On the Sinch Authentication 365 web-based Administrative UI, the user will be able to set configurations for default values that will apply to the API calls. The purpose of this feature is to enable the administrator of the 2FA implementation to change common features via the UI, rather than having to re-code the APIs to change features and configurations.
Businesses may use multiple sub-accounts for their own reseller customer or different use-cases, with each account or sub-account having different default configurations.
To view (and modify) Account Information, click the Accounts menu from the Authentication 365 web-based Administrative UI. This is where you can set defaults for your account. Of course, any default may be overridden through options in the API calls. The Account Info page displays four sections:
- Account Information
- Token & Callback Configuration
- URL Authorization Configuration
- 2 Step URL Authorization Configuration
This page displays the following information about your account and your account settings.
Let’s look at each of the sections, starting with the main Account Information section.
|Authentication 365 Account ID||Displays the internal Sinch Digital Interconnect Customer ID. (Not changeable)|
|HUB Account ID||Displays your Sinch Digital Interconnect A2P Hub account ID (Not changeable)|
|Operator ID||This is used for an interim solution to support a specific customer-specific capability.|
|Parent Account||Displays the account owner ID XXXXXX -- the entity that owns this account in case of hierarchy in the system i.e. Company YZ has an account But, Company XYZ can have multiple sub-accounts (or child accounts).|
|Client Name||The name of the account|
|Active Date||The date your account became active.|
|Account Description||A description of your account.|
|Default Message||This is the default message text that will be sent in the SMS to the subscriber The message text [token] will be replaced by the generated token.|
|Delivery Channel||Select the delivery mechanism: 1. Sinch Authentication 365 (SMS) 2. E-mail, If you leave this field blank you can use your own delivery mechanism or channel – the token created will be returned to you in the API response.|
|Expiration Date||Displays the account expiration date. This cannot be changed.|
|Branding Image||Image that will be display on the URL Authorization screen banner (and at the top right of your Authentication 365 UI pages). Click the Search button to search for your logo. Click Open to upload the logo. Once you click the Update button at the bottom of the screen, you should see a small version of the image in the top right of the Authentication 365 UI pages. Size limit is 300Kbytes (0.3Mbytes).|
Token & Callback Configuration
The Tokens & Callback Configuration section enable setting of default values for the validation token (type, length, timeout, number of retries as well as callback configurations for asynchronous URL Validations.
|Token Type||You may generate either: 1. Numeric tokens 2. Alphanumeric tokens. Alphanumeric tokens are significantly more secure than numeric tokens.|
|Token Length||The length of the token you want to generate. The minimum token size is 4 characters. This is the default setting. The maximum is token size is 9 characters.|
|Token Timeout||Minimum is 30 seconds - Maximum is 30 days (expressed in seconds). If the user does not use and validate the token within on the specified Token Timeout period, then the token will expire.|
|Max Validation Retries||Allows you to specify the number of times you want to allow the user retry validation. 3 is the initial default.|
|Callback URL||This is only used if you are doing Asynchronous URL Validations: This is the registered callback URL that will be used for asynchronous URL validations.|
|Callback Authentication Type||This is only used if you are doing Asynchronous URL Validations: This will be Open (no signature secret) or Sign Key. To trust the source of the message you can configure a Signature Secret in the next field which is used to hash the body of the message with the “HMAC 256” algorithm and sent in the x-Sinch-di-signature header. For every received hash, you should rehash the body with the stored Secret to match the signature validation when the callback is received.|
|Callback Signed Key||This is only used if you are doing Asynchronous URL Validations: This is the secret key that will be used the hash the body of the message.|
URL Authorization Configuration
The items in URL Authorization Configuration section provide defaults for the message body of a URL Validation, the success message, as well as the headline and sub-headline for the URL Authorization landing page. The Branding Image is set in the main Account Information section.
|Message Body||Message text of the URL Authorization that appears in the SMS (or Email) message. You may use [link] to be replaced with the generated user-specific validation link.|
|Success Message||This is the text that will displayed to indicate the validation was successful. It appears on the URL Validation landing page – reached by the user tapping their user-specific validation link. This will appear below the brand image.|
|Headline||Headline text of the URL Authorization landing page.|
|Sub Headline||Sub Headline text of the URL Authorization landing page. (The brand image will appear below this text).|
The URL Validation (or Authorization) sequence is shown in the example below. Key fields are also highlighted.
2 Step URL Authorization Configuration
The following are additional features that may be configured for the optional 2-step URL Authorization option.
|2 Step Url Authorization Property||Description|
|Main Text||This text appears below the branding image when you are sending a 2-step URL validation (one that requires an affirmative or decline by the end-user, after they reach the URL Authorization landing page).|
|Affirmative Button Text||Text displayed on the Affirmative Button on the 2-Step URL Authorization landing page|
|Accept Message||Text of the Acceptance Message when the Affirmative button is tapped on the 2-Step URL Authorization landing page.|
|Decline Button Text||Text of the Decline Button of the 2 Step URL Authorization|
|Decline Message||Text of the Decline Message when the Decline button is tapped on the 2 Step URL Authorization landing page.|
|Button Color||Background color of the Accept and Decline Buttons of the 2 Step URL Authorization|
A 2-Step URL Authorization sequence is shown in example, below along with call-outs for the 2-step URL Authorization configuration fields. These are in addition to the fields configured in the URL Authorization Configuration section as outlined on the previous page.
Important: After making any changes in any of the fields in any section, make sure that you click the Update button at the bottom of the screen.