Quado API (1.0.0)

Quado API Support: contact@quado.io URL: http://quado.io License: Quado, Inc. Terms of Service

Introduction

This document describes the Quado API, which is meant to be used by Relying Party or trusted parties performing administrative tasks.

Quado has acquired FIDO universal server certification, which supports the full range of FIDO authentications (FIDO2, UAF and U2F). You can select any type of FIDO specification your service is required.

Overview

You need a valid API Key to send requests to the API endpoints. You can get your key from the Quado management console.
The Quado API will only respond to secured communication done over HTTPS.
Response to every request is sent in JSON format. In case the API request results in an error, it is represented by an "error_message": "error detail" key in the JSON response.
The request method (verb) determines the nature of action you intend to perform. A request made using the GET method implies that you want to fetch something from Quado, and POST implies you want to save something new to Quado.
The API calls will respond with appropriate HTTP status codes for all requests. A 2XX indicates all went well, while 4XX or 5XX response codes indicate an error from the requesting client or our API servers respectively.
Every API response have unique transaction id in x-transaction-id header. You can search API logs by this id from Quado management console.

Authentication

An API Key is required to be sent as part of every request to the Quado API, in the form of an X-Api-Key request header.

If you do not have an API key, you can easily generate one from Quado management console.

An API Key tells our API server that the request it received came from you. Everything that you have access to in Quado FIDO server is accessible with an API Key that is generated by you.

Security Scheme Type	API Key
Header parameter name:	X-Api-Key

API Key related error response

If an API Key is missing, malformed, or invalid, you will receive a 401 Unauthorised response code and the following JSON response:

{
  "transaction_id":"bbf8b012-5f1f-4da9-996a-6211b6a668fb",
  "status_code":401,
  "error_message":"API key is invalid.",
  "error_code":"010000"
}

Sample code

You can find FIDO2 sample code from url below for understanding how to integrate Quado API in your service. UAF and U2F sample code are comming soon.

FIDO2

Quick start

https://doc.quado.io/quick_start.

An example integration for Node in the Express framework.

https://github.com/quado-developer/quado-webauthn-express-sample.

Support

For help regarding accessing the Quado API, feel free to ask us at contact@quado.io. In the event you receive a 503 response from our servers, it implies that we have hit an unexpected spike in API access traffic and would usually be operational within the next 5 minutes. If the outage persists, or your receive any other form of 5XX error, kindly let us know.

FIDO2 registrations

Create public key credential creation options

post /webauthn/api/v1/registrations

https://api.quado.io/webauthn/api/v1/registrations

Your application can call navigator.credentials.create() with the fido_request field of the response this API.

Authorizations:

API key header

Request Body schema: application/json

uid required	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ The user handle of the user account entity.
params required	object FIDO related parameters.

Responses

201

Public key credential creation options was created.

Response Schema: application/json

fido_request

object

Public key credential creation options.

Find more info here.

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"uid": "01234567-89ab-cdef-0123-456789abcdef",
"params": 
{"user": 
{"name": "taro@example.com",
"displayName": "Taro Yamada"
},
"authenticatorSelection": 
{"authenticatorAttachment": "platform",
"userVerification": "required",
"requireResidentKey": false
},
"timeout": 10000,
"attestation": "none"
}
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"fido_request": 
{"rp": 
{"id": "sample.quado.io",
"name": "sample RP",
"icon": "https://icon.quado.io"
},
"user": 
{"id": "ZmQ3NGQ2OGYtMWZjMS00M2JmLTlmZWItNjYzMDM2MzY0YTc5",
"name": "taro@example.com",
"displayName": "Taro Yamada"
},
"challenge": "jeEqnJHJtkE09My8HfdFhBRL_QYB6emUfSuCvJmh3aA",
"pubKeyCredParams": 
[
{"type": "public-key",
"alg": -7
}
],
"excludeCredentials": 
[
{"type": "public-key",
"id": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"transports": 
["usb"
]
}
],
"authenticatorSelection": 
{"authenticatorAttachment": "platform",
"userVerification": "required",
"requireResidentKey": false
},
"timeout": 10000,
"attestation": "none",
"extensions": null
}
}

Register new credential

patch /webauthn/api/v1/registrations

https://api.quado.io/webauthn/api/v1/registrations

In order to complete registration of a new credential, your application need to send AuthenticatorAttestationResponse generated by calling navigator.credentials.create().

Authorizations:

API key header

Request Body schema: application/json

fido_response

required

object

These fields can be generated by navigator.credentials.create().

Find more info here.

Responses

201

Registration succeeded.

Response Schema: application/json

uid	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ The user handle of the user account entity.
key_info	object (FIDO2_KeyInfo) Registered key information

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"fido_response": 
{"id": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"rawId": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"type": "public-key",
"response": 
{"clientDataJSON": "eyJjaGFsbGVuZ2UiOiJRMW92NFdITC1JbFlhLURaczRWdkkxOGczVHRUV2RFQk9Xd0RLOFVaSUpjIiwib3JpZ2luIjoiaHR0cHM6Ly9kZW1vLnF1YWRvLmlvIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9",
"attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEE4Mf1Uogz5Gwtvu4tANTrL1cSUjdn5CvDL8Kk18IGJNBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQILe30T0EUEzhGS2SfOZqi54QaCvxGR_tHdnTakAt8JBVfllU9am3ixxPwUmTA2X_1kfHylKmsNI688bjdrsvHelAQIDJiABIVggeBTJs7i_q46eeLNBidDkxjN7ZQXgg2EJbjws4zAiADMiWCDyJ7EtQOfYVc6YMNzuDPKlWEzmXlaEdnSM_pJJzGotLA"
},
"getClientExtensionResults": { }
}
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"uid": "01234567-89ab-cdef-0123-456789abcdef",
"key_info": 
{"id": "01234567-89ab-cdef-0123-456789abcdef",
"counter": 10,
"aaguid": "01234567-89ab-cdef-0123-456789abcdef",
"credential_id": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"attestation_type": "none",
"attestation_format": "None",
"created_at": "2020-01-08T20:11:17.703Z",
"updated_at": "2020-01-08T20:11:17.703Z"
}
}

FIDO2 authentications

Create public key credential request options

post /webauthn/api/v1/authentications

https://api.quado.io/webauthn/api/v1/authentications

Your application can call navigator.credentials.get() with the fido_request field of the response this API.

Authorizations:

API key header

Request Body schema: application/json

uid required	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ The user handle of the user account entity.
params required	object FIDO related parameters.

Responses

201

Public key credential request options was created.

Response Schema: application/json

fido_request

object

Public key credential creation options.

Find more info here.

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"uid": "01234567-89ab-cdef-0123-456789abcdef",
"params": 
{"userVerification": "required",
"timeout": 10000,
"extensions": null
}
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"fido_request": 
{"challenge": "jeEqnJHJtkE09My8HfdFhBRL_QYB6emUfSuCvJmh3aA",
"timeout": 10000,
"rpId": "sample.quado.io",
"allowCredentials": 
[
{"type": "public-key",
"id": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"transports": 
["usb"
]
}
],
"userVerification": "required",
"extensions": null
}
}

Authenticate

patch /webauthn/api/v1/authentications

https://api.quado.io/webauthn/api/v1/authentications

In order to complete authentication, your application need to send AuthenticatorAssertionResponse generated by calling navigator.credentials.get().

Authorizations:

API key header

Request Body schema: application/json

fido_response

required

object

These fields can be generated by navigator.credentials.get().

Find more info here.

Responses

201

Authentication succeeded.

Response Schema: application/json

uid	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ The user handle of the user account entity.
key_info	object (FIDO2_KeyInfo) Registered key information

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"fido_response": 
{"id": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"rawId": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"type": "public-key",
"response": 
{"clientDataJSON": "eyJjaGFsbGVuZ2UiOiJRMW92NFdITC1JbFlhLURaczRWdkkxOGczVHRUV2RFQk9Xd0RLOFVaSUpjIiwib3JpZ2luIjoiaHR0cHM6Ly9kZW1vLnF1YWRvLmlvIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9",
"authenticatorData": "E4Mf1Uogz5Gwtvu4tANTrL1cSUjdn5CvDL8Kk18IGJMFAAALIw",
"signature": "MEUCIQDDR13lUTSVhFdk_ueQBgBgYSOjc8vwVEiiTkyuFx",
"userHandle": null
},
"getClientExtensionResults": { }
}
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"uid": "01234567-89ab-cdef-0123-456789abcdef",
"key_info": 
{"id": "01234567-89ab-cdef-0123-456789abcdef",
"counter": 10,
"aaguid": "01234567-89ab-cdef-0123-456789abcdef",
"credential_id": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"attestation_type": "none",
"attestation_format": "None",
"created_at": "2020-01-08T20:11:17.703Z",
"updated_at": "2020-01-08T20:11:17.703Z"
}
}

User management

Get user list

get /{service}/api/v1/users

https://api.quado.io/{service}/api/v1/users

Authorizations:

API key header

path Parameters

service

required

string (Service)

Enum: "webauthn" "uaf" "u2f"

Example: webauthn

This parameter specify a service which you would manage:

webauthn - FIDO2
uaf - UAF
u2f - U2F

query Parameters

page	integer >= 0 Default: 0 The collection items offset.
size	integer [ 20 .. 100 ] Default: 20 The collection items limit.

Responses

200

User list.

Response Schema: application/json

Array

uid	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ The user handle of the user account entity.
created_at	string The time user is registered.
updated_at	string The time user is updated.

Response samples

Content type

application/json

Copy

Expand all Collapse all


[
{"uid": "01234567-89ab-cdef-0123-456789abcdef",
"created_at": "2020-01-08T20:11:17.703Z",
"updated_at": "2020-01-08T20:11:17.703Z"
}
]

Get a user information

get /{service}/api/v1/users/{uid}

https://api.quado.io/{service}/api/v1/users/{uid}

Authorizations:

API key header

path Parameters

service required	string (Service) Enum: "webauthn" "uaf" "u2f" Example: webauthn This parameter specify a service which you would manage: `webauthn` - FIDO2 `uaf` - UAF `u2f` - U2F
uid required	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ Example: 01234567-89ab-cdef-0123-456789abcdef The user handle of the user account entity.

Responses

200

User information.

Response Schema: application/json

uid	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ The user handle of the user account entity.
created_at	string The time user is registered.
updated_at	string The time user is updated.

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"uid": "01234567-89ab-cdef-0123-456789abcdef",
"created_at": "2020-01-08T20:11:17.703Z",
"updated_at": "2020-01-08T20:11:17.703Z"
}

Delete a user

delete /{service}/api/v1/users/{uid}

https://api.quado.io/{service}/api/v1/users/{uid}

Authorizations:

API key header

path Parameters

service required	string (Service) Enum: "webauthn" "uaf" "u2f" Example: webauthn This parameter specify a service which you would manage: `webauthn` - FIDO2 `uaf` - UAF `u2f` - U2F
uid required	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ Example: 01234567-89ab-cdef-0123-456789abcdef The user handle of the user account entity.

Responses

204

Successful operation

Key management

Get user's key list

get /{service}/api/v1/users/{uid}/registered_keys

https://api.quado.io/{service}/api/v1/users/{uid}/registered_keys

Authorizations:

API key header

path Parameters

service required	string (Service) Enum: "webauthn" "uaf" "u2f" Example: webauthn This parameter specify a service which you would manage: `webauthn` - FIDO2 `uaf` - UAF `u2f` - U2F
uid required	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ Example: 01234567-89ab-cdef-0123-456789abcdef The user handle of the user account entity.

query Parameters

page	integer >= 0 Default: 0 The collection items offset.
size	integer [ 20 .. 100 ] Default: 20 The collection items limit.

Responses

200

User's key list

Response Schema: application/json

Array

One of

FIDO2
UAF
U2F

user_id	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ The user handle of the user account entity.
id	string (KeyId) The key handle of the registered key entity.
counter	integer (signatureCounter) The counter is incremented for each successful authenticatorGetAssertion operation.
aaguid	string (aaguid) The AAGUID of the authenticator.
credential_id	string (CredentialId) The credential's identifier.
attestation_type	string (AttestationConveyancePreference) Enum: "none" "indirect" "direct" Relying Parties may use AttestationConveyancePreference to specify their preference regarding attestation conveyance during credential generation. `none` - indicates that the Relying Party is not interested in authenticator attestation. `indirect` - indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation statements, but allows the client to decide how to obtain such attestation statements. `direct` - indicates that the Relying Party wants to receive the attestation statement as generated by the authenticator. Find more info here.
attestation_format	string (attestationFormat) Enum: "None" "Self" "Basic" "ECDAA" "AttCA" Attestation statement format.
created_at	string The time key is registered.
updated_at	string The time key is updated.

Response samples

Content type

application/json

Copy

Expand all Collapse all


[
{"user_id": "01234567-89ab-cdef-0123-456789abcdef",
"id": "01234567-89ab-cdef-0123-456789abcdef",
"counter": 10,
"aaguid": "01234567-89ab-cdef-0123-456789abcdef",
"credential_id": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"attestation_type": "none",
"attestation_format": "None",
"created_at": "2020-01-08T20:11:17.703Z",
"updated_at": "2020-01-08T20:11:17.703Z"
}
]

Get a key information

get /{service}/api/v1/users/{uid}/registered_keys/{id}

https://api.quado.io/{service}/api/v1/users/{uid}/registered_keys/{id}

Authorizations:

API key header

path Parameters

service required	string (Service) Enum: "webauthn" "uaf" "u2f" Example: webauthn This parameter specify a service which you would manage: `webauthn` - FIDO2 `uaf` - UAF `u2f` - U2F
uid required	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ Example: 01234567-89ab-cdef-0123-456789abcdef The user handle of the user account entity.
id required	string (KeyId) Example: 01234567-89ab-cdef-0123-456789abcdef The key handle of the registered key entity.

Responses

200

User's key information

Response Schema: application/json

One of

FIDO2
UAF
U2F

user_id	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ The user handle of the user account entity.
id	string (KeyId) The key handle of the registered key entity.
counter	integer (signatureCounter) The counter is incremented for each successful authenticatorGetAssertion operation.
aaguid	string (aaguid) The AAGUID of the authenticator.
credential_id	string (CredentialId) The credential's identifier.
attestation_type	string (AttestationConveyancePreference) Enum: "none" "indirect" "direct" Relying Parties may use AttestationConveyancePreference to specify their preference regarding attestation conveyance during credential generation. `none` - indicates that the Relying Party is not interested in authenticator attestation. `indirect` - indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation statements, but allows the client to decide how to obtain such attestation statements. `direct` - indicates that the Relying Party wants to receive the attestation statement as generated by the authenticator. Find more info here.
attestation_format	string (attestationFormat) Enum: "None" "Self" "Basic" "ECDAA" "AttCA" Attestation statement format.
created_at	string The time key is registered.
updated_at	string The time key is updated.

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"user_id": "01234567-89ab-cdef-0123-456789abcdef",
"id": "01234567-89ab-cdef-0123-456789abcdef",
"counter": 10,
"aaguid": "01234567-89ab-cdef-0123-456789abcdef",
"credential_id": "nz7n_XrFckSdjb78LriK9jf7YbZICGVXyQX8yyaX44v94roOcc01HK3B0tzW0uTl",
"attestation_type": "none",
"attestation_format": "None",
"created_at": "2020-01-08T20:11:17.703Z",
"updated_at": "2020-01-08T20:11:17.703Z"
}

Delete a registered key

delete /{service}/api/v1/users/{uid}/registered_keys/{id}

https://api.quado.io/{service}/api/v1/users/{uid}/registered_keys/{id}

Authorizations:

API key header

path Parameters

service required	string (Service) Enum: "webauthn" "uaf" "u2f" Example: webauthn This parameter specify a service which you would manage: `webauthn` - FIDO2 `uaf` - UAF `u2f` - U2F
uid required	string (Uid) [ 8 .. 256 ] characters /^[a-zA-Z0-9_-]+$/ Example: 01234567-89ab-cdef-0123-456789abcdef The user handle of the user account entity.
id required	string (KeyId) Example: 01234567-89ab-cdef-0123-456789abcdef The key handle of the registered key entity.

Responses

204

Successful operation