Cloud Administration Retrieve RSA DS100 OTP Credential API
Use the Cloud Administration Retrieve RSA DS100 OTP credential API to get RSA DS100 OTP credential records by providing device serial number.
For information about managing access to this API, see Accessing the Cloud Administration APIs.
Authentication
Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration APIs .
Software Developer Kit
You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.
Request Requirements
Use the following information to retrieve OTP credential by providing a device serial number:
| Method | Request URL | Response Content Type | Response Body | Response Codes |
|---|---|---|---|---|
| POST | /AdminInterface/restapi/v1/ds100/lookup | application/json | OTP credential details with property | 200, 400, 403, 404, 429, 500 |
Example Request Data
The following example displays a request.
POST /AdminInterface/restapi/v1/ds100/lookup
Accept: application/json
Authorization: Bearer <JWT token>
Example Request Body
{
"deviceSerialNumber" : "140100080"
}
Request Property Descriptions
| Property | Description | Required? | Max Length | Data Type |
|---|---|---|---|---|
| deviceSerialNumber | The serial number of the hardware authenticator. The number is displayed at the back of the SecurID DS100 authenticator. | Yes | 36 | String |
Example Response
The following example displays a response body.
[
{
"id": "d4f8b2e7-f6e4-e102-bb28-ee0b5d37c2f2",
"name": "dak-br03-ngx-01",
"userId": "26c1e3d6-b31c-803e-cf7f-bdbe7687a72b",
"deviceType": "SecurID DS100",
"registeredDate": "2022-06-08T07:58:13.432Z",
"tokenSerialNumber": "014010008035",
"updatedAt": "2022-06-08T09:47:50.496Z",
"tokenState": "Activated",
"expiryDate": null,
"tokenStatus": "Disabled",
"tokenStatusReason": null,
"assignedAt": "2022-06-08T07:58:13.432Z",
"assignedBy": "user3@pelab.com",
"pinSet": true,
"tokenStatusChangedAt": "2022-06-08T09:47:50.493Z",
"tokenStatusChangedBy": "jschmoe@dak-br03-ngx-01.com",
"deviceSerialNumber": "140100080"
}
]
Response Property Descriptions
The following table shows response property descriptions and the associated data types.
| Property | Description | Data Type |
|---|---|---|
|
id |
Identifies the SecurID DS100 OTP credential. | String |
| name | OTP Credential Name | String |
| userId | Identifies the user to whom the SecurID DS100 authenticator is registered. | String |
| deviceType |
Device type information related to the hardware authenticator. | String |
| registeredDate | Timestamp when the credential was registered (enrolled) by a user. | String |
| tokenSerialNumber | Serial number of the SecurID DS100 credential. | String |
|
updatedAt | Last updated timestamp of the SecurID DS100 OTP credential. For information on formatting timestamps in ISO 8601 format, see https://www.w3.org/TR/NOTE-datetime. | String |
| tokenState | State of the hardware Authenticator: Activated | String |
| expiryDate | DS100 token expiration date. For information on formatting timestamps in ISO 8601 format, see https://www.w3.org/TR/NOTE-datetime. (NOTE: Not Applicable) | String |
| tokenStatus | Status of the SecurID DS100 credential: Enabled or Disabled. | String |
| tokenStatusReason | The timestamp when the hardware token was assigned to a user by the administrator. Alternatively, this can be the timestamp when a user registered a token that was not pre-assigned. For information on formatting timestamps in ISO 8601 format, see https://www.w3.org/TR/NOTE-datetime. (NOTE: Not applicable) | String |
| assignedAt | The timestamp when a user registeres OTP credential. For information on formatting timestamps in ISO 8601 format, see https://www.w3.org/TR/NOTE-datetime. | String |
| assignedBy | Identifies the user who registered the SecurID DS100 OTP credential. | String |
| pinSet |
Flag that tells the system whether the user has set a PIN or not. This is managed by the system and is mainly for informational purposes. Possible values: True - PIN is set. False - PIN is not set. | Boolean |
| tokenStatusChangedAt | The timestamp when the SecurID DS100 credential was enabled/disabled. For information on formatting timestamps in ISO 8601 format, see https://www.w3.org/TR/NOTE-datetime. | String |
| tokenStatusChangedBy | Identifies the administrator who enabled or disabled the OTP credential. | String |
| deviceSerialNumber | SecurID DS100 authenticator device serial number. | String |
Response Codes
The following table shows response codes and descriptions for this API.
| Code | Description |
|---|---|
| 200 | RSA DS100 OTP credential is found successfully. |
| 403 | Not authorized to perform the request. |
| 404 | Hardware authenticator with a serial number is not found. |
| 429 | Too many requests. |
| 500 | Internal server error occurred while processing the request. |
Related Articles
Cloud Administration Clear PIN RSA DS100 OTP Credential API Number of Views In RSA Identity Governance & Lifecycle the warning 'No CSRF guard token was found in the submitted request' is encountered… Number of Views RSA Hardware Authenticators Number of Views Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle Number of Views Error Unable to resolve user by login ID and/or alias, or authenticator not assigned to user when attempting to authentica… Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
