Customer security configuration

This article presents the API methods for managing customer account security policies.

General settings

The general settings are collected under a single endpoint for your convenience.

Checking general settings

Method reference available here.

curl --location --request \
GET 'https://api.api.synerise.com/sauth/settings' \
--header 'Api-Version: 4.4' \
--header 'Authorization: Bearer eyJh6sNQ' 

The response is a list of settings:

{
    "confirmationMailSubject": "Confirm your account",
    "confirmationMailBody": "Click <a href=\"{{client_confirmation_link}}\" > here </a> to confirm your account",
    "confirmationMailTemplateId": null,
    "tokenLifetimeInSeconds": 3600,
    "confirmationRedirectLink": null,
    "passwordResetMailTemplateId": null,
    "passwordResetMailSubject": "Reset your password",
    "passwordResetMailBody": "Password reset token: {{password_reset_hash}}",
    "voucherPoolUuid": null,
    "registrationType": "AUTOMATIC",
    "allowOverwriteCustomIdentify": false
}

Updating general settings

Method reference available here.

WARNING: When updating the settings, send values for all settings. Any values that are not sent will be reset to default!
Before updating, you can check the current settings and copy the response into the request body, making modifications only to the settings that you want to change.
curl --location --request \
POST 'https://api.synerise.com/sauth/settings' \
--header 'Authorization: Bearer eyJ...hMpTw' \
--header 'Content-Type: application/json' \
--data-raw '{
    "confirmationMailSubject": "Confirm your account",
    "confirmationMailBody": "Click <a href=\"{{client_confirmation_link}}\" > here </a> to confirm your account",
    "confirmationMailTemplateId": null,
    "tokenLifetimeInSeconds": 1800,
    "confirmationRedirectLink": null,
    "passwordResetMailTemplateId": null,
    "passwordResetMailSubject": "Reset your password",
    "passwordResetMailBody": "Password reset token: {{password_reset_hash}}",
    "voucherPoolUuid": null,
    "registrationType": "AUTOMATIC",
    "allowOverwriteCustomIdentify": false
}'

The response returns the new settings.

Authorization settings

You can use third-party authentication mechanisms. See more in Customer authorization.

Checking OAuth settings

Method reference available here.

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth 
  --header 'authorization: Bearer eyJh...MpTw'

The response includes the current settings.

Updating OAuth settings

Method reference available here.

curl --request POST 
  --url https://api.synerise.com/sauth/settings/oauth 
  --header 'authorization: Bearer eyJ...hMpTw' 
  --header 'content-type: application/json' 
  --data '{
    "name": "self",
    "endpoint": "https://api.synerise.com/mockOauth",
    "headers": {
        "Accept": "application/json",
        "Authorization": "Bearer {{ token }}"
    },
    "mapping": {
        "firstname": "firstName",
        "phone": "phone",
        "id": "clientId",
        "email": "email",
        "lastname": "lastName"
    },
    "mappedExternal": true
}'

The response includes the new settings.

Checking Sign in with Apple settings

Method reference available here.

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth/apple 
  --header 'authorization: Bearer eyJh...MpTw'

The response includes the current settings.

Updating Sign in with Apple settings

Method reference available here.

curl --request POST 
  --url https://api.synerise.com/sauth/settings/oauth 
  --header 'authorization: Bearer eyJ...hMpTw' 
  --header 'content-type: application/json' 
  --data '{
    "enabled": true,
    "bundle": "bundleName"
}'

The response includes the new settings.

Password policy

You can enforce the length of passwords and the kind of characters they must include.

Checking password policy settings

Method reference available here.

curl --request GET 
  --url https://api.synerise.com/sauth/settings/password-policy 
  --header 'authorization: Bearer eyJ...hMpTw'

The response includes the current settings.

Updating password policy settings

Method reference available here.

curl --location --request \
POST 'https://api.synerise.com/sauth/settings/password-policy' \
--header 'Authorization: Bearer eyJhb...jzcU' \
--header 'Content-Type: application/json' \
--data-raw '{
    "requireAtLeastOneUppercaseLetter": true,
    "requireAtLeastOneLowercaseLetter": true,
    "requireAtLeastOneNumber": true,
    "requireAtLeastOneNonAlphaNumericCharacter": true,
    "minLength": 6,
    "maxLength": 255
}'

Bans

Bans allow you to limit or block access after a number of unsuccessful log in attempts.

Checking ban settings

Method reference available here.

curl --request GET 
  --url https://api.synerise.com/sauth/settings/ban 
  --header 'authorization: Bearer eyJ...hMpTw'

Updating ban settings

Method reference available here.

curl --request POST 
  --url https://api.synerise.com/sauth/settings/ban 
  --header 'authorization: Bearer eyJ...hMpTw' 
  --header 'content-type: application/json' 
  --data '{
        "blockingForClientEnabled": true,
        "firstBanCollectingTime": 60,
        "firstBanThreshold": 3,
        "firstBanDuration": 300,
        "secondBanCollectingTime": 1200,
        "secondBanThreshold": 10,
        "secondBanDuration": 1800,
        "permanentBanCollectingTime": 86400,
        "permanentBanThreshold": 15,
        "permanentBanDuration": 31556926
}'

The response includes the new settings.

Device authorization

You can allow customers to control access from unknown devices. To authorize devices, see Customer devices.

Checking device authorization settings

Method reference available here.

curl --request GET 
  --url https://api.synerise.com/sauth/settings/device-control 
  --header 'authorization: Bearer eyJ...hMpTw'

Updating device authorization settings

Method reference available here.

curl --request POST 
  --url https://api.synerise.com/sauth/settings/device-control 
  --header 'authorization: Bearer eyJ...hMpTw' 
  --header 'content-type: application/json' 
  --data '{
        "deviceControlMode": "ON",
        "hardMailTitle": "New sign-in attempt to your account",
        "hardMailBody": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n    <meta charset=\"UTF-8\">\n</head>\n<body>\n\n<pre>\n\nHello,\n\nWe have noticed new sign-in attempt to your account from device we do not recognise.\n\nIP: {{ ip }}\nCountry: {{ country }}\n\nTime: {{ login_time }}\n\nIf it's you who signed-in from new device please confirm by clicking below link\n    <a href=\"{{ device_control_url }}\">{{ device_control_url }}</a>\n\n    But if you do not recognise this sign-in attempt, we recommend you to change your password from within the App and also check if your email haven't been part os known password leaks, you can do that through <a href=\"https://haveibeenpwned.com/\">https://haveibeenpwned.com/</a> or <a href=\"https://monitor.firefox.com/\">https://monitor.firefox.com/</a>.\nIn case you noticed that there are results related to you on either of these sites please review your passwords across all of the online services you use.\n\nAll the best,\nSynerise Team\n</pre>\n</body>\n</html>",
        "hardTemplateId": null,
        "softMailTitle": "New sign-in to your account",
        "softMailBody": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n    <meta charset=\"UTF-8\">\n</head>\n<body>\n\n<pre>\n\nHello,\n\nWe have noticed a sign-in to your account from the following location.\n\nIP: {{ ip }}\nCountry: {{ country }}\n\nTime: {{ login_time }}\n\n\nBut if you do not recognise this sign-in attempt, we recommend you to change your password from within the App and also check if your email haven't been part os known password leaks, you can do that through <a href=\"https://haveibeenpwned.com/\">https://haveibeenpwned.com/</a> or <a href=\"https://monitor.firefox.com/\">https://monitor.firefox.com/</a>.\nIn case you find results related to you on either of these sites, we strongly recommend to review your passwords across all of the online services you use.\n\nAll the best,\nSynerise Team\n</pre>\n</body>\n</html>",
        "softTemplateId": null
    }'

The response includes the new settings.

Email change

These settings affect the message that a customer receives when they want to change their email address.

Checking email change settings

Method reference available here.

curl --request GET 
  --url https://api.synerise.com/sauth/settings/email-change 
  --header 'authorization: Bearer eyJ...hMpTw'

Updating email change settings

Method reference available here.

curl --request POST 
  --url https://api.synerise.com/sauth/settings/email-change 
  --header 'authorization: Bearer eyJ...hMpTw' 
  --header 'content-type: application/json' 
  --data '{
        "clientEmailChangeRequestMailSubject": "Confirm your mail",
        "clientEmailChangeRequestMailBody": "To confirm your mail click <a href=\"{{client_email_change_url}}\" > here </a>",
        "clientEmailChangeRequestMailTemplateId": null,
        "clientEmailChangeNotificationMailSubject": "Your email is going to be changed",
        "clientEmailChangeNotificationMailBody": "You are going to change your mail for {{new_email}}. If it is not you please change your password as soon as possible.",
        "clientEmailChangeNotificationMailTemplateId": null
    }'

The response includes the new settings.

😕

We are sorry to hear that

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.

😉

Awesome!

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.