The RSA SecurID Access Unlock User Tokencodes API enables Help Desk administrators to unlock a user's Authenticate Tokencode, SMS Tokencode, and Voice Tokencode.
Note: The client requests the RSA SecurID Access User Details API to retrieve the User ID before it sends a request to the Unlock User Tokencodes API.
For more information, see Unlock All Tokencodes for a User.
Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration REST APIs .
Software Developer Kit
You can download the API Software Developer Kit (SDK) from RSA SecurID Access Administration REST API Download.
Use the following information to unlock a user's tokencode. The <userId> parameter is a unique user identifier that is sent in the response to the RSA SecurID Access User Details API .
|Method||Request URL|| |
Request Content Type
|Response Content Type||Response Codes|
|application/json||application/json||200, 400, 403, 404, 500|
Example Request Data
The following example displays a request.
Regardless of which methods are specified in the request, the status of all methods after the unlock operation has completed is included in the response.
Authorization: Bearer <JWT token>
"unlockMethods" : ["TOKEN", "VOICE", "SMS"]
The following table describes the unlockMethods parameter.
|unlockMethods||Set property value to an array for methods SMS, TOKEN, and VOICE. You must set at least one property value.|
Example Response Data
The following example displays a response.
Note: Regardless of which methods are specified in the request, the status of all methods is included in the response after the unlock operation has completed.
Property Response Descriptions
The following table shows property descriptions and data types.
|userId||Identifies the user.||String|
|isTokenLocked||Token locked status is either true (locked) or false (unlocked).||Boolean|
|isSmsLocked||SMS phone locked status is either true (locked) or false (unlocked).||Boolean|
|isVoiceLocked||Voice locked status is either true (locked) or false (unlocked).||Boolean|
The Cloud Authentication Service returns the following response codes.
|200||Unlock is successful.|
|400||Invalid User ID or request body.|
|403||Not authorized to perform the request.|
|404||User is not found.|
|500||Internal error occurred when processing the request. All methods are not unlocked.|
Note: For codes 200 and 500, the response body provides the lock status of all method types after the lock was attempted.