== Validation Protocol Version 2.0 === Introduction All requests are HTTP GET requests. As such, all parameters must be properly URL encoded. In particular, some base64 characters (such as "+") in the value fields needs to be escaped. Each response sent by the server is signed. To verify that the response has not been tampered with, clients either verify the HMAC signature or use HTTPS connections (and verify the server certificate). === Generating signatures The protocol uses HMAC-SHA-1 signatures. The HMAC key to use is the client API key. Generate the signature over the parameters in the message. Each message contains a set of key/value pairs, and the signature is always over the entire set (excluding the signature itself), and sorted in alphabetical order of the keys. More precisely, to generate a message signature do: * Alphabetically sort the set of key/value pairs by key order. * Construct a single line with each ordered key/value pair concatenated using '&', and each key and value contatenated with '='. Do not add any linebreaks. Do not add whitespace. For example: `a=2&b=1&c=3`. * Apply the HMAC-SHA-1 algorithm on the line as an octet string using the API key as key (remember to base64decode the API key obtained from Yubico). * Base 64 encode the resulting value according to RFC 4648, for example, `t2ZMtKeValdA+H0jVpj3LIichn4=`. * Append the value under key 'h' to the message. === Verifying signatures To verify a signature on a response message, follow the same procedure that was used to sign the response message and compare the signature in the response to the signature you generated. If the signature values are equal, the signature is correct. Make sure you remove the signature itself from the values you generate the signature over for verification. If the incoming message is b=1&a=2&c=3&h=V5FkMYr9GCG9tQA9ihuuybWl99U= make sure to remove h before verifying: b=1&a=2&c=3 Don't forget to sort the key/value pairs. === Verification There is one call to verify YubiKey OTPs: verify. The verify call lets you check whether an OTP is valid. Since the OTP itself contains identification information, all you have to do is to send the OTP. To avoid cut'n'paste attacks, the client MUST verify that the "otp" in the response is the same as the "otp" supplied in the request. === Request Construct an HTTP GET call to http://api.yubico.com/wsapi/2.0/verify with the following parameters (note that this request need not be signed): [options="header"] |=== | parameter | type | required | purpose | id | string | Yes | Specifies the requestor so that the end-point can retrieve correct shared secret for signing the response. |otp | string | Yes | The OTP from the YubiKey. | h | string | No | The optional HMAC-SHA1 signature for the request. | timestamp | string | No | Timestamp=1 requests timestamp and session counter information in the response | nonce | string | Yes | A 16 to 40 character long string with random unique data | sl | string | No | A value 0 to 100 indicating percentage of syncing required by client, or strings "fast" or "secure" to use server-configured values; if absent, let the server decide | timeout | integer | No | Number of seconds to wait for sync responses; if absent, let the server decide |=== An example request: http://api.yubico.com/wsapi/2.0/verify?otp=vvvvvvcucrlcietctckflvnncdgckubflugerlnr&id=87&timeout=8&sl=50&nonce=askjdnkajsndjkasndkjsnad And if you require additional information on timestamp and session counters: http://api.yubico.com/wsapi/2.0/verify?id=87&otp=vvvvvvcucrlcietctckflvnncdgckubflugerlnr&timeout=8&sl=50&nonce=askjdnkajsndjkasndkjsnad×tamp=1 === Response The verification response tells you whether the OTP is valid. The response has the following values: [options="header"] |=== |parameter | type | purpose |otp |string |The OTP from the YubiKey, from request |nonce |string |Random unique data, from request |h |string (base64) |Signature as described above. |t |time stamp |Timestamp in UTC |status |string |The status of the operation, see below |timestamp |string |YubiKey internal timestamp value when key was pressed |sessioncounter |string |YubiKey internal usage counter when key was pressed |sessionuse |string |YubiKey internal session usage counter when key was pressed |sl |integer |percentage of external validation server that replied successfully (0 to 100) |=== These are the possible "status" values in a verify response: [options="header"] |=== | name | meaning | OK | The OTP is valid. | BAD_OTP | The OTP is invalid format. | REPLAYED_OTP | The OTP has already been seen by the service. | BAD_SIGNATURE | The HMAC signature verification failed. | MISSING_PARAMETER | The request lacks a parameter. | NO_SUCH_CLIENT | The request id does not exist. | OPERATION_NOT_ALLOWED | The request id is not allowed to verify OTPs. | BACKEND_ERROR | Unexpected error in our server. Please contact us if you see this error. | NOT_ENOUGH_ANSWERS | Server could not get requested number of syncs during before timeout | REPLAYED_REQUEST | Server has seen the OTP/Nonce combination before |=== === Changes since version 1.1 The verify URL has changed. In the request, the new required field "nonce" were added, and the new optional fields "sl" and "timeout" are added. In the response, the new fields "otp", "nonce", and "sl" are added. The status codes NOT_ENOUGH_ANSWERS and REPLAYED_REQUEST were added. Since both the URL and required fields has changed, version 2.0 is not backwards compatible with version 1.1 or version 1.0. However, because version 2.0 use a different URL than version 1.x, the server may support both version 1.x and version 2.0 clients at the same time.