Forgot PIN user flow

Successful Flow

Haventec Authenticate forgot user flow

* Existing user is an end user who has already signed up and registered a device

* Third party can be any mechanism you decide to use to deliver the activation token to your user. For example, email, push notification, SMS

APIs used
POST /authentication/forgot-pin
POST /authentication/reset-pin

Error Flows

Incorrect Reset PIN token

Haventec forgot pin error flow

First and second attempt to reset device PIN with an incorrect token


        {
            "responseStatus": {
                "status": "ERROR",
                "message": "Invalid reset token.",
                "code": "AN-AUTH-1022"
            }
        }
    

Third attempt to reset device PIN with an incorrect token

The system will lock the device for 24 Hours and the user will not be able to use the forgot-pin and reset-pin features for the next 24 hours. They will receive the following error from both APIs.

This is also applicable for when you make 3 attempts to reset the device PIN with 3 separate and incorrect reset PIN tokens.

At this stage, users could opt to wait 24 hours or add a new device


      {
          "responseStatus": {
              "status": "ERROR",
              "message": "You have reached the maximum attempts to reset PIN. You are blocked from resetting your PIN, Please try again later",
              "code": "AN-AUTH-1025"
          }
      }