Creating a safe cyber-space and ensuring proper cyber security is a joint responsibility, and our team here at UNLOQ is working hard to create the optimal multi-factor authentication product.
Companies can send push notifications on a user's mobile phone for approval before an action is performed. This can be used to protect sensitive actions on applications such as financial transactions or access to a different part of the application.
An authorization action defines how an authorization request will look and how the user will interact with it. You can create as many authorization actions as you wish for an application, by selecting the Authorizations tab under your application and clicking on the New authorization button
When creating an authorisation action, you can customize the following fields:
A preview on how the authorization request will look in the user's device is shown on the right side of the create form. You can also view all authorization actions of an application and what variables it may contain.
Both the title and the message of an authorisation action can contain variables that can be used in tandem with the authorisation endpoint. As an example, we have defined an action represented in the image below. Whenever we want to initiate an authorisation request using this action, we will also provide the name, user and date variables inside the POST data, to replace the variable name with its value.
Note: since authorisation requests should be unique both on your end and on our end, whenever you initiate one, we will ask for a reference code, resembling a foreign key and tying the authorisation's result with it.
The first thing you must do is to establish which actions your user performs that need to be protected against unwanted malicious intrusions and define the corresponding authorisation actions in UNLOQ's admin panel. You can personalise the notification message, security options and implement the API calls after reading our documentation.
Once you've established your application's sensitive actions, you can use them while calling the authorisation API endpoint. When you do so, a push notification will be sent to the user's device, describing the authorisation action and asking them to either approve or deny it.
If the user approves the authorisation request, an authorisation id will be generated and returned in the API's response. You can now safely execute your sensitive actions, knowing that the user has approved them.
A short node.js authorisation request based on the example action above can be viewed below:
const request = require('request'); request.post({ // URL contains the remove-log action code url: 'https://api-authenticator.iwelcome.com/v1/authorize/remove-log', // Our application's credentials headers: { 'Authorization': 'Bearer YOUR_API_KEY' }, form: { email: 'john@doe.com', // Specify to whom we send the request. Either this or an unloq_id reference: 'abc123', // The reference number of our own application name: 'Monday logs', // The log entry name to display in the notification's message user: 'Tim C', // The user that added the log entry date: 'May the 1st' // When the log entry was added } }, (err, res, body) => { var result = JSON.parse(body); console.log(result); // if result.error , an error occurred or the user denied the request }); // The displayed notification message would be: // Are you sure you want to remove log entry Monday Logs added by Tim C on May the 1st ?
Have a question? You can always send us an email at support@unloq.io, or contact us on chat.
For security related concerns, please visit our Security page.