Skip to main content
API docs by Redocly

Signicat MobileIDAdm API reference (1.0)

Download OpenAPI specification:Download

API Support: support@signicat.com URL: https://developer.signicat.com/support/

Introduction

Signicat's MobileID Admin API offers a simple way to carry out administrative tasks and configuration management needed by Signicat's MobileID strong authentication service

The MobileID Admin API is a RESTful API that uses the OAuth 2.0 protocol for authorisation. All request and response bodies are formatted in JSON.

Getting started

To use our MobileID API, you need to complete the following steps:

Before you start

  1. If you do not have an account already, then you need to sign up to Signicat.

  2. In the Signicat Dashboard, you must create an organisation and create an account.

Note: It is also possible to add a domain, but this is not required for MobileID.

  1. To authenticate against our APIs, you need to set up an API client. From this step, you will obtain a Client ID and a Client Secret.

  2. To use MobileID, you need to set the required permissions. Ensure that you select both MobileID API and MobileID Admin API as permissions.

Onboard to MobileID

You need to complete the onboarding of your account for MobileID. To do this, you can either:

Use the Signicat Dashboard

  1. Log in to the Signicat Dashboard.

  2. In the top navigation bar, use the dropdown menu next to your organisation name to select the account that you want to use MobileID on.

  3. In the left-side menu, select MobileID.

  4. Click the Create account button.

Use our MobileID Admin REST API

Make a request to the Add MobileID account endpoint.

Result of the onboarding

As a result of the onboarding, an account is added to the MobileID service. For each MobileID account, we will create an application configuration and an E2E key.

  • The application configuration is identified by an applicationId, and contains specific settings for you app. You can see all of the configurable properties in our application configuration feature documentation.

  • The E2E key is used to end-to-end encryption of all communication between our MobileID SDK and our service.

Configure the app

To configure the Authenticator App and the mobile SDK, you need the following:

Note: Our server URL is the same for both sandbox and production accounts.

To get your Application ID (applicationId) and Public E2E key (publicKey), you can either:

Use the Signicat Dashboard

  1. Log in to the Signicat Dashboard.

  2. In the top navigation bar, use the dropdown menu next to your organisation name to select the account that you have onboarded to MobileID.

  3. In the left-side menu, select MobileID.

  4. Use the tabs for Account and E2E keys to see your Application ID and Public key.

Use our MobileID Admin REST API

Get started with MobileID

  1. For the MobileID account, you will be able to create users.

  2. Each user can register one or more devices.

  3. The devices can then be used to perform authentication and authorisation operations.

Using this API

Authorisation

This API uses OAuth 2.0 for authorisation. OAuth 2.0 is an open protocol to allow secure authorisation in a simple and standardised manner.

For more information on how to access the MobileID API, see the Accessing Signicat API products guide in our developer documentation.

Accounts

The MobileID Admin accounts API provides you with operations related to administering your MobileID account, such as adding an account, and fetching information about an account.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Get MobileID account

The Get MobileID account operation returns the properties of a MobileID account.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
Example

Response sample when fetching a sandbox account.

{
  • "created": "2023-09-06T06:47:20.000Z",
  • "modified": "2023-09-06T06:49:23.000Z",
  • "organisationId": "o-d-Abcdefgh1234JC4Cczm4",
  • "id": "a-sdge-abcdefghijk123456789",
  • "name": "Sample Account",
  • "type": "SANDBOX",
  • "state": "ENABLED",
  • "sandboxProperties": {
    },
  • "statistics": {
    },
  • "configurations": [
    ]
}

Add MobileID account

The Add MobileID account operation fulfils the onboarding of your account to MobileID by adding an account to the MobileID service.

This is a prerequisite for all other operations.

Note: This operation is a part of the onboarding process.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
Example

Response sample when adding a sandbox account.

{
  • "created": "2023-09-06T06:54:18.000Z",
  • "organisationId": "o-d-Abcdefgh1234JC4Cczm4",
  • "id": "a-sdge-abcdefghijk123456789",
  • "name": "Sample Account",
  • "type": "SANDBOX",
  • "state": "ENABLED",
  • "sandboxProperties": {
    },
  • "statistics": {
    },
  • "configurations": [
    ]
}

Update account

Updates a specified customer account.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Request Body schema: application/json
required
state
string
Enum: "ENABLED" "DISABLED"

Account state

Responses

Request samples

Content type
application/json
{
  • "state": "ENABLED"
}

Response samples

Content type
application/json
{
  • "id": "a-sdge-abcdefghijk123456789",
  • "state": "ENABLED",
  • "organisationId": "1fb22154-8633-417b-a918-cd59a3ccd12f",
  • "encapApiKey": "M2NhZjFmYTItNmUyMi00NGFkLWE0YmUtZTZlMTZ...",
  • "sandboxDeviceLimit": "200"
}

APNs tokens

The MobileID Admin APNs tokens API provides you with operations related to creating and managing Apple Push Notifications service (APNs) tokens.

APNs tokens can be used so that your end-users can receive push notifications in your mobile app.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

An APNs token can be used by all accounts in the same organisation.

Get APNS tokens

The Get APNs tokens operation returns a list of the APNs tokens for the organisation that the account belongs to. This includes both production and sandbox APNs tokens.

The maximum number of APNs token objects per list is 20.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
{
  • "apnsTokens": [
    ]
}

Add APNS token

The Add APNs token operation enables you to add a new APNs token to your MobileID account.

An APNs token can be used by all accounts in the same organisation.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Request Body schema: application/json
required
name
required
string

The name of the APNs token

description
string

The description of the APNs token

privateKey
required
string

The Base64 encoded string of APNs token private key

keyId
required
string

Key ID of the APNs token

teamId
required
string

Team ID of Apple Developer Account

Responses

Request samples

Content type
application/json
{
  • "name": "Test app APNs token",
  • "description": "test-token-description",
  • "privateKey": "replace with base64 encoded private key",
  • "keyId": "ABCD1234",
  • "teamId": "EDFG5678"
}

Response samples

Content type
application/json
{
  • "id": "82a634bf-a485-457c-90c4-88ddd56319c1",
  • "description": "test-token-description",
  • "name": "Test app APNs token",
  • "created": "2022-12-11T12:35:52.000Z",
  • "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
  • "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
  • "keyId": "ABCD1234",
  • "teamId": "EDFG5678"
}

Get APNS token

The Get APNs token operation returns a specified APNs token for your MobileID account.

An APNs token can be used by all accounts in the same organisation.

Authorizations:
None
path Parameters
apnsTokenId
required
string
Example: 82a634bf-a485-457c-90c4-88ddd56319ac

The ID of the APNs token.

query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
{
  • "id": "82a634bf-a485-457c-90c4-88ddd56319c1",
  • "description": "test-token-description",
  • "name": "Test app APNs token",
  • "created": "2022-12-11T12:35:52.000Z",
  • "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
  • "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
  • "keyId": "ABCD1234",
  • "teamId": "EDFG5678"
}

Delete APNS token

The Delete APNs token operation deletes a specified APNs token from your MobileID account.

An APNs token can be used by all accounts in the same organisation.

Authorizations:
None
path Parameters
apnsTokenId
required
string
Example: 82a634bf-a485-457c-90c4-88ddd56319ac

The ID of the APNs token.

query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
Example

Account ID missing

{
  • "type": "https://developer.signicat.com/errors?code=account_id_missing",
  • "title": "An Account ID must be specified for this request",
  • "code": "account_id_missing",
  • "status": 400,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "detail": "An Account ID must be specified for this request. An AccountID can be specified in three ways. 1) For machine clients configured on an Account, the provided access token will specify the account ID. 2) Account ID can be provided as a query parameter `signicat-accountId=<accountId>`. 3) Account ID can be provided as a HTTP Header `Signicat-AccountId: <accountId>`. A request will be rejected if more than one account ID is specified."
}

Application configuration

The MobileID Admin Application configuration API provides you with operations related to administering your application configuration.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

An application configuration is a specific set of application attributes for a mobile application. These attributes determine how the application should work.

What does it look like?

An application configuration consists of the following:

  • The UUID of the application configuration.
  • The ID of the application configuration.
  • The name of the application configuration.
  • The APNs UUID of the application configuration.
  • The state of the application configuration.
  • An object containing the properties of the application configuration.

You can also use this API to configure MobileID features, by making changes to the default values in the application configuration properties. For further information, see our MobileID feature guides.

Always collected risk data

Some risk data is always collected, for debugging purposes. This means that for enabledRiskData:

  • If you pass null, the always collected risk data will still be returned.
  • If you specify risk attributes, the always collected risk data will be returned in addition to those you have specified.

You can find a list of what risk data is always enabled in the MobileID API reference documentation. See risk attributes in the Common concepts section.

Get state of application configuration

The Get state of application configuration operation returns the state of a specified application configuration.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
{
  • "state": "ENABLED"
}

Update state of application configuration

The Update state of application configuration operation enables you to update the state of a specified application configuration.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Request Body schema: application/json
required
state
required
string

The state of the application configuration. This can be either ENABLED or DISABLED

Responses

Request samples

Content type
application/json
{
  • "state": "ENABLED"
}

Response samples

Content type
application/json
{
  • "state": "ENABLED"
}

Get APNs UUID of application configuration

The Get APNs UUID of application configuration operation returns the APNs UUID of a specified application configuration.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
{
  • "apnsUuid": "12ef6f3a-a12a-4c5e-bb1b-1d75a9f37d59"
}

Update APNs UUID of application configuration

The Update APNs UUID of application configuration operation enables you to update a specified APNs UUID of an application configuration.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Request Body schema: application/json
required
apnsUuid
required
string

The application config's apns UUID

Responses

Request samples

Content type
application/json
{
  • "apnsUuid": "12ef6f3a-a12a-4c5e-bb1b-1d75a9f37d59"
}

Response samples

Content type
application/json
{
  • "apnsUuid": "12ef6f3a-a12a-4c5e-bb1b-1d75a9f37d59"
}

Get properties of application configuration

The Get properties of application configuration operation returns the properties of a specified application configuration.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
{
  • "amountFailuresAllowed": "3",
  • "activationCodeType": "NUMERIC",
  • "activationCodeLength": "6",
  • "allowedAuthMethods": [
    ],
  • "maxPinCodeLength": "4",
  • "pinCodeLength": "4",
  • "pinCodeType": "NUMERIC",
  • "maximumSessionExpiry": "187200000",
  • "sessionExpiry": "300000",
  • "apnExpiry": "1",
  • "enabledRiskData": [
    ],
  • "hwKeyValidationStrategy": "SUPPORTED",
  • "nativePushEnabled": "false",
  • "firebaseTimeToLive": "0",
  • "firebaseServiceAccount": "<Base64 encoded string>",
  • "allowedAuthMethodsForAuthAndActivate": [
    ],
  • "recoveryEnabled": "false",
  • "recoveryCodeMinLength": "6",
  • "recoveryCodeMaxLength": "50",
  • "recoveryCodeFormat": "NUMERIC",
  • "recoveryCodeAmountFailuresAllowed": "3",
  • "apnsNotificationSoundEnabled": "true",
  • "geofencingActivationMode": "OFF",
  • "geofencingAuthenticationMode": "OFF",
  • "geofencingTimeout": "10000",
  • "attestationIosAppAttestMode": "OFF",
  • "attestationIosAppAttestEnvironment": "PRODUCTION",
  • "attestationIosAppAttestTimeout": "20000",
  • "attestationAndroidPlayIntegrityMode": "OFF",
  • "attestationAndroidPlayIntegrityTimeout": "200000",
  • "apnsTimeSensitiveInterruptionLevelEnabled": "true",
  • "clientDebugDataEnabledOsTypes": "IOS,ANDROID"
}

Update properties of application configuration

The Update properties of application configuration operation enables you to update the properties of a specified application configuration.

It is not currently possible to update the following properties with this endpoint:

  • maximumSessionExpiry
  • clientDebugDataEnabledOsTypes

If you would like to update them, please contact us at support@signicat.com.

Note: You will still see these properties returned in the operation response.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Request Body schema: application/json
required
amountFailuresAllowed
string

The grace amount of failed authentications for any client before they are locked out. Allowed values: 0..MAXINT

activationCodeType
string

The type of characters that can be used during the generation of the activation code. Allowed values: ALPHA, ALPHANUMERIC, ANY or numeric

activationCodeLength
string

The length in characters of the activation code that should be generated. Allowed values: 4 .. MAXINT

allowedAuthMethods
Array of strings

Comma separated list of allowed authentication methods. Determines which auth methods can be activated and used for authentication

apnConfig
string

The APN server configuration that defines where to reach the APNs. Allowed values: PRODUCTION or SANDBOX

enabledRiskData
Array of strings

The risk attributes to collect for the device.

You can find out how to configure which attributes are collected in the application configuration feature documentation.

maxPinCodeLength
string

The maximum length in characters of the PIN. Allowed values: 1..MAXINT

pinCodeLength
string

The length in characters of the PIN. Set 0 to disable PIN code. Note: This is a hint to the client and not enforced by the server (but enforced in the client SDK). Allowed values: 1..MAXINT

pinCodeType
string

The type of characters that can be used in the PIN. Note: This is a hint to the client and not enforced by the server. Allowed values: ANY, NUMERIC, ALPHA, ALPHANUMERIC

sessionExpiry
string

The amount of time (in milliseconds) that a new client session remains valid for. After this time has elapsed, the session can no longer be used for any operations. Allowed values: 1..MAXINT

minimumRequiredEncapApiVersionAndroid
string

What Android client SDK version should be allowed. This can be used to narrow (not extend) the SDK version. Example is if the server minimum is "3.5.0", and someone wants to only to allow "3.6.0" -clients, this can be achieved here. But putting "3.3.0" will not have any effect. Allowed values: Semantic version, ex: "3.7.0"

minimumRequiredEncapApiVersionIos
string

The same as minimumRequiredEncapApiVersionAndroid, but applies to iOS clients. Allowed values: Semantic version, ex: "3.7.0"

apnExpiry
string

The amount of time (in milliseconds) that APNs will try to deliver the message for. If not delivered within this time, then the message is discarded. The allowed value is from 1 to MAXINT.

Note: APNS will attempt to deliver the message at least once, regardless of the set expiration time.

encapApiBlacklistAndroid
string

Android SDK API versions to blacklist (and reject). See the android configuration chapter in the server manual for smart device for details. Allowed values: Comma separated semantic version, ex: "3.5.3, 3.6.8"

encapApiBlacklistIos
string

IOS SDK API versions to blacklist (and reject). See the ios configuration chapter in the server manual for smart device for details. Allowed values: Comma separated semantic version, ex: "3.5.3, 3.6.8"

nativePushEnabled
string

Enable the server to send push messages with Fire Cloud Messaging or Apple APNs. Allowed values: true or false

firebaseTimeToLive
string

Firebase Cloud Messaging. Maximum lifespan of the message in milliseconds. The default value is 0. This means deliver “now or never”. FCM guarantees best effort for messages with this lifespan. Allowed values: 0..MAXINT

firebaseServiceAccount
string

Firebase Cloud Messaging. The contents of the serviceAccount.json (credentials file) for your Firebase Cloud Messaging project."; The field has to be Base64 Encoded

attestationAndroidPackageName
string

Play Integrity Attestation, the APK package name. Required if attestationAndroidPlayIntegrityMode is REQUIRED or OPTIONAL.

apnsBundleId
string

Apples bundle ID for the application. Used as topic on the push message sent to APNs, required when using APNS_TOKEN.

allowedAuthMethodsForAuthAndActivate
Array of strings

Comma separated list of allowed authentication methods for activation of a new auth-method. Determines which auth methods can be used to authenticate during activation of a new auth method.

The value(s) here must be present in the ALLOWED_AUTH_METHODS parameter. Offline authentication methods can not be used here.

recoveryEnabled
string

Enable users to set up recovery with an alternative set of user credentials. Allowed values: true or false

recoveryCodeMinLength
string

The minimum number of characters for the recovery PIN. Note: This is a hint to the client and not enforced by the server. Allowed values: 0..MAXINT

recoveryCodeMaxLength
string

The maximum number of characters for the recovery PIN. Note: This is a hint to the client and not enforced by the server. Allowed values: 0..MAXINT

recoveryCodeFormat
string

The type of characters that can be used in the recovery PIN. Note: This is a hint to the client and not enforced by the server. Allowed values: ALPHA, ALPHANUMERIC, ANY, NUMERIC

recoveryCodeAmountFailuresAllowed
string

The grace amount of failed recovery code attempts for any client before the recovery for the client is locked. Allowed values: 0..MAXINT

apnsNotificationSoundEnabled
string

Enable notification sound for push messages to iOS devices. Allowed values: true, false

geofencingActivationMode
string

Determines if or how geofencing is used for registration.

The geofencing mode can be either REQUIRED, OPTIONAL, or OFF.

You can read about what the different geofencing modes mean in our application configuration feature documentation.

geofencingActivationAllowedContinents
string

Comma-separated list of continents where registration is allowed, in a two-letter continent code format.

This can be either AF, NA, OC, AN, AS, EU, or SA.

geofencingActivationAllowedCountries
string

Comma-separated list of countries where registration is allowed, in an ISO 3166-1 alpha-2 two-letter country code format.

These countries are in addition to those covered by the allowed continents parameter.

You can find a list of countries and corresponding codes at GeoNames.

geofencingActivationDeniedCountries
string

Comma-separated list of countries where registration is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format.

These countries will be excluded from those covered by the allowed continents parameter.

You can find a list of countries and corresponding codes at GeoNames.

geofencingAuthenticationMode
string

Determines if or how geofencing is used for authentication.

The geofencing mode can be either REQUIRED, OPTIONAL, or OFF.

You can read about what the different geofencing modes mean in our application configuration feature documentation.

geofencingAuthenticationAllowedContinents
string

Comma-separated list of continents where authentication is allowed, in a two-letter continent code format.

This can be either AF, NA, OC, AN, AS, EU, or SA.

geofencingAuthenticationAllowedCountries
string

Comma-separated list of countries where authentication is allowed, in an ISO 3166-1 alpha-2 two-letter country code format.

These countries are in addition to those covered by the allowed continents parameter.

You can find a list of countries and corresponding codes at GeoNames.

geofencingAuthenticationDeniedCountries
string

Comma-separated list of countries where authentication is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format.

These countries will be excluded from those covered by the allowed continents parameter.

You can find a list of countries and corresponding codes at GeoNames.

geofencingTimeout
string

The maximum time (given in milliseconds) to wait for the location lookup and reverse geocoding to complete on the SDK.

The timing starts when the SDK calls the finish operation.

If the timeout is exceeded, then the SDK will continue without a country.

The allowed value is from 0 to MAXINT.

attestationIosAppAttestMode
string

iOS Attestation mode when using Apple App Attest.

REQUIRED: App attestation enabled. If attestation fails the activation/authentication request will fail. Note that devices running versions of iOS older than 14 will always fail if the mode is set to REQUIRED, due to requirements by the Apple App Attest API.

OPTIONAL: App attestation enabled. Even if the attestation fails, the activation/authentication request will succeed, and a new attestation will be performed on the next request. The status can be seen in the response object.

OFF: App attestation disabled. Allowed values: REQUIRED, OPTIONAL, OFF

attestationIosAppAttestEnvironment
string

The environment for an app that uses the App Attest service to validate itself. Allowed values: DEVELOPMENT, PRODUCTION

attestationIosAppAttestTimeout
string

iOS app attestation timeout, after this time, in milliseconds, the attestation request will time out. Allowed values: 1..MAXINT

attestationIosAppAttestAppId
string

Application ID which is a concatenation of a 10-digit team identifier, a period, and the app's CFBundleIdentifier value. Required when using Apple App Attest service.

apnsTimeSensitiveInterruptionLevelEnabled
string

Sets the interruption level for push messages to iOS devices to "time-sensitive". When enabled, this will allow push notifications to notify users even when the device is in "Focus" mode.

attestationAndroidPlayIntegrityMode
string

Play Integrity attestation mode.

REQUIRED: Play Integrity attestation is preformed. If attestation fails activation/authentication request will fail.

OPTIONAL: Play Integrity attestation is preformed. If attestation fails activation/authentication request will not fail and a new attestation is performed on the next request.

OFF: Play Integrity attestation is not preformed.

Play Integrity attestation was introduced in version 3.17 and will only be applicable for clients 3.17 or newer.

attestationAndroidPlayIntegrityTimeout
string

Play Integrity attestation timeout, in milliseconds, the timeout for a request made to Play Integrity. Required if attestationAndroidPlayIntegrityMode is REQUIRED or OPTIONAL.

attestationAndroidPlayIntegrityDecryptionKey
string

Play Integrity attestation decryption key, used to decrypt the integrity token. Required if attestationAndroidPlayIntegrityMode is REQUIRED or OPTIONAL.

attestationAndroidPlayIntegrityVerificationKey
string

Play Integrity attestation verification key, used to validate the integrity token. Required if attestationAndroidPlayIntegrityMode is REQUIRED or OPTIONAL.

Responses

Request samples

Content type
application/json
{
  • "amountFailuresAllowed": "3"
}

Response samples

Content type
application/json
{
  • "amountFailuresAllowed": "3",
  • "activationCodeType": "NUMERIC",
  • "activationCodeLength": "6",
  • "allowedAuthMethods": [
    ],
  • "maxPinCodeLength": "4",
  • "pinCodeLength": "4",
  • "pinCodeType": "NUMERIC",
  • "maximumSessionExpiry": "187200000",
  • "sessionExpiry": "300000",
  • "apnExpiry": "1",
  • "enabledRiskData": [
    ],
  • "hwKeyValidationStrategy": "SUPPORTED",
  • "nativePushEnabled": "false",
  • "firebaseTimeToLive": "0",
  • "firebaseServiceAccount": "<Base64 encoded string>",
  • "allowedAuthMethodsForAuthAndActivate": [
    ],
  • "recoveryEnabled": "false",
  • "recoveryCodeMinLength": "6",
  • "recoveryCodeMaxLength": "50",
  • "recoveryCodeFormat": "NUMERIC",
  • "recoveryCodeAmountFailuresAllowed": "3",
  • "apnsNotificationSoundEnabled": "true",
  • "geofencingActivationMode": "OFF",
  • "geofencingAuthenticationMode": "OFF",
  • "geofencingTimeout": "10000",
  • "attestationIosAppAttestMode": "OFF",
  • "attestationIosAppAttestEnvironment": "PRODUCTION",
  • "attestationIosAppAttestTimeout": "20000",
  • "attestationAndroidPlayIntegrityMode": "OFF",
  • "attestationAndroidPlayIntegrityTimeout": "200000",
  • "apnsTimeSensitiveInterruptionLevelEnabled": "true",
  • "clientDebugDataEnabledOsTypes": "IOS,ANDROID"
}

Get application configuration

The Get application configuration operation returns a specified application configuration.

Authorizations:
None
query Parameters
signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
{
  • "uuid": "762e9a1a-01f4-4731-a540-4f75dbeae43c",
  • "appId": "a-sdge-abcdefghijk123456789",
  • "state": "ENABLED",
  • "properties": {
    }
}

Signing certificates

The MobileID Admin signing certificates API allows you to get signing certificates, which can be used for certificate verification.

Useful information

JSON Web Tokens (JWTs) are returned as a result of the MobileID signature operation, and are signed with a private key.

A signing certificate contains the corresponding public key, which can be used to verify the signature.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Get signing certificates

The Get list of signing certificates operation returns a list of signing certificates for MobileID.

You can specify the state of the signing certificates that you would like to list.

If a state (state) is not specified in the query parameters, then the operation will return a list containing the current signing certificates and the signing certificates that were used previously.

Note: A previously used signing certificate is a certificate whose corresponding private key has at some point of time, been used for signing JWTs.

Authorizations:
None
query Parameters
state
string
Example: state=ACTIVE

The state of the signing certificates that you want to list.

This is an an enum, and can be either ACTIVE or DEACTIVATED.

If not provided, then all certificate types are listed.

signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
{
  • "signingCertificates": [
    ]
}

End-to-end (E2E) keys

The MobileID Admin end-to-end (E2E) keys API allows you to get your E2E keys, which are used to create an additional encryption layer in addition to the TLS between the MobileID server and the SDK.

They are required for configuring the Authenticator App and the mobile SDK.

Useful information

For each MobileID account, we create a new E2E key during the onboarding process. We strongly recommend that you use this specific key for the corresponding MobileID account and application configuration.

Ensure that you do not share E2E keys between sandbox and production accounts.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Get E2E keys

The Get E2E keys operation returns a list of the E2E key objects for the organisation that the account belongs to. This includes both production and sandbox E2E keys.

The maximum number of E2E key objects per list is 20.

You can specify the state of the E2E keys that you would like to list.

If a state (state) is not specified in the query parameters, then the operation will return a list containing E2E keys of all states.

Note: E2E keys have the account name in the E2E key name (name).

Authorizations:
None
query Parameters
state
string
Example: state=ENABLED

The state of the E2E keys that you want to list.

This is an an enum, and can be either ENABLED or DISABLED.

If not provided, then all E2E key types are listed.

signicat-accountid
string
Example: signicat-accountid=a-sdge-abcdefghijk123456789

The ID of the Signicat account.

This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request.

Responses

Response samples

Content type
application/json
{
  • "e2eKeys": [
    ]
}