{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"a77d5cfb-f56a-48c9-9002-7e27597280e3","name":"One Tap Login","description":"\"\"\n\n# Overview\n\nThis API document highlights the steps using which Businesses can integrate Bureau’s One-Tap Login solution for their Customers. The fundamental idea behind this product is to enable a smooth, SMS based One-time Password (OTP) less user journey that can help businesses verify the mobile phone number of their customers.\n\n# Enabling One Tap Login\n\nFor the best user experience, it’s recommended that this API integration is done at a user sign-up or login page, where a user is asked to enter their respective phone number to receive an OTP for verification.\n\nBusinesses can integrate Bureau’s One-Tap login on the following platforms:\n\n1. Android & iOS App: This can be completed using Bureau’s Mobile SDKs\n2. Mobile Web Browser: This is supported via Bureau’s API Integration & React SDK\n \n\n_Note: One-Tap login functionality is currently not supported on Desktop Browsers_\n\n# Product Flow\n\n\"\"\n\n\"\"\n\n# API Integration\n\n\"\"\n\nThe API integration is agnostic to application and platform in question and can easily enable Businesses to power the One-tap login product. This shall require integration for 2 APIs:\n\n1. [Initiate Authentication](https://documenter.getpostman.com/view/13883930/TWDUqddC#6713b73f-0e7f-468a-aada-96b13c6a1f53)\n 1. This API helps in passing Session ID and User contact number to the Bureau.\n2. [Access User Information](https://documenter.getpostman.com/view/13883930/TWDUqddC#dc3c429f-e14b-499a-a964-31faa0d59c20)\n 1. This API helps in retrieving the verification request result\n 2. Apart from GET, the result can also be retrieved via Webhook, URL for the same can be passed in the GET /initiate call\n\n## Using the API\n\nThe API works by redirecting the request to the telecom authentication gateway. \nIt is processed in 2 parts. Initially, we process it to check whether the request originates from the IP address & mobile number belonging to a carrier we support. If it does not, we fail it fast using error codes. You can check for the http status code in 400 or 500 to detect an error. If it does belong to a supported carrier, the response is controlled by respective telco gateways.\n\nSo you can process output to check if the http status code is in 200 series and, if yes, ignore the output. If the HTTP status code is 400 or 500 series, you can treat the authentication as non-serviceable and proceed with the backup.\n\n# Testing One Tap Login\n\nTesting in Sandbox\n\n_Sandbox URL:_ [_https://api.sandbox.bureau.id/v2/auth_](https://api.sandbox.bureau.id/v2/auth)\n\nFor simulating silent authentication in sandbox, you can use any of the following phone numbers:\n\n- 779999999999\n- 779999999998\n- 779999999997\n- 779999999996\n- 779999999995\n- 779999999994\n- 779999999993\n- 779999999992\n- 779999999991\n- 779999999990\n \n\n1. For simulating the failure case, you can use any other phone number with prefix 77 except the ones mentioned above.\n2. For simulating silent authentication with scope as share in sandbox, you can use ZZ as the country code.\n \n\n# Frequently Asked Questions\n\n## What is One Tap Login?\n\nBureau Phone Number Verification is a turnkey API product for mobile phone number verification. It confirms the ownership of a mobile phone number by verifying the possession of an active SIM card with the same number. A mobile data session is created to a unique URL for the purpose of this verification. Bureau then resolves a match between the phone number that the mobile network operator identifies as the owner of the mobile data session, and the phone number being verified.\n\n## How does One Tap Login Solution work?\n\nWhenever anyone uses their mobile phone to make a phone call, send a text, or to access the internet, the provisioning mobile network operator has to first ascertain their identity. This is done through strong, cryptographic checks between the mobile operator and the SIM card in a user's mobile phone.\n\nBureau leverages the identity that the carrier has established to verify if the provided credentials (phone number and SIM card) match. Only a valid, active SIM card can thus be identified by the carrier, thereby providing proof of possession of the phone number.\n\nHere's how mobile phone number verification works through Bureau:\n\n1. Your end-users submit their phone number through your mobile user interface. (This step is independent of Bureau and identical to any other mobile phone number verification flow.)\n2. You make the first API request (initiate) to initiate a verification request with the phone number.\n3. We verify with the mobile operator whether the mobile data session established for this request belongs to the same phone number as provided earlier.\n4. You can then make a request to check the result of the verification, to see whether the phone number provided in Step 1 was a successful match for the SIM card the user is using.\n \n\nThe same steps may be repeated anytime you wish to re-verify a returning user.\n\n## Best Practices\n\nFor the sake of efficiency and best possible user experience it will be preferable for an application to use the mobile network data connection and on-net authorization where possible. Use Https for all requests.\n\n### Pop-Up Blocker\n\nWe recommend developers do everything they can to avoid pop-up blockers. \nPop-up blockers do not block if the action of a button, or link is a direct window.open() and users will not need to disable pop-up blockers in their browsers\n\nThat means by way of example:\n\n`[![](/gf/change.gif)](“/gf?profileSetup4=1®Id=0target=“changeMealItem\")`\n\nIf window.open() is called in a success callback, or from a timer function for example, the browser is not opening a window as a result of a user action, but as a result of some programmatic activity - that’s when browsers block pop-ups\n\nE.g., if you are using ajax to invoke APIs from web client, then set attribute ‘async’ to ‘false’ as illustrated below:\n\n`$.ajax({ url : url, type: 'GET', success : xxxxxxx, error : xxxxxxx, async: false })`\n\nSetting async to false will not let the flow break between when the user clicks the login-button (when discovery API gets invoked) and when authorize API is hit programmatically on the basis of discovery response.\n\n### Webview for native apps\n\nDevelopers building native apps can process callbacks with webviews. \nWebviews do not have to fill the entire screen – they can be simple 1 x 1 pixel views, where implementation is transparent to the user.\n\n# Relevant Links: Android SDK, Web & iOS Sample Apps\n\nEnabling One Tap Login on Android, IOS & Web Integrations. Please follow the below guidelines to ensure full coverage and handle wifi connected devices:\n\n## Android SDK Integration\n\n[Android SDK](https://github.com/Bureau-Inc/AndroidSDK)\n\nThe code below can be used to make Initialise call. It takes care of creating session using mobile data even if wifi is connected.\n\n```\nBureauAuth bureauAuth = new BureauAuth.Builder()\n .mode(BureauAuth.Mode.Sandbox)\n .clientId(\"Your Client Id\")\n .build();\n //Other Options in builder are\n //timeOutInMs - total timeout\n //callbackUrl \n\n```\n\n## IOS SDK Integration\n\n[iOS SDK](https://github.com/Bureau-Inc/IOS-SDK)\n\nFor Handling wifi connected devices, Please download the source code from link below and follow given steps to enable Mobile Network and create https session from Mobile Network. \n[Source Code Link](https://drive.google.com/drive/folders/1vp54qtORTyTdJcxEYH1QOYBSM_SU83Ug)\n\n1. Add the NetworkingLogic folder, which contains six files, to the project folder.\n2. Include #import \"HTTPRequester.h\" in the Swift bridging header file.\n3. Please use fireURL function to invoke initURL and finaliseURL.\n4. Please allow http redirects in your application.\n \n\n```\nlet bureauObj = BureauAuth.Builder()\n .setClientId(clientId: \"e72a4414-a416-4872-8eea-6b51d6cd96e1\")\n .build()\n //Other Options in builder are\n //setTimeout - total timeout in seconds\n //setCallBackUrl\n //mode - sandbox and production\n\n```\n\n## Sample React App\n\n[Github Page](https://github.com/Bureau-Inc/pinpoint-integration-examples)\n\nOn Execution of silentAuth function, backend call can be made to get status of authentication\n\n```\n//Input init URL & final URL\n//No callbacks wait for a second and then call userinfo\nfunction silentAuth(correlationId, mobileNum, clientIDKey) {\n var initURL = \"https://api.sandbox.bureau.id/v2/auth/initiate?clientId=CLIENTIDSTRING&correlationId=CORRELATIONIDSTRING&msisdn=MSISDNSTRING\"\n var init = new Image();\n init.onload = startComplete;\n init.onerror = startComplete;\n initURL = initURL.replace(\"CORRELATIONIDSTRING\", correlationId)\n initURL = initURL.replace(\"CLIENTIDSTRING\", clientIDKey)\n initURL = initURL.replace(\"MSISDNSTRING\", mobileNum)\n init.src = initURL;\n function startComplete() {\n //callbacks are possible here. \n console.log(\"Process Complete\")\n }\n}\n\n```\n\n# Error Codes\n\n
Http Status Code
Code
Message
Suggested Action
200
200101
User verification failed

200
200100
User verification failed since providers failed to verify
Assume Authentication Failed and Backup to OTP
200
200102
User's ip doesn't belong to any supported provider

200
200103
User's mobile doesn't belong to any supported provider

202
202100
Awaiting provider acknowledgement

400
400100
Required parameters are missing or invalid
Recheck the parameters
400
400101
Duplicate correlation id
Retry with a Different Correlation ID
400
400102
Previous requests were not fulfilled or ended in errors
Assume Authentication Failed and Backup to OTP
400
400103
Cannot associate the correlation id with a flow
Check if Integration flow is working properly. Contact Bureau support
400
400104
Illegal application state
Assume Authentication Failed and Backup to OTP
400
410100
Auth state is expired
Please re-initiate the auth flow
400
400105
Signals are empty or invalid
Check API docs
400
400106
Signals are invalid or template config is missing
Check API docs or contact Bureau support team
401
401100
Authorization parameters are missing or invalid
Check Authentication Parameters
500
500100
An internal error has occurred
Assume Authentication Failed and Backup to OTP
","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"13883930","collectionId":"a77d5cfb-f56a-48c9-9002-7e27597280e3","publishedId":"TWDUqddC","public":true,"publicUrl":"https://docs.onetaplogin.co","privateUrl":"https://go.postman.co/documentation/13883930-a77d5cfb-f56a-48c9-9002-7e27597280e3","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"documentationLayout":"classic-single-column","customisation":null,"version":"8.11.6","publishDate":"2021-03-04T10:30:24.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/768118b36f06c94b0306958b980558e6915839447e859fe16906e29d683976f0","favicon":"https://onetaplogin.co/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://docs.onetaplogin.co/view/metadata/TWDUqddC"}