Skip to main content

Set User Passcode

Sets or updates the passcode for a user account. The passcode is stored in encrypted form.

Mutation

mutation SetUserPasscode($input: EncryptedPasscodeInput!) {
  setUserPasscode(input: $input)
}

Input Parameters

input
EncryptedPasscodeInput
required
Encrypted passcode information
encryptedPasscode
string
required
The user’s passcode encrypted with the public key
keyId
string
required
The ID of the encryption key used to encrypt the passcode
passwordAuthType
PASSWORD_AUTH_TYPE
required
The type of authentication. Must be PASSCODE for this operation

Response

setUserPasscode
boolean
Returns true if the passcode was successfully set, false otherwise

Example Request

curl -X POST http://localhost:3000/graphql \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation SetUserPasscode($input: EncryptedPasscodeInput!) { setUserPasscode(input: $input) }",
    "variables": {
      "input": {
        "encryptedPasscode": "aGVsbG8gd29ybGQgZW5jcnlwdGVkIHBhc3Njb2Rl",
        "keyId": "clm8x9z1a0000xyz1234abcd",
        "passwordAuthType": "PASSCODE"
      }
    }
  }'

Example Response

{
  "data": {
    "setUserPasscode": true
  }
}

Verify User Passcode

Verifies that the provided passcode matches the user’s stored passcode.

Mutation

mutation VerifyUserPasscode($input: EncryptedVerifyPasscodeInput!) {
  verifyUserPasscode(input: $input)
}

Input Parameters

input
EncryptedVerifyPasscodeInput
required
Encrypted passcode verification information
encryptedPasscode
string
required
The passcode to verify, encrypted with the public key
keyId
string
required
The ID of the encryption key used to encrypt the passcode
passwordAuthType
PASSWORD_AUTH_TYPE
required
The type of authentication. Must be PASSCODE for this operation

Response

verifyUserPasscode
boolean
Returns true if the passcode is correct, false otherwise

Example Request

curl -X POST http://localhost:3000/graphql \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation VerifyUserPasscode($input: EncryptedVerifyPasscodeInput!) { verifyUserPasscode(input: $input) }",
    "variables": {
      "input": {
        "encryptedPasscode": "aGVsbG8gd29ybGQgZW5jcnlwdGVkIHBhc3Njb2Rl",
        "keyId": "clm8x9z1a0000xyz1234abcd",
        "passwordAuthType": "PASSCODE"
      }
    }
  }'

Example Response

{
  "data": {
    "verifyUserPasscode": true
  }
}

Set Transaction PIN

Sets or updates the transaction PIN for a user account. The PIN is stored in encrypted form and used to authorize sensitive transactions.

Mutation

mutation SetTransactionPin($input: EncryptedTransactionPinInput!) {
  setTransactionPin(input: $input)
}

Input Parameters

input
EncryptedTransactionPinInput
required
Encrypted transaction PIN information
encryptedPin
string
required
The user’s transaction PIN encrypted with the public key
keyId
string
required
The ID of the encryption key used to encrypt the PIN
passwordAuthType
PASSWORD_AUTH_TYPE
required
The type of authentication. Must be TRANSACTION_PIN for this operation

Response

setTransactionPin
boolean
Returns true if the transaction PIN was successfully set, false otherwise

Example Request

curl -X POST http://localhost:3000/graphql \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation SetTransactionPin($input: EncryptedTransactionPinInput!) { setTransactionPin(input: $input) }",
    "variables": {
      "input": {
        "encryptedPin": "ZW5jcnlwdGVkIHRyYW5zYWN0aW9uIHBpbg==",
        "keyId": "clm8x9z1a0000xyz1234abcd",
        "passwordAuthType": "TRANSACTION_PIN"
      }
    }
  }'

Example Response

{
  "data": {
    "setTransactionPin": true
  }
}

Verify Transaction PIN

Verifies that the provided transaction PIN matches the user’s stored PIN.

Mutation

mutation VerifyTransactionPin($input: EncryptedVerifyTransactionPinInput!) {
  verifyTransactionPin(input: $input)
}

Input Parameters

input
EncryptedVerifyTransactionPinInput
required
Encrypted transaction PIN verification information
encryptedPin
string
required
The transaction PIN to verify, encrypted with the public key
keyId
string
required
The ID of the encryption key used to encrypt the PIN
passwordAuthType
PASSWORD_AUTH_TYPE
required
The type of authentication. Must be TRANSACTION_PIN for this operation

Response

verifyTransactionPin
boolean
Returns true if the transaction PIN is correct, false otherwise

Example Request

curl -X POST http://localhost:3000/graphql \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation VerifyTransactionPin($input: EncryptedVerifyTransactionPinInput!) { verifyTransactionPin(input: $input) }",
    "variables": {
      "input": {
        "encryptedPin": "ZW5jcnlwdGVkIHRyYW5zYWN0aW9uIHBpbg==",
        "keyId": "clm8x9z1a0000xyz1234abcd",
        "passwordAuthType": "TRANSACTION_PIN"
      }
    }
  }'

Example Response

{
  "data": {
    "verifyTransactionPin": true
  }
}

Password Auth Types

The PASSWORD_AUTH_TYPE enum defines the types of password authentication:
  • PASSCODE: User login passcode
  • TRANSACTION_PIN: Transaction authorization PIN

Security Considerations

  • All passcodes and PINs must be encrypted client-side using the public key obtained from generateClientEncryptionKey before being sent to the API
  • Always use the corresponding keyId when sending encrypted credentials
  • The service decrypts credentials server-side using the private key and stores them securely
  • Never send plaintext passcodes or PINs over the network

Build docs developers (and LLMs) love

Get started for freeTalk to us