Profile Authentication Methods Management 🆕¶
Overview¶
Profile authentication methods endpoints allow users to manage their own authentication methods after successful reauthentication.
Note
These endpoints require an active API session and prior confirmation via the /profile/authentication/confirm endpoint which provides a temporary token.
Authentication Flow¶
Reauthenticate to obtain a confirmation token
Use the token in the
X-Auth-Confirmheader for all subsequent operationsToken validity: 10 minutes, extended with each use
Data Structures¶
Attribute |
Type |
Required |
Description |
|---|---|---|---|
|
string |
Read-only. Unique authentication method identifier. |
|
|
string {password, oath, extauth, sshkey, certificate, duo, sms, apikey, fido2} |
yes |
Immutable. Authentication method type. |
|
string |
Read-only. Protected. Uniqueness is required in the combination with |
|
|
string |
Optional description of the authentication method. |
|
|
number |
Uniqueness is required in the combination with |
|
|
boolean |
Read-only. |
|
|
string |
If |
Protected. Authentication secret. |
|
boolean |
Read-only. |
|
|
string |
If |
Read-only; expensive to use. |
|
string |
If |
Read-only; expensive to use. |
|
string |
If |
Read-only; expensive to use. |
|
string |
If |
Protected. |
|
string |
If |
Read-only; expensive to use. First four and last four characters of the API key. |
|
datetime |
If |
Expiration date and time for the API key. NULL means the key never expires. |
|
string |
If |
Read-only. |
|
string |
If |
Read-only. |
|
string |
If |
Read-only. |
|
string {HOTP, TOTP} |
If |
Immutable. OATH type. |
|
boolean |
If |
Default value |
|
string |
Protected. Value-regexp: ^[A-Z2-7]+$ |
|
|
number |
If |
Immutable. Value-range: [4, 16]. |
|
number {30, 45, 60, 90, 120, 180, 300} |
If |
Immutable. |
|
number |
If |
Read-only. Default value |
|
number |
If |
Read-only. Default value |
|
boolean |
If |
Default value |
|
string |
If |
Read-only. Protected. |
|
string |
If |
Read-only. Protected. |
|
string |
If |
Protected. |
|
boolean |
If |
Default value |
|
boolean |
If |
Default value |
|
number |
If |
|
|
string |
If |
Read-only; expensive to use. User’s SSH public key. |
|
string |
If |
Read-only. Base64url-encoded FIDO2 credential ID. |
|
string |
If |
Read-only. Base64url-encoded COSE public key. |
|
number |
If |
Read-only. Signature counter for clone detection. |
|
string |
If |
Read-only. Authenticator Attestation GUID. |
|
string |
If |
Read-only. Supported transports: usb, nfc, ble, internal, hybrid, smart-card. |
|
datetime |
Read-only. |
|
|
datetime |
Read-only. |
|
|
boolean |
Read-only. |
Retrieve Available Attributes of the Authentication MethodModel¶
Request
Method |
|
Path |
|
To check allowed methods, available URL parameters and possible responses please refer to the API Overview section.
Step 1: Obtain Reauthentication Token¶
Before accessing authentication methods, you must reauthenticate and obtain a confirmation token.
Request
Method |
|
Path |
|
Body |
|
Note
See section Authentication Confirmation 🆕 for the list of available ConfirmModel attributes.
POST /api/v2/profile/authentication/confirm
Example Request
curl -s -k -X POST \
-H 'Authorization: <token>' \
-H 'Content-Type: application/json' \
-d '{
"method": "password",
"password": "your_password"
}' \
'https://10.33.2.133/api/v2/profile/authentication/confirm'
Response
{
"userid": "5980780305148018689",
"username": "admin",
"user-domain": null,
"methodid": "5980780305148018690",
"user-privs": ["account-create", "account-read", ...],
"result": "success",
"token": "22d05aff6c39f9de8bdba340c31873edaaa6390dcff30137e91bbe0f23161179"
}
Note
Save the token value for use in subsequent requests. The token is valid for 10 minutes and its validity is extended with each use.
Step 2: List User’s Authentication Methods¶
Request
Method |
|
Path |
|
GET /api/v2/profile/authentication
Example Request
curl -s -k -X GET \
-H 'Authorization: <token>' \
-H 'X-Auth-Confirm: 22d05aff6c39f9de8bdba340c31873edaaa6390dcff30137e91bbe0f23161179' \
'https://10.33.2.133/api/v2/profile/authentication'
Response
{
"result": "success",
"authentication_method": [
{
"id": "5980780305148018689",
"type": "password",
"position": 0,
"external_sync": false,
"needs_change": false,
"created_at": "2026-06-03 12:11:03.338262-07",
"modified_at": "2026-06-03 12:11:15.629025-07"
},
{
"id": "5980780305148018691",
"type": "apikey",
"position": 2,
"external_sync": false,
"needs_change": false,
"created_at": "2026-06-03 12:11:16.0128-07",
"modified_at": "2026-06-03 12:11:16.0128-07"
},
{
"id": "5980780305148018698",
"type": "oath",
"position": 3,
"external_sync": false,
"needs_change": false,
"oath_type": "TOTP",
"oath_initialized": true,
"oath_tokenlen": 6,
"oath_timestep": 30,
"oath_counter": 0,
"oath_timeshift": 0,
"oath_reuse": true,
"created_at": "2026-06-05 00:37:05.628794-07",
"modified_at": "2026-06-05 00:37:05.629827-07"
}
]
}
Create Authentication Method¶
Request
Method |
|
Path |
|
Body |
|
POST /api/v2/profile/authentication
Example Request - Create OATH/TOTP
curl -s -k -X POST \
-H 'Authorization: <token>' \
-H 'X-Auth-Confirm: 22d05aff6c39f9de8bdba340c31873edaaa6390dcff30137e91bbe0f23161179' \
-H 'Content-Type: application/json' \
-d '{
"type": "oath",
"description": "Test OATH TOTP",
"oath_type": "TOTP",
"oath_initialized": true,
"oath_tokenlen": 6,
"oath_timestep": 30,
"oath_reuse": false,
"secret": "JBSWY3DPEHPK3PXP"
}' \
'https://10.33.2.133/api/v2/profile/authentication'
Response
{
"result": "success",
"authentication_method": {
"id": "5980780305148018705",
"oath_url": "otpauth://totp/admin?secret=XWHOXB6YRLMBPMWM5MG4FUHIHVX3SYSI&issuer=Fudo%20Security",
"oath_qrcode": "Qk1kbyUy..."
}
}
Note
When creating an OATH method, the response includes oath_url for authenticator apps and oath_qrcode as a base64-encoded QR code image.
Get Authentication Method by ID¶
Request
Method |
|
Path |
|
GET /api/v2/profile/authentication/<id>
Example Request
curl -s -k -X GET \
-H 'Authorization: <token>' \
-H 'X-Auth-Confirm: 22d05aff6c39f9de8bdba340c31873edaaa6390dcff30137e91bbe0f23161179' \
'https://10.33.2.133/api/v2/profile/authentication/5980780305148018705'
Response
{
"result": "success",
"authentication_method": {
"id": "5980780305148018705",
"type": "oath",
"description": "Test OATH TOTP",
"position": 4,
"external_sync": false,
"needs_change": false,
"oath_type": "TOTP",
"oath_initialized": true,
"oath_tokenlen": 6,
"oath_timestep": 30,
"oath_counter": 0,
"oath_timeshift": 0,
"oath_reuse": false,
"created_at": "2026-06-08 06:32:32.470217-07",
"modified_at": "2026-06-08 06:32:32.470217-07"
}
}
Update Authentication Method¶
Request
Method |
|
Path |
|
Body |
|
PATCH /api/v2/profile/authentication/<id>
Example Request
curl -s -k -X PATCH \
-H 'Authorization: <token>' \
-H 'X-Auth-Confirm: 22d05aff6c39f9de8bdba340c31873edaaa6390dcff30137e91bbe0f23161179' \
-H 'Content-Type: application/json' \
-d '{
"description": "Updated OATH Description",
"oath_reuse": true
}' \
'https://10.33.2.133/api/v2/profile/authentication/5980780305148018705'
Response
{
"result": "success"
}
Delete Authentication Method¶
Request
Method |
|
Path |
|
DELETE /api/v2/profile/authentication/<id>
Example Request
curl -s -k -X DELETE \
-H 'Authorization: <token>' \
-H 'X-Auth-Confirm: 22d05aff6c39f9de8bdba340c31873edaaa6390dcff30137e91bbe0f23161179' \
'https://10.33.2.133/api/v2/profile/authentication/5980780305148018705'
Response
{
"result": "success"
}
Invalidate Reauthentication Token¶
Request
Method |
|
Path |
|
Body |
|
POST /api/v2/profile/authentication/invalidate
Example Request
curl -s -k -X POST \
-H 'Authorization: <token>' \
-H 'Content-Type: application/json' \
-d '{
"method": "password",
"password": "user_password"
}' \
'https://10.33.2.133/api/v2/profile/authentication/invalidate'
Response
{
"result": "success"
}