CIBA Ping Callback

When using the CIBA ping method, BindID sends HTTP POST requests to the endpoint specified in the BindID Admin Portal application settings (Notification URL) when users open authentication links and finish authentication flows. After an authentication flow is completed, call the /token endpoint to retrieve the user tokens or the authentication failure error code.

Endpoint Requirements

Your endpoint must support HTTPS. When a CIBA ping notification is received, you should verify that its bearer token is identical to the value of the client_notification_token sent in the CIBA authentication request and then return an HTTP 200 status response. If a success response is not received within 4 seconds, BindID attempts to resend the notification up to a maximum of 5 times.

Notification Headers

The notifications sent to your endpoint have these request headers:

Header Name	Description
`content-type`	`application/json`
`Authorization`	A bearer token, where the value of the token is determined by the `client_notification_token` field in the CIBA authentication API request.

Notification Body

The notification's body contains a data JSON object with the following structure:

Header Name	Description
`topic`	Indicates the notification type: `link_status`, a user opened an authentication link; `auth_completed`, a user completed an authentication flow.
`value`	For `link_status` notifications, the value is `opened`. For `auth_completed` notifications, the value is `success` for successful authentications and `failure` for failed authentications.
`auth_request_id`	Unique identifier to identify the authentication or transaction signing request, as per CIBA standard (returned from calling the CIBA authentication API).
`client_id`	BindID client identifier of the client that requested the CIBA authentication.

Example Notification

Here is an example authentication complete notification:

POST /ciba-ping-endpoint
content-type: application/json
Authorization: Bearer 8d67dc78-7faa-4d41-aabd-67707b374255

{
    "data": {
        "topic": "auth_completed",
        "value": "success",
        "auth_request_id": "678b73b3-f725-4ca8-945c-7360a5170fab",
        "client_id": "d0594078.f5c36acf.tid_4142b590.bindid.io"
    }
}

Authentication Failures

When the authentication flow fails, an auth_completed notification is sent with a failure value:

POST /ciba-ping-endpoint
content-type: application/json
Authorization: Bearer 8d67dc78-7faa-4d41-aabd-67707b374255

{
    "data": {
        "topic": "auth_completed",
        "value": "failure",
        "auth_request_id": "cf8c5b88-1e99-44d7-9bb5-65bcd6d4f84a",
        "client_id": "d0594078.f5c36acf.tid_4142b590.bindid.io"
    }
}

If this occurs, call the /token endpoint to retrieve the failure reason.

CIBA Ping Callback#

Endpoint Requirements#

Notification Headers#

Notification Body#

Example Notification#