Custom API

You can access this page from the Configuration > Custom API tab. On this page, you can manage all your settings in the Custom API.

You can enable or disable the desired authentication methods in the Custom API.

You can enable or disable Custom API status using the Manage button in the top-right corner.

After that, you can click the Manage button in the top-right corner to download the Postman JSON file and import it into Postman.

You can retrieve the baseUrl and apiKey values from Manage → Config.

Then, you can add the BASE_URL and MIRKET_API_KEY sections to Postman's Variables. STATE_ID and USER_ID are auto-filled in Postman using pre-request scripts. You can view the relevant scripts within the collection.

The authentication flow requires the use of three specific APIs.

POST /check-user

  • Takes the username as input and returns the list of MFA methods available to the user along with the user ID.

  • If MFA bypass is enabled, the user is considered authenticated at this point.

Request Body:

{
   "username":"test\\user"
}

Response Body:

{
   "statusType": 2,
   "mfaList": [
       0,
       1,
       2,
       3
   ],
   "id": "cc8ddde9-5751-48ef-9561-b47415f96320",
   "stateId": null,
   "message": "First authentication is successful."
}

Status Type Mapping

Code
Status Name
Description
0

Deny

Authentication denied

1

Accept

Authentication accepted

2

Challenge

MFA challenge required or triggered

Mfa Type Mapping

Code
MFA Type
Description
0

Mirket Push

Push notification via Mirket

1

Mirket Token

Hardware or app-based token

2

Mirket OTP

One-time password generated by Mirket

3

TOTP

Time-based One-Time Password

4

SMS

SMS-based verification code

5

Mirket OTP (OLD)

Legacy OTP system

6

Mirket Push (OLD)

Legacy push notification system

POST /trigger-mfa

  • Takes the user ID and the selected MFA method as input.

  • Triggers the selected MFA method and returns a state ID.

  • If the MFA method is Mirket Push or Mirket Push (OLD), the user will be authenticated once the request is approved via the app.

Request Body:

{
   "id":"{{USER_ID}}",
   "mfaMethod":2
}

Response Body:

{
   "response": true,
   "stateId": "b8b8ba4f-4ff9-4bab-9607-cad9748b0e3b",
   "message": "Waiting Mirket OTP code",
   "responseType": 6
}

POST /authenticate

  • Takes the user ID, state ID, and the MFA code as input. (Mirket OTP, SMS, Mirket Token, TOTP, Mirket OTP (OLD))

  • Completes the authentication process.

Request Body:

{
   "id":"{{USER_ID}}",
   "stateId": "{{STATE_ID}}",
   "code":"194086"
}

Response Body:

{
   "result": false,
   "message": "User not authenticated",
   "mfaMethod": null
}
PreviousADFS AgentNextOS Logon

Last updated