Start Building

LastPass Developer Documentation

Show/hide navigation

Plain Auth API

This document offers instructions for consuming the LastPass plain (Non-encrypted) Authentication API services. Although this is the simplest way to start the integration, we strongly recommend using the encrypted endpoint for your production environment.

The authentication client exchanges JSON messages with LastPass API. API Key is a required attribute for every message. You can retrieve the API Key as instructed here.

Here is the list of all methods:

POST /Auth/Login

Pings the user’s active phone to login synchronously. Request finishes after the user take actions on the phone or after 60 seconds.

Example Request and Response in JSON:

Attribute Type Description
APIKey* String MFA Key
Username* String User’s email as an identifier
IPAddress* String IP address of the user. User will see the geo-location of this IP address on the phone
BrowserId String Unique identifier of browser that can be stored on the cookie
DeviceName String User device description (i.e “Windows, Chrome”)
FirstName String User’s first name. This attribute is optional and is used for auto-provisioning. 
LastName String User’s last name. This attribute is optional and is used for auto-provisioning.   
AuthenticationMethods Array of string Preferred authorization methods list (pattern, face, fingerprint, etc.). This attribute is optional.
CallbackUrl String Callback URL that will be called after authorization is finished. This attribute is optional.

Attribute Type Description
Succeeded* Boolean Indicates the login process status
Message* String Error message from the server
Value.AuthStatus String Authentication status of the user
Value.Username String User’s email as an identifier  

AuthStatus. The server returns AuthStatus with the following values:

Status Description
Success Successful authentication
InvalidUser User is invalid
DoesNotExist User does not exist
UnpairedUser User exists but is not active (No registered phone/device)
LockedUser User is locked by an administrator or User’s device is in lock status
NoResponse User did not respond to the request
NoResponseTimeout User did not respond to the request  
Alert Auth request is flagged as an alert ( Suspicious activity)
Denied User/server denied the request 
Denied by Geofencing Request is denied by Geofence policy
Denied by Policy Request is denied by other policies
No Location Request is denied because the user’s device/phone was not able to confirm the user’s location
LogError Server internal error
Password Indicates user is using a password as an authentication method

If an admin has enabled the “Auto-provisioning” feature from Admin portal and FirstName and LastName were provided in the request, then the API will create a new user (If it does not exist already). Then UnpairedUser status will be returned in the response. 

POST /Auth/LoginAsync

Pings the user’s active phone to login synchronously. Request returns token, that can be used to check login status via /Auth/CheckLoginToken

Example Request and Response in JSON:

Attribute Type Description
Succeeded* Boolean Indicates the login process status
Message* String Error message from the server
Value.AuthStatus String Authentication status of user
Value.Username String User’s email as an identifier  
Value.AsyncLoginToken String Auth Token generated for checking the request status periodically

AuthStatus. The server can return AuthStatus with the following values:

Status Description
Success Successful authentication
InvalidUser User is invalid
DoesNotExist User does not exist
UnpairedUser User exists but is not active (No registered phone/device)
LockedUser User is locked by administrator or User’s device is in Lock status
NoResponse User did not respond to the request
NoResponseTimeout User did not respond to the request  
Alert Auth request is flagged as an alert ( Suspicious activity)
Denied User/server denied the request 
Denied by Geofencing Request is denied by Geofencing policy
Denied by Policy Request is denied by other policy  
No Location Request is denied because user’s device/phone was not able to confirm user’s location
LogError Server internal error
Password Indicates User is using password as an authentication method
WaitingForResponse Indicates Async call. Use AsyncLoginToken to check the Auth request status.

If admin has enabled the “Auto-provisioning” feature from Admin portal and FirstName and LastName were provided in the request, then the API will create a new user (If it does not exist already). Then UnpairedUser status will be returned in the response. 

POST /Auth/CheckLoginToken

Checks the Auth request status by token received from /Auth/LoginAsync

Example Request and Response in JSON:

Attribute Type Description
Succeeded* Boolean Indicates the login process status  
Message* String Error message from the server  
Value.AuthStatus String Authentication status of the user  
Value.Username String User’s email as an identifier    

AuthStatus can have one of the following values:

Status Description
Success Success authentication
NoResponse No response from the user
NoResponseTimeout No response from user  
Alert Request outdated
Denied Denied by user
No Location No location from the phone
LogError Internal error
WaitingForResponse Still waiting for the user to response

POST /Auth/CancelLogin

Cancels the authentication request by token received from /Auth/LoginAsync.

Example Request and Response in JSON:

Attribute Type Description
Succeeded* Boolean Value indicating that login was canceled.
Message* String Error message if something goes wrong.

POST /Auth/CheckUser

Checks if that specific user exists or not. In some use cases you might need to know whether the user exists or activated in LastPass Directory before sending the authentication request. This method helps you to do so.

Example Request and Response in JSON:

Attribute Type Description
APIKey* String MFA Key  
Username* String User’s email as an identifier  

Attribute Type Description
Succeeded* Boolean Indicates the login process status  
Message* String Error message from the server  
Value.AuthStatus String Authentication status of the user  
Value.Username String User’s email as an identifier    

AuthStatus. Server can return AuthStatus with the following values:

Status Description
Success User exists
InvalidUser User does not exist
UnpairedUser User exists but is not active (No registered phone/device)  
Denied Server denied the request

 

Copyright@2020LogMeIn, Inc. All Rights Reserved