companyPassword, string endUserName, int clientID, string firstName,
string lastName, string email, string personID, string mobileNumber)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strAccount", endUserName),
new KeyValuePair<string, string>("nClientID", clientID.ToString()),
new KeyValuePair<string, string>("strFirstName", firstName),
new KeyValuePair<string, string>("strLastName", lastName),
new KeyValuePair<string, string>("strEmail", email),
new KeyValuePair<string, string>("strPersonID", personID),
new KeyValuePair<string, string>("strMobilePhone", mobileNumber),
new KeyValuePair<string, string>("nStatusID", "1"),
new KeyValuePair<string, string>("nStatusTimeout", "0"),
new KeyValuePair<string, string>("bAsHTML", "false")
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddUserToCompany", content);
return await result.Content.ReadAsStringAsync();
            }
        }

public async Task SendInvitation(string companyUserName, string companyPassword, string endUserName)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsers", endUserName),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "SendInvitation", content);
return await result.Content.ReadAsStringAsync();
            }
        }
    }
}
public class APIJavaExample {

	private String url = "https://m.spriv.com/wsM5.asmx/" ;
	
	public String addUser(String companyUserName, String companyPassword, String endUserName, int clientID, String firstName, 
							String lastName, String email, String personID, String mobileNumber) 
							throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddUserToCompany");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strAccount", endUserName));
		urlParameters.add(new BasicNameValuePair("nClientID", String.valueOf(clientID)));
		urlParameters.add(new BasicNameValuePair("strFirstName", firstName));
		urlParameters.add(new BasicNameValuePair("strLastName", lastName));
		urlParameters.add(new BasicNameValuePair("strEmail", email));
		urlParameters.add(new BasicNameValuePair("strPersonID", personID));
		urlParameters.add(new BasicNameValuePair("strMobilePhone", mobileNumber));
		urlParameters.add(new BasicNameValuePair("nStatusID", "1"));
		urlParameters.add(new BasicNameValuePair("nStatusTimeout", "0"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);

		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}
	
	public String sendInvitation(String companyUserName, String companyPassword, String endUserIds) throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "SendInvitation");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsers", endUserIds));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}
	
	public String login(String companyUserName, String companyPassword, String endUserName) throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddLogin");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strPCFingerprint", "fe80::7171:ac2c:77af:e456%17"));
		urlParameters.add(new BasicNameValuePair("strIPAddress", "176.106.226.134"));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
	
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}
	
	public String verify(String companyUserName, String companyPassword, String endUserName, String msg) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddVerification");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strMessage", msg));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}
	
	public String verifyTotp(String companyUserName, String companyPassword, String endUserName, String key) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddTotp");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strKey", key));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);

		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

}