Credential Management
The Credential Management APIs are provided by nevisIDM. They cover a wide range of credential types, including passwords, FIDO2 / passkeys, mobile authentication (FIDO UAF), OTP, OATH, certificates, and others.
These APIs are not exposed by default. You have two main options:
- Within an authentication flow: Call these APIs from a nevisAuth ScriptState using a SecToken for authentication.
- Exposed to external clients: Use the nevisIDM REST Service pattern or the REST Service pattern. The pattern defines the path and the authentication required to call the endpoint.
The available operations and response behavior depend on the credential type and the nevisIDM configuration.
Endpoints in this section
Most credential endpoints follow the pattern /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/{credential-type}.
WebAuthn / Passkey (FIDO2) and Mobile authentication (FIDO UAF) also include ceremony endpoints served by nevisFIDO.
| Credential type | Path | Methods |
|---|---|---|
| Certificate authentication | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/certificates | GET, POST, DELETE, PATCH |
| Context password | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/context-passwords | GET, POST, DELETE, PATCH |
| Device password | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/device-password | GET, POST, DELETE, PATCH |
| Generic credential | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/generic-credentials | GET, POST, DELETE, PATCH |
| Kerberos | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/kerberos | GET, POST, DELETE, PATCH |
| Mobile authentication (FIDO UAF) | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/fido-authenticators | GET, POST, DELETE, PATCH |
| Mobile authentication (FIDO UAF) token dispatch | /nevisfido/token/dispatch/{operation} | POST |
| Mobile signature | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/mobile-signature | GET, POST, DELETE, PATCH |
| mTAN | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/mtans | GET, POST, DELETE, PATCH |
| OATH | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/oath-credentials | GET, POST, DELETE, PATCH |
| OTP | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/otp-credentials | GET, POST, DELETE, PATCH |
| Password | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/password | GET, POST, DELETE, PATCH |
| Personal question | /nevisidm/api/core/v1/{clientExtId}/personal-questions | GET, POST, DELETE, PATCH |
| PUK | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/puk | GET, POST, DELETE, PATCH |
| Recovery code | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/recovery-codes | GET, POST, DELETE, PATCH |
| SAML | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/saml-credentials | GET, POST, DELETE, PATCH |
| Safeword | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/safeword | GET, POST, DELETE, PATCH |
| SecureID | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/securid | GET, POST, DELETE, PATCH |
| TAN | /tan/generate | GET, POST |
| Temporary strong password | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/tempstrong-password | GET, POST, DELETE, PATCH |
| Ticket | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/ticket | GET, POST, DELETE, PATCH |
| URL ticket | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/url-ticket | GET, POST, DELETE |
| Vasco | /nevisidm/api/core/v1/{clientExtId}/vasco | GET, POST, DELETE, PATCH |
| WebAuthn / Passkey (FIDO2) | /nevisidm/api/core/v1/{clientExtId}/users/{userExtId}/fido2 | GET, POST, DELETE, PATCH |
| WebAuthn / Passkey (FIDO2) ceremonies | /nevisfido/fido2/attestation/options, /nevisfido/fido2/assertion/options | POST, POST |