Overview
LoginRadius PIN Authentication adds an additional layer of security to user’s accounts by allowing a PIN to be set during registration, login, or post-login events. It is designed to work alongside primary authentication methods such as password or social login, enabling multi-layered authentication and re-authentication scenarios using a separate Session Token.
⚠️ PIN Authentication is not a standalone feature—it always requires a first-level authentication method to be in place.
PIN Authentication allows users to secure sensitive actions or provide an additional login step. Once a PIN is set, users can authenticate with their PIN during login sessions or re-authenticate when performing specific operations within your application.
This mechanism uses Session Tokens distinct from Access Tokens, enabling flexible, token-based workflows for PIN-authenticated sessions.
Key Features and Use Cases
- Secondary Authentication Layer - Enable PIN entry after primary login to strengthen security.
- Session Token-Based Flow - A separate token used for PIN-based workflows allows controlled access without needing repeated complete logins.
- Optional or Mandatory Setup - Choose whether PIN setup is required during registration, login, or first login.
- Flexible Event Configuration - Define when the PIN is requested - during registration, login, or first login.
- Change and Reset Workflows - Support for changing or resetting PINs via email, phone, or security questions.
Common Session API Endpoints
The following APIs form the core of the PIN Authentication workflow and are frequently used across multiple scenarios, including login, PIN setup, and session validation. These endpoints provide the foundation for implementing secure and flexible PIN-based authentication within your application.
- PIN-Based Login
- PIN Setup & Change
- Forgot PIN
- PIN Session Token Management
- Reset PIN
This API will authenticate users directly with their PIN, offering a secure and passwordless login experience.
| Endpoint | Description |
|---|---|
| Login By PIN | Authenticate users by having them submit their PIN. If this is successful, it returns a valid access token for subsequent requests. |
These APIs allow users to initially set up a PIN or securely update an existing one using authentication tokens.
| Endpoint | Description |
|---|---|
| Set PIN by PinAuthToken | Initialize a new PIN for a user using a one‑time PinAuthToken. Ideal for first‑time PIN setup flows. |
| Change PIN By Access Token | Update an existing PIN by verifying the user’s current PIN and a valid access token. |
If users forget their PIN, these APIs initiate recovery workflows via email, phone, or username to help them regain access.
| Endpoint | Description |
|---|---|
| Forgot PIN by Email | Initiate the PIN recovery flow by sending a reset link or code to the user’s registered email address. |
| Forgot PIN by Phone | Initiate the PIN recovery flow by sending a One‑Time Passcode (OTP) via SMS to the user’s phone number. |
| Forgot PIN by UserName | Initiate the PIN recovery flow by sending a reset link or code to the user’s email using their username. |
Manage and revoke PIN session tokens to maintain the integrity and security of PIN-related workflows.
| Endpoint | Description |
|---|---|
| Invalidate PIN Session Token | Revoke all active session tokens issued during PIN setup, change, or recovery workflows to ensure security. |
These APIs reset the user's PIN through verification methods like OTP, reset tokens, or security questions, ensuring flexibility and security.
| Endpoint | Description |
|---|---|
| Reset PIN By Email and OTP | Complete the PIN reset process by setting a new PIN using the user’s email address and one‑time passcode (OTP). |
| Reset PIN By Phone and OTP | Complete the PIN reset process by setting a new PIN using the user’s phone number and one‑time passcode (OTP). |
| Reset PIN By ResetToken | Complete the PIN reset process by setting a new PIN using the provided reset token. |
| Reset PIN By Security Answer and Email | Complete the PIN reset process by setting a new PIN using the user’s security answer and email address. |
| Reset PIN By SecurityAnswer and Phone | Complete the PIN reset process by setting a new PIN using the user’s security answer and phone number. |
| Reset PIN By Security Answer and UserName | Complete the PIN reset process by setting a new PIN using the user’s security answer and username. |
| Reset PIN By UserName and OTP | Complete the PIN reset process by setting a new PIN using the user’s username and one‑time passcode (OTP). |
Best Practices
- Set a shorter expiration for session tokens to reduce misuse.
- Always confirm whether the PIN is required or optional in your schema and workflow.
- Use security questions or OTP as fallbacks for PIN recovery.
- Log all failed PIN attempts and implement lockout mechanisms to prevent brute-force attacks.