Poll

Use /poll to check the status of an Auth Request.

Request

Method:GET
Path:/v1/poll
Accept Types:application/json

Query String Parameters

auth_request:The unique identifier of the Auth Request
app_key:Your Service Key as specified in the dashboard
secret_key:Base64 encoded secret key.
signature:Base64 encoded RSA Signature of the Secret Key before being Base64 encoded for the secret_key value.

Example

GET /v1/poll?app_key=9999999999&auth_request=4yjuyyg59cqf2s890uhhhx3vmtgv115a&secret_key=qGp%2BBP88k4Sh0CbD8L7ERsu4gKNOnCAt0IB3vB0EoWy44jJiZo5nGS6sTR2VSxJ00l7zRvOIRKYi8pgWqurLEx%2B3W0s7xOFvjJeonuomixDc7Y5CMx5fCNkM6i1KCM%2FhDNpIp93uSCYCYvzuo6Gw6cJx0peG6UUyV%2B6%2Bvn%2F36bLq8fKn6WfKrywzTbBTh52ckvk2kiZiixIiWSyIDrkFDYrW3bwXJsgUrbzkC4vNLDaVGdN8JZYmerJ5fNFiEOUXuvt6mhHFgWfCRljgr3AZTN%2BsmOfNyYCBWU4WPjENyZAUXPIURW5FqqSfyJBnf1Fcf%2FxA%2FQRwiEISVJrWi3scfQ%3D%3D&signature=rk1mJeZ4GeqYZmpCZtZCW%2FD1qR5I69WxOeiLW5gELgSC5sFrsSzhxFdn%2BhkQvHWKWZr6gBAvmdDA63HFLdC9OHD9WxWjgClSUygxO%2F04RUFLS1mKaEfyf9DW8gLl7%2Fdp5wuvrIqZ7DJxfLWOQOZKY0L6gopZ6dYF8szfVs%2B50z%2F3xcl24KQZ1yz13YKB6S2ud3nJsifnp0%2FpqVqB%2BM56Tj5sCqFtel1kJmdY5ayVYBvC5SkzKdqAePcYKxDJm9KSM1mjuXKZ4wD%2BC04kq7qZx2XPGQHC5xf6pmLlZgYwCuk%2BynyWDDjxXAiVk5H1HZYKOmNbWJEQPk%2FIzfTazESFsg%3D%3D HTTP/1.1
Accept: application/json
Content-Length: 0

Pending Response

If a user has not responded to the request, a pending error response will be returned.

Status:400 Bad Request
Content Type:application/json

Body

JSON string with the following attributes:

successful:false
status_code:400
message:Pending response
message_code:70403
response:Null

Example

HTTP/1.1 400 Bad Request
Server:  nginx
Date: Sun, 10 Nov 2013 03:57:20 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 111
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubdomains

{"successful": false, "status_code": 400, "message": "Pending response", "message_code": 70403, "response": ""}

Complete Response

If a user has responded to the request, a non-error response with be returned with the data necessary to determine the user's response.

Status:200 OK
Content Type:application/json

Body

JSON string with the following attributes:

auth:

string Base64 encoded RSA encrypted JSON string. This data is the user response directly from their device. It is encrypted on the device. As such, the LaunchKey Platform API has no knowledge of the contents of the encrypted data. Once Base64 decoded, decrypt the result with the private key of the RSA public/private key pair associated with the service whose Service Key was included in the request. The resulting JSON will have the following attributes:

response:boolean The users response to the authorization request. true if approved and false if denied
auth_request:string Request-specific string used to match auth_request value returned from corresponding Auths call
device_id:string Unique identifier for the device the user used to respond to the Auth Request
app_pins:string A list of up to 5 codes separated with commas. The list is intended for for device validation in conjunction with a device_id. Devices will rotate out app pins as a queue, first in - first out (FIFO). As such, they are rotating shared secrets known only to the device and the service. App pins can be used to protect against a myriad of potential attacks. However, they do run the risk of devices getting "out of sync" and resulting in devices not being able to authenticate. If you implement auth pins in your solutions, you will need to build in a recovery mechanism to reset the known app pins and re-sync the device.
user_hash:

Hashed user identifier to track a specific user across every service. This value will be used by the Logout Callback to identify the user remotely requesting to end their Session.

organization_user:

string Optional - A string that uniquely identifies the user across the entire Organization to which the service whose Service Key was included in the request belongs. This will be returned if, and only if, the service belongs to an Organization.

user_push_id:

string Optional - The User Push ID for the user and service. This will be returned if, and only if, the originating Auths call passed a user_push_id with a value of 1.

Example

HTTP/1.1 200 OK
Server:  nginx
Date: Sun, 10 Nov 2013 03:57:20 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 448
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubdomains

{"user_hash": "5VeE21s5ZVI5vY8R5Lx9zOv1XnCSReQyFidc8r1C5iV", "auth": "hg7gSUbpI9Q3tv5sA2E285hZ76cKEsTnaioxgOSno6kWDIxCov7hgEB5pHa4g88Y\r\nkylEA7Q6IT8GfTEW6ZK/S+hzkR0L3eJJe+rGiv7wzch0sCzypTk7yOdV2N/9S+jy\r\nc/bUIAph8ICqJD97WZHqLUhljvm+zK7/dXetkPSULPvpM5J4IzUoRggEBLX6LrWF\r\nKtw3DLtpJlayoT9ZDecOLtiiDtEoUUGtC71u9jwekoxIu7Sy5v0VzF/3Zv7j+MSZ\r\nG9XUre4VM1CsdZ0IUl12TtbdDX7hDyqFRxKJAWDsJNFsJ0bVrP7tHP6/oeobT7AT\r\nFhCylnZmNjrLkUjGOaVApg=="}

Example Decrypted "auth"

{
    "response" : true,
    "app_pins" : "8106,6367,2124,6585,2357",
    "auth_request" : "dopkpq2oqhf9ej8uuud21geh6bwi9394",
    "device_id" : 1
}

User Contributed

LaunchKey links to user contributed code as a resource to its community. LaunchKey does not in any way guarantee or warrant the quality and security of these code bases. User contributed code is supported by the creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any way, please report that link to LaunchKey immediately and we will investigate the claim. Submit any issue to LaunchKey support at https://launchkey.com./support. ×