LinkCy
Powered by Redocly

Strong Authentication

Onboard a known mobile.Deprecated

Onboard an end-user device (with its endpointID) as a second factor to enable Strong Customer Authentication (SCA).

This operation can be retried as long as no factor has not yet been validated.

SecurityLinkcy-Auth
Request
Request Body schema: application/json
required
endpointId
required
string

The identifier of the SCA device you want to enroll. It is defined in the SCA SDK as endpointID.

factor
string
Default: "BIOMETRY"

Choose a factor to enroll, you will be able to enroll an other one later.

Enum: "BIOMETRY" "PIN"
strategy
string (Strategy)
Default: "PUSH_NOTIFICATION"

Whether you want to receive a PUSH_NOTIFICATION on the device or get a JOIN_CODE to join the interaction through your own channel.

Enum: "PUSH_NOTIFICATION" "DATA_SIGNING"
endUserId
string <uuid>

The end-user id if requesting as a partner, else ignored.

Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

409

Conflict

post/api/partner/sca
Request samples
application/json
{
  • "endpointId": "string",
  • "factor": "BIOMETRY",
  • "strategy": "PUSH_NOTIFICATION",
  • "endUserId": "120e9d1f-8444-4b91-85e8-5b208615a3e5"
}
Response samples
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "endpointId": "string",
  • "joinCode": "0907af4a-d224-4ddb-a7ab-11c52f9fed47"
}

Deprecated: reset the SCA device of a userDeprecated

Reset the SCA device of an end-user in order to enroll a new one. Only available with a partner bearer, this should not be automated directly to end-users.

This endpoint is deprecated, please use the new one instead.

SecurityLinkcy-Auth
Request
Request Body schema: application/json
required
endUserId
string <uuid>

Mandatory if not authenticated as end-user

Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

409

Conflict

delete/api/partner/sca
Request samples
application/json
{
  • "endUserId": "120e9d1f-8444-4b91-85e8-5b208615a3e5"
}
Response samples
application/json
{
  • "details": [
    ],
  • "errorCode": "END_USER_NOT_FOUND",
  • "error": "linkcy.bad.request",
  • "status": 400,
  • "timestamp": "2025-08-11T13:33:11.634018313Z"
}

Deprecated: add an authentication FactorDeprecated

On an already onboarded device. You can choose to update or add a factor (Biometry/PIN).

At least one factor must be already enrolled. You can use this endpoint to change an user PIN.

This endpoint is deprecated, please use the new one instead.

SecurityLinkcy-Auth
Request
Request Body schema: application/json
required
factor
required
string

Choose a factor to enroll, you will be able to enroll an other one later.

Enum: "BIOMETRY" "PIN"
strategy
string (Strategy)
Default: "PUSH_NOTIFICATION"

Whether you want to receive a PUSH_NOTIFICATION on the device or get a JOIN_CODE to join the interaction through your own channel.

Enum: "PUSH_NOTIFICATION" "DATA_SIGNING"
endUserId
string <uuid>

The end-user id if requesting as a partner, else ignored.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

409

Conflict

patch/api/partner/sca
Request samples
application/json
{
  • "factor": "BIOMETRY",
  • "strategy": "PUSH_NOTIFICATION",
  • "endUserId": "120e9d1f-8444-4b91-85e8-5b208615a3e5"
}
Response samples
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "endpointId": "string",
  • "joinCode": "0907af4a-d224-4ddb-a7ab-11c52f9fed47",
  • "ttl": "PT10M"
}

Activate a device

Activate the previously registered device in order to finalise the registration.

SecurityLinkcy-Auth
Request
path Parameters
scaDeviceId
required
string <uuid>
Responses
204

SCA device is being activated

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict

post/api/partner/sca/{scaDeviceId}/activate
Request samples 
Response samples 
application/json
{
  • "status": 400,
  • "details": [
    ],
  • "error": "linkcy.bad.request",
  • "timestamp": "2019-08-24T14:15:22Z"
}
Register a device
Register a device for an end user as a second factor to enable Strong Customer Authentication (SCA).


This operation might require SCA.


SecurityLinkcy-Auth 
Request 
path Parameters
endUserId
required
string <uuid> 
 
header Parameters
Linkcy-SCA-Strategy
string
 Default:  PUSH_NOTIFICATION
The strategy to use when a SCA is required:



More information:


    

  • PUSH_NOTIFICATION: will send a notification if the SCA is required.
    • 

  • DATA_SIGNING: Linkcy-SCA-Signature header must contain signature provided by PowerAuth Mobile SDK on registered device.
    • 

  • BY_PASS: Sandbox only - will ignore any SCA if used.



 Enum: "PUSH_NOTIFICATION" "DATA_SIGNING" "BY_PASS"  
Linkcy-SCA-Signature
string
The signature that needs to be validated, it is generated from data signing.



More information:


    

  • Signature will be verified against wultra.
    • 

  • Operation will be denied if signature is not valide.
    • 

  • Avoid creating multiple signature at same time for the same registration.
    • 

  • Signature TTL is 30 sec.



 
Responses 
201
SCA device registered


202
Waiting SCA


400
Bad Request


401
Unauthorized


403
Forbidden


404
Not Found


409
Conflict


post/api/partner/sca/{endUserId}
Request samples 
Response samples 
application/json
{
  • "scaDeviceId": "d791c6b4-56ca-4e8c-b392-93c03b92b30b",
  • "activationQrCodeData": "string",
  • "activationCode": "string",
  • "activationCodeSignature": "string"
}
Onboard an unknown mobile with QR codeDeprecated
Get a QR code to onboard a device as a second factor to enable Strong Customer Authentication (SCA).


This operation can be retried as long as no factor has not yet been validated. 


Only one QR_CODE will be active by user. Asking for a knew one will deactivate previous ones.


SecurityLinkcy-Auth 
Request 
Request Body schema: application/json
required
endUserId
string <uuid> 
The end-user id if requesting as a partner, else ignored.


 
Responses 
201
Created


400
Bad Request


401
Unauthorized


403
Forbidden


409
Conflict


post/api/partner/sca/qr-codes
Request samples 
application/json
{
  • "endUserId": "120e9d1f-8444-4b91-85e8-5b208615a3e5"
}
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "qrCode": "string",
  • "joinCode": "string",
  • "ttl": "PT10M"
}
Delete a device
Delete the registration of an end-user device.


This operation is restricted to partner bearer tokens and should not be exposed directly to end-users.


SecurityLinkcy-Auth 
Request 
path Parameters
scaDeviceId
required
string <uuid> 
 
Responses 
204
SCA device deleted


400
Bad Request


401
Unauthorized


403
Forbidden


404
Not Found


409
Conflict


delete/api/partner/sca/{scaDeviceId}
Request samples 
Response samples 
application/json
{
  • "status": 400,
  • "details": [
    ],
  • "error": "linkcy.bad.request",
  • "timestamp": "2019-08-24T14:15:22Z"
}
Add an authentication FactorDeprecated
On an already onboarded device. You can choose to update or add a factor (Biometry/PIN).


At least one factor must be already enrolled. You can use this endpoint to change an user PIN.


SecurityLinkcy-Auth 
Request 
path Parameters
scaDeviceId
required
string <uuid> 
 
Request Body schema: application/json
required
factor
required
string
Choose a factor to enroll, you will be able to enroll an other one later.


 Enum: "BIOMETRY" "PIN"  
strategy
string (Strategy) 
 Default:  "PUSH_NOTIFICATION"
Whether you want to receive a PUSH_NOTIFICATION on the device or get a JOIN_CODE to join the interaction through your own channel.


 Enum: "PUSH_NOTIFICATION" "DATA_SIGNING"  
Responses 
200
OK


400
Bad Request


401
Unauthorized


403
Forbidden


404
Not Found


409
Conflict


patch/api/partner/sca/{scaDeviceId}
Request samples 
application/json
{
  • "factor": "BIOMETRY",
  • "strategy": "PUSH_NOTIFICATION"
}
Response samples 
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "endpointId": "string",
  • "joinCode": "0907af4a-d224-4ddb-a7ab-11c52f9fed47",
  • "ttl": "PT10M"
}
➔ Next to Partner