Download OpenAPI specification:Download
https://api.signicat.com/mobileid/admin/The Signicat MobileID API enables you to carry out administrative tasks and configuration management for the Signicat MobileID service.
This REST API uses the OAuth 2.0 protocol for authorisation. All request and response bodies are formatted in JSON.
Before you can start making requests to this API, you need to learn how to connect to it. To do this, see the Connect to Signicat APIs Quick start guide.
You need to complete the onboarding of your account for MobileID. To do this, you can use the Signicat Dashboard:
Success! You can now start making requests to the MobileID Admin API.
Use the Signicat Audit logs service to see documented evidence of the sequence of activities that have affected a system.
When you make an API call to Signicat and an error occurs, you will receive a response message with an error code.
Use the Signicat Events service to automatically receive information about when something happens in one of our services into your system.
Note: This is often referred to as callback.
The MobileID Admin accounts API provides you with operations related to administering your MobileID account, such as adding an account, and fetching information about an account.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
The Get MobileID account operation returns the properties of a MobileID account.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| statistics | boolean Default: true Example: statistics=true Control whether the statistics ( Note: Returned statistical data is not live data. |
Response sample when fetching a sandbox account.
{- "created": "2023-09-06T06:47:20.000Z",
- "modified": "2023-09-06T06:49:23.000Z",
- "organisationId": "o-d-Abcdefgh1234JC4Cczm4",
- "id": "a-sdge-abcdefghijk123456789",
- "name": "Sample Account",
- "type": "SANDBOX",
- "state": "ENABLED",
- "sandboxProperties": {
- "sandboxDeviceLimit": "100",
- "numberOfDevices": "0"
}, - "statistics": {
- "numberOfActiveDevices": "0",
- "numberOfActiveUsers": "0"
}, - "configurations": [
- {
- "description": "Created by admin.",
- "default": true,
- "accountId": "a-sdge-abcdefghijk123456789",
- "id": "5ecbf73d-90bd-46a7-a58e-9ac56d229e3e",
- "properties": {
- "applicationId": "a-sdge-abcdefghijk123456789",
- "inactiveDeviceDeleteRetentionTime": "365"
}, - "additionalFeatures": {
- "passportScanEnabled": false
}
}
], - "onboardedForMobileId": true,
- "onboardedForPasskeys": false
}The Add MobileID account operation fulfils the onboarding of your account to MobileID by adding an account to the MobileID service.
This is a prerequisite for all other operations.
Note: This operation is a part of the onboarding process.
| onboardingType | string |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
Response sample when adding a sandbox account.
{- "created": "2023-09-06T06:54:18.000Z",
- "organisationId": "o-d-Abcdefgh1234JC4Cczm4",
- "id": "a-sdge-abcdefghijk123456789",
- "name": "Sample Account",
- "type": "SANDBOX",
- "state": "ENABLED",
- "sandboxProperties": {
- "sandboxDeviceLimit": "100",
- "numberOfDevices": "0"
}, - "statistics": {
- "numberOfActiveDevices": "0",
- "numberOfActiveUsers": "0"
}, - "configurations": [
- {
- "description": "Created by admin.",
- "default": true,
- "accountId": "a-sdge-abcdefghijk123456789",
- "id": "02510f61-6faf-44e0-9d58-e62cfc35d5aa",
- "properties": {
- "applicationId": "a-sdge-abcdefghijk123456789",
- "inactiveDeviceDeleteRetentionTime": "365"
}, - "additionalFeatures": {
- "passportScanEnabled": false
}
}
], - "onboardedForMobileId": true,
- "onboardedForPasskeys": false
}Updates a specified customer account.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| state | string Enum: "ENABLED" "DISABLED" Example: "ENABLED" Account state |
{- "state": "ENABLED"
}{- "id": "a-sdge-abcdefghijk123456789",
- "state": "ENABLED",
- "organisationId": "1fb22154-8633-417b-a918-cd59a3ccd12f",
- "encapApiKey": "M2NhZjFmYTItNmUyMi00NGFkLWE0YmUtZTZlMTZ...",
- "sandboxDeviceLimit": "200"
}The MobileID Admin APNs tokens API provides you with operations related to creating and managing Apple Push Notifications service (APNs) tokens.
APNs tokens can be used so that your end-users can receive push notifications in your mobile app.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
The Get APNs tokens operation returns a list of the APNs tokens for the organisation that the account belongs to. This includes both production and sandbox APNs tokens.
The maximum number of APNs token objects per list is 20.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "apnsTokens": [
- {
- "id": "82a634bf-a485-457c-90c4-88ddd5631922",
- "description": "test-token-description",
- "name": "Test app APNs token",
- "created": "2022-12-11T12:35:52.000Z",
- "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}, - {
- "id": "c21d007a-d8ad-4856-a9ab-cee11a65de31",
- "description": "test-token-description",
- "name": "Test app APNs token",
- "created": "2022-12-11T12:35:53.000Z",
- "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}
]
}The Add APNs token operation enables you to add a new APNs token to your MobileID account.
An APNs token can be used by all accounts in the same organisation.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| name required | string non-empty Example: "APNs token name" The name of the APNs token |
| description | string Example: "This is the APNs token ..." The description of the APNs token |
| privateKey required | string non-empty Example: "replace with base64 encoded private key" The Base64 encoded string of APNs token private key |
| keyId required | string non-empty Example: "key-id" Key ID of the APNs token |
| teamId required | string non-empty Example: "team-id" Team ID of Apple Developer Account |
{- "name": "Test app APNs token",
- "description": "test-token-description",
- "privateKey": "replace with base64 encoded private key",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}{- "id": "82a634bf-a485-457c-90c4-88ddd56319c1",
- "description": "test-token-description",
- "name": "Test app APNs token",
- "created": "2022-12-11T12:35:52.000Z",
- "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}The Get APNs token operation returns a specified APNs token for your MobileID account.
An APNs token can be used by all accounts in the same organisation.
| apnsTokenId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the APNs token. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "id": "82a634bf-a485-457c-90c4-88ddd56319c1",
- "description": "test-token-description",
- "name": "Test app APNs token",
- "created": "2022-12-11T12:35:52.000Z",
- "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}The Delete APNs token operation deletes a specified APNs token from your MobileID account.
An APNs token can be used by all accounts in the same organisation.
| apnsTokenId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the APNs token. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
Account ID missing
{- "title": "An Account ID must be specified for this request",
- "code": "account_id_missing",
- "status": 400,
- "traceId": "4bf239c088089f2bca77d3a413909f1c",
- "detail": "An Account ID must be specified for this request. An AccountID can be specified in three ways. 1) For machine clients configured on an Account, the provided access token will specify the account ID. 2) Account ID can be provided as a query parameter `signicat-accountId=<accountId>`. 3) Account ID can be provided as a HTTP Header `Signicat-AccountId: <accountId>`. A request will be rejected if more than one account ID is specified."
}The MobileID Admin Application configuration API provides you with operations related to administering your application configuration.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
An application configuration is a specific set of application attributes for a mobile application. These attributes determine how the application should work.
An application configuration consists of the following:
You can also use this API to configure MobileID features, by making changes to the default values in the application configuration properties. For further information, see our MobileID feature guides.
Some risk data is always collected, for debugging purposes. This means that for enabledRiskData:
null, the always collected risk data will still be returned.You can find a list of what risk data is always enabled in the MobileID API reference documentation. See risk attributes in the Common concepts section.
The Get state of application configuration operation returns the state of a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "state": "ENABLED"
}The Update state of application configuration operation enables you to update the state of a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| state required | string Example: "ENABLED" The state of the application configuration. This can be either |
{- "state": "ENABLED"
}{- "state": "ENABLED"
}The Get APNs UUID of application configuration operation returns the APNs UUID of a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "apnsUuid": "12ef6f3a-a12a-4c5e-bb1b-1d75a9f37d59"
}The Update APNs UUID of application configuration operation enables you to update a specified APNs UUID of an application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| apnsUuid required | string Example: "ENABLED" The application config's apns UUID |
{- "apnsUuid": "12ef6f3a-a12a-4c5e-bb1b-1d75a9f37d59"
}{- "apnsUuid": "12ef6f3a-a12a-4c5e-bb1b-1d75a9f37d59"
}The Get properties of application configuration operation returns the properties of a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "amountFailuresAllowed": "3",
- "activationCodeType": "NUMERIC",
- "activationCodeLength": "6",
- "allowedAuthMethods": [
- "DEVICE",
- "DEVICE:PIN",
- "DEVICE:STRONG_TOUCH_ID",
- "DEVICE:IOS_FACE_ID",
- "DEVICE:ANDROID_BIOMETRIC_PROMPT",
- "DEVICE:SERVER_SIDE_FACE"
], - "maxPinCodeLength": "6",
- "pinCodeLength": "6",
- "pinCodeType": "NUMERIC",
- "maximumSessionExpiry": "187200000",
- "sessionExpiry": "300000",
- "apnExpiry": "1",
- "enabledRiskData": [
- "deviceHash",
- "deviceModel",
- "deviceManufacturer",
- "operatingSystemFingerprint",
- "operatingSystemVersion",
- "operatingSystemType"
], - "hwKeyValidationStrategy": "SUPPORTED",
- "nativePushEnabled": "false",
- "firebaseTimeToLive": "0",
- "firebaseServiceAccount": "<Base64 encoded string>",
- "allowedAuthMethodsForAuthAndActivate": [
- "DEVICE:PIN"
], - "recoveryEnabled": "false",
- "recoveryCodeMinLength": "6",
- "recoveryCodeMaxLength": "50",
- "recoveryCodeFormat": "NUMERIC",
- "recoveryCodeAmountFailuresAllowed": "3",
- "apnsNotificationSoundEnabled": "true",
- "geofencingActivationMode": "OFF",
- "geofencingAuthenticationMode": "OFF",
- "geofencingTimeout": "10000",
- "attestationIosAppAttestMode": "OFF",
- "attestationIosAppAttestEnvironment": "PRODUCTION",
- "attestationIosAppAttestTimeout": "20000",
- "attestationAndroidPlayIntegrityMode": "OFF",
- "attestationAndroidPlayIntegrityTimeout": "200000",
- "apnsTimeSensitiveInterruptionLevelEnabled": "true",
- "clientDebugDataEnabledOsTypes": "IOS,ANDROID",
- "lockScope": "DEVICE"
}The Update properties of application configuration operation enables you to update the properties of a specified application configuration.
It is not currently possible to update the following properties with this endpoint:
maximumSessionExpiryclientDebugDataEnabledOsTypesIf you would like to update them, please contact us at support@signicat.com.
Note: You will still see these properties returned in the operation response.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| amountFailuresAllowed | string Example: "3" The grace amount of failed authentications for any client before they are locked out. Allowed values: 0..MAXINT |
| activationCodeType | string Example: "NUMERIC" The type of characters that can be used during the generation of the activation code. Allowed values: ALPHA, ALPHANUMERIC, ANY or numeric |
| activationCodeLength | string Example: "10" The length in characters of the activation code that should be generated. Allowed values: 4 .. MAXINT |
| allowedAuthMethods | Array of strings Example: ["DEVICE","DEVICE:PIN"] Comma separated list of allowed authentication methods. Determines which auth methods can be activated and used for authentication |
| apnConfig | string Example: "PRODUCTION" The APN server configuration that defines where to reach the APNs. Allowed values: PRODUCTION or SANDBOX |
| enabledRiskData | Array of strings Example: "ALL" The risk attributes to collect for the device. You can find out how to configure which attributes are collected in the application configuration feature documentation. |
| maxPinCodeLength | string Example: "6" The maximum length in characters of the PIN. Allowed values: 1..MAXINT |
| pinCodeLength | string Example: "6" The length in characters of the PIN. Set 0 to disable PIN code. Note: This is a hint to the client and not enforced by the server (but enforced in the client SDK). Allowed values: 1..MAXINT |
| pinCodeType | string Example: "NUMERIC" The type of characters that can be used in the PIN. Note: This is a hint to the client and not enforced by the server. Allowed values: ANY, NUMERIC, ALPHA, ALPHANUMERIC |
| sessionExpiry | string Example: "300000" The amount of time (in milliseconds) that a new client session remains valid for. After this time has elapsed, the session can no longer be used for any operations. Allowed values: 1..MAXINT |
| minimumRequiredEncapApiVersionAndroid | string Example: "3.7.0" What Android client SDK version should be allowed. This can be used to narrow (not extend) the SDK version. Example is if the server minimum is "3.5.0", and someone wants to only to allow "3.6.0" -clients, this can be achieved here. But putting "3.3.0" will not have any effect. Allowed values: Semantic version, ex: "3.7.0" |
| minimumRequiredEncapApiVersionIos | string Example: "3.7.0" The same as minimumRequiredEncapApiVersionAndroid, but applies to iOS clients. Allowed values: Semantic version, ex: "3.7.0" |
| apnExpiry | string Example: "86400000" The amount of time (in milliseconds) that APNs will try to deliver the message for. If not delivered within this time, then the message is discarded. The allowed value is from Note: APNS will attempt to deliver the message at least once, regardless of the set expiration time. |
| encapApiBlacklistAndroid | string Example: "3.5.3, 3.6.8" Android SDK API versions to blacklist (and reject). See the android configuration chapter in the server manual for smart device for details. Allowed values: Comma separated semantic version, ex: "3.5.3, 3.6.8" |
| encapApiBlacklistIos | string Example: "3.5.3, 3.6.8" IOS SDK API versions to blacklist (and reject). See the ios configuration chapter in the server manual for smart device for details. Allowed values: Comma separated semantic version, ex: "3.5.3, 3.6.8" |
| nativePushEnabled | string Example: "false" Enable the server to send push messages with Fire Cloud Messaging or Apple APNs. Allowed values: true or false |
| firebaseTimeToLive | string Example: "0" Firebase Cloud Messaging. Maximum lifespan of the message in milliseconds. The default value is 0. This means deliver “now or never”. FCM guarantees best effort for messages with this lifespan. Allowed values: 0..MAXINT |
| firebaseServiceAccount | string Example: "<Base64 encoded string>" Firebase Cloud Messaging. The contents of the serviceAccount.json (credentials file) for your Firebase Cloud Messaging project."; The field has to be Base64 Encoded |
| attestationAndroidPackageName | string Example: "the package name" Play Integrity Attestation, the APK package name. Required if attestationAndroidPlayIntegrityMode is REQUIRED or OPTIONAL. |
| apnsBundleId | string Example: "the bundle id" Apples bundle ID for the application. Used as topic on the push message sent to APNs, required when using APNS_TOKEN. |
| allowedAuthMethodsForAuthAndActivate | Array of strings Example: ["DEVICE:PIN"] Comma separated list of allowed authentication methods for activation of a new auth-method. Determines which auth methods can be used to authenticate during activation of a new auth method. The value(s) here must be present in the ALLOWED_AUTH_METHODS parameter. Offline authentication methods can not be used here. |
| recoveryEnabled | string Example: "true" Enable users to set up recovery with an alternative set of user credentials. Allowed values: true or false |
| recoveryCodeMinLength | string Example: "6" The minimum number of characters for the recovery PIN. Note: This is a hint to the client and not enforced by the server. Allowed values: 0..MAXINT |
| recoveryCodeMaxLength | string Example: "50" The maximum number of characters for the recovery PIN. Note: This is a hint to the client and not enforced by the server. Allowed values: 0..MAXINT |
| recoveryCodeFormat | string Example: "ALPHA" The type of characters that can be used in the recovery PIN. Note: This is a hint to the client and not enforced by the server. Allowed values: ALPHA, ALPHANUMERIC, ANY, NUMERIC |
| recoveryCodeAmountFailuresAllowed | string Example: "3" The grace amount of failed recovery code attempts for any client before the recovery for the client is locked. Allowed values: 0..MAXINT |
| apnsNotificationSoundEnabled | string Example: "false" Enable notification sound for push messages to iOS devices. Allowed values: true, false |
| geofencingActivationMode | string Example: "OPTIONAL" Determines if or how geofencing is used for registration. The geofencing mode can be either You can read about what the different geofencing modes mean in our application configuration feature documentation. |
| geofencingActivationAllowedContinents | string Example: "EU" Comma-separated list of continents where registration is allowed, in a two-letter continent code format. This can be either |
| geofencingActivationAllowedCountries | string Example: "US" Comma-separated list of countries where registration is allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries are in addition to those covered by the allowed continents parameter. You can find a list of countries and corresponding codes at GeoNames. |
| geofencingActivationDeniedCountries | string Example: "RU" Comma-separated list of countries where registration is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries will be excluded from those covered by the allowed continents parameter. You can find a list of countries and corresponding codes at GeoNames. |
| geofencingAuthenticationMode | string Example: "OFF" Determines if or how geofencing is used for authentication. The geofencing mode can be either You can read about what the different geofencing modes mean in our application configuration feature documentation. |
| geofencingAuthenticationAllowedContinents | string Example: "EU" Comma-separated list of continents where authentication is allowed, in a two-letter continent code format. This can be either |
| geofencingAuthenticationAllowedCountries | string Example: "US" Comma-separated list of countries where authentication is allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries are in addition to those covered by the allowed continents parameter. You can find a list of countries and corresponding codes at GeoNames. |
| geofencingAuthenticationDeniedCountries | string Example: "RU" Comma-separated list of countries where authentication is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries will be excluded from those covered by the allowed continents parameter. You can find a list of countries and corresponding codes at GeoNames. |
| geofencingTimeout | string Example: "10000" The maximum time (given in milliseconds) to wait for the location lookup and reverse geocoding to complete on the SDK. The timing starts when the SDK calls the finish operation. If the timeout is exceeded, then the SDK will continue without a country. The allowed value is from |
| attestationIosAppAttestMode | string Example: "OFF" iOS Attestation mode when using Apple App Attest. REQUIRED: App attestation enabled. If attestation fails the activation/authentication request will fail. Note that devices running versions of iOS older than 14 will always fail if the mode is set to REQUIRED, due to requirements by the Apple App Attest API. OPTIONAL: App attestation enabled. Even if the attestation fails, the activation/authentication request will succeed, and a new attestation will be performed on the next request. The status can be seen in the response object. OFF: App attestation disabled. Allowed values: REQUIRED, OPTIONAL, OFF |
| attestationIosAppAttestEnvironment | string Example: "PRODUCTION" The environment for an app that uses the App Attest service to validate itself. Allowed values: DEVELOPMENT, PRODUCTION |
| attestationIosAppAttestTimeout | string Example: "20000" iOS app attestation timeout, after this time, in milliseconds, the attestation request will time out. Allowed values: 1..MAXINT |
| attestationIosAppAttestAppId | string Example: "some app id" Application ID which is a concatenation of a 10-digit team identifier, a period, and the app's CFBundleIdentifier value. Required when using Apple App Attest service. |
| apnsTimeSensitiveInterruptionLevelEnabled | string Example: "false" Sets the interruption level for push messages to iOS devices to "time-sensitive". When enabled, this will allow push notifications to notify users even when the device is in "Focus" mode. |
| attestationAndroidPlayIntegrityMode | string Example: "REQUIRED" Play Integrity attestation mode. REQUIRED: Play Integrity attestation is preformed. If attestation fails activation/authentication request will fail. OPTIONAL: Play Integrity attestation is preformed. If attestation fails activation/authentication request will not fail and a new attestation is performed on the next request. OFF: Play Integrity attestation is not preformed. Play Integrity attestation was introduced in version 3.17 and will only be applicable for clients 3.17 or newer. |
| attestationAndroidPlayIntegrityTimeout | string Example: "30000" Play Integrity attestation timeout, in milliseconds, the timeout for a request made to Play Integrity. Required if attestationAndroidPlayIntegrityMode is REQUIRED or OPTIONAL. |
| attestationAndroidPlayIntegrityDecryptionKey | string Example: "<key>" Play Integrity attestation decryption key, used to decrypt the integrity token. Required if attestationAndroidPlayIntegrityMode is REQUIRED or OPTIONAL. |
| attestationAndroidPlayIntegrityVerificationKey | string Example: "<key>" Play Integrity attestation verification key, used to validate the integrity token. Required if attestationAndroidPlayIntegrityMode is REQUIRED or OPTIONAL. |
| lockScope | string Example: "DEVICE" Configure lock scope. Allowed values: AUTH_METHOD or DEVICE |
{- "amountFailuresAllowed": "3"
}{- "amountFailuresAllowed": "3",
- "activationCodeType": "NUMERIC",
- "activationCodeLength": "6",
- "allowedAuthMethods": [
- "DEVICE",
- "DEVICE:PIN",
- "DEVICE:STRONG_TOUCH_ID",
- "DEVICE:IOS_FACE_ID",
- "DEVICE:ANDROID_BIOMETRIC_PROMPT",
- "DEVICE:SERVER_SIDE_FACE"
], - "maxPinCodeLength": "6",
- "pinCodeLength": "6",
- "pinCodeType": "NUMERIC",
- "maximumSessionExpiry": "187200000",
- "sessionExpiry": "300000",
- "apnExpiry": "1",
- "enabledRiskData": [
- "deviceHash",
- "deviceModel",
- "deviceManufacturer",
- "operatingSystemFingerprint",
- "operatingSystemVersion",
- "operatingSystemType"
], - "hwKeyValidationStrategy": "SUPPORTED",
- "nativePushEnabled": "false",
- "firebaseTimeToLive": "0",
- "firebaseServiceAccount": "<Base64 encoded string>",
- "allowedAuthMethodsForAuthAndActivate": [
- "DEVICE:PIN"
], - "recoveryEnabled": "false",
- "recoveryCodeMinLength": "6",
- "recoveryCodeMaxLength": "50",
- "recoveryCodeFormat": "NUMERIC",
- "recoveryCodeAmountFailuresAllowed": "3",
- "apnsNotificationSoundEnabled": "true",
- "geofencingActivationMode": "OFF",
- "geofencingAuthenticationMode": "OFF",
- "geofencingTimeout": "10000",
- "attestationIosAppAttestMode": "OFF",
- "attestationIosAppAttestEnvironment": "PRODUCTION",
- "attestationIosAppAttestTimeout": "20000",
- "attestationAndroidPlayIntegrityMode": "OFF",
- "attestationAndroidPlayIntegrityTimeout": "200000",
- "apnsTimeSensitiveInterruptionLevelEnabled": "true",
- "clientDebugDataEnabledOsTypes": "IOS,ANDROID",
- "lockScope": "DEVICE"
}The Get application configuration operation returns a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "uuid": "762e9a1a-01f4-4731-a540-4f75dbeae43c",
- "appId": "a-sdge-abcdefghijk123456789",
- "state": "ENABLED",
- "properties": {
- "amountFailuresAllowed": "3",
- "activationCodeType": "NUMERIC",
- "activationCodeLength": "6",
- "allowedAuthMethods": [
- "DEVICE",
- "DEVICE:PIN",
- "DEVICE:STRONG_TOUCH_ID",
- "DEVICE:IOS_FACE_ID",
- "DEVICE:ANDROID_BIOMETRIC_PROMPT",
- "DEVICE:SERVER_SIDE_FACE"
], - "maxPinCodeLength": "6",
- "pinCodeLength": "6",
- "pinCodeType": "NUMERIC",
- "maximumSessionExpiry": "187200000",
- "sessionExpiry": "300000",
- "apnExpiry": "1",
- "enabledRiskData": [
- "deviceHash",
- "deviceModel",
- "deviceManufacturer",
- "operatingSystemFingerprint",
- "operatingSystemVersion",
- "operatingSystemType"
], - "hwKeyValidationStrategy": "SUPPORTED",
- "nativePushEnabled": "false",
- "firebaseTimeToLive": "0",
- "firebaseServiceAccount": "<Base64 encoded string>",
- "allowedAuthMethodsForAuthAndActivate": [
- "DEVICE:PIN"
], - "recoveryEnabled": "false",
- "recoveryCodeMinLength": "6",
- "recoveryCodeMaxLength": "50",
- "recoveryCodeFormat": "NUMERIC",
- "recoveryCodeAmountFailuresAllowed": "3",
- "apnsNotificationSoundEnabled": "true",
- "geofencingActivationMode": "OFF",
- "geofencingAuthenticationMode": "OFF",
- "geofencingTimeout": "10000",
- "attestationIosAppAttestMode": "OFF",
- "attestationIosAppAttestEnvironment": "PRODUCTION",
- "attestationIosAppAttestTimeout": "20000",
- "attestationAndroidPlayIntegrityMode": "OFF",
- "attestationAndroidPlayIntegrityTimeout": "200000",
- "clientDebugDataEnabledOsTypes": "IOS, ANDROID",
- "apnsTimeSensitiveInterruptionLevelEnabled": "true",
- "lockScope": "DEVICE"
}
}The MobileID Admin signing certificates API allows you to get signing certificates, which can be used for certificate verification.
JSON Web Tokens (JWTs) are returned as a result of the MobileID signature operation, and are signed with a private key.
A signing certificate contains the corresponding public key, which can be used to verify the signature.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
The Get list of signing certificates operation returns a list of signing certificates for MobileID.
You can specify the state of the signing certificates that you would like to list.
If a state (state) is not specified in the query parameters, then the operation will return a list containing the current signing certificates and the signing certificates that were used previously.
Note: A previously used signing certificate is a certificate whose corresponding private key has at some point of time, been used for signing JWTs.
| state | string Example: state=ACTIVE The state of the signing certificates that you want to list. This is an an enum, and can be either If not provided, then all certificate types are listed. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "signingCertificates": [
- {
- "certificate": "<PEM encoded Certificate>",
- "sha256Fingerprint": "29:ce:22:91:dc:82:3e:ce:c1:33:67:03:c5:af:b3:03:63:29:ce:22:91:dc:82:9a:8a:e9:49:1e:8a:e9:49:1e",
- "state": "ACTIVE",
- "activatedAt": "2024-11-09T21:59:00.000Z"
}, - {
- "certificate": "<PEM encoded Certificate>",
- "sha256Fingerprint": "11:22:a2:ce:7f:9d:3e:ce:c1:33:67:03:c5:af:b3:03:63:29:ce:22:91:dc:82:9a:8a:e9:49:1e:9b:d0:12:aa",
- "state": "DEACTIVATED",
- "activatedAt": "2024-11-09T21:59:00.123Z",
- "deactivatedAt": "2024-11-09T21:59:00.321Z"
}
]
}The MobileID Admin end-to-end (E2E) keys API provides you with operations related to creating and managing your E2E keys.
We use E2E keys to create an extra encryption layer in addition to the TLS between the MobileID server and the SDK. They are required for configuring the Authenticator App and the mobile SDK.
For each MobileID account, we create a new E2E key during the onboarding process. We strongly recommend that you use this specific key for the corresponding MobileID account and application configuration.
Ensure that you do not share E2E keys between sandbox and production accounts.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
Changing the state of the key. Changing state to DISABLED means that it will no longer be usable for client requests.
| e2eKeyId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the end-to-end key. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| state | string |
{- "state": "DISABLED"
}{- "state": "DISABLED"
}The Get E2E keys operation returns a list of the E2E key objects for the organisation that the account belongs to. This includes both production and sandbox E2E keys.
The maximum number of E2E key objects per list is 20.
You can specify the state of the E2E keys that you would like to list.
If a state (state) is not specified in the query parameters, then the operation will return a list containing E2E keys of all states.
Note: E2E keys have the account name in the E2E key name (name).
| state | string Example: state=ENABLED The state of the E2E keys that you want to list. This is an an enum, and can be either If not provided, then all E2E key types are listed. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "e2eKeys": [
- {
- "id": "op36b8k9-xr2f-996f-9039-a1baba22bc1b",
- "name": "E2E key - migrated",
- "description": "E2E key for QA testing",
- "createdBy": "52e107e6-1ce9-4a4b-a051-612ad888de11",
- "created": "2023-01-05T12:04:24.812Z",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "publicKey": "cHVibGljS2V5VmFsdWU=",
- "state": "ENABLED"
}, - {
- "id": "aaa124e1-fs4d-2rg4-8a3h-aa123a2c7x33",
- "name": "Default E2E key - migrated",
- "description": "Default key/cert generated at first db init",
- "createdBy": "52e107e6-1ce9-4a4b-a051-612ad888de11",
- "created": "2023-01-05T12:04:24.815Z",
- "sha256Fingerprint": "98:23:57:55:25:ec:23:84:hw:22:69:2c:s2:ba",
- "publicKey": "cHVibGljS2V5VmFsdWU=",
- "state": "ENABLED"
}
]
}Create a new end-to-end key. A new end-to-end key pair is generated by the server and the public key is sent back in the response.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| name required | string non-empty Example: "Default E2E key" Name for the end-to-end key |
| description | string Example: "This is the E2E key ..." Description for the end-to-end key |
{- "name": "Default E2E key - migrated",
- "description": "Default key/cert generated at first db init"
}{- "id": "op36b8k9-xr2f-996f-9039-a1baba22bc1b",
- "name": "Default E2E key - migrated",
- "description": "Default key/cert generated at first db init",
- "createdBy": "52e107e6-1ce9-4a4b-a051-612ad888de11",
- "created": "2023-01-05T12:04:24.812Z",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "publicKey": "cHVibGljS2V5VmFsdWU=",
- "state": "ENABLED"
}Get details for an end-to-end Key.
| e2eKeyId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the end-to-end key. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "id": "op36b8k9-xr2f-996f-9039-a1baba22bc1b",
- "name": "Default E2E key - migrated",
- "description": "Default key/cert generated at first db init",
- "createdBy": "52e107e6-1ce9-4a4b-a051-612ad888de11",
- "created": "2023-01-05T12:04:24.812Z",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "publicKey": "cHVibGljS2V5VmFsdWU=",
- "state": "ENABLED"
}Delete a specific end-to-end key.
| e2eKeyId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the end-to-end key. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
Account ID missing
{- "title": "An Account ID must be specified for this request",
- "code": "account_id_missing",
- "status": 400,
- "traceId": "4bf239c088089f2bca77d3a413909f1c",
- "detail": "An Account ID must be specified for this request. An AccountID can be specified in three ways. 1) For machine clients configured on an Account, the provided access token will specify the account ID. 2) Account ID can be provided as a query parameter `signicat-accountId=<accountId>`. 3) Account ID can be provided as a HTTP Header `Signicat-AccountId: <accountId>`. A request will be rejected if more than one account ID is specified."
}