Start

The main entry point to the Ti365 TypeScript SDK is the class Ti365. It provides services for registration and authentication.

Important prerequisite

Ti365 needs to be initialized with the Ti365-Gateway-URL. This is done using Ti365.init(url).

Authentication

Ti365 uses two factor authentication on new devices. If a device was used before, the second factor is not always required. A SMS-Pin is used as second factor.

Ti365 uses the PAKE-Protocol SRP6a for authenticating the user without sharing the password or a hashed version of it with the backend server.

Example

To start with the authentication of a user, an AuthenticationService is required:

const authenticationService = Ti365.createAuthenticationService();

The login request takes the username and password and returns a LoginResult. The LoginResult consists of a status which determines the result of the login operation and a session: Ti365Session in case of a successful login.

const loginResult = await this.authenticationService.login(this.usernameInput.value, this.passwordInput.value);
switch (loginResult.status) {
    case "SUCCESS":         // The provided credentials are correct, no second factor is required. The loginResult.session carries a Ti365Session
    case "MFA_REQUIRED":    // The provided credentials are correct, but a second factor is required
    case "LOGIN_FAILED":     // The provided credentials are incorrect
    default:                // no other state should occur in the first login step
}

If the second facor is required, a SMS-Pin will be automatically sent to the users phone. The authentication process continues with the SMS-Pin as follows:

const loginResult = await this.authenticationService.confirmMfa(this.smsPinInput.value);
switch (loginResult.status) {
    case "SUCCESS":             // The provided SMS-Pin is correct. The loginResult.session carries a Ti365Session
    case "MFA_INVALID":         // The provided SMS-Pin is incorrect
    case "MFA_TRIES_EXCEEDED":  // The maximum allowed tries for the PIN is reached. A new login() call is required which results in a new SMS-Pin.
    default:                    // no other state should occur in the second login step
}

After a successful login, the session: Ti365Session of the LoginResult will be the entry point to the Ti365 services.

Ti365Session Services

The Ti365Session returned from the authentication service provides the following services:

  • VzdService : The VzdService provides access to the Verzeichnisdienst.
  • VsdmService : The VsdmService provides access to the Versichertenstammdatenmanagement.