Method: authenticateIdentity

HTTP request
Request body
- JSON representation
Response body
GoogleAccountAssertions
- JSON representation
VerifiedPhoneNumber
- JSON representation
VerificationMethod
AuthenticateIdentityResponse
- JSON representation
AuthenticateIdentityResultCode

Authenticates a user's account using data about the user's Google account and current context. This authentication method can provide a seamless experience for the user by relying on data that has been verified ahead of time.

Any follow-up step relying on this authentication (like associateAccount or capture) will contain the authenticationRequestId from the authenticateIdentityRequest as proof of authentication.

If the endpoint encounters an error while processing the request, the response body from this endpoint should be of type ErrorResponse.

An example request looks like:


{
  "requestHeader": {
    "protocolVersion": {
      "major": 1,
      "minor": 1,
      "revision": 0
    },
    "requestId": "G112YZH4XPDV88J",
    "requestTimestamp": "1481907920000"
  },
  "authenticationRequestId": "1591303-231233235-151J",
  "associationId": "15522364553",
  "googleAccountAssertions": {
    "verifiedPhoneNumber": {
      "phoneNumber": "+12225551234",
      "lastVerificationTimestamp": "1481901920000",
      "verificationMethod": "CARRIER_API"
    }
  }
}

An example response looks like:


{
  "responseHeader": {
    "responseTimestamp": "1502545413132"
  },
  "paymentIntegratorAuthenticateIdentityId": "5539163",
  "result": "SUCCESS"
}

HTTP request

POST https://www.integratorhost.example.com/integrator-base-path/e-wallets-v1/authenticateIdentity

Request body

The request body contains data with the following structure:

JSON representation
{ "requestHeader": { object (`RequestHeader`) }, "authenticationRequestId": string, "associationId": string, "googleAccountAssertions": { object (`GoogleAccountAssertions`) } }

Fields
`requestHeader`	`object (RequestHeader)` REQUIRED: Common header for all requests.
`authenticationRequestId`	`string` REQUIRED: Identifier for this user authentication session. This value will appear in follow-up methods as proof of authentication.
`associationId`	`string` OPTIONAL: This is the association identifier used to reference a user's account. If this is populated then it is expected that the integrator verify the values in `googleAccountAssertions` are not just correct for any user account, but are correct for the particular user account identified by this `associationId`. This is populated whenever Google is performing a re-authentication of an already associated account.
`googleAccountAssertions (deprecated)`	`object (GoogleAccountAssertions)` DEPRECATED: This is information about the user's Google account that Google has verified somehow.

Response body

This method supports multiple return types. For additional information about what 4XX or 5XX HTTP status code to return with an ErrorResponse, consult the ErrorResponse object and HTTP status codes documentation.

Possible response messages
HTTP 200 Status	`object (AuthenticateIdentityResponse)`
HTTP 4XX / 5XX Status	`object (ErrorResponse)`

GoogleAccountAssertions

JSON representation
{ "verifiedPhoneNumber": { object (`VerifiedPhoneNumber`) } }

Fields

Fields
`verifiedPhoneNumber`	`object (VerifiedPhoneNumber)` OPTIONAL: The phone number tied to the user's Google account and verified by Google using one of a number of possible verification methods.

verifiedPhoneNumber

object (VerifiedPhoneNumber)

OPTIONAL: The phone number tied to the user's Google account and verified by Google using one of a number of possible verification methods.

VerifiedPhoneNumber

A phone number verified by Google as belonging to the user's Google account

JSON representation
{ "phoneNumber": string, "lastVerificationTimestamp": string, "verificationMethod": enum (`VerificationMethod`) }

Fields

Fields
`phoneNumber`	`string` REQUIRED: This is a E.164 formatted phone number. Examples include +14035551111 and +918067218000. This will always lead with a + and include only numbers afterwards (no dashes).
`lastVerificationTimestamp`	`string (int64 format)` OPTIONAL: Timestamp of the last time that this phone number was verified by Google, expressed as milliseconds since epoch.
`verificationMethod`	`enum (VerificationMethod)` OPTIONAL: The verification method that Google used to verify the phone number.

phoneNumber

string

REQUIRED: This is a E.164 formatted phone number. Examples include +14035551111 and +918067218000. This will always lead with a + and include only numbers afterwards (no dashes).

lastVerificationTimestamp

string (int64 format)

OPTIONAL: Timestamp of the last time that this phone number was verified by Google, expressed as milliseconds since epoch.

verificationMethod

enum (VerificationMethod)

OPTIONAL: The verification method that Google used to verify the phone number.

VerificationMethod

Enums
`UNKNOWN_VERIFICATION_METHOD`	Do not ever set this default value!
`CARRIER_API`	Google verified the user's phone number via a direct API call to a mobile carrier-owned API.
`SMS_MT_GOOGLE_ORIGINATED`	Google verified the user's phone number by sending an SMS to the phone (a.k.a. mobile terminated SMS, or SMS-MT) and collecting/verifying the SMS programmatically.
`SMS_MO_GOOGLE_TERMINATED`	Google verified the user's phone number by triggering a mobile-originating SMS (a.k.a. SMS-MO) to a Google-owned SMS gateway.

AuthenticateIdentityResponse

Response object for the authenticate identity method.

JSON representation
{ "responseHeader": { object (`ResponseHeader`) }, "paymentIntegratorAuthenticateIdentityId": string, "result": enum (`AuthenticateIdentityResultCode`) }

Fields

Fields
`responseHeader`	`object (ResponseHeader)` REQUIRED: Common header for all responses.
`paymentIntegratorAuthenticateIdentityId`	`string` OPTIONAL: This identifier is specific to the integrator and is generated by the integrator. It is used for debugging purposes only in order to identify this call. This is the identifier that the integrator knows this call by.
`result`	`enum (AuthenticateIdentityResultCode)` REQUIRED: Result of the authenticate identity call.

responseHeader

object (ResponseHeader)

REQUIRED: Common header for all responses.

paymentIntegratorAuthenticateIdentityId

string

OPTIONAL: This identifier is specific to the integrator and is generated by the integrator. It is used for debugging purposes only in order to identify this call. This is the identifier that the integrator knows this call by.

result

enum (AuthenticateIdentityResultCode)

REQUIRED: Result of the authenticate identity call.

AuthenticateIdentityResultCode

Result codes for authenticate identity.

Enums

UNKNOWN_RESULT Do not ever set this default value!

SUCCESS The user has been successfully authenticated.

Enums
`UNKNOWN_RESULT`	Do not ever set this default value!
`SUCCESS`	The user has been successfully authenticated.
`ADDITIONAL_USER_AUTHENTICATION_NEEDED`	The user must complete an authentication flow with the integrator. The authentication will be initiated with the same `requestId` that was used in this call's `requestHeader`. The specific authentiation method used will be chosen by Google from the set of remaining authentication methods that are valid for the user's current context. For instance, if the payment integrator has support for the SMS-MT OTP Authentication and the Web Redirect flows, Google might choose to send the user through the SMS-MT OTP Flow in order to authenticate the user. If the user is not on their mobile phone at the time of authenticating, Google might choose to send them through the Web Redirect Authentication Flow instead. If no additional authentication flows are available, the overall authentication will fail.

ADDITIONAL_USER_AUTHENTICATION_NEEDED

The user must complete an authentication flow with the integrator. The authentication will be initiated with the same requestId that was used in this call's requestHeader.

The specific authentiation method used will be chosen by Google from the set of remaining authentication methods that are valid for the user's current context. For instance, if the payment integrator has support for the SMS-MT OTP Authentication and the Web Redirect flows, Google might choose to send the user through the SMS-MT OTP Flow in order to authenticate the user. If the user is not on their mobile phone at the time of authenticating, Google might choose to send them through the Web Redirect Authentication Flow instead.

If no additional authentication flows are available, the overall authentication will fail.