SurePassID Server API
- User Management & Provisioning
- Token Management & Provisioning
- User Authentication
- User Session Management
- FIDO (U2F, UAF, and FIDO2) authentication
- Windows WCF Service - Primarily for any native Windows client apps. Although this interface is still supported it is not longer being enhanced. We recommend using the REST/Json interface.
- REST/JSON interface -Â All other systems
Transaction State
To maintain the utmost level of efficiency and throughput, the API interface is a stateless interface. Each API request has no relationship to a previous request and you must maintain application state in your application.
Return Codes
Each API method returns at a minimum a return code and message. Some methods return additional information and the format of that information is described in subsequent sections.
Whitelisting Client Apps
The SurePassID cloud server allows you to whitelist IP's that can use the API to make requests to your account (tenant). Additionally, you can also whitelist IPs that can access the SurePassID portal.  We strongly recommend you implement this capability and whitelist any IP's that will make requests to you account.
This feature is also available for on-premises installations but it is usually not required because the SurePassID MFA server should not be accessible in the DMZ and be behind firewalls, WAFs, etc. and any access to the server should be behind a load balancer and/or reverse proxy.Â
Developer Support
For developers we offer a Postman collection that contains all the SurePassID API calls. You can download the Postman collection from your SurePassID account.Â
What you need to get started
Before you can start using the APIs you need (1) the account activation letter that was emailed to your company when you requested your account and (2) download sample code that are referenced in this document. The source code libraries are located in the SurePassID Git repositories, Confluence, and maven repositories. More on his later.
Account Activation
The activation letter contains your SAS id and password. These two pieces of information are required for almost all of the methods in the API. If you do not have a SurePassID account, you can request an account at the SurePassID web site (http://www.surepassid.com) or email sales@surepassid.com.