User guide mAccess token software SDK

Current limitation

inWebo mAccess platform supports only APNS push request for Apple environment. 

Introduction

This document is the reference guide for inWebo mAccess, the SDK product from inWebo Technologies.inWebo mAccess is an OTP generator library available in C, C# and Java. Any application implementing mAccess should be linked to an inWebo account that can be created online at http://www.inwebo.comThis library performs only internal computation on data in memory. The only system call is to get the time elapsed from 01/01/1970.Data types are simple:
  • int
  • string

The Booleans are coded as 'int' (0: false; !=0: true)Host: We will further call 'host', the application which is using this library.Functions may return errors. In each function's description we present the errors the function could return. There is an additional error (IW_ERR_OTHER) which could be returned by any function, but not in a normal behavior.


Note

the Activation Code was formerly called "Secure Site ID" in some authentication tools or in the documentation.
Please note that a "Secure Site ID" refers to an activation code.

General Principles

Local storage

The host application must store locally the internal state of mAccess. This internal state is an ASCII string provides by the function IWStorageDataGet ().The implementation of this storage is system-dependent, and up to the developer to design.After each call to a library function, the host must call IWStorageDataChanged (), in order to find out if the internal state has changed. If this function returns a non-zero integer, the host must call IWStorageDataGet () and then update the local storage.When the host application starts, it must get the ASCII string stored locally and give it to the library using the function IWStorageDataSet ().

Synchronous or Asynchronous mode

Some mAccess library functions execute network calls, namely webservice calls, to query inWebo servers. And most mAccess webservice calls are divided in two steps, i.e. two functions, a start function and a finalize function.There are two different ways of implementing the webservice calls: synchronously or asynchronously. The code architecture of the host will vary according to the chosen mode.Note that on Windows Phone 8 and 8.1, all network calls MUST be asynchronous.Let's illustrate this with a dummy API action.

Synchronous mode

The host function myAction will execute the IWActionStart () function and will directly fetch the result of the webservice call. If the result of the IWActionStart() is successful it will then execute the IWActionFinalize ().
Function myAction (params) {

	Int result = IWActionStart (params)

	If (result == IW_ERR_OK) {

 		Int result = IWActionFinalize (otherParams);

  		%%//%%Handle final result here

	}

}

Asynchronous mode

In this case the result of the webservice calls will be handled by callback functions which are passed to the start and finalize functions.
Function myActionStart (params) {

	IWActionStartAsync (params, myActionStartDone);

}

Function myActionStartDone (result) {

	If (result == IW_ERR_OK) {

		IWActionFinalizeAsync (params, myActionFinalizeDone);

	}

}

Function myActionFinalizeDone (result) {

	%%//%%Handle final result here

}

Web services calls

mAccess uses platform dependent functions to call inWebo web services. These functions should be part of the host. mAccess code samples exposes such functions in each proposed language. You may use them as is or enhance them.

Synchronous mode

In this mode, the host code should contain only one function:
WebServiceCall: (string URL, int timeout) -> String
This function performs a GET request to a specific URL. The call is synchronous, and the timeout is given in milliseconds. The response is directly fetched inside the function. It consists of an XML document (as an ASCII string).
  • In Java: WebServiceCall should return result (XML response) or null if an error occurred.
  • In C or C#: On success, the function will have to call IWSetWsBuffer () with the result (XML response). On failure, the function just returns.

Asynchronous mode

In this case the host code should contain two functions:The function executing the API webservice call:
WebServiceCall: (string URL, int timeout) -> Int
This function performs a GET request to a specific URL.The network call response is handled by a second function:
HandleWebServiceCallResult: (object result) -> Void
Depending on the platform implementing the mAccess library the way of declaring this handler function and the structure of the fetched result object may vary.The final API call result (which is normally a property or a field of the result object) is an XML Document (as an ASCII string).On success:
  • In Java: the handler function will have to execute the callback function (passed in argument of the mAccess API asynchronous function) with argument 0 (0 = success).
  • In C or C#: the handler function will have to call IWSetWsBuffer () with the response. Then the function will have to execute the callback function (passed in argument of the mAccess API asynchronous function) with argument 0 (0 = success).

Typically:
IWSetWsBuffer (string response);

WSCallBack (0);
On failure:
  • In C, C# or Java: the handler function will have to execute the callback function (passed in argument of the mAccess API asynchronous function) with argument 1 (1 = error).
WSCallBack (1);

Should I use online or offline OTP?

In order to generate an online OTP, mAccess will perform one or more webservice calls to inWebo servers. This mode is suitable for a connected application (online banking for instance), as the token will always be synchronized with inWebo Servers.For a non-connected application (VPN dialer, authenticator-type app), Offline OTP is recommended. In this case, an OTP will be generated without any network call. The drawback of this method is the possibility for the token to desynchronize.

Using mobile push notifications

If you plan to use mAccess within a mobile phone application, you may request your users to authenticate with their mobile phones via mobile push notifications. In this case, InWebo servers need to know the unique Device ID of the phone.Push notification mechanisms are different according to the platform the host is designed for: Microsoft, Apple, and Google, all have their own architecture and channels to send notifications.So the first prerequisite is to understand this mechanism platform per platform:
  • How do I get the unique user or device ID that is used within the notification mechanism of the platform to communicate with a given device
  • How do I handle notifications on the device, i.e. what is the format of the received notifications, how do I parse their content to extract variables, etc.
With regards to mAccess, your concerns are:
  • The unique identifier of the user or device that needs to be sent to inWebo servers via the IWPushRegistrationStart() function. It will allow inWebo to send push notifications to your App via the communication channels of the platform
  • The variables received inside the notifications that will be passed in argument in mAccess API push activation and authentication functions (activation code, transaction alias).
  • The notification platform used on the application site will depend on the DeviceOS you'll set via the IWSetDeviceOS() function and must match the mAccess push notification parameters you will set in the inWebo Admin console.

You will also have to fill in the "mAccess push notification parameters" section in the "Service Parameters" of your inWebo service : 

API

This section describes the exhaustive list of primitives included in mAccess.

Error codes

IW_ERR_OK0no error
IW_ERR_NETWORK1network or server unreachable
IW_ERR_CODE2The Activation code is incorrect
IW_ERR_SN3one argument does not have the right syntax
IW_ERR_ACCESS4access refused
IW_ERR_VERSION5version error
IW_ERR_BLOCKED7account is blocked
IW_ERR_STATE8internal state not correct
IW_ERR_NODEVICE9device is disabled or unknown
IW_ERR_NOCA10User must activate inWebo helium or inWebo Desktop Token before achieving this operation
IW_ERR_NOSRV11No service is available
IW_ERR_PINREUSED12the new password equals the previous one
IW_ERR_SYNCHROFAILED13the operation succeeded but it required a post-synchronization which failed
IW_ERR_FORBIDDEN14forbidden operation (due to activated state/blocked state/upgradable state)
IW_ERR_PINREFUSED15the password is refused (bad format)
IW_ERR_TIMEOUT16timeout expired between xxxStart and xxxFinalize
IW_ERR_BIOKEY26device is locked due to biokey errors
IW_ERR_OTHER999any other error

Pin mode code

IW_PINMODE_NONE0no password is required (leave “”)
IW_PINMODE_CURRENT1current password is required
IW_PINMODE_NEW2a new password is required
IW_PINMODE_BIO8a biokey is required
IW_PINMODE_CURRENT | IW_PINMODE_BIO9a password OR biokey is required

Initialization and configuration

IWInit: (Boolean ma, string SN, string Data, func webcall, object user) -> void
Boolean ma is unused and should be set to 0 or false.You application may provide 2 strings: One should be linked to the device (Serial Number) and the other one to the installation (timestamp of an install directory). These strings should not change over the lifetime of your application. If they do, the application will be locked.webcall is the function that makes webservices calls. It is provided in the SDK as an example that you can customize.user is an object that you can pass. It can be used in callbacks when using Async functions.(warning) Please note that SN and Data parameters should be sent as ASCII strings.


IWVersionGet: () -> string
The library provides its version number, as a string

IWHostVersionSet: (string) -> int
The host provides its version number, as a string. In order to be compliant with inWebo convention, it needs to be formatted as: AppName-Version. Example: myApp-1.3.0

IWWsTimeoutSet: (int timeout) -> int
The host defines the timeout value for the web service calls, in millisecond.Returns always true.

IWWsServerSet: (string server) -> int
The host defines the server value for the web service calls, such as “https://www.myinWebo.com:443”.Returns always true.

IWLangSet: (string) -> void
The host provides the language (“fr” or “en”). This may be changed at runtime.

IWMaccessSet: (string) -> void
The host provides the mAccess ID associated to its service.

Storage

IWStorageDataChanged: () -> int
The library indicates whether the stored data has changed. When true, the host should call IWStorageDataGet () and update the locally stored data.

IWStorageDataGet: () -> string
The library returns the data to be stored locally. This string contains everything mAccess requires (keys, service description …). The host should not try to process this string: it should only store it locally.

IWStorageDataSet: (string data) -> int
The host provides the stored data to the library. This should be done only once, at initialization.May return IW_ERR_SN.

Information

IWMajorVersionRequired: () -> int
Returns 1 if a major version update is available and therefore required. The host should stop working.

IWNewVersionAvailable: () -> string
The library indicates whether a new version of the host is available. If no new version is available, it returns empty string. If a new version is available, it returns the name of this new version.Use IWMajorVersionRequired () to know whether this new version is major or minor.

IWNewVersionURL: () -> string
When IWNewVersionAvailable returns a non-empty string, this function will return a URL to get the new version. Else it will return empty string.

ShouldAskForMinorUpdate: () -> int
Returns 1 if a minor version update should be proposed to the user. After this function returns 1 once, it will always return 0.

IWIsActivated: () -> int
The library indicates whether the application is activated.

IWMustUpgrade: () -> int
The library indicates whether the application must upgrade first (the local data is from an old version).

IWIsBlocked: () -> int
The library indicates whether the device is blocked. If yes, it has to regenerate first.

IWServiceNb: () -> int
The library indicates the number of services.A typical mAccess implementation will return 1 (your mAccess is linked to only one service).

IWServiceName: (int i) -> string
The library indicates the name of the ith service.A typical call of this function in a mAccess implementation will be IWServiceName (0) as there will be only one service whose index in the service list is 0.

IWServiceLogo: (int i) -> string
The library indicates the URL of the PNG logo of the ith service.A typical call of this function in a mAccess implementation will be IWServiceLogo (0) as there will be only one service whose index in the service list is 0.

IWServiceDisabled: (int i) -> int
The library indicates whether the service is disabled or not. When disabled, it may be displayed as grayed, and should not be accessible.A typical call of this function in a mAccess implementation will be IWServiceDisabled (0) as there will be only one service whose index in the service list is 0.

IWPinMode: () -> int
The library indicates whether the password is required for the current operation. For example, this may be called after IWActivationStart () to know if the user has to define his password, or type in his existing one.May return:
IW_PINMODE_NONE0no password is required (leave "")
IW_PINMODE_CURRENT1current password is required
IW_PINMODE_NEW2a new password is required
IW_PINMODE_BIO8a biokey is required
IW_PINMODE_CURRENT | IW_PINMODE_BIO9a password OR biokey is required

IWSynchroJustDone: () -> int
The library indicates whether a full synchronization just occurred. If yes, it means that the list of services may have changed, as well as the list of logos.
The host may need to refresh its display and reload the logos from the net.

Synchronous mode

IWCheckStatus: () -> int
This function returns the server-side status of your mAccess instance. Use it for instance to check whether the device has been unlocked by an administrator or another device.May return:
IW_ERR_OK0no error device is not blocked
IW_ERR_NETWORK1network or server unreachable
IW_ERR_VERSION5version error
IW_ERR_BLOCKED7device is blocked
IW_ERR_NODEVICE9device is disabled or unknown
IW_ERR_FORBIDDEN14forbidden operation (due to activated state/blocked state/upgradable state)

Asynchronous mode

IWCheckStatusAsync: (function callback) -> int
This function returns the server-side status of your mAccess instance. Use it for instance to check whether the device has been unlocked by an administrator or another device.

Activation

Synchronous mode

IWActivationStart: (string code) -> int
The library starts the activation process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is already activated
  • IW_ERR_SN: syntax error for “code”
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or new or biokey)

IWActivationFinalize: (string code, string pin, string name) -> int
The library finalizes the activation process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is already activated
  • IW_ERR_SYNCHROFAILED: the device is activated but not synchronized. Should propose to resynchronize.
  • IW_ERR_PINREFUSED: syntax error for “pin”
  • IW_ERR_CODE: bad code.
  • IW_ERR_SN: syntax error for “code”
  • IW_ERR_TIMEOUT: timeout since IWActivationStart

Asynchronous mode

IWActivationStartAsync: (string code, function callback) -> int
The library starts the activation process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is already activated
  • IW_ERR_SN: syntax error for “code”
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or new)

IWActivationFinalizeAsync: (string code, string pin, string name, function callback) -> int
The library finalizes the activation process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is already activated
  • IW_ERR_SYNCHROFAILED: the device is activated but not synchronized. Should propose to resynchronize.
  • IW_ERR_PINREFUSED: syntax error for “pin”
  • IW_ERR_CODE: bad code.
  • IW_ERR_SN: syntax error for “code”
  • IW_ERR_TIMEOUT: timeout since IWActivationStart

Set Biometric Key

If you choose to implement biometric factors in you mobile application, you will need to use the following functions in order to manipulate biometric keys.

Synchronous mode

SetBiokeyStart () -> int
Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or not blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none)

SetBiokeyFinalize (string biokey, string pin) -> int
The 'biokey' is a string generated by the application. The 'pin' code is the pincode of the user or an empty string for a service without pin. In the case of a service without pin, it is not possible to call this function repeatedly to change the Biokey.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPwdUpdateStart

Asynchronous mode

SetBiokeyStartAsync (function callback) -> int
Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or not blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none)

SetBiokeyFinalizeAsync (string biokey, string pin, function callback) -> int
The 'biokey' is a string generated by the application. The 'pin' code is the pincode of the user or an empty string for a service without pin. In the case of a service without pin, it is not possible to call this function repeatedly to change the Biokey.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPwdUpdateStartAsync

Synchronization

Synchronous mode

IWSynchronizeStart: () -> int
The library starts the synchronization process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_BLOCKED: the device is blocked due to too many wrong passwords.
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (none or current).

IWSynchronizeFinalize: (string pin) -> int
The library finalizes the synchronization process. It will perform at least one web service call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_BLOCKED: the device is blocked due to too many wrong passwords.
  • IW_ERR_TIMEOUT: timeout since IWSynchronizeStart

Asynchronous mode

IWSynchronizeStartAsync: (function callback) -> int
The library starts the synchronization process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_BLOCKED: the device is blocked due to too many wrong passwords.
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (none or current).

IWSynchronizeFinalizeAsync: (string pin, function callback) -> int
The library finalizes the synchronization process. It will perform at least one web service call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_BLOCKED: the device is blocked due to too many wrong passwords.
  • IW_ERR_TIMEOUT: timeout since IWSynchronizeStartAsync

Connection

IWConnected: () -> int
The library indicates whether the mAccess is connected or not, and how long it will be.The return value is the number of seconds. 0 means “not connected”.“Not connected” means that the password will be required for any operation.

IWServiceConnected: (int service) -> int
The library indicates whether the mAccess is connected or not for a specific service, and how long it will be.The return value is the number of seconds. 0 means “not connected”.“Not connected” means that the password will be required for any operation.

Synchronous mode

IWDisconnect: () -> int
The library disconnects from the server. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error

Asynchronous mode

IWDisconnectAsync: (function callback) -> int
The library disconnects from the server. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error

Offline OTP

IWDisplayTime: () -> int
The library indicates the time the OTP should be displayed to the user.
IWOtpShouldSynchronize: (int service) -> int
The library indicates if synchronization should be proposed to the user, BEFORE it tries to generate an OTP (i.e. before calling IWOtpModeQuery ()).This would signify that more than 3 generations are performed in less than 2 minutes for the same service.
IWOtpModeQuery: (int service) -> int
The library indicates whether the password should be requested.The “service” argument is the index of the service.
IWOtpGenerate: (string pin) -> string
The library generates the OTP for the specific service.The “pin” argument should be empty if no password was requested (see IWOtpModeQuery ()).
IWOtpResult: (int used) -> void
The host indicates whether the OTP was used by the user.
  • RESULT_USEDOK=0; // OTP used
  • RESULT_USEDCANCEL=1; // OTP not used

Online OTP

Synchronous mode

IWOnlineOtpStart: (int service_index) -> int
The library starts the “online OTP generation” process. It will perform at least one webservice call.
Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none or biokey).
IWOnlineOtpFinalize: (int service, string pin) -> int

OR when using biometric keys:
IWOnlineOtpFinalizeExt: (int service, string pin, int keytype) -> int

Possible values for 'keytype' are:
  • 0 : pincode entered
  • 1 : biokey used


The library finalizes the “online OTP generation” process. It will perform at least one webservice call.
Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWOnlineOtpStart
On success, the host will get the OTP by calling IWOtpAnswersGet () and IWOtpAnswerOtp ().

Asynchronous mode

IWOnlineOtpStartAsync: (int service, function callback) -> int
The library starts the “online OTP generation” process. It will perform at least one webservice call.
Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none or biokey).
IWOnlineOtpFinalizeAsync: (int service, string pin, function callback) -> int

OR when using biometric keys:
IWOnlineOtpFinalizeExtAsync: (int service_index, string pin, int keytype, function callback) -> int
Possible values for 'keytype' are:
  • 0 : pincode entered
  • 1 : biokey used


The library finalizes the “online OTP generation” process. It will perform at least one webservice call. Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWOnlineOtpStartAsync
On success, the host will get the OTP by calling IWOtpAnswersGet () and IWOtpAnswerOtp ().

IWOtpAnswersGet: () -> int
After a successful call to IWOnlineOtpFinalize () or IWOnlineOtpFinalizeAsync (), the library returns a mask of available data:MSK_OTP (1) OTP; use IWOtpAnswerOtp () to retrieve the OTP.

IWOtpAnswerOtp: () -> string
After a successful call to IWOnlineOtpFinalize ()IWOnlineOtpFinalizeExt ()IWOnlineOtpFinalizeAsync () or IWOnlineOtpFinalizeAsyncExt (), the library provides the OTP.

Offline Seal

IWSealShouldSynchronize: (int service) -> int
The library indicates if synchronization should be proposed to the user, BEFORE it tries to generate a Seal (i.e. before calling IWSealModeQuery ()).This would signify that more than 3 generations are performed in less than 2 minutes for the same service.

IWSealModeQuery: (int service) -> int
This function initializes the Offline Seal Process. It will always return 1.

IWSealGenerate: (string pin, string data) -> string
The library generates the Seal for the specific service.

IWOtpResult: (int used) -> void
The host indicates whether the Seal was used by the user.
  • RESULT_USEDOK=0; // Seal used
  • RESULT_USEDCANCEL=1; // Seal not used

IWDisplayTime: () -> int
The library indicates the time the OTP should be displayed to the user.

Online Seal

Synchronous mode

IWOnlineSealStart: (int service) -> int
The library starts the “online seal generation” process. It will perform at least one webservice call.
Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
For Seal Generation, PIN Mode is always set to 1 (current). This means that the user will have to type his PIN to generate a seal.
IWOnlineSealFinalize: (int service, string pin, string data) -> int

OR when using biometric keys:

IWOnlineSealFinalizeExt(int service, string pin, int keytype, string sealdata) -> int

Possible values for 'keytype' are:
0 : pincode entered
1 : biokey used

The library finalizes the “online seal generation” process. It will perform at least one webservice call. Returns an error code:

  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWOnlineSealStart
On success, the host will get the Seal by calling IWSealAnswersGet () and IWSealAnswerSeal ().

Asynchronous mode

IWOnlineSealStartAsync: (int service, function callback) -> int
The library starts the “online seal generation” process. It will perform at least one webservice call.
Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
For Seal Generation, PIN Mode is always set to 1 (current). This means that the user will have to type his PIN to generate a seal.
IWOnlineSealFinalizeAsync: (int service, string pin, string data, function callback) -> int

OR when using biometric keys:

IWOnlineSealFinalizeExtAsync(int service, string pin, int keytype, string sealdata, function callback) -> int

Possible values for 'keytype' are:
0 : pincode entered
1 : biokey used

The library finalizes the “online seal generation” process. It will perform at least one webservice call. Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWOnlineSealStartAsync
On success, the host will get the Seal by calling IWSealAnswersGet () and IWSealAnswerSeal ().

IWSealAnswersGet: () -> int
After a successful call to IWOnlineSealFinalize () or IWOnlineSealFinalizeAsync (), the library returns a mask of available data:MSK_SEAL (2) seal; use IWSealAnswerSeal () to retrieve the seal.

IWSealAnswerOtp: () -> string
After a successful call to IWOnlineSealFinalize () or IWOnlineSealFinalizeAsync (), the library provides the Seal.

Reset (Unlock)

Synchronous mode

IWResetStart: (string code) -> int
The library starts the reset process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or not blocked or to be upgraded
  • IW_ERR_CODE: bad code.
  • IW_ERR_SN: syntax error for “code”
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode will indicate which kind of password is required (current or new).

IWResetFinalize: (string code, string pin) -> int
The library finalizes the reset process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_SN: syntax error for “code”
  • IW_ERR_PINREFUSED: syntax error for “password”
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWResetStart

Asynchronous mode

IWResetStartAsync: (string code, function callback) -> int
The library starts the reset process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or not blocked or to be upgraded
  • IW_ERR_CODE: bad code.
  • IW_ERR_SN: syntax error for “code”
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or new).

IWResetFinalizeAsync: (string code, string pin, function callback) -> int
The library finalizes the reset process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_SN: syntax error for “code”
  • IW_ERR_PINREFUSED: syntax error for “password”
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWResetStartAsync

Request Activation code

This function allows the user to get an Activation code from inWebo. This 9-digit code will be used to activate a new inWebo token (typically a new inWebo Helium browser token).

Synchronous mode

IWActivationcodeRequestStart: () -> int
The library starts the “request Activation code” process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none).

IWActivationcodeRequestFinalize: (string pin) -> int
The library finalizes the “request Activation code” process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWActivationcodeRequestStart
On success, the host will retrieve the Activation code by calling IWCode ().

Asynchronous mode

IWActivationcodeRequestStartAsync: (function callback) -> int
The library starts the “request Activation code” process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none).

IWActivationcodeRequestFinalizeAsync: (string pin, function callback) -> int
The library finalizes the “request Activation code” process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWActivationcodeRequestStartAsync
On success, the host will retrieve the Activation code by calling IWCode ().

Update password

Synchronous mode

IWPwdUpdateStart: () -> int
The library starts the password update process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or not blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none).

IWPwdUpdateFinalize: (string newPin, string pin) -> int
The library finalizes the password update process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_PINREFUSED: syntax error for “password”
  • IW_ERR_PINREUSED: new password equals previous password
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPwdUpdateStart

Asynchronous mode

IWPwdUpdateStartAsync: (function callback) -> int
The library starts the password update process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or not blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none).

IWPwdUpdateFinalizeAsync: (string newPin, string pin, function callback) -> int
The library finalizes the password update process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_PINREFUSED: syntax error for “password”
  • IW_ERR_PINREUSED: new password equals previous password
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPwdUpdateStartAsync

Upgrade

The upgrade process is required when the device detects that the local data is from a previous version of the library (it is not the update of the host; it is AFTER an update of the host).

Synchronous mode

IWUpgradeStart: () -> int
The library starts the upgrade process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none).

IWUpgradeFinalize: (string pin, string oldSerial) -> int
The library finalizes the upgrade process. It will perform at least one webservice call. It requires the old serial number, as it was computed before.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWUpgradeStart

Asynchronous mode

IWUpgradeStartAsync: (function callback) -> int
The library starts the upgrade process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_VERSION: version error, user must upgrade the device (see IWNewVersionAvailable above)
A call to IWPinMode () will indicate which kind of password is required (current or none).

IWUpgradeFinalizeAsync: (string pin, string oldSerial, function callback) -> int
The library finalizes the upgrade process. It will perform at least one webservice call. It requires the old serial number, as it was computed before.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not to be upgraded
  • IW_ERR_ACCESS: wrong password.
  • IW_ERR_SYNCHROFAILED: the last step of the synchronization failed. Should propose to resynchronize.
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWUpgradeStartAsync

Push registration

Synchronous mode

IWPushRegistrationStart: () -> int
The library starts the push registration process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled

IWPushRegistrationFinalize: (string pushId) -> int
The library finalizes the push registration process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPushRegistrationStart

Asynchronous mode

IWPushRegistrationStartAsync: (function callback) -> int
The library starts the push registration process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled

IWPushRegistrationFinalizeAsync: (string pushId, function callback) -> int
The library finalizes the push registration process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPushRegistrationStartAsync

Important note: To use firebase notification service you must change the device OS to "firebase" using IWSetDeviceOS("firebase") → voidIf your mobile is on a filtered network (wifi by example), please ensure the following ports are opened to be able to register for push notifications and also to receive them:
  • Android (Google):  outbound TCP ports 5228 to 5230.
  • iOS (Apple): outbound TCP port 5223 

Get Pending Push

IWCheckPush: () -> int
Check if a push notification is available on inWebo server for the active instance of mAccess. Typically this function can be called when starting the mAccess application. In case of a push notification not received, this function will retrieve this pending authentication request.

IWPushAlias: () -> String
Get the push session id, or alias, related to the retrieved push

IWPushAction: () -> String
Get the push action (“activate” or “authenticate”) related to the retrieved push

IWPushContext: () -> String
Authentication only. Get the push context information related to the retrieved push. To be used if a context has been sent during the pushAuthenticate APIcall.

Push Activate

This function should be used when a user tries to activate helium on his PC, using a Push notification to his mobile app as a security check. The Push notification sent by InWebo servers contains an “alias” that must be passed as a parameter.

Synchronous mode

IWPushActivateCaStart: (string alias) -> int
The library starts the push activation process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled

IWPushActivateCaFinalize: (string alias, string pin, int confirm) -> int
The library finalizes the push registration process. It will perform at least one webservice call. Confirm is an integer telling whether the activation via push notification is refused (0) or accepted (1).Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPushActivateCaStart

Asynchronous mode

IWPushActivateCaStartAsync: (string alias, function callback) -> int
The library starts the push activation process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled

IWPushActivateCaFinalizeAsync: (string alias, string pin, int confirm, function callback) -> int
The library finalizes the push activation process. It will perform at least one webservice call. Confirm is an integer telling whether the activation via push notification is refused (0) or accepted (1).Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPushActivateCaStartAsync

Push OTP

Synchronous mode

IWPushOTPStart: (string alias) -> int
The library starts the push OTP process. It will perform at least one webservice call.Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
A call to IWPinMode () will indicate which kind of password is required (current or none or biokey).

IWPushOTPFinalize: (string alias, string pin, int confirm) -> int
OR
IWPushOTPFinalizeExt(string alias, string pin, int confirm, int keytype) -> int
'IWPushOTPFinalizeExt' is a new extended version of 'IWPushOTPFinalize' that must be used if you implement biometric factors in your application. In both cases, the library finalizes the push connection process. It will perform at least one webservice call. Possible values for 'keytype' are: (0) : pincode entered or (1) : biokey used. Confirm is an integer telling whether the activation via push notification is refused (0) or accepted (1).Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPushOTPStart

Asynchronous mode

IWPushOTPStartAsync: (string alias, function callback) -> int
The library starts the push OTP process. It will perform at least one webservice call. Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
A call to IWPinMode () will indicate which kind of password is required (current or none or biokey).

IWPushOTPFinalizeAsync: (string alias, string pin, int confirm, function callback) -> int
OR
IWPushOTPFinalizeExtAsync(string alias, string pin, int confirm, int keytype, function callback) -> int
'IWPushOTPFinalizeExtAsync' is a new extended version of 'IWPushOTPFinalizeAsync' that must be used if you implement biometric factors in your application. In both cases, theThe library finalizes the push connection process. It will perform at least one webservice call. Possible values for 'keytype' are: (0) : pincode entered or (1) : biokey used. Confirm is an integer telling whether the activation via push notification is refused (0) or accepted (1).Returns an error code:
  • IW_ERR_OK: no error
  • IW_ERR_NETWORK: network error
  • IW_ERR_FORBIDDEN: device is not activated or blocked or to be upgraded
  • IW_ERR_NODEVICE: the device is unknown or has been permanently disabled
  • IW_ERR_TIMEOUT: timeout since IWPushOTPStartAsync

Implementation

You will find below implementation guidelines to help you understand how to chain mAccess API functions to run the library. These guidelines are valid for both synchronous and asynchronous modes.

Startup

At host startup, you need to:A) Initialize the library
  • call IWInit ()
  • call IWHostVersionSet ()
  • call IWWsServerSet ()
  • call IWWsTimeoutSet ()
  • call IWMaccessSet () and provide mAccess ID, that can be found in inWebo Admin Console
  • Read the ASCII string stored locally, and pass it to the function IWStorageDataSet ().
  • Determine whether mAccess is activated or not by calling IWIsActivated (). If this function returns “1”, mAccess is activated.
  • If mAccess is not activated, go to step B).
  • Determine whether mAccess is blocked or not by calling IWIsBlocked ().
    • If this function returns “1”, mAccess is blocked. Go to section “Reset”.
    • If mAccess is activated and not blocked, startup procedure is over and completed successfully
B) Activation
  • Prompt the user for an Activation code
  • Once entered, call the function IWActivationStart () with this code as a parameter
  • Then, call IWPinMode () in order to find out if the user has to define a new password, or enter his existing password for verification.
    • New password: request it twice and make sure they are identical
    • Existing password: request only once
  • Then, call IWActivationFinalize ()

Push registration

After a successful activation, you can proceed to push registration:
  • Retrieve the device unique ID
  • Register the App calling IWPushRegistrationStart ()
Push registration should be performed only once. Yet you may want to check at application start-up if the unique parameter identifying the device and the user has been updated. In case this unique ID has changed you can safely call IWPushRegistrationStart () again.

Synchronization

In order to perform a synchronization:
  • First call IWSynchronizeStart ()
  • Then call IWPinMode () to know if a password is required
  • Then, prompt for the password
  • Finally, call IWSynchronizeFinalize ()

Generate an offline OTP

mAccess has been designed to support more than one service. This means that mAccess will be able to generate different OTPs for different sites or applications. This will be useful for multi-purposes host applications. In this example, we will assume that mAccess has only one service (i=0).A) Check if synchronization is requiredWhen the user requests an OTP, you first need to call IWOtpShouldSynchronize (0) in order to know if a synchronization should be proposed to the user prior to generate the OTPIf IWOtpShouldSynchronize returns 1, you should display a page such as “Your application seems desynchronized. Do you want to force synchronization?”If the user chooses “no”, go to step B)If the user chooses “yes” implement a synchronization at this stage (see later in the doc)B) Prompt the user for his mAccess passwordC) Display the OTP returned by the function IWOtpGenerate (PIN).The OTP will be valid for n seconds, where n is the result of IWDisplayTime ()If the host application knows whether the OTP was submitted or not, additional step will be useful to prevent desynchronization:
  • If the OTP was not submitted, call IWOtpResult (RESULT_USED_CANCEL)
  • If the OTP was submitted, or the information is not available, call IWOtpResult (RESULT_USED_OK)
The same logic can be used to implement offline sealing.

Generate an online OTP

When the user requests an OTP:
  • Call IWOnlineOtpStart (0)
  • Then call IWPinMode () to know if the password should be requested
  • Prompt for the password if needed
  • Call IWOnlineOtpFinalize (0,password) with the password as parameter
  • Call IWOtpAnswerOtp () to get the OTP
The same logic can be used to implement online sealing.

Activate other tokens with push notifications

This feature can be used to activate inWebo browser tokens (inWebo Helium) via mobile push notifications. Prerequisites:
  • inWebo push registration (see guideline above)
  • Implement the code to handle push notification in the host application. When receiving a notification parse the content to verify if it is an activation notification or a connection notification
If an activation notification is received:
  • Get the transaction ID alias from the notification content
  • Call IWPushActivateCaStart (alias)
  • Then call IWPinMode () to know if the password should be requested
  • Then prompt for the password
  • Then propose two buttons allowing the user to accept or refuse the activation
  • If activation is refused call IWPushActivateCaFinalize(alias, pin, 0)
  • If activation is accepted call IWPushActivateCaFinalize(alias, pin, 1)
  • Pin should be set to an empty string if IWPinMode() returns IW_PINMODE_NONE

Connect user to your applications with push notifications

This feature can be used to connect a user via push notifications sent either by your platform (using inWebo API on your server) or via inWebo browser tokens (inWebo Helium).Prerequisites:
  • inWebo push registration (see guideline above)
  • Implement the code to handle push notification in the host application. When receiving a notification parse the content to verify if it is an activation notification or a connection notification
If a connection notification is received:
  • Get the transaction ID alias from the notification content
  • Call IWPushOTPStart (alias)
  • Then call IWPinMode () to know if the password should be requested
  • Then prompt for the password and / or propose two buttons allowing the user to accept or refuse the connection
  • If connection is refused call IWPushOTPFinalize(alias, pin, 0)
  • If connection is accepted call IWPushOTPFinalize(alias, pin, 1)
  • Pin should be set to an empty string if IWPinMode() returns IW_PINMODE_NONE

Get an Activation code to activate another inWebo token

This feature is optional. It allows a user to activate an inWebo Helium token in a browser.
  • Call IWActivationcodeRequestStart ()
  • Then call IWPinMode () to know if a password is required
  • Then prompt for the password
  • Call IWActivationcodeRequestFinalize (Password) and then IWCode () to get and display the Activation code

Password change

  • Call IWPwdUpdateStart ()
  • Prompt for the current Password
  • Prompt twice for the new password
  • Call IWPwdUpdateFinalize (NEWPIN, PIN)
  • Parse the return code

Reset

If mAccess is blocked (IWIsBlocked ()), you need to:
  • Display a “Reset” page prompting for a “reset code”
  • call IWResetStart (code), and then IWPinMode () to know whether to prompt for a new password or the existing password
  • call IWResetFinalize (Password)

Updated on 03/14/2019