Transactions
Complete guide to how authentication transactions work in SendAuth
The SendAuth transaction system is the core mechanism for handling authentication challenges. When a user needs to authenticate, a transaction is created that tracks the entire authentication flow from initiation to completion.
Overview
- Permissions: Labels that represent capabilities or roles within your organization (e.g., “HR”, “IT”, “Finance”) A transaction represents an authentication request that requires user verification. Users authenticate with a passkey, which must be created beforehand.
Transaction States
Each authentication transaction progresses through different states:
| State | Description | Meaning |
|---|---|---|
pending | Transaction is awaiting user action | The authentication request has been sent but not yet responded to |
verified | User successfully authenticated | The user completed the authentication challenge successfully |
denied | Authentication was rejected | The user explicitly denied the authentication request |
cancelled | Request was cancelled | The authentication request was cancelled before completion |
expired | Transaction expired (un-answered transactions expire after 5 minutes) | The authentication request was cancelled before completion |
Transaction Types
Challenge Transactions
The most common type, used for authenticating existing users. Users receive a notification for a challenge and then answer the challenge with their passkey.
Register Transactions
Used to set up a user’s passkey. This interaction should be done face-to-face, or over a video call.
User Notifications
When a transaction is created, users are notified based on their messaging preferences:
Email Notifications
Email notifications are sent using customizable templates. The default message includes:
- Who requested the authentication
- The context/reason
- When it was requested
- A secure link to respond
SMS Notifications
SMS notifications work similarly to email, with customizable templates.
Template Variables
Both email and SMS templates support these variables:
{{LINK}}- Authentication link{{REQUESTOR}}- Who made the request{{MESSAGE}}- Custom message from requestor
Transaction Completion
Verification Flow
When a user verifies a transaction:
- Location Capture - IP geolocation is captured
- State Update - Transaction marked as
verified - Audit Logging - Action recorded in audit log
- Webhook Invocation -
Verifyevent webhooks are triggered - ConnectWise Integration - Comments added to tickets if configured
- Real-time Notifications - The requestor’s webpage will reflect the transaction’s verification
Denial Flow
When a user denies a transaction:
- State Update - Transaction marked as
denied - Audit Logging - Denial recorded with location data
- Webhook Invocation -
Denyevent webhooks are triggered - Real-time Notifications - Requestor notified of denial
Security Features
Expiration
All transactions have a 5-minute TTL to mitigate unexplained authentications and encourage timely responses.
IP Tracking
All transaction responses capture detailed IP geolocation data for auditing purposes.
Audit Logging
Every transaction action is logged with:
- Actor (who performed the action)
- Action (what was done)
- Context (transaction details)
- Location data (for responses)
- Location data (for responses)
Pages in this section
- Checkins
Periodically request users authenticate to validate their passkey configuration
- ConnectWise
Configure SendAuth to update ConnectWise tickets when transactions are verified
- Webhooks
Complete guide to how authentication transactions work in SendAuth