Signicat Authentication REST API (v1)
Download OpenAPI specification:Download
Signicat's Authentication REST API allows you to interact with the Signicat eID Hub. Our digital solutions enable identity verification and authentication through a wide selection of electronic ID methods. The Authentication REST API is a REST API with all request and response bodies formatted in JSON.
For more information on how to access the Authentication REST API, see the Accessing Signicat API products guide in our developer documentation.
Create a new session
Use this endpoint to create a session. This must contain a JSON object (as described) with all the info needed.
Request Body schema: application/jsonrequired
JSON object with data used necessary for creating the session.
object (PrefilledInput) The session's prefilled input information (it is required at least one value). | |
object or null Additional parameters that modify the authentication flow. Depends on selected IdP. See developer documentation for details. | |
object (CallbackUrls) Specifies the different urls to callback to. | |
object (EncryptionKey) Encryption key information. | |
requestedLoa | string or null Enum: "low" "substantial" "high" Specifies the LoA (Level of Assurance). |
tags | Array of strings or null <= 100 items A set of support optional tags to group and filter webhooks. The maximum length for each tag is 100. |
returnUrl | string or null <uri> If specified the embedded view will return to this URL after authentication is completed (successfully or not). If not specified, a success or error screen will be shown inside the embedded view. |
embeddedParentDomains | Array of strings or null Specify the parent domains that will embed the authentication. This will be used for content security frame ancestor header if set, as an extra security mechanism to protect against clickjacking. |
allowedProviders | Array of strings or null A list of Identity Providers (IdPs) that can be used for authentication. If not specified, the end-user will be able to choose from all IdPs associated with your Signicat account. The maximum length for each Provider is 30. |
language | string or null The desired language for the UI. Expected format ISO 639-1. If the requested language is not available, it will automatically default to English (en). Some IdPs may have a different fallback language due to regional considerations. |
flow required | string Enum: "headless" "redirect" "embedded" The selected flow used for this specific authentication session.
To learn more about using the |
themeId | string or null [ 0 .. 10 ] characters The themeId you want to use for this specific authentication session. If not specified, the default theme for your account will be used. |
requestedAttributes required | Array of strings The attributes you wish to get back from the authentication of the end-user. To find a list of which attributes can be requested, please see documentation for that specific ID method which can be found on https://developer.signicat.com/identity-methods/. Defaults to empty. |
externalReference | string or null [ 0 .. 100 ] characters An external reference for you, will be returned as a URL parameter on callbackUrls. |
usageReference | string or null An usage external reference for you to group your billing. |
sessionLifetime | integer or null <int32> Lifetime of session in seconds (Default is 1200 seconds). It has a soft-minimum value of 300 seconds, which means if the value set is less then 300, it will be automatically set to 300 seconds. |
requestDomain | string or null This specifies the domain you want to use for this specific session. The domain will be visible in the end-user's browser. This domain needs to be correctly configured on your account! |
expiresAt | string or null <date-time> DateTime expiry of session. |
Responses
Request samples
- Payload
{- "prefilledInput": {
- "nin": "07128312345",
- "mobile": "+4799716935",
- "email": "bruce@wayneenterprice.com",
- "userName": "brucewayne",
- "dateOfBirth": "1973-12-07",
- "deviceId": "136OP-A1",
- "firstName": "Bruce",
- "lastName": "Wayne",
- "bankAccountNumber": "0071234567"
}, - "additionalParameters": {
- "sbid_flow": "QR",
- "sbid_end_user_ip": "127.0.0.1"
}, - "callbackUrls": {
}, - "encryptionPublicKey": {
- "kty": "RSA",
- "use": "enc",
- "kid": "encryption-key-04ceb013816d6244aca3310fa69b0bcf",
- "alg": "RSA-OAEP",
- "e": "AQAB",
- "n": "zN4Vqjwfs8uSqlOyjJLxw89BzkOW_blablabla-kv7wEllGQYysBSoj2ULs9qqQd",
- "crv": "P-256",
- "x": "O_rs_R-2hZmBYaUzMlvBCwRosV8mDGzKv-kVSG9PgVY",
- "y": "1Xw6_lF0VCHQjbIBtunedGA3UnldovAiCC97_9LkM0w",
- "d": null
}, - "requestedLoa": "low",
- "tags": [
- "tag1",
- "tag2"
], - "embeddedParentDomains": [
- "signicat.com",
- "example.com"
], - "allowedProviders": [
- "nbid",
- "sbid",
- "idin",
- "digid",
- "eherkenning",
- "spid"
], - "language": "en",
- "flow": "redirect",
- "themeId": "agkaa12",
- "requestedAttributes": [
- "firstName",
- "lastName",
- "email",
- "dateOfBirth",
- "phoneNumber",
- "address",
- "gender"
], - "externalReference": "my-reference-12345",
- "usageReference": "my-usage-reference-12345",
- "sessionLifetime": 600,
- "requestDomain": "myapp.app.signicat.com",
- "expiresAt": "2024-06-01T13:45:30"
}
Response samples
- 200
- 400
- 401
- 403
- 500
{- "id": "3d07c219-0a88-45be-9cfc-91e9d095a1e9",
- "accountId": "a-rand-cnnJOtEwafuhom0nv",
- "status": "SUCCESS",
- "statusDetail": "Error because reasons.",
- "provider": "nbid",
- "subject": {
- "id": "9578-6000-4-48855",
- "idpId": "9578-6000-4-48855",
- "name": "John Doe",
- "firstName": "John",
- "middleName": "Louis",
- "lastName": "Doe",
- "dateOfBirth": "2002-06-01",
- "nin": {
- "value": "123456789",
- "issuingCountry": "NOR",
- "type": "SOCIAL"
}, - "email": "john_doe@mail.com",
- "attribute_1": "random_attr",
- "attribute_2": "random_attr_4"
}, - "callbackUrls": {
}, - "idpData": {
- "autoStartToken": "f0c9d6db-c586-4acb-b2ba-323b54e42504"
}, - "environment": {
- "ipAddress": "127.0.0.1",
- "userAgent": "user_agent_test"
}, - "error": {
- "title": "Invalid Account ID Error",
- "detail": "An accountId is sent as part of API calls. This error indicates that an unexpected accountId was sent in the request.",
- "code": "invalid_account_id"
}, - "messageTransportProperties": {
- "messageLevelEncryption": "NOT_REQUIRED",
- "requireHsmSigning": false
}, - "tags": [
- "tag1",
- "tag2"
], - "allowedProviders": [
- "nbid",
- "sbid",
- "idin",
- "digid",
- "eherkenning",
- "spid"
], - "language": "en",
- "flow": "redirect",
- "themeId": "agkaa12",
- "requestedAttributes": [
- "firstName",
- "lastName",
- "email",
- "dateOfBirth",
- "phoneNumber",
- "address",
- "gender"
], - "externalReference": "my-reference-12345",
- "usageReference": "my-usage-reference-12345",
- "sessionLifetime": 600,
- "requestDomain": "myapp.app.signicat.com",
- "expiresAt": "2024-06-01T13:45:30"
}
Get session status
Use this endpoint to get information regarding a previously created session.
path Parameters
id required | string The session identifier. |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
{- "id": "3d07c219-0a88-45be-9cfc-91e9d095a1e9",
- "accountId": "a-rand-cnnJOtEwafuhom0nv",
- "status": "SUCCESS",
- "statusDetail": "Error because reasons.",
- "provider": "nbid",
- "subject": {
- "id": "9578-6000-4-48855",
- "idpId": "9578-6000-4-48855",
- "name": "John Doe",
- "firstName": "John",
- "middleName": "Louis",
- "lastName": "Doe",
- "dateOfBirth": "2002-06-01",
- "nin": {
- "value": "123456789",
- "issuingCountry": "NOR",
- "type": "SOCIAL"
}, - "email": "john_doe@mail.com",
- "attribute_1": "random_attr",
- "attribute_2": "random_attr_4"
}, - "callbackUrls": {
}, - "idpData": {
- "autoStartToken": "f0c9d6db-c586-4acb-b2ba-323b54e42504"
}, - "environment": {
- "ipAddress": "127.0.0.1",
- "userAgent": "user_agent_test"
}, - "error": {
- "title": "Invalid Account ID Error",
- "detail": "An accountId is sent as part of API calls. This error indicates that an unexpected accountId was sent in the request.",
- "code": "invalid_account_id"
}, - "messageTransportProperties": {
- "messageLevelEncryption": "NOT_REQUIRED",
- "requireHsmSigning": false
}, - "tags": [
- "tag1",
- "tag2"
], - "allowedProviders": [
- "nbid",
- "sbid",
- "idin",
- "digid",
- "eherkenning",
- "spid"
], - "language": "en",
- "flow": "redirect",
- "themeId": "agkaa12",
- "requestedAttributes": [
- "firstName",
- "lastName",
- "email",
- "dateOfBirth",
- "phoneNumber",
- "address",
- "gender"
], - "externalReference": "my-reference-12345",
- "usageReference": "my-usage-reference-12345",
- "sessionLifetime": 600,
- "requestDomain": "myapp.app.signicat.com",
- "expiresAt": "2024-06-01T13:45:30"
}
Response samples
- 200
- 400
- 401
- 403
- 500
{- "id": "3d07c219-0a88-45be-9cfc-91e9d095a1e9",
- "accountId": "a-rand-cnnJOtEwafuhom0nv",
- "status": "SUCCESS",
- "statusDetail": "Error because reasons.",
- "provider": "nbid",
- "subject": {
- "id": "9578-6000-4-48855",
- "idpId": "9578-6000-4-48855",
- "name": "John Doe",
- "firstName": "John",
- "middleName": "Louis",
- "lastName": "Doe",
- "dateOfBirth": "2002-06-01",
- "nin": {
- "value": "123456789",
- "issuingCountry": "NOR",
- "type": "SOCIAL"
}, - "email": "john_doe@mail.com",
- "attribute_1": "random_attr",
- "attribute_2": "random_attr_4"
}, - "callbackUrls": {
}, - "idpData": {
- "autoStartToken": "f0c9d6db-c586-4acb-b2ba-323b54e42504"
}, - "environment": {
- "ipAddress": "127.0.0.1",
- "userAgent": "user_agent_test"
}, - "error": {
- "title": "Invalid Account ID Error",
- "detail": "An accountId is sent as part of API calls. This error indicates that an unexpected accountId was sent in the request.",
- "code": "invalid_account_id"
}, - "messageTransportProperties": {
- "messageLevelEncryption": "NOT_REQUIRED",
- "requireHsmSigning": false
}, - "tags": [
- "tag1",
- "tag2"
], - "allowedProviders": [
- "nbid",
- "sbid",
- "idin",
- "digid",
- "eherkenning",
- "spid"
], - "language": "en",
- "flow": "redirect",
- "themeId": "agkaa12",
- "requestedAttributes": [
- "firstName",
- "lastName",
- "email",
- "dateOfBirth",
- "phoneNumber",
- "address",
- "gender"
], - "externalReference": "my-reference-12345",
- "usageReference": "my-usage-reference-12345",
- "sessionLifetime": 600,
- "requestDomain": "myapp.app.signicat.com",
- "expiresAt": "2024-06-01T13:45:30"
}