Privakey Documentation

Welcome to Privakey's documentation pages. You'll find comprehensive documentation and guides to help you start working with Privakey as quickly as possible. If you can't find the help you need, feel free to reach out to support@privakey.com

Suggest Edits

API Authentication

 

API Authentication

PrivakeyCX supports two methods for authenticating API calls from Request Origins: HMAC and Basic. Because HMAC does not transfer the secret over the wire, it is inherently more secure than Basic, and is the recommended authentication method. Each Request Origin must be configured to use one of those methods. For more information on configuring Request Origins, see the Administration.

HMAC Authentication

HMAC is a method of generating a signature using well defined steps, which is then sent to the server along with the request. The generation steps are repeated on the server, and the signature sent with the request and the signature generated on the server are then compared. If identical, authentication has succeeded.

PrivakeyCX's HMAC authentication is comprised of several pieces: the algorithm version, the Request Origin's GUID, the milliseconds since the epoch, and the signature of the HMAC itself, combined in a certain order. Currently, the only algorithm supported is "CX1-HMAC-SHA256." The Request Origin's GUID and secret used to generate the signature are displayed and stored in PrivakeyCX's database at the time of Request Origin configuration.

It is combined in the following way and placed in the Authorization Header:

[algorithm],[RequestOriginGUID]/[millisecondsSinceEpoch],[base64Signature]

An example HMAC authorization header would be:

Authorization: CX1-HMAC-SHA256,306e8e0e-ee83-4bff-b1ff-8847931d83ec/1547654144951,ec9vkJcJFfSfdXXdwdglqP113Ov1F9S2BjhLxMsLHQo=

Please note the separators "," and "/"

Signatures

The signature is a base64 string generated using the secret key and certain data depending on whether a GET is used, or anything else with a postbody.

If a GET method is being called, the signature is generated from signing a string concatenated with no separators using the supplied algorithm from the following:

  1. GET
  2. the full URI including protocols and paths of the route being called
  3. milliseconds since epoch
  4. the Request Origin's GUID

For example, calling the Get All Requests route on a CX server hosted at https://cx.privakey.com, with Request Origin GUID 306e8e0e-ee83-4bff-b1ff-8847931d83ec, and account id 1000, the signature could be generated like so:

// Nodejs
let dataToSign = 'GET' + 'https://cx.privakey.com/api/request/getAll?accountId=1000' + millisecondsFromEpoch + '306e8e0e-ee83-4bff-b1ff-8847931d83ec';
let hmac = crypto.createHmac('SHA256', secretKey); 
hmac.update(dataToSign);
let signature = hmac.digest('base64');

If any other method than GET is used, the postbody must also be included last while signing. For example, when adding a simple request:

  1. The method, e.g. POST or PUT
  2. the full URI including protocols and paths of the route being called
  3. milliseconds since epoch
  4. the Request Origin's GUID
  5. the post body as a string
// Nodejs
let postBody = '{"accountId":"1000", "notificationTitle":"A simple request", "notificationBody":"Do you approve the transaction?"}';
let dataToSign = 'POST' + 'https://cx.privakey.com/api/request/add' + millisecondsFromEpoch + '306e8e0e-ee83-4bff-b1ff-8847931d83ec' + postBody;
let hmac = crypto.createHmac('SHA256', secretKey); 
hmac.update(dataToSign);
let signature = hmac.digest('base64');

Accepted Content-Types

All calls that send data in the body of the request can pass it either as application/json or as application/x-www-form-urlencoded.

JSON Canonicalization

JSON key/value pairs are, by specification, in no particular order. The order in which key/values are fed to the generation of the signature, however, DOES matter.

JSON such as

{"accountId":"1000", "notificationTitle":"A simple request","notificationBody":"Do you approve the transaction?"}

is considered equivalent to

{"notificationBody":"Do you approve the transaction?","notificationTitle":"A simple request", "accountId":"1000"}

but will generate a different signature.

PrivakeyCX will generate a signature from the postbody in the order that the key/values are transferred. This means using the first example above, PrivakeyCX will generate the signature from the postbody starting with accountId, and likewise using the second example, starting with notificationBody.

Because many JSON libraries follow spec, they may convert objects into JSON with an undeterministic order. Additional work may be required on the client end to sort the JSON keys, depending on the library you use. If the order in which keys are sorted when generating the signature does not match the order in which they are transferred as the postbody of the request, the comparision signature generated on PrivakeyCX will not match and the request will return a 401 Unauthorized.

White Space

When the Auth Service generates a signature based on the incoming request, it strips out any white space that is not in a key or value. Be sure to do the same on the client side, or the signatures will not match!

Basic Authentication

Basic HTTP Authentication is simple. Just follow these steps:

  1. Combine your Request Origin GUID and Secret with a single colon (:) between them.
  2. Base64-encode the result from step 1.
  3. Add the following header to your request: "Authorization: Basic <result from step 2>".

Here's an example, assuming your ID is "306e8e0e-ee83-4bff-b1ff-8847931d83ec" and your Secret is "abc123":

  1. Combined: "306e8e0e-ee83-4bff-b1ff-8847931d83ec:abc123"
  2. Base64 Encoded: "MzA2ZThlMGUtZWU4My00YmZmLWIxZmYtODg0NzkzMWQ4M2VjOmFiYzEyMw=="
  3. Header to Add: Authorization: Basic MzA2ZThlMGUtZWU4My00YmZmLWIxZmYtODg0NzkzMWQ4M2VjOmFiYzEyMw==
 
Suggest Edits

Status Mappings

 

Status Mappings

Several of the constructs within Privakey CX have statuses associated with them - for instance, a device can be Active, Revoked, etc. For ease of extension and optimization, these statuses are passed around as numbers rather than plaintext. The mappings for each is listed here.

Account Statuses

Number Status
0 Active
1 Admin Suspended
2 Token Suspended
3 Revoked

Device Statuses

Number Status
0 Active
2 Revoked

Request Statuses

Number Status
1 Canceled
2 Completed
3 Pending
5 Timed Out

Request Types

Number Type
0 Add Device
1 Authenticate
2 Pin Change
 
Suggest Edits

Get Account

Returns a user's CX account information

 
gethttps://[your_CX_server]/1.1/api/account/getAccount

Query Params

accountId
string
required

The user's account id.

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

 
curl --location --request GET "https://[your_CX_server]/:version/api/account/getAccount?accountId=999999" --header "Authorization: Basic <basicCreds>"
A binary file was returned

You couldn't be authenticated

{
    "id": 17,
    "privakeyId": "37e0e8ef-cf1c-482d-88aa-ee7a63b250ca",
    "externalIdentifier": "999999",
    "created": "2019-02-19T21:02:08.000Z",
    "appSpaceId": 1,
    "appUserStatusId": 0
}
 
Suggest Edits

Bind Account

Creates or associates an account from your system to a privakeyCX account.

 
puthttps://[your_CX_server]/1.1/api/account/bind

Form Data

accountId
string
required

The user's account id

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

The internal Privakey GUID is returned in the body of the response, as "privakeyId". The token is also returned in the response body, as "sessionToken". The privakey Id and session token must then be passed to the device the user is trying to register.

Multi-Behavior Endpoint

If the account id has not yet been used, a new account is created and its Privakey GUID is returned. The location url is placed in the header.

If the account id has been used, its Privakey GUID is returned.

curl --location --request PUT "https://[your_CX_server]/:version/api/account/bind" --header "Authorization: Basic <basic creds>" --header "Content-Type: application/x-www-form-urlencoded" --data "accountId=999999"
A binary file was returned

You couldn't be authenticated

{
    "id": 17,
    "privakeyId": "37e0e8ef-cf1c-482d-88aa-ee7a63b250ca",
    "externalIdentifier": "999999",
    "appSpaceId": 1,
    "appUserStatusId": 0,
    "sessionToken": {
        "guid": "c4f51044-3b4c-4d0b-9370-24a4400ae5d0",
        "expiration": "2019-05-14T14:54:39.000Z",
        "appUserId": 17,
        "typeId": 0
    }
}
 
Suggest Edits

Update Account

Updates an account to use a new account id, while maintaining the history.

 
patchhttps://[your_CX_server]/1.1/api/account/update

Form Data

newAccountId
string
required

The new account id for the user

accountId
string
required

The current account id for the user.

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

 
curl --location --request PATCH "https://[your_CX_server]/:version/api/account/update" --header "Authorization: Basic <basic creds>" --header "Content-Type: application/x-www-form-urlencoded" --data "accountId=999999&newAccountId=888888"
A binary file was returned

You couldn't be authenticated

No response examples available
 
Suggest Edits

Get Device

Returns information about a device.

 
gethttps://[your_CX_server]/1.1/api/device/getDevice

Query Params

deviceGuid
string
required

The device's guid

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

Account Status

This call will also return an account's status.

curl --location --request GET "https://[your_CX_server]/:version/api/device/getdevice?deviceGuid=6932cdc9-0c3d-4654-ac7d-eec20e4e1652"  --header "Authorization: Basic <basic creds>"
A binary file was returned

You couldn't be authenticated

{
    "notificationId": "eCxh8LPvOpw:APA91bGvMcZtgSwFgNT92j4-_BbfXOilXQBZbfMJnUzXv2I5NSVZxDMDam6qvvJJcba2ozZA6acCdN-wQa7EYuezmLbJnQVnrYGcY5umrae2gpRpgs23KoqGYHSZJK1v6u4csBkQsaYP",
    "operatingSystem": "android",
    "notificationFramework": "firebase",
    "deviceStatusId": 0,
    "privakeyId": "37e0e8ef-cf1c-482d-88aa-ee7a63b250ca",
    "guid": "6932cdc9-0c3d-4654-ac7d-eec20e4e1652",
    "created": "2019-05-15T13:15:38.000Z",
    "name": "android device",
    "lastActivity": "2019-05-15T13:15:38.000Z",
    "appSpaceId": 1,
    "account": {
        "id": 17,
        "privakeyId": "37e0e8ef-cf1c-482d-88aa-ee7a63b250ca",
        "externalIdentifier": "999999",
        "created": "2019-02-19T21:02:08.000Z",
        "appSpaceId": 1,
        "appUserStatusId": 0
    }
}
 
Suggest Edits

Get All Devices

Returns an array of devices belonging to a particular user.

 
gethttps://[your_CX_server]/1.1/api/device/getAll

Query Params

accountId
string
required

The id of the user in your system

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

 
curl --location --request GET "{{rootUrl}}/api/device/getAll?accountId=999999" --header "Authorization: Basic <basic creds>"
A binary file was returned

You couldn't be authenticated

[
    {
        "notificationId": "eCxh8LPvOpw:APA91bGvMcZtgSwFgNT92j4-_BbfXOilXQBZbfMJnUzXv2I5NSVZxDMDam6qvvJJcba2ozZA6acCdN-wQa7EYuezmLbJnQVnrYGcY5umrae2gpRpgs23KoqGYHSZJK1v6u4csBkQsaYP",
        "operatingSystem": "android",
        "notificationFramework": "firebase",
        "deviceStatusId": 0,
        "privakeyId": "37e0e8ef-cf1c-482d-88aa-ee7a63b250ca",
        "guid": "6932cdc9-0c3d-4654-ac7d-eec20e4e1652",
        "created": "2019-05-15T13:15:38.000Z",
        "name": "android device",
        "lastActivity": "2019-05-15T13:15:38.000Z",
        "appSpaceId": 1
    }
]
 
Suggest Edits

Revoke Device

Revokes a device, rendering its keys useless.

 
patchhttps://[your_CX_server]/1.1/api/device/revoke

Form Data

deviceGuid
string
required

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

Revocation Is Permanent

Devices cannot be unrevoked and must be readded through the bind process in order to be used again.

curl --location --request PATCH "https://[your_CX_server]/:version/api/device/revoke" --header "Authorization: Basic <basicCreds>"--header "Content-Type: application/x-www-form-urlencoded" --data "deviceGuid=069ad557-7440-475f-9cf1-f013ce993c06"
A binary file was returned

You couldn't be authenticated

No response examples available
 
Suggest Edits

Add Request

Creates and sends a challenge request to a user.

 
posthttps://[your_CX_server]/1.1/api/request/add

Form Data

accountId
string
required

The user's account id in your system

buttons
array of strings

An array of strings representing buttons. A button requires a string title and a strongAuth boolean flag. Optionally, a style can be sent too, which must be a string.

additionalInfo
string

Any additional info you want to send with the request. This info will be linked to the request and can be used to include custom information.

callback
string

The callback the Auth Service will call when a request is processed. This callback must be preconfigured in the Admin Portal, otherwise the request will be rejected.

duration
string

A value denoting the length of time the request challenge is valid. A number with an acceptable unit of time. Acceptable units of time are s for seconds, m for minutes, h for hours, or d for days.

notificationBody
string

The text to be displayed in the body of a notification for the request challenge.

notificationTitle
string

The text to be displayed in the title of a notification for the request challenge.

requestTypeId
int32

The id value of the request type.

Content
string

The main content of the challenge to be presented to the user.

transactionId
string

A value to record the transaction of the request, in the case where it must be matched against other systems.

showCode
boolean

A flag indicating whether the confirmation code is intended to be displayed on the request or not.

showNotification
boolean

A flag indicating whether the notification should be displayed to the end user, or silently consumed by the App.

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

Buttons are optional, and, if not specified, two buttons will be defaulted on the request - Approve (strong auth is required), and Reject (strong auth is not required). If buttons are specified, then at least two buttons, each with title and strongAuth parameters must be set. Style is always optional, but if set, must be a string. Please note: the Auth Service does not interact at all with the styles, and they must be handled by the implementing App.

If a Callback is specified, the callback must have been white listed in the configuration of the calling Request Origin's data in the Admin Portal. Once the request is processed, the URI specified in the callback will receive the processed request's data. For more information, see Callbacks in the [[ADMIN PORTAL LINK]] document.

Additional Info is a field to put any extra data. This data will not be interacted with by the Auth Service, but it will always be returned back along with the rest of the request data. Useful to send meta data and context information about the request.

Notification Body and Title are defaulted to values set in the database configuration if not provided.

curl --location --request POST "
https://[your_CX_server]/:version/api/request/add" --header "Authorization: Basic {{basicCreds}}" --header "Content-Type: application/x-www-form-urlencoded" --data "accountId=999999&notificationBody=Please Respond To This Challenge&duration=60s&notificationTitle=A Challenge Request&showCode=true&callback=https://yourcallback.com&additionalInfo=<your additional info>&content=<your challenge content>"
A binary file was returned

You couldn't be authenticated

{
  "requestGuid": "4307f522-dd16-4b0d-b96f-1be8dd7c7487"
}
 
Suggest Edits

Cancel Request

Sets a request status to canceled.

 
patchhttps://[your_CX_server]/1.1/api/request/cancel

Form Data

requestGuid
string
required

The guid of the request to cancel.

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

Pending Requests Only

Only requests with a status of Pending (status id 3) can be canceled. If a request's status is not Pending, the Auth Service will return a 422 Unprocessable Entity error.

curl --location --request PATCH "https://[your_CX_server]/:version/api/request/cancel" --header "Authorization: Basic <basic creds>" --header "Content-Type: application/x-www-form-urlencoded" --data "requestGuid=4307f522-dd16-4b0d-b96f-1be8dd7c7487"
A binary file was returned

You couldn't be authenticated

No response examples available
 
Suggest Edits

Get Request

Returns information about a particular request.

 
gethttps://[your_CX_server]/1.1/api/request/getRequest

Query Params

requestGuid
string
required

The guid of the request to get

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

 
curl --location --request GET "{{rootUrl}}/api/request/getRequest?requestGuid=02825531-8641-4379-9fd7-791806d6fbc7" --header "Authorization: Basic <basic creds>"
A binary file was returned

You couldn't be authenticated

{
  "code": "M5X",
  "created": "2019-01-07T20:11:29.000Z",
  "lastModified": "2019-01-07T20:11:37.000Z",
  "expiration": "2019-01-07T20:16:29.000Z",
  "originIP": "18.215.153.200, 172.32.34.49",
  "requestTypeId": 1,
  "requestStatusId": 2,
  "content": "<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>",
  "responseContent": "<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>",
  "buttons": [
    {
      "title": "Confirm",
      "strongAuth": true,
      "style": "{\"type\":\"button\",\"color\":\"#40AA4B\"}"
    },
    {
      "title": "Deny",
      "strongAuth": false,
      "style": "{\"type\":\"button\",\"color\":\"#40AA4B\"}"
    }
  ],
  "buttonSelected": 0,
  "privakeyId": "efc27e30-1147-4a30-9bac-8c40adcf1c45",
  "requestOriginId": 6,
  "additionalInfo": "{\"viewType\":\"html\",\"format\":\"standard\",\"type\":\"Winston Speak Authentication\",\"duration\":{\"weeks\":0,\"years\":0,\"months\":0,\"days\":0,\"hours\":0,\"minutes\":10,\"seconds\":0},\"alexaUserId\":\"amzn1.ask.account.AFD7PUBSDBR2RYEXIAVOGUSKZJYXBZXY5YYZNXAFY43TAVABRNQMQRPOXNG73ZXSE7TFVXIQJKWUBPNMHBWVQDM2HARTAGLKH5YBYGKCWC3SA7RGSWCNTATJREAVK5ACJK3JCZMVOYATHOPV6DB267MZPDAFT66WGWI26PZVQHF7HOOZK2YJDWF7KJNRIPY63OFCXDUQVJNBZGY\",\"showNotification\":true}",
  "showCode": 0,
  "callback": "https://ordvav5e79.execute-api.us-east-1.amazonaws.com/development",
  "notificationBody": "Authentication Request",
  "notificationTitle": "Winston Authentication Request",
  "guid": "02825531-8641-4379-9fd7-791806d6fbc7",
  "showNotification": 1
}
 
Suggest Edits

Get All Requests

Returns an array of requests.

 
gethttps://[your_CX_server]/1.1/api/request/getAll

Query Params

requestGuid
string

Used to get a request by guid.

status
int32

Filter requests by status id.

typeId
int32

Filter requests by type id.

limit
int32

Limit the number of requests returned. If not specified, 100 requests will be returned.

beginDate
int32

Cutoff date of the oldest request to find. Milliseconds since epoch. Functionally equivalent to noOlderThan

noOlderThan
int32

Cutoff date of the oldest request to find. Milliseconds since epoch. Functionally equivalent to beginDate.

endDate
int32

Cutoff date of the most recent request to find. Milliseconds since epoch.

contentKeyword
string

Filter requests where the content of a request contains this word.

accountId
string
required

The id of the user in your system

Headers

Authorization
string
required

Either Basic or HMAC, depending on how the Request Origin is configured.

 
curl --location --request GET "https://[your_CX_server]/:version/api/request/getAll?status=2&noOlderThan=1547080484000&limit=3&accountId=999999" --header "Authorization: Basic <basic creds>"
A binary file was returned

You couldn't be authenticated

[
  {
    "code": "LQW",
    "created": "2019-01-09T19:34:44.000Z",
    "lastModified": "2019-01-09T19:35:02.000Z",
    "expiration": "2019-01-09T19:39:44.000Z",
    "originIP": "3.82.163.75",
    "requestTypeId": 1,
    "requestStatusId": 2,
    "content": "<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>",
  "responseContent": "<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>",
    "buttons": [
      {
        "title": "Approve",
        "strongAuth": true,
        "style": "{\"type\":\"button\",\"color\":\"#40AA4B\"}"
      },
      {
        "title": "Reject",
        "strongAuth": false,
        "style": "{\"type\":\"button\",\"color\":\"#f14132\"}"
      }
    ],
    "buttonSelected": 1,
    "privakeyId": "efc27e30-1147-4a30-9bac-8c40adcf1c45",
    "requestOriginId": 6,
    "additionalInfo": "{\"viewType\":\"html\",\"format\":\"standard\",\"type\":\"Winston Speak SendMoney\",\"showNotification\":true}",
    "showCode": 0,
    "notificationBody": "A request to send Brian Ross $1000.85 has been made via Alexa.",
    "notificationTitle": "Authorize to Send Money",
    "guid": "ac2a5114-0c2f-48b6-95c4-b72265de1c46",
    "showNotification": 1
  },
  {
    "code": "OXM",
    "created": "2019-01-09T19:33:57.000Z",
    "lastModified": "2019-01-09T19:34:30.000Z",
    "expiration": "2019-01-09T19:38:57.000Z",
    "originIP": "3.82.163.75",
    "requestTypeId": 1,
    "requestStatusId": 2,
    "content": "<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>",
  "responseContent": "<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>",
    "buttons": [
      {
        "title": "Approve",
        "strongAuth": true,
        "style": "{\"type\":\"button\",\"color\":\"#40AA4B\"}"
      },
      {
        "title": "Reject",
        "strongAuth": false,
        "style": "{\"type\":\"button\",\"color\":\"#f14132\"}"
      }
    ],
    "buttonSelected": 1,
    "privakeyId": "efc27e30-1147-4a30-9bac-8c40adcf1c45",
    "requestOriginId": 6,
    "additionalInfo": "{\"viewType\":\"html\",\"format\":\"standard\",\"type\":\"Winston Speak SendMoney\",\"showNotification\":true}",
    "showCode": 0,
    "notificationBody": "A request to send Joe $10.00 has been made via Alexa.",
    "notificationTitle": "Authorize to Send Money",
    "guid": "8cfceed0-9461-4e1f-b03a-3eb41d8b7cd0",
    "showNotification": 1
  },
  {
    "code": "XIB",
    "created": "2019-01-09T19:32:02.000Z",
    "lastModified": "2019-01-09T19:34:08.000Z",
    "expiration": "2019-01-09T19:37:02.000Z",
    "originIP": "3.82.163.75",
    "requestTypeId": 1,
    "requestStatusId": 2,
    "content": "<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>",
  "responseContent": "<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>",
    "buttons": [
      {
        "title": "Approve",
        "strongAuth": true,
        "style": "{\"type\":\"button\",\"color\":\"#40AA4B\"}"
      },
      {
        "title": "Reject",
        "strongAuth": false,
        "style": "{\"type\":\"button\",\"color\":\"#f14132\"}"
      }
    ],
    "buttonSelected": 1,
    "privakeyId": "efc27e30-1147-4a30-9bac-8c40adcf1c45",
    "requestOriginId": 6,
    "additionalInfo": "{\"viewType\":\"html\",\"format\":\"standard\",\"type\":\"Winston Speak SendMoney\",\"showNotification\":true}",
    "showCode": 0,
    "notificationBody": "A request to send Money 1000 Dollars $0.00 has been made via Alexa.",
    "notificationTitle": "Authorize to Send Money",
    "guid": "596f439a-d278-4d76-ade0-b83b4b0813be",
    "showNotification": 1
  }
]
 
Suggest Edits

Get Validation Data

Returns information about a device that can be used to validate the public keys that signed it.

 
gethttps://[your_CX_server]/1.1/api/request/getValidationData

Query Params

requestGuid
string
required

The guid of the request to retrieve validation data for.

accountId
string
required

The id of the user in your system.

Headers

Authorization
string

Either Basic or HMAC, depending on how the Request Origin is configured.

 
curl --location --request GET "https://[your_CX_server]/:version/api/request/getValidationData?requestGuid=02825531-8641-4379-9fd7-791806d6fbc7&accountId=999999" --header "Authorization: Basic <basic creds>"
A binary file was returned

You couldn't be authenticated

{
  "id": 4928,
  "date": "2019-01-07T20:11:37.000Z",
  "requestGuid": "02825531-8641-4379-9fd7-791806d6fbc7",
  "postBody": "{\"buttons\":\"[{\\\"title\\\":\\\"Confirm\\\",\\\"strongAuth\\\":true,\\\"style\\\":\\\"{\\\\\\\"type\\\\\\\":\\\\\\\"button\\\\\\\",\\\\\\\"color\\\\\\\":\\\\\\\"#40AA4B\\\\\\\"}\\\"},{\\\"title\\\":\\\"Deny\\\",\\\"strongAuth\\\":false,\\\"style\\\":\\\"{\\\\\\\"type\\\\\\\":\\\\\\\"button\\\\\\\",\\\\\\\"color\\\\\\\":\\\\\\\"#40AA4B\\\\\\\"}\\\"}]\",\"request\":{\"additionalInfo\":\"{\\\"viewType\\\":\\\"html\\\",\\\"format\\\":\\\"standard\\\",\\\"type\\\":\\\"Winston Speak Authentication\\\",\\\"duration\\\":{\\\"weeks\\\":0,\\\"years\\\":0,\\\"months\\\":0,\\\"days\\\":0,\\\"hours\\\":0,\\\"minutes\\\":10,\\\"seconds\\\":0},\\\"alexaUserId\\\":\\\"amzn1.ask.account.AFD7PUBSDBR2RYEXIAVOGUSKZJYXBZXY5YYZNXAFY43TAVABRNQMQRPOXNG73ZXSE7TFVXIQJKWUBPNMHBWVQDM2HARTAGLKH5YBYGKCWC3SA7RGSWCNTATJREAVK5ACJK3JCZMVOYATHOPV6DB267MZPDAFT66WGWI26PZVQHF7HOOZK2YJDWF7KJNRIPY63OFCXDUQVJNBZGY\\\",\\\"showNotification\\\":true}\",\"buttonSelected\":-1,\"buttons\":[{\"strongAuth\":true,\"style\":\"{\\\"type\\\":\\\"button\\\",\\\"color\\\":\\\"#40AA4B\\\"}\",\"title\":\"Confirm\"},{\"strongAuth\":false,\"style\":\"{\\\"type\\\":\\\"button\\\",\\\"color\\\":\\\"#40AA4B\\\"}\",\"title\":\"Deny\"}],\"callback\":\"https://ordvav5e79.execute-api.us-east-1.amazonaws.com/development\",\"code\":\"M5X\",\"content\":\"<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>\",\"created\":\"Jan 7, 2019 3:11:29 PM\",\"expiration\":\"Jan 7, 2019 3:16:29 PM\",\"guid\":\"02825531-8641-4379-9fd7-791806d6fbc7\",\"lastModified\":\"Jan 7, 2019 3:11:29 PM\",\"notificationBody\":\"Authentication Request\",\"notificationTitle\":\"Winston Authentication Request\",\"originIP\":\"18.215.153.200, 172.32.34.49\",\"privakeyId\":\"efc27e30-1147-4a30-9bac-8c40adcf1c45\",\"requestStatusId\":3,\"requestTypeId\":1,\"showCode\":0},\"requestGuid\":\"02825531-8641-4379-9fd7-791806d6fbc7\",\"responseContent\":\"<html><body>Please confirm that you would like to login to Winston with Alexa for 10 minutes.</body></html>\",\"selectedButtonIndex\":0}",
  "actorDevice": "69a938b4-503e-453f-a5c2-9494bb3c5e9b",
  "actorPublicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrFTaCJ+ICx7C41l/Vpw\nb/s+0iCAg6jI4UmPQWUCPRVlQAhO4MbhAZhnEfnHYvsVTLcannuR+QIujz7ICgR9\nv2j5RpfqCIgF7vg190y9XyCylFWC8omk0GZqWD4MtB6krU7K2t7MTpp/l38RAI7K\nVJZ3RGw9zI8/t6kWRuA9iiI1XYQgC2yCW/QawQwX1psccsgPo3PdcxMkZs7EFLaA\n0dWBRbc1Ql544DFZswfabuBOQQ8E+uYlK5bVLOnaRF7JIAkxQdW42kgM4NW7PYXQ\np1P7NQAvyrSpA5uQhtNV43D5aYu2XigByMNd3sgVoADHS8oJs7qryQYeYLTbLA+G\nGQIDAQAB\n-----END PUBLIC KEY-----",
  "jWT": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsInNlY0tleUlkIjoxNTc5fQ.eyJzdWIiOiJlZmMyN2UzMC0xMTQ3LTRhMzAtOWJhYy04YzQwYWRjZjFjNDUiLCJpYXQiOjE1NDY4OTE5MDAsImV4cCI6MTU0Njg5MzcwMCwicGF5bG9hZEhhc2giOiJPTld4Nk92cnRoR2xvc2hadjBNaDd0R1k1ZVdqbmlKanRpeThvZkR0QVNXRWxzZ3dIZUxtRklLMy92cUp1ZTZEQy92YzlkQTNicjFTcXZ1aHl3Z0lVUT09In0.cMSE6cjGEuMfoRf9QKlxb9G-RDx0cd_gEI79ZyLNOsSM0gyIxSa1-WX71LxE8qmVBK57-YYFYtfqccVGawOEIrAlCLxqp3yAa1N3y-fEBaAN2DEe_EeeTBWOlr8rgIhHZ7sYArwhnOvMpImVU7BxSk5_BlBH4M7uI5HDvysvFaDBBCIWqgB4XSZRnimiR1rsV0toR-Klwr2U8yB6J6PZVM25V9niWKVFBzf177IgLKzCYXehMfAIecK3ZDMkZ1td45avXwXkQFGQ0_hPsQ23MhXoywRuH51STHrIrJ5HaaR0mdvgl9ge6DYCDtV7ruS2LN49tY5as66Ep1LhMkgAtA",
  "actorKeyTypeId": 0,
  "statusId": 2
}