Apiture Developers Apiture Developers

Menu

  • Explore API Banking
    • API Digital Banking
    • Embedded Banking
    • Contact Us
  • Developers
    • Quick Start Guide
    • API Reference
    • Embedded Banking
    • Events Reference
    • Authenticated Portal
Log In / Register
Apiture Developers Apiture Developers
Log In / Register
Apiture Developers

Menu

  • Explore API Banking
    • API Digital Banking
    • Embedded Banking
    • Contact Us
  • Developers
    • Quick Start Guide
    • API Reference
    • Embedded Banking
    • Events Reference
    • Authenticated Portal

API Documentation

  • folder icon closed folder iconGetting Started
  • folder icon closed folder iconConcepts
    • API Keys
    • Authorization and Authentication
    • Access Tokens
    • Resources and URI Structure
    • Resource Collections
    • Resource Sets
    • Scopes & Entitlements
    • Error Responses
    • Error Types
    • Markdown
    • Idempotent Operations
    • Collection Pagination
    • Collection Filtering
    • Transfers
    • Identity Challenges
  • folder icon closed folder iconGuides
    • Authenticate Users in your App using OpenID Connect
    • Authenticate using OAuth 2.0 Client Credentials Flow
    • Getting a List of Accounts
    • Listing the Balances for Accounts
    • Using Pagination
    • Creating a One-Time Transfer
    • Listing Transfers
    • Completing an Identity Challenge
  • folder icon closed folder iconAPI Reference
  • folder icon closed folder iconRelease Notes

API Documentation

  • folder icon closed folder iconGetting Started
  • folder icon closed folder iconConcepts
    • API Keys
    • Authorization and Authentication
    • Access Tokens
    • Resources and URI Structure
    • Resource Collections
    • Resource Sets
    • Scopes & Entitlements
    • Error Responses
    • Error Types
    • Markdown
    • Idempotent Operations
    • Collection Pagination
    • Collection Filtering
    • Transfers
    • Identity Challenges
  • folder icon closed folder iconGuides
    • Authenticate Users in your App using OpenID Connect
    • Authenticate using OAuth 2.0 Client Credentials Flow
    • Getting a List of Accounts
    • Listing the Balances for Accounts
    • Using Pagination
    • Creating a One-Time Transfer
    • Listing Transfers
    • Completing an Identity Challenge
  • folder icon closed folder iconAPI Reference
  • folder icon closed folder iconRelease Notes

Identity Challenges

Identity challenges are used as additional protection to verify the user’s identity. They are used during actions that require more security, such as changing an address or creating a transfer. Unlike multi-factor authentication, identity challenges occur while the user is already logged in and authenticated.

Factors for Identity Challenges

Identity challenges can be completed in a variety of ways, including having the customer answer security questions, or providing a one-time password (OTP) sent to a phone number or email address. The method of communication used to verify an identity is known as a challenge factor.

A challenge factor is not just the method of validation. For example, a OTP is a method of validation. The OTP can be sent to an email, voicemail or SMS. Each method for sending a OTP is a standalone challenge factor.

A complete list of challenge factors supported by the API is available in the API documentation.

The available challenge factors for identity challenges depends on a Financial Institution’s (FI) requirements. Not all options may be available at all FIs and not all options may be available for every action. For instance, a FI may allow security questions for a change of address, but require phone or email verification for creating an external transfer.

Customers Information for Challenge Factors

Customers may not be able to offer all factors for an identity challenge. For example, if a customer does not have a cell phone information available, they cannot use challenge factors that require SMS. When a customer can use multiple challenge factors for an identity challenge, they are often given a choice for which factor they want to use.

A customer may be unable to do an identity challenge if they do not have the appropriate contact information or registered security questions under their account. For example, the customer may not have a mobile phone number registered, but the action they are doing requires a OTP over SMS. If the FI does not have an alternative challenge factors available, or the customer does not have the correct data entered into their account to do other challenge factors, the customer is unable to do the action requiring an identity challenge.

Integrating Identity Challenges into API Calls

When a API function requires an Identity Challenge in order to continue, it will respond with a 401 -- Challenge Required error. Upon receiving this error, the application should prompt the user to complete an eligible identity challenge using the information provided in the response.

For a detailed guide on programmatically handling an Identity Challenge, view our Completing an Identity Challenge guide.

How can we help?

Get support for your issues.

On this page

Explore API Banking

  • API Digital Banking
  • Embedded Banking
  • Contact Us

Developers

  • Get Started Guide
  • API Reference
  • Embedded Banking

More

  • Apiture.com

Privacy Policy

© 2023 Apiture Inc.   |   All Rights Reserved