This API document highlights the steps using which Businesses can integrate Bureau’s One-Tap Login solution for their Customers. The fundamental idea behind this product also known as silent authentication is to enable a smooth, SMS-based One-time Password (OTP) less user journey that can help businesses verify the mobile phone number of their customers and provide a frictionless entry for their customers.
API Flow
The entire API journey can be reduced to two calls:
- Initiate Authenticate
- Access User Info
1. Initiate Authenticate
This request has to be made from the client device which contains the number that has to be verified.
2. Access User Info
This request has to be made to get the response of a certain user after verification.
An alternative to this is to subscribe to our webhooks and callbacks will be sent to your servers post verification.
API Sequence Diagram
- The API works by redirecting the request to the telecom authentication gateway.
- It is processed in 2 parts. Initially, we check to see if the request is serviceable.
- If it is not, we fail it fast and the description for these errors is shared below.
- If it is serviceable, the request gets redirected to the respective telco, in case the request is processed by the telco, OK 200 is returned in the response and the user info API has to be called or a webhook can be used to know the authentication status.
- The Webhook URL is a URL defined by you to receive Asynchronous Callback Notifications, whenever an OTL has a status update to either: COMPLETED, EXPIRED, or ERROR.
- In case the request is not serviceable or telco is not able to process the request or the verification fails at the telco layer, you will have to redirect the user to an alternate mechanism.
API Gateway URL
- Test Mode : https://api.sandbox.bureau.id/v2/auth
- Live Mode : https://api.bureau.id/v2/auth
API Authentication
For authentication, the API key has to be sent in the header with the key name as X-Bureau-Auth-API-Key. Contact the Bureau team for the authentication credentials.
Error Codes
Bureau aims to make all transactions successful for its customers. However, errors might still occur in the ecosystem because of intermittent communication and technical issues at multiple hops. Hence, it becomes critical for businesses to identify the source of the error and the reason for the error. This enables you to minimize or fix errors to reduce any losses.
There can be two types of error codes
- API Error Codes: These are the errors that occur because of incorrect parameters in the API Call.
- Transaction Error Codes: These are the error codes that are shared with the transactions and can be used to take the next steps or decisions around the response.
HTTP Status Code | Code | Message | Suggested Action |
---|---|---|---|
200 | 200101 | User verification failed | |
200 | 200100 | User verification failed since providers failed to verify | Assume Authentication Failed and Backup to OTP |
200 | 200102 | User's ip doesn't belong to any supported provider | |
200 | 200103 | User's mobile doesn't belong to any supported provider | |
202 | 202100 | Awaiting provider acknowledgement | |
400 | 400100 | Required parameters are missing or invalid | Recheck the parameters |
400 | 400101 | Duplicate correlation id | Retry with a Different Correlation ID |
400 | 400102 | Previous requests were not fulfilled or ended in errors | Assume Authentication Failed and Backup to OTP |
400 | 400103 | Cannot associate the correlation id with a flow | Check if Integration flow is working properly. Contact Bureau support |
400 | 400104 | Illegal application state | Assume Authentication Failed and Backup to OTP |
400 | 410100 | Auth state is expired | Please re-initiate the auth flow |
400 | 400105 | Signals are empty or invalid | Check API docs |
400 | 400106 | Signals are invalid or template config is missing | Check API docs or contact Bureau support team |
401 | 401100 | Authorization parameters are missing or invalid | Check Authentication Parameters |
500 | 500100 | An internal error has occurred | Assume Authentication Failed and Backup to OTP |
Integration
API based
Initiate Authentication
This API call is recommended to be implemented from the end-user’s end on the device or frontend of the browser. This API call starts the authentication process by calling the API endpoint using the user’s mobile carrier network.
curl --location --request GET 'https://api.sandbox.bureau.id/v2/auth/initiate?countryCode=IN&callbackUrl=https://enfktzdsbzye.x.pipedream.net/&clientId=8b50095f-1111-1111-1111-b04bc5405f96&transactionId=a15facc8-1111-1111-bac132&mobile=911111111111'
curl --location --request GET 'https://api.bureau.id/v2/auth/initiate?countryCode=IN&callbackUrl=https://enfktzdsbzye.x.pipedream.net/&clientId=8b50095f-1111-1111-1111-b04bc5405f96&transactionId=a15facc8-1111-1111-bac132&mobile=911111111111'
Request Parameters
Parameter | Parameter Type | Data Type | Description |
---|---|---|---|
clientId (Mandatory) | Query Parameter | String | Your API key. Example: 8b50095f-1111-1111-1111-b04bc5405f96 Contact our Support Team if you have not received this key. |
transactionId (Mandatory) | Query Parameter | String | Unique identifier generated by you for the request. Example: 82c744c4-82d2-4a12-92de-01fbc0ea53b5 |
msisdn (Mandatory) | Query Parameter | String | Phone number with the country code. Example: 779999999999 |
Access User Info
This API call has to be made from your backend server.
curl --location --request GET 'https://api.sandbox.bureau.id/v2/auth/userinfo?transactionId=E1DA15EB-1111-1111-A9FA-2F1F65A9D046' \
--header 'Authorization: Basic MzNjMDBg0YzZWM3NTI1OWNiOA=='
curl --location --request GET 'https://api.bureau.id/v2/auth/userinfo?transactionId=E1DA15EB-1111-1111-A9FA-2F1F65A9D046' \
--header 'Authorization: Basic MzNjMDBg0YzZWM3NTI1OWNiOA=='
Request Parameters Description
Parameter | Parameter Type | Data Type | Description |
---|---|---|---|
X-Bureau-Auth-API-Key (Mandatory) | Header Parameter | String | Your API key. Example: 8b50095f-1111-1111-1111-b04bc5405f96 Contact our Support Team if you have not received this key. |
transactionId (Mandatory) | Query Parameter | String | Unique identifier generated by you for the request. Example: 82c744c4-82d2-4a12-92de-01fbc0ea53b5 |
SDK Based
Android SDK Integration:
The SDK shared below can be used to make Initialise calls. It handles the creation of sessions using mobile data even if wifi is connected. The SDK is only for invoking the initiating the request, to verify the authentication the user info API has to be called.
iOS SDK Integration
The SDK shared below can be used to make Initialise calls. It handles the creation of sessions using mobile data even if wifi is connected. The SDK is only for invoking the initiating the request, to verify the authentication the user info API has to be called.
Flutter Bridge Integration
The bridge shared below can be used to make Initialise calls. It handles the creation of sessions using mobile data even if wifi is connected. The SDK is only for invoking the initiating the request, to verify the authentication the user info API has to be called.
React
The React App shared below can be used to make Initialise calls. It handles the creation of sessions using mobile data even if wifi is connected. The SDK is only for invoking the initiating the request, to verify the authentication the user info API has to be called.
Testing
You can test your OTL integration in our sandbox environment before deploying it to production. To test the API in our sandbox environment, make all API calls to the following URL: https://api.sandbox.bureau.id/v2/auth
The table below contains a list of phone numbers that you can use to simulate success and failure scenarios.
Scenario | Phone Number |
---|---|
Success | - 779999999999 - 779999999998 - 779999999997 - 779999999996 - 779999999995 - 779999999994 - 779999999993 - 779999999992 - 779999999991 - 779999999990 |
Failure | Any number with the prefix 77 except the ones mentioned above. |