Multistep groups (Beta)

Multistep groups feature allows you to secure your complex multistep flows, such as login, account creation, account verification, and password reset. Using the Multistep Groups feature, you can track user information across different application steps by linking multiple API operations.
For more information on how account protection uses the feature, see Account Protector online help.

API configuration enhancements

This feature introduces the following enhancements to API operation configuration:

  • Multistep groups – You can create, delete, and rename a multistep group. You can put one or more operations into a group, indicating they belong to a single authentication flow. Account protection views these operations as related, and allows the sharing of parameters across the operations in the group. You can create operations in a multistep group in any order.
  • Username parameter from previous API operation – A multistep configuration can reference a request parameter (such as a username or email address) from a previous operation in the flow in cases where the parameter is not available for the current operation. This is limited to API operations in the same multistep group. Parameters can be linked between API operations only if they occur on the same device and the same web browser.
  • Multi-factor authentication – Use it for API operations including MFA (such as email or SMS passcodes). This notifies the account protection that the successful completion of such operations represents a successful multifactor authentication attempt. This information is added to the user profile and used in the future for risk assessment.
  • Step success condition – Indicates the success of a single step or an operation in the multistep flow.
  • Success condition – Response condition that supplements individual steps’ success and failure conditions. It allows account protection to understand when a flow was completed successfully and use this information to update the user profile. The success condition must be configured in at least one API operation for every multistep group. For example, some users can log in after entering only their username and password, while other users must perform an additional MFA step to log in. In such a case, both the username/password operation and the MFA step should have the success condition defined.

Add a new operation to a multistep group

  1. Log in to ​Akamai Control Center​ with your username and password.
  2. Go to ☰ > CDN > API definitions.
  3. On the API Definitions page, in the Registered APIs section, select the name and version of the API you want to edit.
  4. From the menu, select API Operations.
  5. In the right corner of the table, click the + icon and select Multistep operation.
  1. If you don’t have a multistep group yet, perform the following actions:

    1. In the field, enter the new multistep group name.
    2. Click Create and add.
  2. If you already have a multistep group, perform the following actions:

    1. If you want to add the operation to an existing group, select it from the menu.
    2. If you want to add the operation to a new group, click create and add to a new multistep group, and enter the group name in the field.
    3. Click Add.
  3. Enter the following operation details:

    • Operation name,
    • Resource,
    • Method,
    • Operation purpose.

    📘

    Depending on the operation purpose, configure additional parameters:

    • For login, configure the username parameter.
    • For account creation, configure user data parameters.
    • For login and password reset, you can select Multi-factor authentication to notify account protection that this operation uses MFA.
  4. Configure step success and failure conditions.

📘

For every operation that ends the multistep flow, configure the success condition.

  1. Depending on your next step, click one of the following options:
  • Save and add another operation
  • Save

Move an existing operation to a multistep group

  1. Log in to ​Akamai Control Center​ with your username and password.
  2. Go to ☰ > CDN > API definitions.
  3. On the API Definitions page, in the Registered APIs section, select the name and version of the API you want to edit.
  4. From the menu, select API Operations.
  5. Click the action menu of the operation you want to move.
  6. Select Move to multistep group.
  7. Depending on the situation, perform one of the following scenarios:
  • If no multistep groups exist yet, enter the name of the new group in the field and click Create and move.
  • If you want to add the operation to an existing multistep group, select the group name and click Move.
  • If you want to add the operation to a new group, click create and add to new multistep group, enter the group name in the field, and click Move.

Delete a multistep group

  1. Log in to ​Akamai Control Center​ with your username and password.
  2. Go to ☰ > CDN > API definitions.
  3. On the API Definitions page, in the Registered APIs section, select the name and version of the API you want to edit.
  4. From the menu, select API Operations.
  5. Go to the multistep group you want to delete and click its action menu.
  6. Click Delete multistep group.
  7. Confirm that you want to delete the group and all the operations in it by clicking Yes, delete.

Delete an operation from a multistep group

  1. Log in to ​Akamai Control Center​ with your username and password.
  2. Go to ☰ > CDN > API definitions.
  3. On the API Definitions page, in the Registered APIs section, select the name and version of the API you want to edit.
  4. From the menu, select API Operations.
  5. Go to the operation you want to delete and click its action menu.
  6. Click Delete operation.
  7. Confirm that you want to delete the operation by clicking Yes, delete.