Messente avatar logo

Two Step Verification

Verigator API Reference

API endpoint

Verigator API requests are made to following server:


Authentication is done by setting HTTP header "X-Service-Auth" to your Messente API username and password concatenated with semicolon like this:
X-Service-Auth: messente-api-username:messente-api-password

Request and response body

All request and response bodys for the API calls are JSON encoded strings according to the specification.

Response HTTP status codes

API call responses have status codes according to REST specifications.
Always set Accept and Content-Type headers to application/json as well.
Only 2XX response codes indicate successful response.

Example request

$ curl -X POST \
   --header 'Content-Type: application/json' \
   --header 'Accept: application/json' \
   --header 'X-Service-Auth: uXXwRLJOaCifV:oA5rVSvslkcoXK' \
   --data '{"method": "totp"}' \


Service endpoint allows you to handle your web application setup, add and and authenticate your users.

Registering your web service with Verigator API

When starting with Verigator API you will first need to register your Service to get a unique ServiceID, that will be later used to add and verify your users.

You may have multiple separate web services using the same Messente account, therefore you can create multiple Services and receive multiple ServiceID's in the process.

Request to register a service will be made to the following URL:
Request headers
HTTP headerDescriptionRequired
Content-TypeFixed: "application/json"Yes
AcceptFixed: "application/json"Yes
X-Service-AuthRefer to authentication section on how to authenticate your API callsYes
Request body (JSON encoded)
fqdnFully Qualified Domain Name
Example: or
nameName of your service, that will appear as the issuer in the Verigator app.
Example: CoffeeShop
Response body (JSON encoded)
idNewly created ServiceID. You will need to store this in your Verigator API configuration.
Example: 81213bfd-b690-499e-b9d2-8754cb1550e8
nameName of the Service as provided in request body.
Example: CoffeeShop
ctimeDatetime of the created service in RFC 3339 specification.
Example: 2017-07-06T13:12:03.141Z
HTTP Response Codes
Response codeValueDescription
201CreatedService successfully created
401Authentication required
Missing authentication headers (X-Service-Auth)
403ForbiddenForbidden request
404Not found
422Invalid dataInvlalid request body - check the format and if it was correctly JSON encoded