API Code Two Factor Authentication Workflow


This section explains how to configure your web service to work with Spriv’s API Code Two Factor Authentication workflow.

First, create an account by clicking on “Sign UP” at https://m.spriv.com/ and logon. Start by configuring your company’s settings, such as callback URL, at “Settings” > “My Company” (for detailed information about configuring your company’s setting please click on ‘Managing your company 2FA Settings’. Once you’ve completed configuring your Company information, you can add users to Spriv’s platform by using AddUserToCompany. A crucial data pointer is the user’s cell phone number, which will be used by the SendInvitation command in order to send an invitation via SMS. The invitation pairs the user’s cell phone with the user’s username. The SMS pairing works by sending a unique 32 bit URL to the user. After receiving the unique URL via SMS, the user can complete the pairing in just two simple clicks. First click on the URL link and then click on the pair button.

Spriv will send push notification back to your server once the user successfully completes the pairing step. Once the user completes the pairing process, you can start authenticating the user. There are four authentication options. Below is a detailed explanation of each, including print screens and code samples.

  • Login Authentication by using AddLogin
  • Transaction authentication via Spriv’s application by using AddVerifcation
  • Transaction authentication via SMS by using AddVerifcation
  • TOTP authentication by using AddTotp

Integration with Spriv:

All communications are done using secure Https calls. Results are Jason based. The current version will always return Https Status 200 or 500. In order to know the exact http status code, extract the Code property from the returned json.

For your convenience a copy-past code samples are provided at the end of the page.

Add Users

Use the AddUserToCompany API to add a single user to your company. Upon successful completion you will get the ID of the new user. Later you can use this ID to send pairing SMS to that user.

POST https://m.spriv.com/wsM5.asmx/AddUserToCompany
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strAccount=AAATest&nClientID=10048&strFirstName=AAATest&strLastName=AAATest&strEmail=UserEmail&strPersonID=44&strMobilePhone=UserMobile&nStatusID=1&nStatusTimeout=0&bAsHTML=false

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strAccount User login String
nClientID Account’s company ID Integer
strFirstName User first name String
strLastName User last name String
strEmail User E-mail address String
strPersonID user ID on your company system String Can be empty string
strMobilePhone Account’s mobile phone number String
nStatusID Integer should be 1
nStatusTimeout Integer should be 0
bAsHTML Set output formatting as XML / HTML Boolean
C#
public async Task AddUser(string companyUserName, string companyPassword, string endUserName, int clientID, string firstName,
string lastName, string email, string personID, string mobileNumber)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strAccount", endUserName),
new KeyValuePair<string, string>("nClientID", clientID.ToString()),
new KeyValuePair<string, string>("strFirstName", firstName),
new KeyValuePair<string, string>("strLastName", lastName),
new KeyValuePair<string, string>("strEmail", email),
new KeyValuePair<string, string>("strPersonID", personID),
new KeyValuePair<string, string>("strMobilePhone", mobileNumber),
new KeyValuePair<string, string>("nStatusID", "1"),
new KeyValuePair<string, string>("nStatusTimeout", "0"),
new KeyValuePair<string, string>("bAsHTML", "false")
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddUserToCompany", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String addUser(String companyUserName, String companyPassword, String endUserName, int clientID, String firstName, 
							String lastName, String email, String personID, String mobileNumber) 
							throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddUserToCompany");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strAccount", endUserName));
		urlParameters.add(new BasicNameValuePair("nClientID", String.valueOf(clientID)));
		urlParameters.add(new BasicNameValuePair("strFirstName", firstName));
		urlParameters.add(new BasicNameValuePair("strLastName", lastName));
		urlParameters.add(new BasicNameValuePair("strEmail", email));
		urlParameters.add(new BasicNameValuePair("strPersonID", personID));
		urlParameters.add(new BasicNameValuePair("strMobilePhone", mobileNumber));
		urlParameters.add(new BasicNameValuePair("nStatusID", "1"));
		urlParameters.add(new BasicNameValuePair("nStatusTimeout", "0"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);

		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}

Return value samples:

On Success: Info will contain the new user ID at spriv system
{“Result”: “Success”, “Message”: “The operation completed successfully”, “Info”: “10340”}
On Error:
{“Result”: “Error”, “Message”: “The requested account already exists”, “Info”: “0”}

Update User

Use the UpdateCompanyEndUser API to update a single user. Upon successful completion you will get the ID of the new user. Later you can use this ID to send pairing SMS to that user.

POST https://m.spriv.com/wsM5.asmx/UpdateCompanyEndUser
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&lID=20364&strAccount=AAATest&nClientID=10048&strFirstName=AAATest&strLastName=AAATestNew&strEmail=UserEmail&strPersonID=44&strMobilePhone=UserMobile&nStatusID=1&nStatusTimeout=0&bPaired=False&bLockedOut=False

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
lID userID Integer
strAccount User login String
nClientID Account’s company ID Integer
strFirstName User first name String
strLastName User last name String
strEmail User E-mail address String
strPersonID user ID on your company system String Can be empty string
strMobilePhone Account’s mobile phone number String
nStatusID Integer should be 1
nStatusTimeout Integer should be 0
bPaired Boolean
bLockedOut Boolean
C#
public async Task UpdateUser(int userID, string companyUserName, string companyPassword, string endUserName, int clientID, string firstName,
string lastName, string email, string personID, string mobileNumber, bool isPaired, bool isLockedOut)
{
	using (HttpClient webClient = new HttpClient())
	{
		var content = new FormUrlEncodedContent(new[]
		{
			new KeyValuePair<string, string>("strUsername", companyUserName),
			new KeyValuePair<string, string>("strPassword", companyPassword),
			new KeyValuePair<string, string>("lID", userID.ToString()),
			new KeyValuePair<string, string>("strAccount", endUserName),
			new KeyValuePair<string, string>("nClientID", clientID.ToString()),
			new KeyValuePair<string, string>("strFirstName", firstName),
			new KeyValuePair<string, string>("strLastName", lastName),
			new KeyValuePair<string, string>("strEmail", email),
			new KeyValuePair<string, string>("strPersonID", personID),
			new KeyValuePair<string, string>("strMobilePhone", mobileNumber),
			new KeyValuePair<string, string>("nStatusID", "1"),
			new KeyValuePair<string, string>("nStatusTimeout", "0"),
			new KeyValuePair<string, string>("bPaired", isPaired.ToString()),
			new KeyValuePair<string, string>("bLockedOut", isLockedOut.ToString())
		});

		HttpResponseMessage result = await webClient.PostAsync(URL + "UpdateCompanyEndUser", content);
		return await result.Content.ReadAsStringAsync();
	}
}

public String UpdateUser (int userID, String companyUserName, String companyPassword, String endUserName, int clientID, String firstName, String lastName, String email, string personID, String mobileNumber, bool isPaired, bool isLockedOut)throws ClientProtocolException, IOException
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername ", companyUserName),
new KeyValuePair<string, string>("strPassword ", companyPassword),
new KeyValuePair<string, string>("lID ", String.valueOf(userID)),
new KeyValuePair<string, string>("strAccount ", endUserName),
new KeyValuePair<string, string>("nClientID ", String.valueOf(clientID)),
new KeyValuePair<string, string>("strFirstName ", firstName),
new KeyValuePair<string, string>("strLastName ", lastName),
new KeyValuePair<string, string>("strEmail ", email),
new KeyValuePair<string, string>("strPersonID ", personID),
new KeyValuePair<string, string>("strMobilePhone ",mobileNumber),
new KeyValuePair<string, string>("nStatusID ", “1”),
new KeyValuePair<string, string>("nStatusTimeout ", “0”),
new KeyValuePair<string, string>("bPaired ", String.valueOf(isPaired)),
new KeyValuePair<string, string>("bLockedOut ", String.valueOf(isLockedOut)),

                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "UpdateCompanyEndUser ", content);
return await result.Content.ReadAsStringAsync();
            }
        }

Return value samples:
On Success:
{“Result”: “Success”, “Message”: “Update Successful”, “Info”: “”}
On Error:
{“Result”: “Error”, “Message”: “The requested account doesn’t exist”, “Info”: “”}

Delete User
Use DeleteEndUserFromCompany to delete user from the system.

POST https://m.spriv.com/wsM5.asmx/DeleteEndUserFromCompany
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&lID=20364

 

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
lID userID Integer

 

C#
public async Task DeleteUser(int userID, string companyUserName, string companyPassword)
{
	using (HttpClient webClient = new HttpClient())
	{
		var content = new FormUrlEncodedContent(new[]
		{
			new KeyValuePair<string, string>("strUsername", companyUserName),
			new KeyValuePair<string, string>("strPassword", companyPassword),
			new KeyValuePair<string, string>("lID", userID.ToString())
		});

		HttpResponseMessage result = await webClient.PostAsync(URL + "DeleteEndUserFromCompany", content);
		return await result.Content.ReadAsStringAsync();
	}
}
publicStringDeleteUser(int userID, string companyUserName, string companyPassword)) throws ClientProtocolException, IOException
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername ", companyUserName),
new KeyValuePair<string, string>("strPassword ", companyPassword),
new KeyValuePair<string, string>("lID ", String.valueOf(userID)),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "DeleteEndUserFromCompany ", content);
return await result.Content.ReadAsStringAsync();
            }
        }

Return value samples:

On Success:
{“Result”: “Success”, “Message”: “The operation completed successfully”, “Info”: “”}

On Error:
{“Result”: “Error”, “Message”: “The requested account doesn’t exist”, “Info”: “”}

Pairing

Send a paring SMS to a Spriv user (SendInvitation). You must call AddUserToCompany API before calling this API. If a user is already paired to the system, calling to this API will unpair the user in addition to sending SMS.

POST https://m.spriv.com/wsM5.asmx/SendInvitation
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsers=10359

 

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
lID userID Integer

 

C#
public async Task SendInvitation(string companyUserName, string companyPassword, string endUserName)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsers", endUserName),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "SendInvitation", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String sendInvitation(String companyUserName, String companyPassword, String endUserIds) throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "SendInvitation");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsers", endUserIds));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}

Return value samples:

On Success:
{“Result”: “Success”, “Message”: “Invitations Sent”, “Info”: “”}
On Error:
{“Result”: “Error”, “Message”: “End user does not exists”, “Info”: “”}

Automate Two Factor Authentication

Login Authentication: (AddLogin) The fastest second factor authentication in the world. Upon login your user will get an authentication request sent to his phone, and have the option to Allow or Deny. If the user chooses to Allow Spriv may automate all future transaction if the same particular device fingerprint is identified near the phone.

 

POST https://m.spriv.com/wsM5.asmx/AddLogin
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsername=aaa&strPCFingerprint=Your+PC+Identifier%3A+Ex%3A+MAC+address+or+browser+user+agent&strIPAddress=10.0.0.102&strService=Your+service+description.+Ex%3A+Web+Access&nMethod=1&bAsHTML=false

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strEndUsername User Login String
strPCFingerprint Your PC Identifier: Ex: MAC address or
browser user agent
String
strIPAddress user IP address String
strService The login subject Ex: Web Access String
nMethod Integer should be 1
bAsHTML Boolean should be false
C#
public async Task Login(string companyUserName, string companyPassword, string endUserName)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strPCFingerprint",
                        "Your PC Identifier: Ex: MAC address or browser user agent"),
new KeyValuePair<string, string>("strIPAddress", _ipAddress),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "1"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddLogin", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String login(String companyUserName, String companyPassword, String endUserName) throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddLogin");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strPCFingerprint", "fe80::7171:ac2c:77af:e456%17"));
		urlParameters.add(new BasicNameValuePair("strIPAddress", "176.106.226.134"));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
	
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}

Return value samples:

On Success:
{“Code”: 206, “Message”: “Verifying”, “ID”: “0C54130CEDF14E64A4F195CC729B4042”}
On Error:
{“Code”: 401, “Message”: “Unauthorized”}

Two Factor Authentication Via Application

Transaction Authentication via Application: (AddVerfication nMethod=1) Present a custom message with an option to allow or deny. Spriv’s platform allows you to send an authentication message to the user with two options: Allow or Deny. Based on that, you can secure certain operations in your system. There is no option to automate Verification Request.

Do you want three-factor authentication that is as fast and requires the same user intervention as other platforms offer for two factor authentication? In cases where the user is automatically authenticated using Login Authentication, a Transaction Authentication step can be added. This allows three-factor authentication with the same speed and user intervention as other platforms provide for two-factor authentication. Isn’t that cool?

 

 

POST https://m.spriv.com/wsM5.asmx/AddVerification
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsername=aaa&strMessage=Put+your+verification+msg+here&strService=Your+service+description.+Ex%3A+Web+Access&nMethod=1&bAsHTML=false

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strEndUsername User Login String
strPCFingerprint Your PC Identifier: Ex: MAC address or
browser user agent
String
strIPAddress user IP address String
strService The login subject Ex: Web Access String
nMethod Integer should be 1
bAsHTML Boolean should be false
C#
public async Task Verify(string companyUserName, string companyPassword, string endUserName, string msg)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strMessage", msg),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "1"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddVerification", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String verify(String companyUserName, String companyPassword, String endUserName, String msg) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddVerification");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strMessage", msg));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

public String verify(String companyUserName, String companyPassword, String endUserName, String msg) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddVerification");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strMessage", msg));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

Return value samples:

On Success:
{“Code”: 206, “Message”: “Verifying”, “ID”: “0C54130CEDF14E64A4F195CC729B4042”}
On Error:
{“Code”: 401, “Message”: “Unauthorized”, “ID”: “D58F2AFBF48548DABC35ECD170FDB00F”}

Two Factor Authentication Via SMS

Transaction Authentication via SMS: (AddVerfication nMethod=2) Present a custom message with an option to reply “Yes” for approval or “No” to deny. Spriv’s platform allows you to send an authentication message to the user via SMS. There is no option to automate Verification Request.

 

POST https://m.spriv.com/wsM5.asmx/AddVerification
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue
Connection: Keep-Alive

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsername=aaa&strMessage=Put+your+verification+msg+here&strService=Your+service+description.+Ex%3A+Web+Access&nMethod=2&bAsHTML=false

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strEndUsername User Login String
strPCFingerprint Your PC Identifier: Ex: MAC address or
browser user agent
String
strIPAddress user IP address String
strService The login subject Ex: Web Access String
nMethod Integer should be 2
bAsHTML Boolean should be false
C#
public async Task Verify(string companyUserName, string companyPassword, string endUserName, string msg)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strMessage", msg),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "2"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddVerification", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String verify(String companyUserName, String companyPassword, String endUserName, String msg) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddVerification");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strMessage", msg));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "2"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

Return value samples:

On Success:
{“Code”: 206, “Message”: “Verifying”, “ID”: “0C54130CEDF14E64A4F195CC729B4042”}
On Error:
{“Code”: 401, “Message”: “Unauthorized”, “ID”: “D58F2AFBF48548DABC35ECD170FDB00F”}

TOTP Authentication

TOTP authentication: (AddTotp) Good old TOTP that we all are familiar with. Works just by having a battery in your mobile device. The TOTP authentication is using the username and the 6-digit code from Spriv’s mobile app. TOTP can be combined with AddLogin in order to provide a three-factor authentication that is as fast and has the same user intervention as other platforms provide for two-factor authentication.

 

 

 

POST https://m.spriv.com/wsM5.asmx/AddTotp
Content-Type: application/x-www-form-urlencoded
Host: m.spriv.com
Content-Length: xxx
Expect: 100-continue

Request:

strUsername=CompanyKey&strPassword=CompanySecret&strEndUsername=aaa&strKey=158400&strService=Your+service+description.+Ex%3A+Web+Access

Parameters:

Parameter Description Type Notes
strUsername Your API account username String
strPassword Your API account password String
strEndUsername User Login String
strPCFingerprint Your PC Identifier: Ex: MAC address or
browser user agent
String
strIPAddress user IP address String
strService The login subject Ex: Web Access String
nMethod Integer should be 1
bAsHTML Boolean should be false
C#
public async Task VerifyTotp(string companyUserName, string companyPassword, string endUserName,
string key)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strKey", key),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddTotp", content);
return await result.Content.ReadAsStringAsync();
            }
        }
public String verifyTotp(String companyUserName, String companyPassword, String endUserName, String key) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddTotp");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strKey", key));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);

		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

}

Return value samples:

On Success:
{“Code”: 200, “Message”: “OK”}
On Error:
{“Code”: 401, “Message”: “Wrong TOTP”}

Sample of the entire code

C#
C#
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Threading.Tasks;

namespace CompanyIntegration
{
internal class AddLoginReply
    {
public int Code { get; set; }
public string Message { get; set; }
public string ID { get; set; }

public override string ToString()
        {
return string.Format("Code: {0}, Message: {1}, ID: {2}", Code, Message, ID);
        }
    }

internal class SprivAdapter
    {
privateconst string URL = "https://m.spriv.com/wsM5.asmx/";

private static readonly string _ipAddress;
private string _transactionID;

static SprivAdapter()
        {
            _ipAddress = GetIPAddress();
        }


private static string GetIPAddress()
        {
string localIP = "?";
            IPHostEntry host = Dns.GetHostEntry(Dns.GetHostName());
foreach (IPAddress ip in host.AddressList)
            {
if (ip.AddressFamily.ToString() == "InterNetwork")
                {
localIP = ip.ToString();
                }
            }
return localIP;
        }

public async Task Login(string companyUserName, string companyPassword, string endUserName)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strPCFingerprint",
                        "Your PC Identifier: Ex: MAC address or browser user agent"),
new KeyValuePair<string, string>("strIPAddress", _ipAddress),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "1"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddLogin", content);
return await result.Content.ReadAsStringAsync();
            }
        }

public async Task Verify(string companyUserName, string companyPassword, string endUserName, string msg)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strMessage", msg),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
new KeyValuePair<string, string>("nMethod", "1"),
new KeyValuePair<string, string>("bAsHTML", "false"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddVerification", content);
return await result.Content.ReadAsStringAsync();
            }
        }

public async Task VerifyTotp(string companyUserName, string companyPassword, string endUserName,
string key)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsername", endUserName),
new KeyValuePair<string, string>("strKey", key),
new KeyValuePair<string, string>("strService", "Your service description. Ex: Web Access"),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddTotp", content);
return await result.Content.ReadAsStringAsync();
            }
        }

public async Task AddUser(string companyUserName, string companyPassword, string endUserName, int clientID, string firstName,
string lastName, string email, string personID, string mobileNumber)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strAccount", endUserName),
new KeyValuePair<string, string>("nClientID", clientID.ToString()),
new KeyValuePair<string, string>("strFirstName", firstName),
new KeyValuePair<string, string>("strLastName", lastName),
new KeyValuePair<string, string>("strEmail", email),
new KeyValuePair<string, string>("strPersonID", personID),
new KeyValuePair<string, string>("strMobilePhone", mobileNumber),
new KeyValuePair<string, string>("nStatusID", "1"),
new KeyValuePair<string, string>("nStatusTimeout", "0"),
new KeyValuePair<string, string>("bAsHTML", "false")
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "AddUserToCompany", content);
return await result.Content.ReadAsStringAsync();
            }
        }

public async Task SendInvitation(string companyUserName, string companyPassword, string endUserName)
        {
using (HttpClient webClient = new HttpClient())
            {
var content = new FormUrlEncodedContent(new[]
                {
new KeyValuePair<string, string>("strUsername", companyUserName),
new KeyValuePair<string, string>("strPassword", companyPassword),
new KeyValuePair<string, string>("strEndUsers", endUserName),
                });

                HttpResponseMessage result = await webClient.PostAsync(URL + "SendInvitation", content);
return await result.Content.ReadAsStringAsync();
            }
        }
    }
}
public class APIJavaExample {

	private String url = "https://m.spriv.com/wsM5.asmx/" ;
	
	public String addUser(String companyUserName, String companyPassword, String endUserName, int clientID, String firstName, 
							String lastName, String email, String personID, String mobileNumber) 
							throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddUserToCompany");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strAccount", endUserName));
		urlParameters.add(new BasicNameValuePair("nClientID", String.valueOf(clientID)));
		urlParameters.add(new BasicNameValuePair("strFirstName", firstName));
		urlParameters.add(new BasicNameValuePair("strLastName", lastName));
		urlParameters.add(new BasicNameValuePair("strEmail", email));
		urlParameters.add(new BasicNameValuePair("strPersonID", personID));
		urlParameters.add(new BasicNameValuePair("strMobilePhone", mobileNumber));
		urlParameters.add(new BasicNameValuePair("nStatusID", "1"));
		urlParameters.add(new BasicNameValuePair("nStatusTimeout", "0"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);

		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}
	
	public String sendInvitation(String companyUserName, String companyPassword, String endUserIds) throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "SendInvitation");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsers", endUserIds));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}
	
	public String login(String companyUserName, String companyPassword, String endUserName) throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddLogin");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strPCFingerprint", "fe80::7171:ac2c:77af:e456%17"));
		urlParameters.add(new BasicNameValuePair("strIPAddress", "176.106.226.134"));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
	
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
	}
	
	public String verify(String companyUserName, String companyPassword, String endUserName, String msg) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddVerification");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strMessage", msg));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		urlParameters.add(new BasicNameValuePair("nMethod", "1"));
		urlParameters.add(new BasicNameValuePair("bAsHTML", "false"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);
		
		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}
	
	public String verifyTotp(String companyUserName, String companyPassword, String endUserName, String key) 
			throws ClientProtocolException, IOException
	{
		HttpClient client = HttpClientBuilder.create().build();
		HttpPost post = new HttpPost(url + "AddTotp");
		
		List urlParameters = new ArrayList();
		urlParameters.add(new BasicNameValuePair("strUsername", companyUserName));
		urlParameters.add(new BasicNameValuePair("strPassword", companyPassword));
		urlParameters.add(new BasicNameValuePair("strEndUsername", endUserName));
		urlParameters.add(new BasicNameValuePair("strKey", key));
		urlParameters.add(new BasicNameValuePair("strService", "Your service description. Ex: Web Access"));
		
		post.setEntity(new UrlEncodedFormEntity(urlParameters));

		HttpResponse response = client.execute(post);

		BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
		StringBuffer result = new StringBuffer();
		String line = "";
		while ((line = rd.readLine()) != null) {
			result.append(line);
		}
		return result.toString();
		
	}

}