Skip to main content

Default HTTP API Endpoints

Nevis Mobile Authentication exposes several HTTP API endpoints that are relevant for authentication clients. As Nevis is highly flexible in regards to configuration, the following information is based on defaults and recommendations.

Identity Suite

The following endpoints exposed using the default nevisAdmin4 patterns in the Identity Suite:

Public URLHTTP MethodAuthorization / AuthenticationUsed by App / SDKAdmin4 pattern
https://{domain}/auth/fidouafPOST❌ NoneIn-Band Mobile Authentication Realm
Transaction Confirmation
Out-of-band Mobile Authentication
https://{domain}/auth/fidouaf/authenticationresponse/POST❌ NoneIn-Band Mobile Authentication Realm
Transaction Confirmation
Out-of-band Mobile Authentication
https://{domain}/nevisfido/uaf/1.1/request/registration/POST✅ Cookie / SecToken / JWTIn-Band Mobile Authentication Service
Out-of-band Mobile Onboarding
https://{domain}/nevisfido/uaf/1.1/request/deregistration/POST✅ FIDO UAF / ✅ JWSMobile Deregistration Service
https://{domain}/nevisfido/uaf/1.1/registration/POST❌ NoneOut-of-band Mobile Registration Service
https://{domain}/nevisfido/uaf/1.1/facetsGET❌ NoneIn-Band Mobile Authentication Realm
Out-of-band Mobile Registration Service
In-band Mobile Registration Service
https://{domain}/nevisfido/token/redeem/registration/GET❌ NoneOut-of-band Mobile Registration Service
https://{domain}/nevisfido/token/dispatch/registration/POST✅ non-FIDO UAFOut-of-band Mobile Registration Service
https://{domain}/nevisfido/token/redeem/authentication/GET❌ NoneOut-of-band Mobile Authentication

Transaction Confirmation
https://{domain}/nevisfido/token/dispatch/targets/PATCH✅ JWSOut-of-band Mobile Registration Service
https://{domain}/nevisfido/devices/credentials/{deviceId}GET✅ JWSnevisFIDO UAF Device Service
https://{domain}/nevisfido/devices/credentials/{deviceId}PATCH✅ JWSnevisFIDO UAF Device Service
https://{domain}/nevisfido/devices/credentials/{deviceId}DELETE✅ JWSnevisFIDO UAF Device Service
https://{domain}/nevisfido/devices/oobOperations/{deviceId}GET✅ JWSnevisFIDO UAF Device Service
https://{domain}/nevisfido/statusPOST❌ NoneIn-Band Mobile Authentication Realm
Out-of-band Mobile Registration Service
Transaction Confirmation

Authentication Cloud

The following endpoints are used by the Nevis Access App or SDK when using the Nevis Authentication Cloud. The detailed HTTP API documentation for the Nevis Authentication Cloud not used by the Access App and SDK can be found in the Authentication Cloud documentation.

Public URLHTTP MethodAuthorization / Authentication
https://{domain}/_app/uaf/1.1/request/authentication/POST❌ None
https://{domain}/_app/uaf/1.1/authentication/POST❌ None
https://{domain}/_app/uaf/1.1/registration/POST❌ None
https://{domain}/_app/uaf/1.1/facetsGET❌ None
https://{domain}/_app/token/redeem/authentication/GET❌ None
https://{domain}/_app/token/redeem/registration/GET❌ None
https://{domain}/_app/token/dispatch/targets/PATCH✅ JWS
https://{domain}/_app/devices/credentials/{deviceId}GET✅ JWS
https://{domain}/_app/devices/credentials/{deviceId}PATCH✅ JWS
https://{domain}/_app/devices/credentials/{deviceId}DELETE✅ JWS
https://{domain}/_app/devices/oobOperations/{deviceId}GET✅ JWS

nevisFIDO component

The following endpoints are exposed by the nevisFIDO component. For a working setup based on these defaults, set up a matching configuration in the other Nevis Mobile Authentication components: nevisProxy, nevisAuth, and nevisLogrend.

Refer to the Use Cases and Best Practices documentation in this guide for complete information on how to configure Nevis Mobile Authentication. Configuration snippets are provided there as well.

FIDO UAF endpoints

Public URLHTTP MethodRecommended Authorization / Authentication
/nevisfido/uaf/1.1/request/registrationPOST✅ non-FIDO UAF
/nevisfido/uaf/1.1/request/deregistrationPOST✅ FIDO UAF
/nevisfido/uaf/1.1/request/authenticationPOST❌ None
/nevisfido/uaf/1.1/registrationPOST❌ None
/nevisfido/uaf/1.1/authenticationPOST❌ None
/nevisfido/uaf/1.1/facetsGET❌ None

Dispatch token endpoints

Public URLHTTP MethodRecommended Authorization / Authentication
/nevisfido/token/dispatch/authenticationPOST❌ None
/nevisfido/token/dispatch/registrationPOST✅ non-FIDO UAF
/nevisfido/token/dispatch/deregistrationPOST✅ FIDO UAF

Dispatch target endpoints

Public URLHTTP MethodRecommended Authorization / Authentication
/nevisfido/token/dispatch/targetsGET✅ Should not be exposed to external clients (only used by nevisAuth)
/nevisfido/token/dispatch/targets/POST✅ FIDO UAF
/nevisfido/token/dispatch/targets/<id>PATCH✅ JWS
/nevisfido/token/dispatch/targets/<id>DELETE✅ FIDO UAF

Create token endpoints

Public URLHTTP MethodRecommended Authorization / Authentication
/nevisfido/token/create/registrationPOST✅ Password
/nevisfido/token/create/authenticationPOST❌ None
/nevisfido/token/create/deregistrationPOST✅ Password

Redeem token endpoints

Public URLHTTP MethodRecommended Authorization / Authentication
/nevisfido/token/redeem/registrationPOST❌ None
/nevisfido/token/redeem/authenticationPOST❌ None
/nevisfido/token/redeem/deregistrationPOST❌ None

Status endpoint

Public URLHTTP MethodRecommended Authorization / Authentication
/nevisfido/statusPOST❌ None

Device endpoints

Public URLHTTP MethodRecommended Authorization / Authentication
/nevisfido/devices/credentials/{deviceId}GET✅ JWS
/nevisfido/devices/credentials/{deviceId}PATCH✅ JWS
/nevisfido/devices/credentials/{deviceId}DELETE✅ JWS
/nevisfido/devices/oobOperations/{deviceId}GET✅ JWS