Skip to main content

Integration Mechanisms

Bravura Pass exposes APIs suitable for use by an IVR system using HTTPS web access. The API implements strong encryption policies for all connections, allowing you to securely locate the IVR system at a different site from the Bravura Pass server.

Web service

A web service allows IVR systems and other applications to remotely invoke methods on the Bravura Pass server to perform functions such as user and account lookup, security question authentication, random password generation, and to initiate password resets or to clear intruder lockouts. Remote applications normally access the web service over HTTPS for security. Security is also accomplished by use of a secure transport layer, an API user and password, and a one-time-use session ID. Organizations wanting an extra level of security can limit the range of IP addresses that are permitted to access the api to just legitimate IVR systems or other applications.

IVR systems that support integration using web services include those from Intervoice and Nortel/Periphonics.

Example function call sequence

The touch-tone-authenticated password reset process, described here , is implemented by calling the following library functions using any of the API variants described above:

  • Login – initialize the API session and connect with a valid username and password. Required to start any API session.

  • UserIVRList – Return a list of users matching a numerical ID. This function returns all users which match the numerical identifier. For more information on mapping users to a numerical ID, see: Mapping user IDs to telephone keypads

  • UserQuestionsGet – get a random selection of authentication questions that the user might be required to answer. The IVR system must be pre-programmed with speech recordings for every available question, or a text-to-speech engine.

  • UserAnswersValidate – validate that the answers keyed in by the user are correct.

  • PasswordRandomGet – called at least once, and possibly several times, to generate a random valid password, and read it out to the user as a possible new password.

  • UserPasswordSync Reset one or more passwords associated to a user account. Depending on the parameters passed, this call can also allow the user to reset individual passwords, rather than every one.

  • Logout – close the current API session.

See Bravura Security Fabric Remote API (api.pdf) for more information on writing customized API calls.

Event actions

The following event actions are supported for Phone Password Manager, and can be configured on the Bravura Pass server:

  • ET_ADMIN_RESET_SUCCESS Triggered when Phone Password Manager successfully attempts to reset a user’s password using the UserPasswordSync API Service call.

  • ET_ADMIN_RESET_FAILURE Triggered when Phone Password Manager fails an attempt at resetting a user’s password using the UserPasswordSync API Service call.

  • ET_ADMIN_UNLOCK_SUCCESS Triggered when Phone Password Manager successfully attempts to unlock a user’s account using the UserAccountsUnlock API Service call.

  • ET_ADMIN_UNLOCK_FAILURE Triggered when Phone Password Manager fails an attempt to unlock a user’s account using the UserAccountsUnlock API Service call.

For more information on using these API Service calls, see Bravura Security Fabric Remote API (api.pdf) .

In this section: