User creation

This documentation will walk you through creating users within the ConnectPay system. Follow these instructions to add users and integrate our features into your Platform seamlessly.

In order to use our SCA solution, users that connect to your Platform must be created in our system as well. From a high-level perspective, this process consists of:

1. Credential creation
2. Credential validation
3. Credential personalization

In ConnectPay, a credential pair is formed from email (that acts as username) and password. For SCA’s second factor, we use mobile phones to send SMS OTP. Thus, for the user creation journey, you will need to collect this data from your customers so that a user can be created. Each of these credentials needs to be validated separately to ensure they are working and belong to a person who creates a user. In the picture below, you will seethe full credential creation flow:

1. When your customer starts user creation flow, first thing to do is to implement password encryption javascript provided by us. The purpose of it is to avoid passwords being saved in logs in plaintext form. Read more on how to integrate this javascript in your UI here.
2. Then you will need to send us credentials – email, password and mobile phone number for SCA factor. Password criteria should be validated based on Create user API requirements. Redirect URL provided will be the URL user is returned to after email validation process.
3. As a result of Create user API , you will receive email validation URL, event ID and user ID. All parts of credentials must be validated.
4. Password is validated when we receive encrypted data from you and check minimal requirements.
5. Email is validated when user clicks email validation URL provided by us. Currently, email should be sent by your system. Email validation URL is valid for 1 hour, if it gets expired, just call Create user API again with all the details.
6. Mobile phone is validated by sending SMS to phone number provided to us. In order to do so, you will use event ID provided in Create user API response. Use Initiate SCA authorisation API together with event ID to initiate SMS. The SMS OTP code is valid for 5 min.
7. Then a user will receive SMS OTP code and to validate it you will need to call Verify SCA enrollment API with that code provided together with user ID. In stage environment real SMS is not sent, OTP code is mocked and it’s value always is 123456 . If too many incorrect attempts for SMS OTP is used, user is locked for 1 hour.
8. If verification is successful, then the user status is changed to Verified and you will receive an access token in response.

Tip! Pay attention that Initiate SCA authorization API has API rate limits enabled. Currently, it’s 120 requests per minute. If you see that it’s not enough for your needs, please inform us.

Tip! It doesn’t matter in which order email and mobile phone is validated, but if email is not validated, then access token for user is not provided.

9. To personalize credentials (link with actual identity), use the access token provided in response to Verify SCA enrollment API to authorise Initiate IDV API. You can read more about the IDV process here. After ID verification is successful and we manage to create a person, then this person is linked with a credential pair. Initiate Logout API, and then the user can log in while you post us Login API. A new login is required to confirm credential usage.