# Account recovery
Page contents
# About account recovery
Our account recovery feature allows your end-user to recover their authentication credentials using two-factor authentication. The end-user can recover your app on the same or another device.
This enables your end-users to come back to your services, without the need to perform costly and time-consuming reactivations.
# Example use cases
- Your end-users can recover their account if their device has been lost, broken or stolen.
- Your end-users can recover their account if they have deleted your application.
# How does account recovery work?
To be able to use our account recovery feature, it is required that:
- You configure account recovery in the application configuration for your MobileID account. You can contact us at support@signicat.com to get help setting this up.
- Your end-user's device has backup functionality enabled. This is enabled by default; the supported backup providers are Google Cloud and Apple iCloud.
- Your end-user sets up account recovery in the app by executing the necessary steps as described in How to setup account recovery.
Once these steps have been performed, it will then be possible for the end-user to perform an account recovery when it is needed.
The end-user carries this out through the app, which executes the necessary steps for account recovery.
Note
All recovery-related SDK operations require a valid authorisation token.
# Token authorisation
When you are using our SDK APIs for account recovery, you need to provide a token to authorise this operation. An authorisation token is issued by our server and returned back to the app as a response when performing certain SDK operations.
To get a authorisation token, you have to specify what purpose you are going to use the token for in the finish operation in the SDK. The purpose can be either addOrUpdateRecovery
or deleteRecovery
.
You can request an authorisation token in the following SDK APIs:
finishActivation
finishAuthentication
finishAddOrUpdateRecovery
finishRecovery
finishDeleteRecovery
# How to set up account recovery
Account recovery can be set up either during the device registration, or it can be added to an existing registration.
# How to set up account recovery for new registrations
- The app performs a 'normal' registration flow using
startActivation
/finishActivation
.- This yields a valid authentication token for the subsequent recovery operation.
- The app performs an add recovery flow using
startAddRecovery
/finishAddRecovery
SDK API calls.- As a result, the recovery credentials are stored into files that can be backed up.
# Sequence diagram
The following sequence diagram illustrates account recovery being added to a new registration.
# How to add account recovery to existing registrations
- The app obtains a valid authentication token using
startAuthentication
/finishAuthentication
. - The app performs an add recovery flow using
startAddRecovery
/finishAddRecovery
SDK API calls.- As a result, the recovery credentials are stored into files that can be backed up.
# Sequence diagram
The following sequence diagram illustrates account recovery being added to an existing registration.
# Manage account recovery
Operations to update or delete an account recovery.
# How to update an account recovery
- The app obtains a valid authentication token using
startAuthentication
/finishAuthentication
. - The app performs
startAddOrUpdateRecovery
/finishAddOrUpdateRecovery
SDK API calls.
# How to delete an account recovery
- The app obtains a valid authentication token using
startAuthentication
/finishAuthentication
. - The app performs
startDeleteRecovery
/finishDeleteRecovery
SDK API calls.
# Perform account recovery
In order to perform the account recovery, the app restores the recovery files by calling startRecovery
and finishRecovery
.
The device ID (deviceID
) that you use as a reference remains unchanged when the app is recovered.
Note
Once a recovery has been performed, it cannot be used again. Your end-users have to set up a new recovery on the device to be able to recover the next time.
# Sequence diagram
The following sequence diagram illustrates an account recovery being performed.
# Obtaining account recovery information
You can use the MobileID REST API to get information about account recoveries and verify if account recovery is enabled for a specific device.
To do this, you can execute the Get device endpoint, which is a Device management operation.
See the Get device endpoint in our MobileID API reference documentation further details.
Note
Ensure that you are using the query parameter detailed=true
to be able to see the detailed view of the device.
# Configuration options
Account recovery has to be enabled by updating your application configuration. Once it has been enabled, all devices that are using that application configuration will have the ability to perform the account recovery.
# Make changes to your configuration
MobileID's account recovery feature is configured in your application configuration.
To set up and make configuration changes to account recovery, send your preferences to us at support@signicat.com. We will update your application configuration for you.