The /deviceAuthentications endpoint initiates and completes an MFA action without requiring a call to the PingOne authorize service. It supports actions to select a supported MFA device device type and to validate a one-time passcode (OTP).

When a device authentication MFA flow is initiated, the flow returns a status property in the response that identifies the next action in the flow. The following flow states prompt for a specific flow action:

Device authentications data model

Property Type? Required? Mutable? Description
user.id UUID Required Mutable A string that specifies the requesting user’s unique identifier.
createdAt Date Immutable A date that specifies when the resource was created.
updatedAt Date Immutable A date that specifies when the resource was last updated.
_embedded.devices Array Read-only An array that specifies the list of authenticating devices.
error Object Read-only An object that specifies the error field indicating the reason for a device authentication failure.
error.code String Read-only A string that specifies the error code.
error.message String Read-only A string that specifies the error message.
id UUID Read-only Immutable A string that specifies the resource’s unique identifier.
mobilePayload String Immutable A string that specifies the JSON that is the result of a getMobilePayload call (mobile app to mobile SDK).
application.id UUID Optional Mutable A string that specifies the requesting application’s unique identifier. This identifier is required only during device authorization flows when the mobilePayload value is provided.
notification Object Optional Immutable An object that holds dynamic notification data.
notification.template Object Optional Immutable An object that holds dynamic template data.
notification.template.name String Optional Immutable A string that specifies the notification template name.
notification.template.variant String Optional Immutable A string that specifies the notification template variant.
notification.template.locale String Optional Immutable A string that specifies the notification template locale.
notification.template.variables Map Optional Immutable A map that specifies the notification template variables.
notification.clientContext Object Optional Immutable An object that holds dynamic mobile push data.
policy.id UUID Optional Immutable A string that specifies the device authentication policy ID.
publicKeyCredentialRequestOptions String Read-only A string that specifies a JSON serialization of the client data passed on registration only.
selectedDevice.id UUID Optional Read-only A string that specifies the unique identifier of the user’s selected MFA device.
status String Read-only A string that specifies the flow status. Options are DEVICE_SELECTION_REQUIRED, PUSH_CONFIRMATION_REQUIRED, PUSH_CONFIRMATION_TIMED_OUT, OTP_REQUIRED, ASSERTION_REQUIRED, COMPLETED, and FAILED.