ElevenPaths, radical and disruptive innovation in security solutions

ElevenPaths info@elevenpaths.com elevenpaths.com

Latch Application developement guide

Version 4.1 – January 2015

Latch Application developement guide V.4.1 – January 2015

Page 2 of 8 2015 © Telefónica Digital Identity & Privacy, S.L.U. All Rights Reserved.

1 Creating an application

An application can be created or modified either from the Latch website (traditional method) or programmatically with the product's available user API. In either case, the developer should set up the characteristics of the applications.

The sole exception to consider is that the image of the application cannot be modified through the API. When creating through the API, the image that will be linked to the application is a random Latch-created image.

Only users with a Gold or Platinum subscription may use the user API to manage applications.

1.1 Through the Latch website

Once you have logged in to the “Developer Area” on the Latch website, you can create an application from the “My Applications” section in the side menu.

Figure 01: “My applications” section with user's configured applications.

The developer will create it from the "+ Add a new application" button, and the specified name will be the one that appears in the mobile application of the end users paired with it.

Figure 02: Creating an application. The name will be shown on the mobile app.

Latch Application developement guide V.4.1 – January 2015

Page 3 of 8 2015 © Telefónica Digital Identity & Privacy, S.L.U. All Rights Reserved.

Information about the application is displayed when it is created and part of this data is editable. The basic data that the developer should use when using the application are the "Application ID" and "Secret". In addition the following additional parameters are in place, which the developer may change at any time, that set the characteristics of your application:

Name: This corresponds to the name of the application that end users see on their devices when they pair the service. They can customize it themselves on their own device if they so wish.

Image: This corresponds to the application icon that will appear in the end-user's device; its size should not exceed 1MB. It is recommended to be in 24-bit png format without alpha channel, and its proportions are 1: 1.

2nd OTP factor (One-time password): This is only available to developers with a subscription model other than "Community". It enables the service to also be protected by a password, which is sent to the end user at the time he/she wants to access the service. The OTP setup can be:

1. Disabled: The option will not appear on the end user's mobile device.

2. Opt in: The end user may choose to use this option to protect the service.

3. Mandatory: The end user will receive a password every time he/she wants to access the service.

Lock latches after request: This is only available to developers with a subscription model other than "Community". This enables the service to be locked automatically once it has been accessed. The “Lock latches after request” setup can be:

1. Disabled: The option will not appear on the end user's mobile device.

2. Opt in: The end user may choose to use this option to protect the service.

3. Mandatory: The service will be locked automatically once it has been accessed. In the latter case, the "Scheduled lock" option would disappear from the service details view.

Contact email and Contact phone: These details will be displayed in the notifications that users will receive when there is a fraudulent attempt to access the service or any of its operations.

Operations: This corresponds to each of the actions included in the service but independent of each other, and that the developer wants to protect with Latch. The number of operations that can be included depending on the model of subscription chosen. In each of the operations, a "2nd OTP factor" (OTP) and an "Lock latches after request" (LOR) can be used. It is not compulsory to create operations and this will depend on the nature of the service to be protected.

Note: Tailored implementation through the SDK of the corresponding language may be necessary in order to use them.

Once the setup is complete and the changes have been saved, the new application will appear on the list of the developer's applications. 4 buttons (depending on the subscription) will also be displayed next to the application:

Dashboard: Displays information on the use of Latch by users who have paired the application.

LST (Latch Support Tool): Allows the service administrators to lock or unlock the services and operations as if they were the users themselves. (Not available in “Community” subscriptions).

Edit: Enables the application's characteristics to be changed.

Delete: Removes the application, so the paired users will no longer have the service protected with Latch. For these users, this application will disappear from their Latch app.

Latch Application developement guide V.4.1 – January 2015

Page 4 of 8 2015 © Telefónica Digital Identity & Privacy, S.L.U. All Rights Reserved.

Figure 03: Created application. It may be edited again at any moment.

1.2 Through the API

The creation of an application through the API is primarily contemplated for developers who need to automate a Latch-related process.

Once logged in to the “Developer Area” on the Latch website, get Latch keys from the “My Applications” section in the side menu.

Figure 04: “My Applications” section with the button for creating API keys.

With the “+ Generate User API Key”, developers can get the keys from Latch, who will provide them with a User ID and User Secret. These data are essential for creating applications through the API.

Developers may also renew the User Secret, if they think that it might have been compromised, or eliminate the keys entirely. In the latter case, applications can no longer be created through API until new keys are generated. Regardless of whether the User Secret is renewed or the keys are eliminated, applications that have already been created will not be affected.

Figure 05: User ID, User Secret, User Secret renewal button and user key elimination button.

Latch Application developement guide V.4.1 – January 2015

Page 5 of 8 2015 © Telefónica Digital Identity & Privacy, S.L.U. All Rights Reserved.

The “API Documentation” section is in the “Documentation and SDKs” menu and contains all the information for a developer. In particular, the “User API” tab includes all the information that developers need to create and set up the application through HTTP requests. –

Figure 06: User API documentation appearance.

Latch Application developement guide V.4.1 – January 2015

Page 6 of 8 2015 © Telefónica Digital Identity & Privacy, S.L.U. All Rights Reserved.

2 Final look of the application in the app

Once the end users start using Latch with the application created, part of the specified characteristics will be displayed in the app.

Figure 07: Initial appearance of the app.

Figure 08: Notification pairing. Figure 09: Application paired.

Figure 10: Created operations. Figure 11: Details of “Operation 1”. Figure 12: Email and phone.

Latch Application developement guide V.4.1 – January 2015

Page 7 of 8 2015 © Telefónica Digital Identity & Privacy, S.L.U. All Rights Reserved.

3 Resources

For more information about how to use Latch and testing more free features, please refer to the user guide in Spanish and English:

1. Guía del usuario de Latch con Nevele Bank. 2. Latch user´s guide for Nevele Bank.

You can also access the following constantly expanded documentation:

Manuals in Spanish and English for integrating and using Latch with the available plugins, at the Latch website and via the ElevenPaths Slideshare channel.

Videos with subtitles in Spanish and English for integrating and using Latch with the available plugins on ElevenPaths' YouTube and Vimeo channels.

Manuals for integrating and using Latch in the organizations that have already implemented it (Movistar, Tuenti, UNIR, USAL, etc.), at the Latch website and via the ElevenPaths Slideshare channel.

Information about Latch API at the Latch website.

Latch Application developement guide V.4.1 – January 2015

Page 8 of 8 2015 © Telefónica Digital Identity & Privacy, S.L.U. All Rights Reserved.

The information disclosed in this document is the property of Telefónica Digital Identity & Privacy, S.L.U. (“TDI&P”) and/or any other entity within Telefónica Group and/or its licensors. TDI&P and/or any Telefonica Group entity or TDI&P’S licensors reserve all patent, copyright and other proprietary rights to this document, including all design, manufacturing, reproduction, use and sales rights thereto, except to the extent said rights are expressly granted to others. The information is this document is subject to change at any time, without notice.

Neither the whole nor any part of the information contained herein may be copied, distributed, adapted or reproduced in any material form except with the prior written consent of TDI&P.

This document is intended only to assist the reader in the use of the product or service described in the document. In consideration of receipt of this document, the recipient agrees to use such information for its own use and not for other use.

TDI&P shall not be liable for any loss or damage arising out from the use of the any information in this document or any error or omission in such information or any incorrect use of the product or service. The use of the product or service described in this document are regulated in accordance with the terms and conditions accepted by the reader.

TDI&P and its trademarks (or any other trademarks owned by Telefonica Group) are registered service marks. All rights reserved.

PUBLICATION:

January 2015

elevenpaths.com Blog.elevenpaths.com @ElevenPaths Facebook.com/ElevenPaths YouTube.com/ElevenPaths

At ElevenPaths we have our own way of thinking when we talk about security. Led by Chema Alonso, we are a team of experts who are passionate about their work, who are eager to redefine the industry and have great experience and knowledge about the security sector.

Security threats in technology evolve at an increasingly quicker and relentless pace. Thus, since June 2013, we have become a startup company within Telefónica aimed at working in an agile and dynamic way, transforming the concept of security and, consequently, staying a step ahead of our attackers.

Our head office is in Spain, but we can also be found in the UK, the USA, Brazil, Argentina and Colombia.

If you wish to know more about us, please contact us at: