Using Auth API with Duo Web

Greetings,

As said in duoweb guide, it is not advisable to use Auth APIs other than /ping and /check for Duo web.

But when I tried Auth API’s /preauth with Web SDK’s authorization keys, it is working fine even though it is said in guide as “Incorporating any other Auth API endpoint calls in your Duo Web application may have unpredictable results.”

I would be glad if I get clarified for the following,

  1. Since the /preauth endpoint is working fine with WebSDK’s integration and security keys, is it okay to use it ?
  2. Is there any other way to validate the Auth API’s integration/security keys since Auth API’s /check endpoint works the same for both WebSDK and AuthAPI ?

Thank you in advance.

  1. Since the /preauth endpoint is working fine with WebSDK’s integration and security keys, is it okay to use it ?

No, per the instructions about using AuthAPI with WebSDK in our documentation. there are two acceptable API endpoints for use with WebSDK: /ping and /check. You may have unpredictable results in the future if you do not follow our guidance.

  1. Is there any other way to validate the Auth API’s integration/security keys since Auth API’s /check endpoint works the same for both WebSDK and AuthAPI ?

You can validate the integration info with the /check call, as it is one of the two acceptable uses of AuthAPI with WebSDK mentioned in the documentation.