Strong Authentication

Onboard a known mobile.Deprecated

Onboard an end-user device (with its endpointID) as a second factor to enable Strong Customer Authentication (SCA).

This operation can be retried as long as no factor has not yet been validated.

SecurityLinkcy-Auth
Request
Request Body schema: application/json
required
endpointId
required
string

The identifier of the SCA device you want to enroll. It is defined in the SCA SDK as endpointID.

factor
string
Default: "BIOMETRY"

Choose a factor to enroll, you will be able to enroll an other one later.

Enum: "BIOMETRY" "PIN"
strategy
string (Strategy)
Default: "PUSH_NOTIFICATION"

Whether you want to receive a PUSH_NOTIFICATION on the device or get a JOIN_CODE to join the interaction through your own channel.

Enum: "PUSH_NOTIFICATION" "DATA_SIGNING"
endUserId
string <uuid>

The end-user id if requesting as a partner, else ignored.

Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

409

Conflict

post/api/partner/sca
Request samples
application/json
{
  • "endpointId": "string",
  • "factor": "BIOMETRY",
  • "strategy": "PUSH_NOTIFICATION",
  • "endUserId": "120e9d1f-8444-4b91-85e8-5b208615a3e5"
}
Response samples
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "endpointId": "string",
  • "joinCode": "0907af4a-d224-4ddb-a7ab-11c52f9fed47"
}

Deprecated: reset the SCA device of a userDeprecated

Reset the SCA device of an end-user in order to enroll a new one. Only available with a partner bearer, this should not be automated directly to end-users.

This endpoint is deprecated, please use the new one instead.

SecurityLinkcy-Auth
Request
Request Body schema: application/json
required
endUserId
string <uuid>

Mandatory if not authenticated as end-user

Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

409

Conflict

delete/api/partner/sca
Request samples
application/json
{
  • "endUserId": "120e9d1f-8444-4b91-85e8-5b208615a3e5"
}
Response samples
application/json
{
  • "details": [
    ],
  • "errorCode": "END_USER_NOT_FOUND",
  • "error": "linkcy.bad.request",
  • "status": 400,
  • "timestamp": "2025-08-11T13:33:11.634018313Z"
}

Deprecated: add an authentication FactorDeprecated

On an already onboarded device. You can choose to update or add a factor (Biometry/PIN).

At least one factor must be already enrolled. You can use this endpoint to change an user PIN.

This endpoint is deprecated, please use the new one instead.

SecurityLinkcy-Auth
Request
Request Body schema: application/json
required
factor
required
string

Choose a factor to enroll, you will be able to enroll an other one later.

Enum: "BIOMETRY" "PIN"
strategy
string (Strategy)
Default: "PUSH_NOTIFICATION"

Whether you want to receive a PUSH_NOTIFICATION on the device or get a JOIN_CODE to join the interaction through your own channel.

Enum: "PUSH_NOTIFICATION" "DATA_SIGNING"
endUserId
string <uuid>

The end-user id if requesting as a partner, else ignored.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

409

Conflict

patch/api/partner/sca
Request samples
application/json
{
  • "factor": "BIOMETRY",
  • "strategy": "PUSH_NOTIFICATION",
  • "endUserId": "120e9d1f-8444-4b91-85e8-5b208615a3e5"
}
Response samples
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "endpointId": "string",
  • "joinCode": "0907af4a-d224-4ddb-a7ab-11c52f9fed47",
  • "ttl": "PT10M"
}

Activate a device

Activate the previously registered device in order to finalise the registration.

SecurityLinkcy-Auth
Request
path Parameters
scaDeviceId
required
string <uuid>
Responses
204

SCA device is being activated

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict

post/api/partner/sca/{scaDeviceId}/activate
Request samples
Response samples
application/json
{
  • "status": 400,
  • "details": [
    ],
  • "error": "linkcy.bad.request",
  • "timestamp": "2019-08-24T14:15:22Z"
}

Register a device

Register a device for an end user as a second factor to enable Strong Customer Authentication (SCA).

This operation might require SCA.

SecurityLinkcy-Auth
Request
path Parameters
endUserId
required
string <uuid>
header Parameters
Linkcy-SCA-Strategy
string
Default: PUSH_NOTIFICATION

The strategy to use when a SCA is required:

More information:
  • PUSH_NOTIFICATION: will send a notification if the SCA is required.
  • DATA_SIGNING: Linkcy-SCA-Signature header must contain signature provided by PowerAuth Mobile SDK on registered device.
  • BY_PASS: Sandbox only - will ignore any SCA if used.
Enum: "PUSH_NOTIFICATION" "DATA_SIGNING" "BY_PASS"
Linkcy-SCA-Signature
string

The signature that needs to be validated, it is generated from data signing.

More information:
  • Signature will be verified against wultra.
  • Operation will be denied if signature is not valide.
  • Avoid creating multiple signature at same time for the same registration.
  • Signature TTL is 30 sec.
Responses
201

SCA device registered

202

Waiting SCA

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict

post/api/partner/sca/{endUserId}
Request samples
Response samples
application/json
{
  • "scaDeviceId": "d791c6b4-56ca-4e8c-b392-93c03b92b30b",
  • "activationQrCodeData": "string",
  • "activationCode": "string",
  • "activationCodeSignature": "string"
}

Onboard an unknown mobile with QR codeDeprecated

Get a QR code to onboard a device as a second factor to enable Strong Customer Authentication (SCA).

This operation can be retried as long as no factor has not yet been validated.

Only one QR_CODE will be active by user. Asking for a knew one will deactivate previous ones.

SecurityLinkcy-Auth
Request
Request Body schema: application/json
required
endUserId
string <uuid>

The end-user id if requesting as a partner, else ignored.

Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

409

Conflict

post/api/partner/sca/qr-codes
Request samples
application/json
{
  • "endUserId": "120e9d1f-8444-4b91-85e8-5b208615a3e5"
}
Response samples
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "qrCode": "string",
  • "joinCode": "string",
  • "ttl": "PT10M"
}

Delete a device

Delete the registration of an end-user device.

This operation is restricted to partner bearer tokens and should not be exposed directly to end-users.

SecurityLinkcy-Auth
Request
path Parameters
scaDeviceId
required
string <uuid>
Responses
204

SCA device deleted

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict

delete/api/partner/sca/{scaDeviceId}
Request samples
Response samples
application/json
{
  • "status": 400,
  • "details": [
    ],
  • "error": "linkcy.bad.request",
  • "timestamp": "2019-08-24T14:15:22Z"
}

Add an authentication FactorDeprecated

On an already onboarded device. You can choose to update or add a factor (Biometry/PIN).

At least one factor must be already enrolled. You can use this endpoint to change an user PIN.

SecurityLinkcy-Auth
Request
path Parameters
scaDeviceId
required
string <uuid>
Request Body schema: application/json
required
factor
required
string

Choose a factor to enroll, you will be able to enroll an other one later.

Enum: "BIOMETRY" "PIN"
strategy
string (Strategy)
Default: "PUSH_NOTIFICATION"

Whether you want to receive a PUSH_NOTIFICATION on the device or get a JOIN_CODE to join the interaction through your own channel.

Enum: "PUSH_NOTIFICATION" "DATA_SIGNING"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict

patch/api/partner/sca/{scaDeviceId}
Request samples
application/json
{
  • "factor": "BIOMETRY",
  • "strategy": "PUSH_NOTIFICATION"
}
Response samples
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "endpointId": "string",
  • "joinCode": "0907af4a-d224-4ddb-a7ab-11c52f9fed47",
  • "ttl": "PT10M"
}