Download OpenAPI specification:Download
https://api.signicat.com/mobileid/admin/The Signicat MobileID Admin API enables you to carry out administrative tasks and configuration management for the Signicat MobileID service.
This REST API uses the OAuth 2.0 protocol for authorisation. All request and response bodies are formatted in JSON.
Before you can start making requests to this API, you need to learn how to connect to it. To do this, see the Connect to Signicat APIs Quick start guide.
You need to complete the onboarding of your account for MobileID. To do this, you can use the Signicat Dashboard:
Success! You can now start making requests to the MobileID Admin API.
Use the Signicat Audit logs service to see documented evidence of the sequence of activities that have affected a system.
When you make an API call to Signicat and an error occurs, you will receive a response message with an error code.
Use the Signicat Events service to automatically receive information about when something happens in one of our services into your system.
Note: This is often referred to as callback.
The MobileID Admin accounts API provides you with operations related to administering your MobileID account, such as adding an account, and fetching information about an account.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
The Get MobileID account operation returns the properties of a MobileID account.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| statistics | boolean Default: true Example: statistics=true Control whether the statistics ( Note: Returned statistical data is not live data. |
Response sample when fetching a sandbox account.
{- "created": "2023-09-06T06:47:20.000Z",
- "modified": "2023-09-06T06:49:23.000Z",
- "organisationId": "o-d-Abcdefgh1234JC4Cczm4",
- "id": "a-sdge-abcdefghijk123456789",
- "name": "Sample Account",
- "type": "SANDBOX",
- "state": "ENABLED",
- "sandboxProperties": {
- "sandboxDeviceLimit": "100",
- "numberOfDevices": "0"
}, - "statistics": {
- "numberOfActiveDevices": "0",
- "numberOfActiveUsers": "0"
}, - "configurations": [
- {
- "description": "Created by admin.",
- "default": true,
- "accountId": "a-sdge-abcdefghijk123456789",
- "id": "5ecbf73d-90bd-46a7-a58e-9ac56d229e3e",
- "properties": {
- "applicationId": "a-sdge-abcdefghijk123456789",
- "inactiveDeviceDeleteRetentionTime": "365"
}, - "additionalFeatures": {
- "passportScanEnabled": false
}
}
], - "onboardedForMobileId": true,
- "onboardedForPasskeys": false
}The Add MobileID account operation fulfils the onboarding of your account to MobileID by adding an account to the MobileID service.
This is a prerequisite for all other operations.
Note: This operation is a part of the onboarding process.
| onboardingType | string |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
Response sample when adding a sandbox account.
{- "created": "2023-09-06T06:54:18.000Z",
- "organisationId": "o-d-Abcdefgh1234JC4Cczm4",
- "id": "a-sdge-abcdefghijk123456789",
- "name": "Sample Account",
- "type": "SANDBOX",
- "state": "ENABLED",
- "sandboxProperties": {
- "sandboxDeviceLimit": "100",
- "numberOfDevices": "0"
}, - "statistics": {
- "numberOfActiveDevices": "0",
- "numberOfActiveUsers": "0"
}, - "configurations": [
- {
- "description": "Created by admin.",
- "default": true,
- "accountId": "a-sdge-abcdefghijk123456789",
- "id": "02510f61-6faf-44e0-9d58-e62cfc35d5aa",
- "properties": {
- "applicationId": "a-sdge-abcdefghijk123456789",
- "inactiveDeviceDeleteRetentionTime": "365"
}, - "additionalFeatures": {
- "passportScanEnabled": false
}
}
], - "onboardedForMobileId": true,
- "onboardedForPasskeys": false
}Updates a specified customer account.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| state | string Enum: "ENABLED" "DISABLED" Account state |
{- "state": "ENABLED"
}{- "id": "a-sdge-abcdefghijk123456789",
- "state": "ENABLED",
- "organisationId": "1fb22154-8633-417b-a918-cd59a3ccd12f",
- "encapApiKey": "M2NhZjFmYTItNmUyMi00NGFkLWE0YmUtZTZlMTZ...",
- "sandboxDeviceLimit": "200"
}The MobileID Admin APNs tokens API provides you with operations related to creating and managing Apple Push Notifications service (APNs) tokens.
APNs tokens can be used so that your end-users can receive push notifications in your mobile app.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
The Get APNs tokens operation returns a list of the APNs tokens for the organisation that the account belongs to. This includes both production and sandbox APNs tokens.
The maximum number of APNs token objects per list is 20.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "apnsTokens": [
- {
- "id": "82a634bf-a485-457c-90c4-88ddd5631922",
- "description": "test-token-description",
- "name": "Test app APNs token",
- "created": "2022-12-11T12:35:52.000Z",
- "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}, - {
- "id": "c21d007a-d8ad-4856-a9ab-cee11a65de31",
- "description": "test-token-description",
- "name": "Test app APNs token",
- "created": "2022-12-11T12:35:53.000Z",
- "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}
]
}The Add APNs token operation enables you to add a new APNs token to your MobileID account.
An APNs token can be used by all accounts in the same organisation.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| name required | string non-empty The name of the APNs token |
| description | string The description of the APNs token |
| privateKey required | string non-empty The Base64 encoded string of APNs token private key |
| keyId required | string non-empty Key ID of the APNs token |
| teamId required | string non-empty Team ID of Apple Developer Account |
{- "name": "Test app APNs token",
- "description": "test-token-description",
- "privateKey": "replace with base64 encoded private key",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}{- "id": "82a634bf-a485-457c-90c4-88ddd56319c1",
- "description": "test-token-description",
- "name": "Test app APNs token",
- "created": "2022-12-11T12:35:52.000Z",
- "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}The Get APNs token operation returns a specified APNs token for your MobileID account.
An APNs token can be used by all accounts in the same organisation.
| apnsTokenId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the APNs token. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "id": "82a634bf-a485-457c-90c4-88ddd56319c1",
- "description": "test-token-description",
- "name": "Test app APNs token",
- "created": "2022-12-11T12:35:52.000Z",
- "sha1Fingerprint": "ab:6b:bb:f3:e3:5e:6f:11",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "keyId": "ABCD1234",
- "teamId": "EDFG5678"
}The Delete APNs token operation deletes a specified APNs token from your MobileID account.
An APNs token can be used by all accounts in the same organisation.
| apnsTokenId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the APNs token. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
Account ID missing
{- "title": "An Account ID must be specified for this request",
- "code": "account_id_missing",
- "status": 400,
- "traceId": "4bf239c088089f2bca77d3a413909f1c",
- "detail": "An Account ID must be specified for this request. An AccountID can be specified in three ways. 1) For machine clients configured on an Account, the provided access token will specify the account ID. 2) Account ID can be provided as a query parameter `signicat-accountId=<accountId>`. 3) Account ID can be provided as a HTTP Header `Signicat-AccountId: <accountId>`. A request will be rejected if more than one account ID is specified."
}The MobileID Admin Application configuration API provides you with operations related to administering your application configuration.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
An application configuration is a specific set of application attributes for a mobile application. These attributes determine how the application should work.
An application configuration consists of the following:
You can also use this API to configure MobileID features, by making changes to the default values in the application configuration properties. For further information, see our MobileID feature guides.
Some risk data is always collected, for debugging purposes. This means that for enabledRiskData:
null, the always collected risk data will still be returned.You can find a list of what risk data is always enabled in the MobileID API reference documentation. See risk attributes in the Common concepts section.
The Get state of application configuration operation returns the state of a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "state": "ENABLED"
}The Update state of application configuration operation enables you to update the state of a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| state required | string The state of the application configuration. This can be either |
{- "state": "ENABLED"
}{- "state": "ENABLED"
}The Get APNs UUID of application configuration operation returns the APNs UUID of a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "apnsUuid": "12ef6f3a-a12a-4c5e-bb1b-1d75a9f37d59"
}The Update APNs UUID of application configuration operation enables you to update a specified APNs UUID of an application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| apnsUuid required | string The application config's apns UUID |
{- "apnsUuid": "12ef6f3a-a12a-4c5e-bb1b-1d75a9f37d59"
}{- "apnsUuid": "12ef6f3a-a12a-4c5e-bb1b-1d75a9f37d59"
}The Get properties of application configuration operation returns the properties of a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "amountFailuresAllowed": "3",
- "activationCodeType": "NUMERIC",
- "activationCodeLength": "6",
- "allowedAuthMethods": [
- "DEVICE",
- "DEVICE:PIN",
- "DEVICE:STRONG_TOUCH_ID",
- "DEVICE:IOS_FACE_ID",
- "DEVICE:ANDROID_BIOMETRIC_PROMPT",
- "DEVICE:SERVER_SIDE_FACE"
], - "maxPinCodeLength": "6",
- "pinCodeLength": "6",
- "pinCodeType": "NUMERIC",
- "maximumSessionExpiry": "187200000",
- "sessionExpiry": "300000",
- "apnExpiry": "1",
- "enabledRiskData": [
- "deviceHash",
- "deviceModel",
- "deviceManufacturer",
- "operatingSystemFingerprint",
- "operatingSystemVersion",
- "operatingSystemType"
], - "hwKeyValidationStrategy": "SUPPORTED",
- "nativePushEnabled": "false",
- "firebaseTimeToLive": "0",
- "firebaseServiceAccount": "<Base64 encoded string>",
- "allowedAuthMethodsForAuthAndActivate": [
- "DEVICE:PIN"
], - "recoveryEnabled": "false",
- "recoveryCodeMinLength": "6",
- "recoveryCodeMaxLength": "50",
- "recoveryCodeFormat": "NUMERIC",
- "recoveryCodeAmountFailuresAllowed": "3",
- "apnsNotificationSoundEnabled": "true",
- "geofencingActivationMode": "OFF",
- "geofencingAuthenticationMode": "OFF",
- "geofencingTimeout": "10000",
- "attestationIosAppAttestMode": "OFF",
- "attestationIosAppAttestEnvironment": "PRODUCTION",
- "attestationIosAppAttestTimeout": "20000",
- "attestationAndroidPlayIntegrityMode": "OFF",
- "attestationAndroidPlayIntegrityTimeout": "200000",
- "apnsTimeSensitiveInterruptionLevelEnabled": "true",
- "clientDebugDataEnabledOsTypes": "IOS,ANDROID",
- "lockScope": "DEVICE"
}The Update properties of application configuration operation enables you to update the properties of a specified application configuration.
It is not currently possible to update the following properties with this endpoint:
maximumSessionExpiryclientDebugDataEnabledOsTypesIf you would like to update them, please contact us at support@signicat.com.
Note: You will still see these properties returned in the operation response.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| amountFailuresAllowed | string The grace amount of failed authentications for any client before they are locked out. Allowed values:
From |
| activationCodeType | string The type of characters that can be used during the generation of the activation code. Allowed values:
|
| activationCodeLength | string The length in characters of the activation code that should be Allowed values:
From |
| allowedAuthMethods | Array of strings Comma-separated list of allowed authentication methods. Determines which authentication methods can be activated and used for authentication. |
| apnConfig | string The APN server configuration that defines where to reach the APNs. Allowed values:
|
| enabledRiskData | Array of strings The risk attributes to collect for the device. To learn how to configure which risk attributes are collected, see Risk data in our Application configuration feature documentation. |
| maxPinCodeLength | string The maximum length in characters of the PIN. Allowed values:
From |
| pinCodeLength | string The length in characters of the PIN. Set Note: This is a hint to the client and not enforced by the server (but enforced in the client SDK). Allowed values:
From |
| pinCodeType | string The type of characters that can be used in the PIN. Note: This is a hint to the client and not enforced by the server. Allowed values:
|
| sessionExpiry | string The amount of time (in milliseconds) that a new client session remains valid for. After this time has elapsed, the session can no longer be used for any operations. Allowed values:
From |
| minimumRequiredEncapApiVersionAndroid | string What Android client SDK version should be allowed. This can be used to narrow (not extend) the SDK version. Allowed values:
Semantic version, such as Example: If the server minimum is |
| minimumRequiredEncapApiVersionIos | string What iOS client SDK version should be allowed. This can be used to narrow (not extend) the SDK version. Allowed values:
Semantic version, such as Example: If the server minimum is |
| apnExpiry | string The amount of time (in milliseconds) that APNs will try to deliver the message for. If not delivered within this time, then the message is discarded. Allowed values:
From Note: APNS will attempt to deliver the message at least once, regardless of the set expiration time. |
| encapApiBlacklistAndroid | string Android SDK API versions to blacklist (and reject). See the android configuration chapter in the server manual for smart device for details. Allowed values:
Comma-separated semantic version such as: |
| encapApiBlacklistIos | string IOS SDK API versions to blacklist (and reject). See the ios configuration chapter in the server manual for smart device for details. Allowed values:
Comma-separated semantic version such as: |
| nativePushEnabled | string Enable the server to send push messages with Fire Cloud Messaging or Apple APNs. Allowed values:
|
| firebaseTimeToLive | string Firebase Cloud Messaging. Maximum lifespan of the message in milliseconds. This means deliver now or never. FCM guarantees best effort for messages with this lifespan. Allowed values:
From Default value: |
| firebaseServiceAccount | string Firebase Cloud Messaging. The contents of the serviceAccount.json (credentials file) for your Firebase Cloud Messaging project."; Note: The field has to be Base64 encoded. |
| attestationAndroidPackageName | string Play Integrity Attestation, the APK package name. Note: This is required if |
| apnsBundleId | string Apples bundle ID for the application. Used as topic on the push message sent to APNs, required when using |
| allowedAuthMethodsForAuthAndActivate | Array of strings Comma-separated list of allowed authentication methods for activation of a new authentication method. Determines which authentication methods can be used to authenticate during activation of a new authentication method. Note:
The value(s) here must be present in the |
| recoveryEnabled | string Enable users to set up recovery with an alternative set of user credentials. Allowed values:
|
| recoveryCodeMinLength | string The minimum number of characters for the recovery PIN. Note: This is a hint to the client and not enforced by the server. Allowed values:
From |
| recoveryCodeMaxLength | string The maximum number of characters for the recovery PIN. Note: This is a hint to the client and not enforced by the server. Allowed values:
From |
| recoveryCodeFormat | string The type of characters that can be used in the recovery PIN. Note: This is a hint to the client and not enforced by the server. Allowed values: |
| recoveryCodeAmountFailuresAllowed | string The grace amount of failed recovery code attempts for any client before the recovery for the client is locked. Allowed values:
From |
| apnsNotificationSoundEnabled | string Enable notification sound for push messages to iOS devices. Allowed values: |
| geofencingActivationMode | string The geofencing mode to use for the registration. Allowed values:
For more information, see Geofencing in our Application configuration feature documentation. |
| geofencingActivationAllowedContinents | string Comma-separated list of continents where registration is allowed, in a two-letter continent code format. Allowed values:
|
| geofencingActivationAllowedCountries | string Comma-separated list of countries where registration is allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries are in addition to those covered by the allowed continents parameter. You can find a list of countries and corresponding codes at GeoNames. |
| geofencingActivationDeniedCountries | string Comma-separated list of countries where registration is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries will be excluded from those covered by the allowed continents parameter. You can find a list of countries and corresponding codes at GeoNames. |
| geofencingAuthenticationMode | string The geofencing mode to use for the authentication. Allowed values:
For more information, see Geofencing in our Application configuration feature documentation. |
| geofencingAuthenticationAllowedContinents | string Comma-separated list of continents where authentication is allowed, in a two-letter continent code format. Allowed values:
|
| geofencingAuthenticationAllowedCountries | string Comma-separated list of countries where authentication is allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries are in addition to those covered by the allowed continents parameter. You can find a list of countries and corresponding codes at GeoNames. |
| geofencingAuthenticationDeniedCountries | string Comma-separated list of countries where authentication is not allowed, in an ISO 3166-1 alpha-2 two-letter country code format. These countries will be excluded from those covered by the allowed continents parameter. You can find a list of countries and corresponding codes at GeoNames. |
| geofencingTimeout | string The maximum time (given in milliseconds) to wait for the location lookup and reverse geocoding to complete on the SDK. The timing starts when the SDK calls the finish operation. If the timeout is exceeded, then the SDK will continue without a country. Allowed values:
From |
| attestationIosAppAttestMode | string The iOS App Attest attestation mode to use for the operation. Allowed values:
For more information, see App attestation in our Application configuration feature documentation. |
| attestationIosAppAttestEnvironment | string The environment for an app that uses the App Attest service to validate itself. Allowed values:
|
| attestationIosAppAttestTimeout | string iOS app attestation timeout, after this time, in milliseconds, the attestation request will time out.
Allowed values:
From |
| attestationIosAppAttestAppId | string Application ID which is a concatenation of a 10-digit team identifier, a period, and the app's Note: This is required when using Apple App Attest service. |
| apnsTimeSensitiveInterruptionLevelEnabled | string Sets the interruption level for push messages to iOS devices to time-sensitive. When enabled, push notifications can notify the end-users, even when the device is in Focus mode. |
| attestationAndroidPlayIntegrityMode | string The Android Play Integrity attestation mode to use for the operation. Allowed values:
Note: Play Integrity attestation was introduced in version 3.17 and is only applicable for clients 3.17 or newer. For more information, see App attestation in our Application configuration feature documentation. |
| attestationAndroidPlayIntegrityTimeout | string Play Integrity attestation timeout, in milliseconds, the timeout for a request made to Play Integrity. Note: This is required if |
| attestationAndroidPlayIntegrityDecryptionKey | string Play Integrity attestation decryption key, used to decrypt the integrity token. Note: This is required if |
| attestationAndroidPlayIntegrityVerificationKey | string Play Integrity attestation verification key, used to validate the integrity token. Note: This is required if |
| lockScope | string Configure lock scope. Allowed values:
|
{- "amountFailuresAllowed": "3"
}{- "amountFailuresAllowed": "3",
- "activationCodeType": "NUMERIC",
- "activationCodeLength": "6",
- "allowedAuthMethods": [
- "DEVICE",
- "DEVICE:PIN",
- "DEVICE:STRONG_TOUCH_ID",
- "DEVICE:IOS_FACE_ID",
- "DEVICE:ANDROID_BIOMETRIC_PROMPT",
- "DEVICE:SERVER_SIDE_FACE"
], - "maxPinCodeLength": "6",
- "pinCodeLength": "6",
- "pinCodeType": "NUMERIC",
- "maximumSessionExpiry": "187200000",
- "sessionExpiry": "300000",
- "apnExpiry": "1",
- "enabledRiskData": [
- "deviceHash",
- "deviceModel",
- "deviceManufacturer",
- "operatingSystemFingerprint",
- "operatingSystemVersion",
- "operatingSystemType"
], - "hwKeyValidationStrategy": "SUPPORTED",
- "nativePushEnabled": "false",
- "firebaseTimeToLive": "0",
- "firebaseServiceAccount": "<Base64 encoded string>",
- "allowedAuthMethodsForAuthAndActivate": [
- "DEVICE:PIN"
], - "recoveryEnabled": "false",
- "recoveryCodeMinLength": "6",
- "recoveryCodeMaxLength": "50",
- "recoveryCodeFormat": "NUMERIC",
- "recoveryCodeAmountFailuresAllowed": "3",
- "apnsNotificationSoundEnabled": "true",
- "geofencingActivationMode": "OFF",
- "geofencingAuthenticationMode": "OFF",
- "geofencingTimeout": "10000",
- "attestationIosAppAttestMode": "OFF",
- "attestationIosAppAttestEnvironment": "PRODUCTION",
- "attestationIosAppAttestTimeout": "20000",
- "attestationAndroidPlayIntegrityMode": "OFF",
- "attestationAndroidPlayIntegrityTimeout": "200000",
- "apnsTimeSensitiveInterruptionLevelEnabled": "true",
- "clientDebugDataEnabledOsTypes": "IOS,ANDROID",
- "lockScope": "DEVICE"
}The Get application configuration operation returns a specified application configuration.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "uuid": "762e9a1a-01f4-4731-a540-4f75dbeae43c",
- "appId": "a-sdge-abcdefghijk123456789",
- "state": "ENABLED",
- "properties": {
- "amountFailuresAllowed": "3",
- "activationCodeType": "NUMERIC",
- "activationCodeLength": "6",
- "allowedAuthMethods": [
- "DEVICE",
- "DEVICE:PIN",
- "DEVICE:STRONG_TOUCH_ID",
- "DEVICE:IOS_FACE_ID",
- "DEVICE:ANDROID_BIOMETRIC_PROMPT",
- "DEVICE:SERVER_SIDE_FACE"
], - "maxPinCodeLength": "6",
- "pinCodeLength": "6",
- "pinCodeType": "NUMERIC",
- "maximumSessionExpiry": "187200000",
- "sessionExpiry": "300000",
- "apnExpiry": "1",
- "enabledRiskData": [
- "deviceHash",
- "deviceModel",
- "deviceManufacturer",
- "operatingSystemFingerprint",
- "operatingSystemVersion",
- "operatingSystemType"
], - "hwKeyValidationStrategy": "SUPPORTED",
- "nativePushEnabled": "false",
- "firebaseTimeToLive": "0",
- "firebaseServiceAccount": "<Base64 encoded string>",
- "allowedAuthMethodsForAuthAndActivate": [
- "DEVICE:PIN"
], - "recoveryEnabled": "false",
- "recoveryCodeMinLength": "6",
- "recoveryCodeMaxLength": "50",
- "recoveryCodeFormat": "NUMERIC",
- "recoveryCodeAmountFailuresAllowed": "3",
- "apnsNotificationSoundEnabled": "true",
- "geofencingActivationMode": "OFF",
- "geofencingAuthenticationMode": "OFF",
- "geofencingTimeout": "10000",
- "attestationIosAppAttestMode": "OFF",
- "attestationIosAppAttestEnvironment": "PRODUCTION",
- "attestationIosAppAttestTimeout": "20000",
- "attestationAndroidPlayIntegrityMode": "OFF",
- "attestationAndroidPlayIntegrityTimeout": "200000",
- "clientDebugDataEnabledOsTypes": "IOS, ANDROID",
- "apnsTimeSensitiveInterruptionLevelEnabled": "true",
- "lockScope": "DEVICE"
}
}The MobileID Admin signing certificates API allows you to get signing certificates, which can be used for certificate verification.
JSON Web Tokens (JWTs) are returned as a result of the MobileID signature operation, and are signed with a private key.
A signing certificate contains the corresponding public key, which can be used to verify the signature.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
The Get list of signing certificates operation returns a list of signing certificates for MobileID.
You can specify the state of the signing certificates that you would like to list.
If a state (state) is not specified in the query parameters, then the operation will return a list containing the current signing certificates and the signing certificates that were used previously.
Note: A previously used signing certificate is a certificate whose corresponding private key has at some point of time, been used for signing JWTs.
| state | string Example: state=ACTIVE The state of the signing certificates that you want to list. This is an an enum, and can be either If not provided, then all certificate types are listed. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "signingCertificates": [
- {
- "certificate": "<PEM encoded Certificate>",
- "sha256Fingerprint": "29:ce:22:91:dc:82:3e:ce:c1:33:67:03:c5:af:b3:03:63:29:ce:22:91:dc:82:9a:8a:e9:49:1e:8a:e9:49:1e",
- "state": "ACTIVE",
- "activatedAt": "2024-11-09T21:59:00.000Z"
}, - {
- "certificate": "<PEM encoded Certificate>",
- "sha256Fingerprint": "11:22:a2:ce:7f:9d:3e:ce:c1:33:67:03:c5:af:b3:03:63:29:ce:22:91:dc:82:9a:8a:e9:49:1e:9b:d0:12:aa",
- "state": "DEACTIVATED",
- "activatedAt": "2024-11-09T21:59:00.123Z",
- "deactivatedAt": "2024-11-09T21:59:00.321Z"
}
]
}The MobileID Admin end-to-end (E2E) keys API provides you with operations related to creating and managing your E2E keys.
We use E2E keys to create an extra encryption layer in addition to the TLS between the MobileID server and the SDK. They are required for configuring the Authenticator App and the mobile SDK.
For each MobileID account, we create a new E2E key during the onboarding process. We strongly recommend that you use this specific key for the corresponding MobileID account and application configuration.
Ensure that you do not share E2E keys between sandbox and production accounts.
Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.
Changing the state of the key. Changing state to DISABLED means that it will no longer be usable for client requests.
| e2eKeyId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the end-to-end key. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| state | string |
{- "state": "DISABLED"
}{- "state": "DISABLED"
}The Get E2E keys operation returns a list of the E2E key objects for the organisation that the account belongs to. This includes both production and sandbox E2E keys.
The maximum number of E2E key objects per list is 20.
You can specify the state of the E2E keys that you would like to list.
If a state (state) is not specified in the query parameters, then the operation will return a list containing E2E keys of all states.
Note: E2E keys have the account name in the E2E key name (name).
| state | string Example: state=ENABLED The state of the E2E keys that you want to list. This is an an enum, and can be either If not provided, then all E2E key types are listed. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "e2eKeys": [
- {
- "id": "op36b8k9-xr2f-996f-9039-a1baba22bc1b",
- "name": "E2E key - migrated",
- "description": "E2E key for QA testing",
- "createdBy": "52e107e6-1ce9-4a4b-a051-612ad888de11",
- "created": "2023-01-05T12:04:24.812Z",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "publicKey": "cHVibGljS2V5VmFsdWU=",
- "state": "ENABLED"
}, - {
- "id": "aaa124e1-fs4d-2rg4-8a3h-aa123a2c7x33",
- "name": "Default E2E key - migrated",
- "description": "Default key/cert generated at first db init",
- "createdBy": "52e107e6-1ce9-4a4b-a051-612ad888de11",
- "created": "2023-01-05T12:04:24.815Z",
- "sha256Fingerprint": "98:23:57:55:25:ec:23:84:hw:22:69:2c:s2:ba",
- "publicKey": "cHVibGljS2V5VmFsdWU=",
- "state": "ENABLED"
}
]
}Create a new end-to-end key. A new end-to-end key pair is generated by the server and the public key is sent back in the response.
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
| name required | string non-empty Name for the end-to-end key |
| description | string Description for the end-to-end key |
{- "name": "Default E2E key - migrated",
- "description": "Default key/cert generated at first db init"
}{- "id": "op36b8k9-xr2f-996f-9039-a1baba22bc1b",
- "name": "Default E2E key - migrated",
- "description": "Default key/cert generated at first db init",
- "createdBy": "52e107e6-1ce9-4a4b-a051-612ad888de11",
- "created": "2023-01-05T12:04:24.812Z",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "publicKey": "cHVibGljS2V5VmFsdWU=",
- "state": "ENABLED"
}Get details for an end-to-end Key.
| e2eKeyId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the end-to-end key. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
{- "id": "op36b8k9-xr2f-996f-9039-a1baba22bc1b",
- "name": "Default E2E key - migrated",
- "description": "Default key/cert generated at first db init",
- "createdBy": "52e107e6-1ce9-4a4b-a051-612ad888de11",
- "created": "2023-01-05T12:04:24.812Z",
- "sha256Fingerprint": "21:31:57:72:33:ec:23:84:ad:30:68:1c:e3:ab",
- "publicKey": "cHVibGljS2V5VmFsdWU=",
- "state": "ENABLED"
}Delete a specific end-to-end key.
| e2eKeyId required | string Example: 82a634bf-a485-457c-90c4-88ddd56319ac The ID of the end-to-end key. |
| signicat-accountid | string Example: signicat-accountid=a-sdge-abcdefghijk123456789 The ID of the Signicat account. This is an optional parameter, as the account ID will be fetched from the access token that you use when initiating the request. |
Account ID missing
{- "title": "An Account ID must be specified for this request",
- "code": "account_id_missing",
- "status": 400,
- "traceId": "4bf239c088089f2bca77d3a413909f1c",
- "detail": "An Account ID must be specified for this request. An AccountID can be specified in three ways. 1) For machine clients configured on an Account, the provided access token will specify the account ID. 2) Account ID can be provided as a query parameter `signicat-accountId=<accountId>`. 3) Account ID can be provided as a HTTP Header `Signicat-AccountId: <accountId>`. A request will be rejected if more than one account ID is specified."
}