Captcha security

Captcha security

For some of our methods, in general the public ones without OAuth 2 security, like creating a new account we implemented captcha based security.

So to create a new account you first need to generate a captcha, display it to the user and then provide the captcha id and the user response with the intended rest method.

A Captcha is only valid for one request.

Step 1

Request:

Generate a captcha.

GET /rest/captcha/generate

Response:

The response will include a url where you can download the captcha.

{
 "id": "a2b9e4a2-bdc0-4d97-ae02-d20a0a79d3bc",
 "url": "/rest/captcha?captchaId=a2b9e4a2-bdc0-4d97-ae02-d20a0a79d3bc",
 "type": "captcha"
}

Step 2

Request:

Download the captcha.

GET /rest/captcha?captchaId=a2b9e4a2-bdc0-4d97-ae02-d20a0a79d3bc

Response:

Download and display the captcha to the user.

Step 3

Request:

Create the account.

POST /rest/account?captchaId=a2b9e4a2-bdc0-4d97-ae02-d20a0a79d3bc&captchaResponse=USER_ANSWER

{
 "id":null,
 "type":null,
 "accountType":"BUSINESS",
 "phone":"336298465760",
 "user": {
  "id":null,
  "type":null,
  "username":"hEFlRKhU",
  "firstname":"BLODsCVu",
  "lastname":"YPZHcTEe",
  "email":"testdow035@ abilis.de",
  "salutation":"Herr",
  "password":"tZlhesYp",
  "language":"de",
  "newsLetter":false,
  "mustChangePassword":false
 },
 "address": {
  "type":null,
  "street":"BHTNxHUE",
  "houseNr":"36",
  "zipCode":"74044",
  "city":"QOlaNFDz",
  "country":"DE",
  "company":"sznkQduQ"
 },
 "numOfVersions":1,
 "umstidNr":"zXdvJSGe",
 "withIFrame":true,
 "businessExtended":true,
 "quota":3,
 "users":2,
 "agbAccepted":true,
 "paymentType":null,
 "activationKey":null,
 "duration":null
}

Response:

{
 "id":null,
 "accountType":"BUSINESS",
 "phone":"336298465760",
 "user": {
  "id":null,
  "username":"hEFlRKhU",
  "firstname":"BLODsCVu",
  "lastname":"YPZHcTEe",
  "email":"testdow035@ abilis.de",
  "salutation":"Herr",
  "password":"tZlhesYp",
  "language":"de",
  "newsLetter":false,
  "mustChangePassword":false,
  "type":"user"
 },
  "address":{
  "street":"BHTNxHUE",
  "houseNr":"36",
  "zipCode":"74044",
  "city":"QOlaNFDz",
  "country":"DE",
  "company":"sznkQduQ",
  "type":"address"
 },
 "numOfVersions":1,
 "umstidNr":"zXdvJSGe",
 "quota":3,
 "users":2,
 "withIFrame":true,
 "businessExtended":true,
 "agbAccepted":true,
 "paymentType":null,
 "activationKey":"efdf328e-4ddc-4fd1-9440-a243f8265f37",
 "duration":0,
 "type":"accountUpgrade"
}