The /authenticationCodes endpoint provides operations to create, read, and delete an authentication code. The authentication code (which can be a QR code) enables users to sign on without any data entry, such as providing a username, password, or entering a one-time passcode. The user scans the code, and if successful, gains access to an application’s services.

Authentication codes request data model

Property Type Required? Mutable? Description
application.id String Required Mutable The ID of a mobile application for which the code is valid; only the specified mobile application can scan the QR code.
clientContext String Optional Mutable An ObjectNode that provides relevant information to the mobile application that can be shown to application users. For example, Do you want to approve this transaction?. For more information, see Create Authentication Code.
lifeTime.duration Integer Optional Mutable The length of time for this authentication code to be valid. The minimum value is 10 seconds; the maximum value is 30 minutes; the default is 1 minute. If the lifeTime.duration property is set, a value for lifeTime.timeUnit is required.
lifeTime.timeUnit String Optional Mutable The time unit for the lifeTime.duration property. Options are SECONDS and MINUTES. If the lifeTime.timeUnit property is set, a value for lifeTime.duration is required.
userApproval String Optional Mutable Whether the mobile device must verify that the user approves the authentication with the scanned code. Options are REQUIRED and NOT_REQUIRED.

Authentication codes response data model

Property Type Required? Mutable? Description
code String N/A Read-only The authentication code. The code is eight characters in length, and it can include numbers and uppercase letters.
createdAt Date N/A Read-only When the resource was created.
environment.id String N/A Read-only The environment’s unique identifier.
expiresAt Date N/A Read-only The expiration time of authentication code.
id String N/A Read-only The resource’s unique identifier.
status String N/A Read-only The status of the authentication code. Options are UNCLAIMED, CLAIMED, EXPIRED, DENIED, and COMPLETED. The EXPIRED status is active for 5 minutes after the code is no longer valid.
updatedAt Date N/A Read-only When the resource was last updated.
uri String N/A Read-only A universal link (for example, https://www.example.com/pingonesdk?authentication_code={{generated token}}). This property can also set a link to a schema application (for example, pingoneapp://pingonesdk?authentication_code={{generated token}}). If a universal link or schema application link is not set, the response does not include the pingonesdk?authentication_code={{generated token}} portion of the URL.
user.id UUID N/A Read-only The unique identifier of the authenticated user.
_embedded.device.otpStatus.status String N/A Read-only Whether or not the device can be used currently for OTP-based authentication. Value returned is ENABLED or DISABLED. Relevant only for devices where type is MOBILE.
_embedded.device.otpStatus.reason String N/A Read-only If the status is DISABLED, contains the reason that the device cannot be used for OTP-based authentication, for example, that the application used a version of the MFA SDK that does not support OTP. Relevant only for devices where type is MOBILE.
_embedded.device.pushStatus.status String N/A Read-only Whether or not the device can be used currently for push-based authentication. Value returned is ENABLED or DISABLED. Relevant only for devices where type is MOBILE.
_embedded.device.pushStatus.reason String N/A Read-only If the status is DISABLED, contains the reason that the device cannot be used for push-based authentication, for example, that the push option was disabled for the application in the MFA policy. Relevant only for devices where type is MOBILE.
_embedded.device.usableStatus.status String N/A Read-only Whether or not the device can be used currently for authentication. Value returned is ENABLED or DISABLED.
_embedded.device.usableStatus.reason String N/A Read-only If the status is DISABLED, contains the reason that the device cannot be used for authentication, for example, that the defined daily notifications limit has already been reached.

For descriptions of other fields under _embedded.device, see MFA Devices.

For descriptions of fields under _embedded.user, see Users data model.