Create an OTP credential

POST /nevisidm/api/core/v1/:clientExtId/users/:userExtId/otp-credentials

Since: 8.2605.0, 9.2605.0

Required permission(s): AccessControl.CredentialCreate,AccessControl.CredentialView,AccessControl.PolicyConfigurationView

Creates a new OTP card credential for the specified user.

The OTP card is generated based on the credential policy identified by policyExtId. If no policyExtId is provided, the default OTP policy for the client is used. The policy controls the size, validity, and structure of the generated OTP card.

A user can have a maximum of two OTP card credentials simultaneously. Attempting to create a third will fail with a 422 error.

The response includes a Location header pointing to the created credential, identified by the generated or provided external ID.

Request

Path Parameters

clientExtId stringrequired

External ID of the client.

Example: client-123

userExtId stringrequired

External ID of the user.

Example: user-123

application/json

Body

extId string

The external ID of the OTP card credential. If omitted, one will be generated automatically.

policyExtId string

The external ID of the OTP policy to apply to the credential. If omitted, the default OTP policy for the client is used.

stateName string

Possible values: [initial, active, tmp-locked, fail-locked, reset-code, admin-changed, disabled, archived]

The initial state of the credential.

Responses

OTP credential created successfully

Response Headers

Location any
URL of the created resource

Insufficient permissions

application/json

Schema
Example (from schema)
Permission denied
Dataroom permission denied

Schema

errors ErrorMessageDTO[]

Possible values: [errors.fatalError, errors.unknownReason, errors.inconsistentData, errors.duplicateName, errors.invalidData, errors.duplicateValue, errors.duplicateEmail, errors.duplicateMobile, errors.undeletedDependencies, errors.noRecord, errors.invalidConfig, errors.missingReferenceData, errors.recordDeleted, errors.modifyReadonlyData, errors.tooManySearchResults, errors.pessimisticLockingFailure, errors.policyViolation, errors.deleteDefaultEntityFailure, errors.emailChannel, errors.noSmtpConnection, errors.SmtpNotConfigured, errors.propertyUniquenessViolated, errors.property.stringmaxlen, errors.property.stringregex, errors.property.regexinv, errors.pwdPolicyViolated, errors.certificatePolicyViolated, errors.identifierPolicyViolated, errors.passwordExists, errors.mtanFormatViolated, errors.mtanFormatE164Violated, errors.tempStrongPasswordExists, errors.safewordExists, errors.securidExists, errors.ticketExists, errors.kerberosExists, errors.tooManyOTPCards, errors.urlTicketMissingURLPrefix, errors.certificateExists, errors.vascoExists, errors.PUKExists, errors.URLTicketExists, errors.mobileSignatureExists, errors.securityQuestionsExists, errors.recoveryCodeExists, errors.securityQuestionsMaxReached, errors.qrCodeGenerationFailed, errors.oathSecretIsShared, errors.nocertcred, errors.CredTypeUnitPolicyViolated, errors.CredTypeClientPolicyViolated, errors.credentialNotActive, errors.dimensionNotMatch, errors.noTemplate, errors.pdfPrintingFailure, errors.missingMandatoryPlaceholder, errors.defaultCollectionDelete, errors.tableTypeMismatch, errors.nullRequestBody, errors.deserialization, errors.nullParameter, errors.invalidParameter, errors.invalidDate, errors.invalidDateOrDateTime, errors.invalidDateInterval, errors.invalidMobile, errors.mobileCannotBeDeleted, errors.mobileMissing, errors.userLoginIdNull, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userNameNull, errors.userFirstNameNull, errors.userSexNull, errors.userCountryNull, errors.userEmailNull, errors.userMobileNull, errors.userPhoneFormat, errors.userEmailFormat, errors.msisdnFormat, errors.applicationNameNull, errors.credentialFidoUaf.invalidAuthVersionFormat, errors.credentialFidoUaf.invalidPublicKeyAlgorithm, errors.credentialFidoUaf.invalidKeyIdFormat, errors.credentialFidoUaf.invalidAaidFormat, errors.credentialFidoUaf.emptyAppId, errors.credentialFidoUaf.notUnique, errors.msspIdentifierMissing, errors.invalidTimeInterval, errors.unitInvalidValidityPeriodParent, errors.unitInvalidValidFromParameterParent, errors.unitInvalidValidUntilParameterParent, errors.unitInvalidValidityPeriodChild, errors.unitInvalidValidFromParameterChild, errors.unitInvalidValidUntilParameterChild, errors.noClientFound, errors.inconsistentClientAssignment, errors.noDefaultUnitInClient, errors.samlAttributeFormat, errors.insufficientRightsFunction, errors.maxResetCount, errors.insufficientFineGrainedRights, errors.potentialPrivilegeEscalation, errors.applDataroomDenied, errors.unitDataroomDenied, errors.eRoleDataroomDenied, errors.combinedDataroomDenied, errors.clientDataroomDenied, errors.referenceDataChangeDenied, errors.attrAccessForbidden, errors.filesystemIO, errors.reporting.tooManyRequests, errors.modifyArchivedUser, errors.modifyArchivedCredential, errors.archiveCredentialDenied, errors.modifyArchivedProfile, errors.assignDisabledUnit, errors.assignProfilelessUnit, errors.profilelessFlagCannotBeSet, errors.modifyExtId, errors.docTypeNotModifiable, errors.addIdmToApplDataroom, errors.applicationLimitsDataroomUnitsMaxExceeded, errors.assignSubunitAsParent, errors.history.norecord, errors.loginIdGeneratorFailed, errors.fileupload.vasco, errors.techUser.oneProfile, errors.urlTicket.invalidFormat, errors.passwordChangeDeadlineExceeded, errors.pcyconf.invalidParamValue, errors.pcyconf.missingParam, errors.pcyconf.missingProfilePolicy, errors.pcyconf.multipleClientPolicy, errors.pcyconf.invalidParamName, errors.userImport.fileupload.invalidTemplate, errors.enterpriseRolesDisabled, errors.queryServiceDisabled, errors.serviceDisabled, errors.invalidUri, errors.unsupportedMediaType, errors.jsonProcessingError, errors.unsupportedOperation, errors.unsupportedCredentialTypeToCreate, errors.unsupportedCredentialTypeToDelete, errors.credentialTypeWithoutProperties, errors.invalidAssignIdmroleToErole, errors.invalidJWTToken, errors.modifyProtectedFieldInvalidJWTToken, errors.optimisticLockingFailure, errors.deleteDefaultUnitCredPolicyFailure, errors.otherGenderPolicyDisabled, error.login.userState, error.job.execution.failure, errors.invalidSyntax, errors.mandatoryParameterMissing, errors.fieldIsNotIndexed, errors.fieldIsNotDirectlyIndexed, errors.entityManagerNotOpen, errors.unsuccessfulQuery, errors.queryHasTimedOut, errors.emailPolicyViolated, errors.policyInconsistency]

A list of error messages describing the error(s) that occurred.

Array [

identifier object

The identifier of the entity related to the error, only used in certain error cases for BULK actions.

oneOf

CredentialExtIdIdentifierDTO
FidoUafIdentifier

clientExtId string

The external identifier of the client.

userExtId string

The external identifier of the user.

credentialExtId string

The external identifier of the credential.

code string

The error code identifying the type of error.

message string

A human-readable message providing more details about the error.

]

policyViolations PolicyViolationDTO[]

A list of policy violations that caused the error.

Array [

displayName string

The display name of the policy element that was violated.

configString string

The configuration string of the policy element that was violated.

suppliedValue string

The value that was supplied and caused the policy violation.

limitValue int32

The limit value defined in the policy element that was violated.

actualValue string

The actual value that caused the policy violation.

]

policyViolation PolicyElementViolation

cause object

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

element PolicyElement

displayName string

messageTag string

infoTag string

limitValue int32

configString string

suppliedValue string

actualvalue string

description string

message string

suppressed object[]

Array [

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

]

localizedMessage string

{
  "errors": [
    {
      "code": "errors.fatalError",
      "message": "The user with the given external ID was not found."
    }
  ],
  "policyViolations": [
    {
      "displayName": "string",
      "configString": "string",
      "suppliedValue": "4",
      "limitValue": 3,
      "actualValue": "5"
    }
  ],
  "policyViolation": {
    "cause": {
      "stackTrace": [
        {
          "classLoaderName": "string",
          "moduleName": "string",
          "moduleVersion": "string",
          "methodName": "string",
          "fileName": "string",
          "lineNumber": 0,
          "className": "string",
          "nativeMethod": true
        }
      ],
      "message": "string",
      "localizedMessage": "string"
    },
    "stackTrace": [
      {
        "classLoaderName": "string",
        "moduleName": "string",
        "moduleVersion": "string",
        "methodName": "string",
        "fileName": "string",
        "lineNumber": 0,
        "className": "string",
        "nativeMethod": true
      }
    ],
    "element": {
      "displayName": "string",
      "messageTag": "string",
      "infoTag": "string",
      "limitValue": 0,
      "configString": "string"
    },
    "suppliedValue": "string",
    "actualvalue": "string",
    "description": "string",
    "message": "string",
    "suppressed": [
      {
        "stackTrace": [
          {
            "classLoaderName": "string",
            "moduleName": "string",
            "moduleVersion": "string",
            "methodName": "string",
            "fileName": "string",
            "lineNumber": 0,
            "className": "string",
            "nativeMethod": true
          }
        ],
        "message": "string",
        "localizedMessage": "string"
      }
    ],
    "localizedMessage": "string"
  }
}

{
  "errors": [
    {
      "code": "errors.insufficientRightsFunction",
      "message": "Permission denied: Caller does not have the required right 'AccessControl.CredentialCreate' to perform this action"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.combinedDataroomDenied",
      "message": "Permission denied: AccessControl.CredentialCreate"
    }
  ]
}

Referenced resource not found

application/json

Schema
Example (from schema)
Client not found
User not found

Schema

errors ErrorMessageDTO[]

A list of error messages describing the error(s) that occurred.

Array [

identifier object

The identifier of the entity related to the error, only used in certain error cases for BULK actions.

oneOf

CredentialExtIdIdentifierDTO
FidoUafIdentifier

clientExtId string

The external identifier of the client.

userExtId string

The external identifier of the user.

credentialExtId string

The external identifier of the credential.

code string

The error code identifying the type of error.

message string

A human-readable message providing more details about the error.

]

policyViolations PolicyViolationDTO[]

A list of policy violations that caused the error.

Array [

displayName string

The display name of the policy element that was violated.

configString string

The configuration string of the policy element that was violated.

suppliedValue string

The value that was supplied and caused the policy violation.

limitValue int32

The limit value defined in the policy element that was violated.

actualValue string

The actual value that caused the policy violation.

]

policyViolation PolicyElementViolation

cause object

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

element PolicyElement

displayName string

messageTag string

infoTag string

limitValue int32

configString string

suppliedValue string

actualvalue string

description string

message string

suppressed object[]

Array [

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

]

localizedMessage string

{
  "errors": [
    {
      "code": "errors.fatalError",
      "message": "The user with the given external ID was not found."
    }
  ],
  "policyViolations": [
    {
      "displayName": "string",
      "configString": "string",
      "suppliedValue": "4",
      "limitValue": 3,
      "actualValue": "5"
    }
  ],
  "policyViolation": {
    "cause": {
      "stackTrace": [
        {
          "classLoaderName": "string",
          "moduleName": "string",
          "moduleVersion": "string",
          "methodName": "string",
          "fileName": "string",
          "lineNumber": 0,
          "className": "string",
          "nativeMethod": true
        }
      ],
      "message": "string",
      "localizedMessage": "string"
    },
    "stackTrace": [
      {
        "classLoaderName": "string",
        "moduleName": "string",
        "moduleVersion": "string",
        "methodName": "string",
        "fileName": "string",
        "lineNumber": 0,
        "className": "string",
        "nativeMethod": true
      }
    ],
    "element": {
      "displayName": "string",
      "messageTag": "string",
      "infoTag": "string",
      "limitValue": 0,
      "configString": "string"
    },
    "suppliedValue": "string",
    "actualvalue": "string",
    "description": "string",
    "message": "string",
    "suppressed": [
      {
        "stackTrace": [
          {
            "classLoaderName": "string",
            "moduleName": "string",
            "moduleVersion": "string",
            "methodName": "string",
            "fileName": "string",
            "lineNumber": 0,
            "className": "string",
            "nativeMethod": true
          }
        ],
        "message": "string",
        "localizedMessage": "string"
      }
    ],
    "localizedMessage": "string"
  }
}

{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "Client doesn't exist with extId 'client-123'"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "A user with extId 'user-123' doesn't exist on client with name Default"
    }
  ]
}

Invalid request parameters

application/json

Schema
Example (from schema)
Duplicate credential external ID
Invalid credential state
Naming policy violated
Policy configuration not found
Policy configuration type mismatch
Default policy configuration does not exist
OTP card limit exceeded

Schema

errors ErrorMessageDTO[]

A list of error messages describing the error(s) that occurred.

Array [

identifier object

The identifier of the entity related to the error, only used in certain error cases for BULK actions.

oneOf

CredentialExtIdIdentifierDTO
FidoUafIdentifier

clientExtId string

The external identifier of the client.

userExtId string

The external identifier of the user.

credentialExtId string

The external identifier of the credential.

code string

The error code identifying the type of error.

message string

A human-readable message providing more details about the error.

]

policyViolations PolicyViolationDTO[]

A list of policy violations that caused the error.

Array [

displayName string

The display name of the policy element that was violated.

configString string

The configuration string of the policy element that was violated.

suppliedValue string

The value that was supplied and caused the policy violation.

limitValue int32

The limit value defined in the policy element that was violated.

actualValue string

The actual value that caused the policy violation.

]

policyViolation PolicyElementViolation

cause object

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

element PolicyElement

displayName string

messageTag string

infoTag string

limitValue int32

configString string

suppliedValue string

actualvalue string

description string

message string

suppressed object[]

Array [

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

]

localizedMessage string

{
  "errors": [
    {
      "code": "errors.fatalError",
      "message": "The user with the given external ID was not found."
    }
  ],
  "policyViolations": [
    {
      "displayName": "string",
      "configString": "string",
      "suppliedValue": "4",
      "limitValue": 3,
      "actualValue": "5"
    }
  ],
  "policyViolation": {
    "cause": {
      "stackTrace": [
        {
          "classLoaderName": "string",
          "moduleName": "string",
          "moduleVersion": "string",
          "methodName": "string",
          "fileName": "string",
          "lineNumber": 0,
          "className": "string",
          "nativeMethod": true
        }
      ],
      "message": "string",
      "localizedMessage": "string"
    },
    "stackTrace": [
      {
        "classLoaderName": "string",
        "moduleName": "string",
        "moduleVersion": "string",
        "methodName": "string",
        "fileName": "string",
        "lineNumber": 0,
        "className": "string",
        "nativeMethod": true
      }
    ],
    "element": {
      "displayName": "string",
      "messageTag": "string",
      "infoTag": "string",
      "limitValue": 0,
      "configString": "string"
    },
    "suppliedValue": "string",
    "actualvalue": "string",
    "description": "string",
    "message": "string",
    "suppressed": [
      {
        "stackTrace": [
          {
            "classLoaderName": "string",
            "moduleName": "string",
            "moduleVersion": "string",
            "methodName": "string",
            "fileName": "string",
            "lineNumber": 0,
            "className": "string",
            "nativeMethod": true
          }
        ],
        "message": "string",
        "localizedMessage": "string"
      }
    ],
    "localizedMessage": "string"
  }
}

{
  "errors": [
    {
      "code": "errors.duplicateName",
      "message": "A credential with this extId 'cred-123' already exists"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.invalidParameter",
      "message": "Invalid CredentialState name 'invalid_state'"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.identifierPolicyViolated",
      "message": "ch.nevis.idm.policy.PolicyViolation: Policy failed:\nch.nevis.idm.policy.element.PolicyElementViolation<element=Regex policy violation limit=129, actualValue=130>"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.invalidParameter",
      "message": "PolicyConfiguration doesn't exist with extId 'policy-123'"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.invalidParameter",
      "message": "Policy Configuration policy-123 is not of type GenericCredentialPolicy"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.invalidParameter",
      "message": "Default Policy Configuration does not exist for type GenericCredentialPolicy!"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.tooManyOTPCards",
      "message": "user with extid user-123 already has two OTP credentials"
    }
  ]
}

Create an OTP credential

/nevisidm/api/core/v1/:clientExtId/users/:userExtId/otp-credentials

Request​

Path Parameters

Body

Responses​

Request

Responses