Customer security configuration
This article presents the API methods for managing customer account security policies.
General settings
The general settings are collected under a single endpoint for your convenience.
Checking general settings
Method reference available here.
curl --location --request \
GET 'https://api.{SYNERISE_API_BASE_PATH}/sauth/settings' \
--header 'Api-Version: 4.4' \
--header 'Authorization: Bearer eyJh6sNQ'
The response is a list of settings:
{
"confirmationMailSubject": "Confirm your account",
"confirmationMailBody": "Click <a href=\"{{client_confirmation_link}}\" > here </a> to confirm your account",
"confirmationMailTemplateId": null,
"tokenLifetimeInSeconds": 3600,
"confirmationRedirectLink": null,
"passwordResetMailTemplateId": null,
"passwordResetMailSubject": "Reset your password",
"passwordResetMailBody": "Password reset token: {{password_reset_hash}}",
"voucherPoolUuid": null,
"registrationType": "AUTOMATIC",
"allowOverwriteCustomIdentify": false
}
Updating general settings
Method reference available here.
Before updating, you can check the current settings and copy the response into the request body, making modifications only to the settings that you want to change.
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/sauth/settings' \
--header 'Authorization: Bearer eyJ...hMpTw' \
--header 'Content-Type: application/json' \
--data-raw '{
"confirmationMailSubject": "Confirm your account",
"confirmationMailBody": "Click <a href=\"{{client_confirmation_link}}\" > here </a> to confirm your account",
"confirmationMailTemplateId": null,
"tokenLifetimeInSeconds": 1800,
"confirmationRedirectLink": null,
"passwordResetMailTemplateId": null,
"passwordResetMailSubject": "Reset your password",
"passwordResetMailBody": "Password reset token: {{password_reset_hash}}",
"voucherPoolUuid": null,
"registrationType": "AUTOMATIC",
"allowOverwriteCustomIdentify": false
}'
The response returns the new settings.
Authorization settings
You can use third-party authentication mechanisms. See more in Customer authentication.
Checking OAuth settings
Method reference available here.
curl --request GET
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/oauth
--header 'authorization: Bearer eyJh...MpTw'
The response includes the current settings.
Updating OAuth settings
Method reference available here.
curl --request POST
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/oauth
--header 'authorization: Bearer eyJ...hMpTw'
--header 'content-type: application/json'
--data '{
"name": "self",
"endpoint": "https://{SYNERISE_API_BASE_PATH}/mockOauth",
"headers": {
"Accept": "application/json",
"Authorization": "Bearer {{ token }}"
},
"mapping": {
"firstname": "firstName",
"phone": "phone",
"id": "clientId",
"email": "email",
"lastname": "lastName"
},
"mappedExternal": true
}'
The response includes the new settings.
Checking Sign in with Apple settings
Method reference available here.
curl --request GET
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/oauth/apple
--header 'authorization: Bearer eyJh...MpTw'
The response includes the current settings.
Updating Sign in with Apple settings
Method reference available here.
curl --request POST
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/oauth
--header 'authorization: Bearer eyJ...hMpTw'
--header 'content-type: application/json'
--data '{
"enabled": true,
"bundle": "bundleName"
}'
The response includes the new settings.
Password policy
You can enforce the length of passwords and the kind of characters they must include.
Checking password policy settings
Method reference available here.
curl --request GET
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/password-policy
--header 'authorization: Bearer eyJ...hMpTw'
The response includes the current settings.
Updating password policy settings
Method reference available here.
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/sauth/settings/password-policy' \
--header 'Authorization: Bearer eyJhb...jzcU' \
--header 'Content-Type: application/json' \
--data-raw '{
"requireAtLeastOneUppercaseLetter": true,
"requireAtLeastOneLowercaseLetter": true,
"requireAtLeastOneNumber": true,
"requireAtLeastOneNonAlphaNumericCharacter": true,
"minLength": 6,
"maxLength": 255
}'
Bans
Bans allow you to limit or block access after a number of unsuccessful log in attempts.
Checking ban settings
Method reference available here.
curl --request GET
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/ban
--header 'authorization: Bearer eyJ...hMpTw'
Updating ban settings
Method reference available here.
curl --request POST
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/ban
--header 'authorization: Bearer eyJ...hMpTw'
--header 'content-type: application/json'
--data '{
"blockingForClientEnabled": true,
"firstBanCollectingTime": 60,
"firstBanThreshold": 3,
"firstBanDuration": 300,
"secondBanCollectingTime": 1200,
"secondBanThreshold": 10,
"secondBanDuration": 1800,
"permanentBanCollectingTime": 86400,
"permanentBanThreshold": 15,
"permanentBanDuration": 31556926
}'
The response includes the new settings.
Device authorization
You can allow customers to control access from unknown devices. To authorize devices, see Customer devices.
Checking device authorization settings
Method reference available here.
curl --request GET
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/device-control
--header 'authorization: Bearer eyJ...hMpTw'
Updating device authorization settings
Method reference available here.
curl --request POST
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/device-control
--header 'authorization: Bearer eyJ...hMpTw'
--header 'content-type: application/json'
--data '{
"deviceControlMode": "ON",
"hardMailTitle": "New sign-in attempt to your account",
"hardMailBody": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n</head>\n<body>\n\n<pre>\n\nHello,\n\nWe have noticed new sign-in attempt to your account from device we do not recognise.\n\nIP: {{ ip }}\nCountry: {{ country }}\n\nTime: {{ login_time }}\n\nIf it's you who signed-in from new device please confirm by clicking below link\n <a href=\"{{ device_control_url }}\">{{ device_control_url }}</a>\n\n But if you do not recognise this sign-in attempt, we recommend you to change your password from within the App and also check if your email haven't been part os known password leaks, you can do that through <a href=\"https://haveibeenpwned.com/\">https://haveibeenpwned.com/</a> or <a href=\"https://monitor.firefox.com/\">https://monitor.firefox.com/</a>.\nIn case you noticed that there are results related to you on either of these sites please review your passwords across all of the online services you use.\n\nAll the best,\nSynerise Team\n</pre>\n</body>\n</html>",
"hardTemplateId": null,
"softMailTitle": "New sign-in to your account",
"softMailBody": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n</head>\n<body>\n\n<pre>\n\nHello,\n\nWe have noticed a sign-in to your account from the following location.\n\nIP: {{ ip }}\nCountry: {{ country }}\n\nTime: {{ login_time }}\n\n\nBut if you do not recognise this sign-in attempt, we recommend you to change your password from within the App and also check if your email haven't been part os known password leaks, you can do that through <a href=\"https://haveibeenpwned.com/\">https://haveibeenpwned.com/</a> or <a href=\"https://monitor.firefox.com/\">https://monitor.firefox.com/</a>.\nIn case you find results related to you on either of these sites, we strongly recommend to review your passwords across all of the online services you use.\n\nAll the best,\nSynerise Team\n</pre>\n</body>\n</html>",
"softTemplateId": null
}'
The response includes the new settings.
Email change
These settings affect the message that a customer receives when they want to change their email address.
Checking email change settings
Method reference available here.
curl --request GET
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/email-change
--header 'authorization: Bearer eyJ...hMpTw'
Updating email change settings
Method reference available here.
curl --request POST
--url https://{SYNERISE_API_BASE_PATH}/sauth/settings/email-change
--header 'authorization: Bearer eyJ...hMpTw'
--header 'content-type: application/json'
--data '{
"clientEmailChangeRequestMailSubject": "Confirm your mail",
"clientEmailChangeRequestMailBody": "To confirm your mail click <a href=\"{{client_email_change_url}}\" > here </a>",
"clientEmailChangeRequestMailTemplateId": null,
"clientEmailChangeNotificationMailSubject": "Your email is going to be changed",
"clientEmailChangeNotificationMailBody": "You are going to change your mail for {{new_email}}. If it is not you please change your password as soon as possible.",
"clientEmailChangeNotificationMailTemplateId": null
}'
The response includes the new settings.