Devices with a status of ACTIVATION_REQUIRED are activated with a valid attestation and origin. The attestation is generated by the browser as a response to a user action, such as a fingerprint or clicks on the security key.

The sample shows the POST /environments/{environmentId}/users/{userId}/devices/{deviceId} operation to activate the device specified in the request URL. This operation uses the application/vnd.pingidentity.device.activate+json custom content type in the request header to specify the activation action.

The attestation property passes in the attestation JSON from the browser. The JSON looks like this:

"{\"id\":\"ARacmDOuRE7DJV6L7w\",
\"type\":\"public-key\",
\"rawId\":\"ARacmDOuRE7DJV6L7w=\",
\"response\":
{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRYWxzZX0=\", \"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFFO29h8n6WKBn6tHCQ=\"}
,
\"clientExtensionResults\":{}}"

When the activation action is completed successfully, the response returns a 200 OK message and the device status property is changed to ACTIVE.