PUT /api/users/{UserID}/challenges
Adds or updates information about the security challenge questions and answers for a specific user.
Note that if constraints are set for the answers to the security challenge questions, the answers must meet the constraints or the request will fail.
To check what security questions are valid, and what constraints are set, you can run the GET /api/businesses/{BusinessID}/challenges operation. If no constraints are returned, none are set.
Authorization Roles/Permissions: Must be logged in. Self (logged in) or Site Admin (for any user).
This topic includes the following sections:
HTTP Method
PUT
URL
https://{hostname}/api/users/{UserID}/challenges
Sample Request
The example below shows a request to update the security questions and answers for the specified user.
Sample Request URL
https://{hostname}/api/users/eceffbe3-3386-495b-80d3-7526f0eb0edc.acmepaymentscorp/challenges
Sample request headers
Accept: application/vnd.soa.v72+json Content-Type: application/vnd.soa.v72+json X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...
Sample request body: application/vnd.soa.v72+json
{
"UserIdentificationChallenge" : [ {
"UserID" : "9e4351af-c642-4992-89e0-262a9bfaf223.acmepaymentscorp",
"ChallengeCode" : "com.soa.challenge.question.city.birth",
"Answer" : "Dubai"
}, {
"UserID" : "9e4351af-c642-4992-89e0-262a9bfaf223.acmepaymentscorp",
"ChallengeCode" : "com.soa.challenge.question.color",
"Answer" : "Blue"
}, {
"UserID" : "9e4351af-c642-4992-89e0-262a9bfaf223.acmepaymentscorp",
"ChallengeCode" : "com.soa.challenge.question.pet",
"Answer" : "Bucktastic"
} ]
}
Request Headers
For general information on request header values, refer to HTTP Request Headers.
| Header | Description |
|---|---|
| Accept |
application/json, application/xml application/vnd.soa.v72+json, application/vnd.soa.v72+xml application/vnd.soa.v80+json, application/vnd.soa.v80+xml application/vnd.soa.v81+json, application/vnd.soa.v81+xml |
| Content-Type |
Any one of the following media types is valid for the request Content-Type: application/json or application/xml application/vnd.soa.v72+json or application/vnd.soa.v72+xml application/vnd.soa.v80+json or application/vnd.soa.v80+xml application/vnd.soa.v81+json or application/vnd.soa.v81+xml |
| Cookie | AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies. |
| X-Csrf-Token_{fedmemberID} | The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login. |
Request Parameters
| Parameter | Parm Type | Data Type | Required | Description |
|---|---|---|---|---|
| UserID | Path | string | Required | The unique ID for a specific user. |
| UserIdentificationChallenges | Body | UserIdentificationChallenges | Required |
Contains information about one or more user identification challenge questions applicable to a specific user, and in some cases the answers also. Note: The answers to the challenge questions must meet any restrictions that are placed on them. Otherwise, the request will fail. If you are not sure what the restrictions are, you can run the GET /api/businesses/{BusinessID}/challenges operation. The rules are returned in the response. |
Response
If successful, this operation returns HTTP status code 200, with the updated set of questions and answers for the specified user.
Sample Response
The sample response below shows successful completion of this operation.
Sample response headers: application/vnd.soa.v72+json
Status Code: 200 OK Content-Type: application/vnd.soa.v72+json Expires: Tue, 06 Jan 2015 14:43:08 GMT
Sample response body: application/vnd.soa.v72+json
{
"UserIdentificationChallenge" : [ {
"UserID" : "9e4351af-c642-4992-89e0-262a9bfaf223.acmepaymentscorp",
"ChallengeCode" : "com.soa.challenge.question.city.birth",
"Answer" : "Dubai"
}, {
"UserID" : "9e4351af-c642-4992-89e0-262a9bfaf223.acmepaymentscorp",
"ChallengeCode" : "com.soa.challenge.question.color",
"Answer" : "Blue"
}, {
"UserID" : "9e4351af-c642-4992-89e0-262a9bfaf223.acmepaymentscorp",
"ChallengeCode" : "com.soa.challenge.question.pet",
"Answer" : "Bucktastic"
} ]
}
Response Headers
For general information on response header values, refer to HTTP Response Headers.
| Header | Description |
|---|---|
| Content-Type |
application/json, application/xml application/vnd.soa.v72+json, application/vnd.soa.v72+xml application/vnd.soa.v80+json, application/vnd.soa.v80+xml application/vnd.soa.v81+json, application/vnd.soa.v81+xml |
Response Body
| Name | Type | Description |
|---|---|---|
| UserIdentificationChallenges | UserIdentificationChallenges | Contains information about one or more user identification challenge questions applicable to a specific user, and in some cases the answers also. |
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
| Item | Value |
|---|---|
| 400 | Bad request: Returned if the client sends a malformed request; for example, invalid parameters or body content.For example, you might get this response if you send malformed XML in your request, or if you use the wrong HTTP verb. |
| 401 | Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing. |
| 500 | An error occurred processing the call. |
More information about Akana API Platform API error messages.