Standard Guide

This document identifies the login and related features of PASSIKEY, and guides you through pre-development preparations.

Development environment

PASSIKEY Login API is a service that enables other service applications (apps) to use PASSIKEY's user authentication function.

PASSIKEY issues user ID for each app and Super-passcode for users, thus helping users with PASSIKEY Login API to use service app authentication safely and conveniently.

Login

PASSIKEY login is provided in iOS, Android, JavaScript SDK and REST API.

A brief description of the process of logging in to the PASSIKEY is shown below.

  • The user clicks the Log In As PASSIKEY button in the service app (or web browser).
    • Web browser: The QR screen provided by PASSIKEY appears and the user takes a QR with the PASSIKEY app.
    • In App Browser: PASSIKEY app will be launched automatically.
  • If the service is judged to be a service that is not connected to PASSIKEY Login when requesting a login, PASSIKEY Login will take priority.
  • Obtain consent from the user to utilize user information and functionality through the PASSIKEY login connection consent screen.
  • Require user authentication if the user agrees to the required items.
    • Enter 4-digits password (Biometric authentication unavailable)
  • Once the PASSIKEY login connection is completed, an authentication success token is issued to the service app, and the service server requests an access token and receives user information to complete the login processing.
  • After the user has completed the PASSIKEY login connection with the service, the user will be required to authenticate the login request when clicking the [PASSIKEY Login] button.After the user has completed the PASSIKEY login connection with the service, the user will be required to authenticate the login request when clicking the [PASSIKEY Login] button.
    • Enter a 4-digit password or Biometric authentication

PASSIKEY Authentication System

The 4-digit password that users remember is altered into different and complex passwords for every different purposed through PASSIKEY algorithm.

By doing so, users and service apps will be provided with an online environment that is safe from various keyboard hacking, and from phishing and pharming.

Token

Description
A status token is a token that can verify 'unusual token' that the user did not request, by ensuring that it matches the session token delivered from service app's PASSIKEY authentication process.
Request tokens are used in PASSIKEY app that is used to grant access to users. It is valid for a period of time and used to access user information for a period of time.
The token issued when the affiliate successfully authenticates PASSIKEY when requesting authentication, which is used to request access tokens.
Token with authority to receive user information. Issued through an authentication success token.