# Device binding ## Create a new device binding - [POST /v1/mfa/devices](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices/post.md): This endpoint initiates the device binding process for registering a device for a customer. There are two ways to bind a device. The option depends on the vaue in challenge_type. i. Using SMS OTP. When the request is processed, Solaris sends an SMS OTP to the customer's registered mobile number. Before you can use this endpoint, your customer must have a verified mobile number. ii. Using activation code. To use this option, create an activation challenge for the customer and ensure the code in the challenge is delivered to the customer already. Refer Activation challenges endpoints. ## List bound devices - [GET /v1/mfa/devices](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices/get.md): Returns a list of devices that your customers have verified using the device binding process. ## Retrieve a bound device - [GET /v1/mfa/devices/{id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D/get.md): Retrieves a single device that a customer registered using the device binding process. ## Delete a device - [DELETE /v1/mfa/devices/{id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D/delete.md): Removes a device from Solaris' system. This endpoint triggers the deletion of all keys associated with the device. ## Retrieve a device binding signature challenge - [GET /v1/mfa/challenges/signatures/{id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1challenges~1signatures~1%7Bid%7D/get.md): Returns a signature challenge created during the device binding process. ## Verify device binding signature challenge - [PUT /v1/mfa/challenges/signatures/{id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1challenges~1signatures~1%7Bid%7D/put.md): Verifies the signature from a customer's device in order to verify their ownership of the device. To create the signature: 1. Create a hash (SHA256) with the OTP/activation_code. 2. Sign the hash with the private key. 3. Encode the signature in ASN.1 format. 4. Hex-encode the ASN.1-formatted signature. 5. Send the signature in the request body. ## Add new key to a bound device - [POST /v1/mfa/devices/{id}/keys](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D~1keys/post.md): Adds a new public key to a device that was previously registered by a customer using the device binding process. The new key must have a different purpose than the existing key. E.g., if the device already has an unrestricted key, then the new key must be restricted. ## List all keys for a bound device - [GET /v1/mfa/devices/{id}/keys](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D~1keys/get.md): Retrieves a list of all registered keys associated with a device registered to a customer through the device binding process. ## Retrieve a specific key registered to a bound device - [GET /v1/mfa/devices/{id}/keys/{key_id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D~1keys~1%7Bkey_id%7D/get.md): Returns a key associated with a specific device that was previously registered using the device binding process.