# Device binding

## Create a new device binding

 - [POST /v1/mfa/devices](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices/post.md): This endpoint initiates the device binding process for registering a device for a customer. When the request is processed, Solaris sends an SMS OTP to the customer's registered mobile number.  Before you can use this endpoint, your customer must have a verified mobile number.

## List bound devices

 - [GET /v1/mfa/devices](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices/get.md): Returns a list of devices that your customers have verified using the device binding process.

## Retrieve a bound device

 - [GET /v1/mfa/devices/{id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D/get.md): Retrieves a single device that a customer registered using the device binding process.

## Delete a device

 - [DELETE /v1/mfa/devices/{id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D/delete.md): Removes a device from Solaris' system. This endpoint triggers the deletion of all keys associated with the device.

## Retrieve a device binding signature challenge

 - [GET /v1/mfa/challenges/signatures/{id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1challenges~1signatures~1%7Bid%7D/get.md): Returns a signature challenge created during the device binding process.

## Verify device binding signature challenge

 - [PUT /v1/mfa/challenges/signatures/{id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1challenges~1signatures~1%7Bid%7D/put.md): Verifies the signature from a customer's device in order to verify their ownership of the device.  To create the signature: 1. Create a hash (SHA256) with the OTP. 2. Sign the hash with the private key. 3. Encode the signature in  format. 4. Hex-encode the -formatted signature. 5. Send the signature in the request body.

## Add new key to a bound device

 - [POST /v1/mfa/devices/{id}/keys](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D~1keys/post.md): Adds a new public key to a device that was previously registered by a customer using the device binding process. The new key must have a different  than the existing key. E.g., if the device already has an  key, then the new key must be .

## List all keys for a bound device

 - [GET /v1/mfa/devices/{id}/keys](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D~1keys/get.md): Retrieves a list of all registered keys associated with a device registered to a customer through the device binding process.

## Retrieve a specific key registered to a bound device

 - [GET /v1/mfa/devices/{id}/keys/{key_id}](https://docs.solarisgroup.com/api-reference/onboarding/device-management/device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D~1keys~1%7Bkey_id%7D/get.md): Returns a key associated with a specific device that was previously registered using the device binding process.