Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1821
Views
0
Helpful
1
Replies

Using Auth API with Duo Web

Go to solution
Krishna_Kumar_J
Level 1
Level 1

‎05-04-2020 12:52 AM

Greetings,

As said in duoweb guide, it is not advisable to use Auth APIs other than /ping and /check for Duo web.

But when I tried Auth API’s /preauth with Web SDK’s authorization keys, it is working fine even though it is said in guide as “Incorporating any other Auth API endpoint calls in your Duo Web application may have unpredictable results.”

I would be glad if I get clarified for the following,

  1. Since the /preauth endpoint is working fine with WebSDK’s integration and security keys, is it okay to use it ?
  2. Is there any other way to validate the Auth API’s integration/security keys since Auth API’s /check endpoint works the same for both WebSDK and AuthAPI ?

Thank you in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎05-05-2020 08:50 AM

  1. Since the /preauth endpoint is working fine with WebSDK’s integration and security keys, is it okay to use it ?

No, per the instructions about using AuthAPI with WebSDK in our documentation. there are two acceptable API endpoints for use with WebSDK: /ping and /check. You may have unpredictable results in the future if you do not follow our guidance.

  1. Is there any other way to validate the Auth API’s integration/security keys since Auth API’s /check endpoint works the same for both WebSDK and AuthAPI ?

You can validate the integration info with the /check call, as it is one of the two acceptable uses of AuthAPI with WebSDK mentioned in the documentation.

Duo, not DUO.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎05-05-2020 08:50 AM

  1. Since the /preauth endpoint is working fine with WebSDK’s integration and security keys, is it okay to use it ?

No, per the instructions about using AuthAPI with WebSDK in our documentation. there are two acceptable API endpoints for use with WebSDK: /ping and /check. You may have unpredictable results in the future if you do not follow our guidance.

  1. Is there any other way to validate the Auth API’s integration/security keys since Auth API’s /check endpoint works the same for both WebSDK and AuthAPI ?

You can validate the integration info with the /check call, as it is one of the two acceptable uses of AuthAPI with WebSDK mentioned in the documentation.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents