Get an OTP credential

GET /nevisidm/api/core/v1/:clientExtId/users/:userExtId/otp-credentials/:extId

Since: 8.2605.0, 9.2605.0

Required permission(s): AccessControl.CredentialView or SelfAdmin Role

Returns a specific OTP card credential identified by its external ID, belonging to the specified user.

The response includes the credential metadata (state, timestamps, login statistics) and the OTP card data, which encodes the grid of one-time passwords in a compact format (rows|cols|counters|card).

In self-admin mode, the user can retrieve their own OTP credential. A valid JWT token must be provided in the X-Token request header.

Request

Path Parameters

clientExtId stringrequired

External ID of the client.

Example: client-123

userExtId stringrequired

External ID of the user.

Example: user-123

extId stringrequired

External ID of the OTP credential.

Example: otp-123

Responses

OTP credential retrieved successfully

application/json

Schema
Example (from schema)

Schema

created string

Creation date of the entity.

lastModified string

Date when the entity was last modified.

version int32

Version used for optimistic locking.

extId string

The external ID of the credential.

userExtId string

The external ID of the user to whom the credential belongs.

policyExtId string

The external ID of the used policy.

stateName string

Possible values: [initial, active, tmp-locked, fail-locked, reset-code, admin-changed, disabled, archived]

The state of the credential. Available values: initial, active, tmp-locked, fail-locked, reset-code, admin-changed, disabled, archived.

stateChangeReason string

Reason for the last state change of the password.

stateChangeDetail string

Reason detail for the last state change of the password.

lastSuccessfulLoginDate string

Timestamp of last successful login.

successfulLoginCount int32

Counts successful logins with this credential since last initialization or reset.

lastFailedLoginDate string

Date of last non-technical login failure, for example, wrong password.

failedLoginCount int32

Counts non-technical login failures since the last successful login, initialization or reset.

modificationComment string

Textual comment regarding the last modification.

type string

Possible values: [Password, Certificate, SecurID User Mapping, Ticket Authorization, Safeword User Mapping, OTP Card, Temporary Strong Password, Generic Credential, Kerberos, mTan, Vasco, PUK, URL Ticket, DevicePassword, MobileSignature, SAML Federation, Security Questions, Context Password, OATH, FIDO UAF Authenticator, Recovery Code, FIDO2 Authenticator]

Type of credential.

validity object

Describes the validity period of the password.

from string

Start date of the entity's validity in ISO format.

to string

End date of the entity's validity in ISO format.

otp string

{
  "created": "2023-08-18T12:34:56Z",
  "lastModified": "2023-08-18T12:34:56Z",
  "version": 1,
  "extId": "cred-123",
  "userExtId": "user-123",
  "policyExtId": "policy-123",
  "stateName": "active",
  "stateChangeReason": "Reset by admin",
  "stateChangeDetail": "Reset due to security policy",
  "lastSuccessfulLoginDate": "2023-08-18T12:34:56Z",
  "successfulLoginCount": 15,
  "lastFailedLoginDate": "2023-08-17T09:12:34Z",
  "failedLoginCount": 3,
  "modificationComment": "Updated by admin.",
  "type": "FIDO UAF Authenticator",
  "validity": {
    "from": "2023-01-01T00:00:00Z",
    "to": "2033-12-31T23:59:59Z"
  },
  "otp": "12|14|111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111|LuRCjnrNNAOP+Yr6~rAZhczd4XWZKaccH2uqV7oMzpyaPI9oXGMBsyBQzRxeH3DYX2GenOmt2aTy6C6Q2Moe1Wlj/GCSInCFXCCnFRcVmUbEHZBBR0e/ib6lR329smfBbzV15rw9Lfz1Ke/+NPI1GNuy7SAo5hdxSA1w8vppc+ny+1a5sfrWZbsqZKPDXfw8dUO0pmVoiLRamaGUmuVET1EvCiLScGb97nrY4il56V9iHlpsT+a1Uixbi6h/6+Lu6klqSCbB0g3SC7fc22Y340ZVTTJMfMAKjo3Cga4IQ9SBTX3VVXxHLAkKxuqLOzaSUo2/+NGPoEcHGZdapJG6iFVmVufnL9NSLDoh6gsWviK9FxE+7B3gfbLO/yxaXRr7uOxSKiswthUBo/a2GBKb5joIF8K3+g/P3VGkNGDICzBV0UNsbx0k4F3jk67/owCEVXmYCBSx3hOOmOcMuBQvw+4s/uemzo5tMokJKVaKjo8h2zEnAghl+Vy+C+oPZkS/PduqiUekqPPIsWqZA7JMmfkgQQzCzC9WpUUSHPaCUl87KXuffPNDSCoaN88ZMYWz7e3SrbsViGIDNvu3lBIZq/A5jaoO3/mpT2HAaXq09e/BnF2RLxTGt2rg77Y0etkeyspRhJV1xBHOusvND3lEessbzEQ5m9A5eAHg1rT/+59iXehhenVGsneb/UPhPCKYKLljoZ3scyAUY5uFJzYKNfovZmHfrGSsYi81z8C/hE2WPzKGYb33wjNh5jW0kYx1GEsk1b2VwBF327g2VzOMfyTNH6mw4qnBbsmvPevQI27htcmAX34DZrk+nx2PIUmw9n8P6cCzBzFRSiD0lDLSoVDwZFD8GM1WLIbcZ7lo6N+q2CeXWTKdqGIhUx/sc2MhgMaL1O2oqnJlgoFzbTbd05CxY/IIU0glhwo9SXz6gA4EklkyGEES5ga90u/HoKG1vdaFLmtiZPl9qZVCNwApuaQ3R2S67UAshOmi7WJi8Tq/XH7IedgCLqD1BtHTLnfrx51blKu3UOn0EqMFa4Acjg5e+EcwhN60Wd73iFAGmV0Jb3/pln7fOm7idlA09V7+9izwh9yJMYizbRLtbvorgZVpxI1txvZ2XumZqZoDcXIxEbnfauoG/aLLN94a3lgUwMcEJRaKSSwv8ikhA82QsoBPcQnXR2n7jd2ojN5CZhevMH7m2IB9XFuCKPYLJiElRnHItZGH0LYSQE66HWE37e/tkpsIk4nJhPVX+uuMkd5xnMpeuQBTS7Gb077DjTeEVLzr8a4P3ev8SHXW4GTkyqdsnzf/iAw8H8SkKyO5p2yi3Hh9lYeh5iTWmzRm5pzBkFrXoRTdNERJ/tG8Fbe3+DfUhgznXMnGFehDHwz7olQp+TxJ5XcoIMif0EPTsuDrw68RIIfcLZyAbeQQV9Oke56uaanCt+Z5PlRjWOlt/mS1uVDKf6D3Gv6+w3NK1HP7OnGUM7Eezx4mLdl5RzMn2WY0jc8ruLqg5kjnnQW/Jka1okEQ8K26bg0PKwqc8crUTzl3Hk9qWvrrgEeyNwxhjPV4+7OXJD/QVcHbRvyzKyMwUuLu9IsaQSia4UgxvUvFAmYd8miyOSHJL3CBtpToI2m5X0oVZGZnBqyYeWN0IvXn8YCZ1oZHjXLhwzFjW84/VFkOeLPxfcBlFimCn3fXdeth5pniyrgu6xWoN8XuFO+cOrVlJx/aMkCdqaqD4RKeWLKtDakilnfImMYPPXVL3boIZPOulGr9S5LnGMsyfo9z3jAZfObF4bBbpsn7HnvcvAJb6rJgA/pgEm0lfscalMrz1l4O5qcZrxBZcK56L58UHAKpmxUdbJb9Nvq9QcODriL/sivf3zTXY+XW8EXkOC3p7FtzU/9zBa7BqU6UH5tNqraQwdkJad9kO3krFb6hLldNVkCSewvCaBFhk8I/KX6mdOBtlDT5J8qSe7NZoZTBca6Pj5sVuv9b/ncuSxEATIUDQm+kjUTtRylozxKY366YpYamYkGeL0Hs9QwZONZ0qVnAJzgLB3k8UcKOoWS1T7hb8i7OGHPARuksQmA=="
}

Insufficient permissions

application/json

Schema
Example (from schema)
Permission denied
Dataroom permission denied

Schema

errors ErrorMessageDTO[]

Possible values: [errors.fatalError, errors.unknownReason, errors.inconsistentData, errors.duplicateName, errors.invalidData, errors.duplicateValue, errors.duplicateEmail, errors.duplicateMobile, errors.undeletedDependencies, errors.noRecord, errors.invalidConfig, errors.missingReferenceData, errors.recordDeleted, errors.modifyReadonlyData, errors.tooManySearchResults, errors.pessimisticLockingFailure, errors.policyViolation, errors.deleteDefaultEntityFailure, errors.emailChannel, errors.noSmtpConnection, errors.SmtpNotConfigured, errors.propertyUniquenessViolated, errors.property.stringmaxlen, errors.property.stringregex, errors.property.regexinv, errors.pwdPolicyViolated, errors.certificatePolicyViolated, errors.identifierPolicyViolated, errors.passwordExists, errors.mtanFormatViolated, errors.mtanFormatE164Violated, errors.tempStrongPasswordExists, errors.safewordExists, errors.securidExists, errors.ticketExists, errors.kerberosExists, errors.tooManyOTPCards, errors.urlTicketMissingURLPrefix, errors.certificateExists, errors.vascoExists, errors.PUKExists, errors.URLTicketExists, errors.mobileSignatureExists, errors.securityQuestionsExists, errors.recoveryCodeExists, errors.securityQuestionsMaxReached, errors.qrCodeGenerationFailed, errors.oathSecretIsShared, errors.nocertcred, errors.CredTypeUnitPolicyViolated, errors.CredTypeClientPolicyViolated, errors.credentialNotActive, errors.dimensionNotMatch, errors.noTemplate, errors.pdfPrintingFailure, errors.missingMandatoryPlaceholder, errors.defaultCollectionDelete, errors.tableTypeMismatch, errors.nullRequestBody, errors.deserialization, errors.nullParameter, errors.invalidParameter, errors.invalidDate, errors.invalidDateOrDateTime, errors.invalidDateInterval, errors.invalidMobile, errors.mobileCannotBeDeleted, errors.mobileMissing, errors.userLoginIdNull, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userNameNull, errors.userFirstNameNull, errors.userSexNull, errors.userCountryNull, errors.userEmailNull, errors.userMobileNull, errors.userPhoneFormat, errors.userEmailFormat, errors.msisdnFormat, errors.applicationNameNull, errors.credentialFidoUaf.invalidAuthVersionFormat, errors.credentialFidoUaf.invalidPublicKeyAlgorithm, errors.credentialFidoUaf.invalidKeyIdFormat, errors.credentialFidoUaf.invalidAaidFormat, errors.credentialFidoUaf.emptyAppId, errors.credentialFidoUaf.notUnique, errors.msspIdentifierMissing, errors.invalidTimeInterval, errors.unitInvalidValidityPeriodParent, errors.unitInvalidValidFromParameterParent, errors.unitInvalidValidUntilParameterParent, errors.unitInvalidValidityPeriodChild, errors.unitInvalidValidFromParameterChild, errors.unitInvalidValidUntilParameterChild, errors.noClientFound, errors.inconsistentClientAssignment, errors.noDefaultUnitInClient, errors.samlAttributeFormat, errors.insufficientRightsFunction, errors.maxResetCount, errors.insufficientFineGrainedRights, errors.potentialPrivilegeEscalation, errors.applDataroomDenied, errors.unitDataroomDenied, errors.eRoleDataroomDenied, errors.combinedDataroomDenied, errors.clientDataroomDenied, errors.referenceDataChangeDenied, errors.attrAccessForbidden, errors.filesystemIO, errors.reporting.tooManyRequests, errors.modifyArchivedUser, errors.modifyArchivedCredential, errors.archiveCredentialDenied, errors.modifyArchivedProfile, errors.assignDisabledUnit, errors.assignProfilelessUnit, errors.profilelessFlagCannotBeSet, errors.modifyExtId, errors.docTypeNotModifiable, errors.addIdmToApplDataroom, errors.applicationLimitsDataroomUnitsMaxExceeded, errors.assignSubunitAsParent, errors.history.norecord, errors.loginIdGeneratorFailed, errors.fileupload.vasco, errors.techUser.oneProfile, errors.urlTicket.invalidFormat, errors.passwordChangeDeadlineExceeded, errors.pcyconf.invalidParamValue, errors.pcyconf.missingParam, errors.pcyconf.missingProfilePolicy, errors.pcyconf.multipleClientPolicy, errors.pcyconf.invalidParamName, errors.userImport.fileupload.invalidTemplate, errors.enterpriseRolesDisabled, errors.queryServiceDisabled, errors.serviceDisabled, errors.invalidUri, errors.unsupportedMediaType, errors.jsonProcessingError, errors.unsupportedOperation, errors.unsupportedCredentialTypeToCreate, errors.unsupportedCredentialTypeToDelete, errors.credentialTypeWithoutProperties, errors.invalidAssignIdmroleToErole, errors.invalidJWTToken, errors.modifyProtectedFieldInvalidJWTToken, errors.optimisticLockingFailure, errors.deleteDefaultUnitCredPolicyFailure, errors.otherGenderPolicyDisabled, error.login.userState, error.job.execution.failure, errors.invalidSyntax, errors.mandatoryParameterMissing, errors.fieldIsNotIndexed, errors.fieldIsNotDirectlyIndexed, errors.entityManagerNotOpen, errors.unsuccessfulQuery, errors.queryHasTimedOut, errors.emailPolicyViolated, errors.policyInconsistency]

A list of error messages describing the error(s) that occurred.

Array [

identifier object

The identifier of the entity related to the error, only used in certain error cases for BULK actions.

oneOf

CredentialExtIdIdentifierDTO
FidoUafIdentifier

clientExtId string

The external identifier of the client.

userExtId string

The external identifier of the user.

credentialExtId string

The external identifier of the credential.

code string

The error code identifying the type of error.

message string

A human-readable message providing more details about the error.

]

policyViolations PolicyViolationDTO[]

A list of policy violations that caused the error.

Array [

displayName string

The display name of the policy element that was violated.

configString string

The configuration string of the policy element that was violated.

suppliedValue string

The value that was supplied and caused the policy violation.

limitValue int32

The limit value defined in the policy element that was violated.

actualValue string

The actual value that caused the policy violation.

]

policyViolation PolicyElementViolation

cause object

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

element PolicyElement

displayName string

messageTag string

infoTag string

limitValue int32

configString string

suppliedValue string

actualvalue string

description string

message string

suppressed object[]

Array [

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

]

localizedMessage string

{
  "errors": [
    {
      "code": "errors.fatalError",
      "message": "The user with the given external ID was not found."
    }
  ],
  "policyViolations": [
    {
      "displayName": "string",
      "configString": "string",
      "suppliedValue": "4",
      "limitValue": 3,
      "actualValue": "5"
    }
  ],
  "policyViolation": {
    "cause": {
      "stackTrace": [
        {
          "classLoaderName": "string",
          "moduleName": "string",
          "moduleVersion": "string",
          "methodName": "string",
          "fileName": "string",
          "lineNumber": 0,
          "className": "string",
          "nativeMethod": true
        }
      ],
      "message": "string",
      "localizedMessage": "string"
    },
    "stackTrace": [
      {
        "classLoaderName": "string",
        "moduleName": "string",
        "moduleVersion": "string",
        "methodName": "string",
        "fileName": "string",
        "lineNumber": 0,
        "className": "string",
        "nativeMethod": true
      }
    ],
    "element": {
      "displayName": "string",
      "messageTag": "string",
      "infoTag": "string",
      "limitValue": 0,
      "configString": "string"
    },
    "suppliedValue": "string",
    "actualvalue": "string",
    "description": "string",
    "message": "string",
    "suppressed": [
      {
        "stackTrace": [
          {
            "classLoaderName": "string",
            "moduleName": "string",
            "moduleVersion": "string",
            "methodName": "string",
            "fileName": "string",
            "lineNumber": 0,
            "className": "string",
            "nativeMethod": true
          }
        ],
        "message": "string",
        "localizedMessage": "string"
      }
    ],
    "localizedMessage": "string"
  }
}

{
  "errors": [
    {
      "code": "errors.insufficientRightsFunction",
      "message": "Permission denied: Caller does not have the required right 'AccessControl.CredentialView' to perform this action"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.combinedDataroomDenied",
      "message": "Permission denied: AccessControl.CredentialView"
    }
  ]
}

Referenced resource not found

application/json

Schema
Example (from schema)
Client not found
User not found
OTP credential not found

Schema

errors ErrorMessageDTO[]

A list of error messages describing the error(s) that occurred.

Array [

identifier object

The identifier of the entity related to the error, only used in certain error cases for BULK actions.

oneOf

CredentialExtIdIdentifierDTO
FidoUafIdentifier

clientExtId string

The external identifier of the client.

userExtId string

The external identifier of the user.

credentialExtId string

The external identifier of the credential.

code string

The error code identifying the type of error.

message string

A human-readable message providing more details about the error.

]

policyViolations PolicyViolationDTO[]

A list of policy violations that caused the error.

Array [

displayName string

The display name of the policy element that was violated.

configString string

The configuration string of the policy element that was violated.

suppliedValue string

The value that was supplied and caused the policy violation.

limitValue int32

The limit value defined in the policy element that was violated.

actualValue string

The actual value that caused the policy violation.

]

policyViolation PolicyElementViolation

cause object

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

element PolicyElement

displayName string

messageTag string

infoTag string

limitValue int32

configString string

suppliedValue string

actualvalue string

description string

message string

suppressed object[]

Array [

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

]

localizedMessage string

{
  "errors": [
    {
      "code": "errors.fatalError",
      "message": "The user with the given external ID was not found."
    }
  ],
  "policyViolations": [
    {
      "displayName": "string",
      "configString": "string",
      "suppliedValue": "4",
      "limitValue": 3,
      "actualValue": "5"
    }
  ],
  "policyViolation": {
    "cause": {
      "stackTrace": [
        {
          "classLoaderName": "string",
          "moduleName": "string",
          "moduleVersion": "string",
          "methodName": "string",
          "fileName": "string",
          "lineNumber": 0,
          "className": "string",
          "nativeMethod": true
        }
      ],
      "message": "string",
      "localizedMessage": "string"
    },
    "stackTrace": [
      {
        "classLoaderName": "string",
        "moduleName": "string",
        "moduleVersion": "string",
        "methodName": "string",
        "fileName": "string",
        "lineNumber": 0,
        "className": "string",
        "nativeMethod": true
      }
    ],
    "element": {
      "displayName": "string",
      "messageTag": "string",
      "infoTag": "string",
      "limitValue": 0,
      "configString": "string"
    },
    "suppliedValue": "string",
    "actualvalue": "string",
    "description": "string",
    "message": "string",
    "suppressed": [
      {
        "stackTrace": [
          {
            "classLoaderName": "string",
            "moduleName": "string",
            "moduleVersion": "string",
            "methodName": "string",
            "fileName": "string",
            "lineNumber": 0,
            "className": "string",
            "nativeMethod": true
          }
        ],
        "message": "string",
        "localizedMessage": "string"
      }
    ],
    "localizedMessage": "string"
  }
}

{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "Client doesn't exist with extId 'client-123'"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "A user with extId 'user-123' doesn't exist on client with name Default"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "OTP Card credential with the extId otp-123 does not exist under the user user-123"
    }
  ]
}

Get an OTP credential

/nevisidm/api/core/v1/:clientExtId/users/:userExtId/otp-credentials/:extId

Request​

Path Parameters

Responses​

Request

Responses