Skip to main content
API docs by Redocly

Signicat MobileID API reference (1.0)

Download OpenAPI specification:Download

API Support: support@signicat.com URL: https://developer.signicat.com/support/

Introduction

Signicat's MobileID API offers a simple way to implement strong customer authentication on mobile devices.

The MobileID API is a RESTful API that uses the OAuth 2.0 protocol for authorisation. All request and response bodies are formatted in JSON.

Getting started

To use our MobileID API, you need to complete the following steps:

Before you start

  1. If you do not have an account already, then you need to sign up to Signicat.

  2. In the Signicat Dashboard, you must create an organisation and create an account.

Note: It is also possible to add a domain, but this is not required for MobileID.

  1. To authenticate against our APIs, you need to set up an API client. From this step, you will obtain a Client ID and a Client Secret.

  2. To use MobileID, you need to set the required permissions. Ensure that you select both MobileID API and MobileID Admin API as permissions.

Onboard to MobileID

You need to complete the onboarding of your account for MobileID. To do this, you can either:

Use the Signicat Dashboard

  1. Log in to the Signicat Dashboard.

  2. In the top navigation bar, use the dropdown menu next to your organisation name to select the account that you want to use MobileID on.

  3. In the left-side menu, select Products, then select MobileID..

  4. Click the Add MobileID button.

Use our MobileID Admin REST API

Make a request to the Add MobileID account endpoint in our MobileID Admin API.

Result of the onboarding

As a result of the onboarding, an account is added to the MobileID service. For each MobileID account, we will create an application configuration and an E2E key.

  • The application configuration is identified by an applicationId, and contains specific settings for you app. You can see all of the configurable properties in our application configuration feature documentation.

  • The E2E key is used to end-to-end encryption of all communication between our MobileID SDK and our service.

Configure the app

To configure the Authenticator App and the mobile SDK, you need the following:

Note: Our server URL is the same for both sandbox and production accounts.

To get your Application ID (applicationId) and Public E2E key (publicKey), you can either:

Use the Signicat Dashboard

  1. Log in to the Signicat Dashboard.

  2. In the top navigation bar, use the dropdown menu next to your organisation name to select the account that you have onboarded to MobileID.

  3. In the left-side menu, select MobileID.

  4. Use the tabs for Account and E2E keys to see your Application ID and Public key.

Use our MobileID Admin REST API

  • Make a request to the Get MobileID account endpoint in our MobileID Admin API to fetch your applicationId.

  • Make a request to the Get E2E keys endpoint in our MobileID Admin API to fetch your publicKey.

Get started with MobileID

  1. For the MobileID account, you will be able to create users.

  2. Each user can register one or more devices.

  3. The devices can then be used to perform authentication and authorisation operations.

Using this API

Authorisation

This API uses OAuth 2.0 for authorisation. OAuth 2.0 is an open protocol to allow secure authorisation in a simple and standardised manner.

For more information on how to access the MobileID API, see the Accessing Signicat API products guide in our developer documentation.

Events

When an asynchronous operation completes, or when MobileID gets a notification that a device has changed state, MobileID publishes an event with the operation result.

You can use the Signicat Events service to subscribe to these events, so that you automatically receive the result at your specified notification URI. This is often referred to as callback.

To learn more about MobileID events and how to set up callback, see our Events (MobileID) feature documentation.

Errors

MobileID returns an error object to you as a response when an error occurs. You can cross-reference the details provided in the error object with the table of error IDs below. From this, you can determine how to diagnose and resolve the error.

Note: Some of the errors illustrated are 'Generic errors', and can describe a number of possible issues. If you require support, you can contact us at support@signicat.com.

Error object

For MobileID, the error object can be made up from the following 7 fields:

Field name Description Type/format requirement
type URI to the documentation that describes the error. String
title A summary of the error type (this does not change between occurrences of the error). String
code A machine-readable string, indicating the error code. This is a constant. String
status The HTTP status code generated by the origin server (specific to this occurrence of the error). HTTP status code
traceId The unique identifier of the request in the tracing system. This makes it possible for us to trace the history of the request in detail. String
detail An explanation of the error (specific to this occurrence of the error). String
invalidParams List of request parameters that have failed the validation. Contains the parameter name and the reason for validation failure. String


Example 1: Response with error object

An example response with error object from MobileID: 

{
    "type": "https://api.signicat.com/mobileid/core/openapi.json",
    "title": "User entity does not exist",
    "code": "user_entity_does_not_exist",
    "status": 404,
    "traceId": "4bf239c088089f2bca77d3a413909f1d",
    "detail": "Failed fetching user with user ID : 90e1b3e5-93a7-458e-b42b-d1b57e65e26a and account ID : a-sdge-Abcdefghijk123456789."
}

In this example, we can determine that the user entity (referred to by the userId in the request) does not exist.

The detail describes which user ID and account ID this refers to, so that you can take action accordingly.


Example 2: Response with error object

An example response with error object from MobileID, containing multiple invalid request parameters: 

{
    "type": "https://api.signicat.com/mobileid/core/openapi.json",
    "title": "Invalid request parameter",
    "code": "invalid_request_parameter",
    "status": 400,
    "traceId": "4bf239c088089f2bca77d3a413909f1d",
    "detail": "Your request body parameters have failed validation."
    "invalidParams": [
        {
            "name": "userId"
            "reason": "userId cannot be null or empty"
        },
        {
            "name": "deviceId"
            "reason": "deviceId cannot be null or empty"
        }
    ]
}

In this example, we can determine that multiple request parameters have failed the validation.

The invalidParams describes which request parameters have failed the validation, so that you can modify them to pass the validation.

Error IDs

Error code Status (HTTP) Error description
access_token_missing 401 The access token is missing from the request.
internal_error 500 Internal error that requires no action from you. In the rare case that this error persists, please contact our support at support@signicat.com.
internal_subsystem_error 4xx/50x Internal error that requires no action from you. In the rare case that this error persists, please contact our support at support@signicat.com.
invalid_request 400/404/405/406/415 Generic error to indicate that the request being made is invalid.

There are a number of possible causes for this error, such as:
  • If a required query parameter is missing.
  • If the wrong HTTP operation type is sent.
request_parsing_error 400 Error when parsing the request, due to invalid JSON formatting.
unknown_property 400 The property being passed in the request is either incorrect or misspelled.

You will also receive this error if the property being passed is correct, but its placement in the request is incorrect.
missing_identifier 400 When the device ID (deviceId) or user ID (userId) are missing in the resource path.
missing_request_parameter 400 When device object, device ID (deviceId), or user ID (userId) are missing in the request payload.
invalid_request_parameter 400/404 Generic error to indicate that the request being made contains an invalid parameter, or that no parameter has been supplied.

There are a number of possible causes for this error, such as:
  • If no parameter is supplied when you are resolving the external reference with an API call (externalRef = null).
  • If the enumerated values being passed are not valid (if they are incorrect, or do not belong to the allowed set of values).
invalid_identifier 400/404 The supplied identifier uses an invalid character.

For globally unique identifiers (GUIDs):
  • User ID (userId)
  • Device ID (deviceId)
The allowed character set is:
REGEX = "^[a-z0-9][a-z0-9\-]*$";

For other identifiers:
  • External reference (externalRef)
  • Attribute name (attrName)
The allowed character set is:
REGEX = "^[a-z_0-9][a-z_0-9~\.\-:@]*$";
identifier_too_long 400 The supplied identifier exceeds the maximum character length.

Maximum character lengths for the identifiers are as follows:
  • External reference (externalRef): 128 characters
  • Attribute name (attrName): 128 characters
  • Attribute value (attrValue): 256 characters
  • Any globally unique identifier (GUID): 36 characters
user_entity_does_not_exist 404 The user entity referred to by the user ID (userId) does not exist.
user_entity_is_locked 409 The user entity referred to by the user ID (userId) does exist, but is in a LOCKED state, and is therefore invalid for the requested operation.
user_entity_already_exists 409 A new user entity cannot be added, as the user entity with that external reference (externalRef) already exists for this account.
device_does_not_exist 404 The device referred to by the device ID (deviceID) does not exist.
device_is_locked 400 The device referred to by the device ID (deviceID) does exist, but is in a LOCKED state, and is therefore invalid for the requested operation.
transaction_id_does_not_exist 404 The transaction (with the transaction ID specified for this get<Resource> API call) cannot be found.
invalid_operation 400/403/404/ The operation cannot be cancelled, as the session for this operation does not exist.
exceeding_user_attribute_limit 400 The maximum limit for the number of user attributes (100) has been exceeded.
exceeding_user_device_limit 400 The maximum limit for the number of user devices (30) has been exceeded.
exceeding_sandbox_device_limit 405 The maximum limit for the number of sandbox devices (100) has been exceeded.
passportscan_not_enabled 424 Passport scan is not enabled.
passportscan_cannot_be_cancelled 422 The passport scan cannot not be cancelled.
multiple_pending_proofings 500 Multiple pending proofings.
user_proofing_does_not_exist 404 The user proofing does not exist.

Response headers

All MobileID responses set the following headers:

Header name DescriptionType
X-TRACE-ID The unique identifier of the request in the tracing system. This makes it possible for us to trace the history of the request in detail.String

Common concepts

Authentication levels

Possible values to use for the authentication level.

Authentication level Description
ONE_FACTOR One factor authentication.
TWO_FACTOR Two factor authentication.

App Attest statuses

App Attest statuses Description
VERIFIED Attestation verification was successful.
FAILED_CLIENT_APPLE_SERVER_UNAVAILABLE Attestation failed because the Apple App Attest server was unavailable.
FAILED_CLIENT_NOT_SUPPORTED Attestation failed because Apple App Attest is not supported on the device.
FAILED_CLIENT_UNEXPECTED_ERROR Attestation failed because of an unexpected error; you can find further details in the error message.
FAILED_CLIENT_TIMEOUT Attestation failed because the request took longer than the configured timeout.
FAILED_VALIDATION_EXCEPTION Validation of the attestation object failed because the integrity check failed.

Authentication methods

Possible values to use for the authentication method.

Authentication method Description
DEVICE Device.
DEVICE_PIN PIN code.
DEVICE_IOS_FACE_ID Face ID for iOS.
DEVICE_STRONG_TOUCH_ID Touch ID for iOS, where the registered fingerprints at activation time cannot be updated.
DEVICE_ANDROID_BIOMETRIC_PROMPT Biometric ID for Android.
DEVICE_SERVER_SIDE_FACE Server side face authentication.

Geofencing client statuses

Possible values for the geofencing clientStatus field.

Status Description
OK The country code was obtained.
LOCATION_NOT_ENABLED Either:
  • The location was not requested by the SDK.
  • The end-user declined access to location services for the SDK on their device.
LOCATION_TIMEOUT The device did not obtain a location within the configured accuracy before timeout.
LOCATION_MOCKED Android devices only

The location of the device was mocked.

This is based on the location methods isFromMockProvider() and isMock(), which indicate whether this location is marked as a mock location.

Note: To test faking the GPS location of the device, you can download and install a mock location app, then enable it in the Developer options on the device.
GEOCODER_NOT_SUPPORTED Android devices only

Geocoder is not supported on the device.
GEOCODER_NETWORK_ERROR Either:
  • The geocoder network or service is not available.
  • Too many requests have been made to the geocoder service (offered by Apple or Google), as it is rate-limited for each app.
GEOCODER_UNEXPECTED_ERROR An unexpected geocoder error occurred.
GEOCODER_TIMEOUT The geocoder call did not finish within time the limit.
GEOCODER_NO_RESULT_FOUND The reverse geocode request yielded an empty result for the current location.

Geofencing server boundary validation statuses

Possible values for the geofencing serverBoundaryValidation field.

Status Description
SUCCESS The evaluation of the country against the allowed region succeeded.
FAILURE The evaluation of the country against the allowed region failed.

Hardware-protected key client statuses

Possible values for the hwKeyClientStatus attribute.

Status Description Operation
OK_KEY_PROVIDED Activation of hardware-protected keys was successful on the client. Registration
OK_SIGNED_SUCCESS The authentication challenge was successfully signed with the hardware-protected key on the client. Authentication, Signature
INFO_NO_HARDWARE_SUPPORT The client device does not have Secure Enclave, or it is running in a simulator.

Note: This is only applicable for iOS.		 Registration
INFO_NO_OPERATING_SYSTEM_SUPPORT The client operating system does not support hardware-protected keys.
It is supported on:
  • Android 6 (most devices)
  • Android 7 or later (all devices)
  • iOS 10 or later (devices with Secure Enclave)
 Registration
INFO_NOT_ACTIVATED_WITH_HW_KEY The registration was not activated with hardware-protected keys support, because the device hardware does not support hardware crypto-protected keys. Authentication, Signature
ERR_KEY_GENERATION_FAILED There was an unexpected error during the generation of a keypair on the client. Registration
ERR_RETRIEVE_PUBLIC_KEY_FAILED There was an unexpected error retrieving the public key.

Note: This is only applicable for iOS.		 Registration
ERR_RETRIEVE_PRIVATE_KEY_REF_FAILED There was an unexpected error when retrieving the reference to the private key. Registration, Authentication, Signature
ERR_SIGN_OPERATION_FAILED There was an unexpected error when generating the signature. Registration, Authentication, Signature

Hardware-protected key server results

Possible values for the hwKeyServerResult attribute.

Status Description Validation strategy
SIGNATURE_VERIFICATION_SUCCESS Verification of the hardware-protected key signature was successful. The operation will be successful in both validation strategies (SUPPORTED, RISK_PARAMS).
SIGNATURE_VERIFICATION_FAILED Verification of the hardware-protected key signature failed. The operation will fail if using the SUPPORTED validation strategy.
NOT_ACTIVATED_WITH_HW_KEY The signature could not be verified because the registration was not activated with hardware-protected keys.

Note: This is only applicable for authentication.		 The operation will not fail, regardless of which validation strategy is used (SUPPORTED, RISK_PARAMS).
NOT_PROVIDED_BY_CLIENT The client is on an Encap version that does not support the hardware-protected keys feature.

Note: This is only applicable for registration.		 The operation will not fail, regardless of which validation strategy is used (SUPPORTED, RISK_PARAMS).

The device will be activated without hardware-protected keys. The device will be able to perform all operations, but will not be able to use the hardware-protected keys feature.

To enable this feature, the client must use Encap version 3.8 or newer.

Lock reason

Lock reason Description
OPEN The device is unlocked.
DEVICE_OR_PIN_VERIFICATION_FAILED The device is locked due to a failed authentication, caused by use of the wrong device and/or a second-factor error (incorrect PIN code or biometrics).
LOCKED_BY_ADMIN The device is locked by administrative operation.
DEVICE_VERIFICATION_FAILED The device is locked due to a failed authentication with the wrong device.
PIN_VERIFICATION_FAILED The device is locked due to a failed authentication, caused by a second-factor error (incorrect PIN code or biometrics).
INCORRECT_SALT_KEY_ID The device is locked because it provided an incorrect Salt-key ID.
HW_KEY_VERIFICATION_FAILED The device is locked because it failed the verification of the hardware-protected key (the key provided was incorrect).
APPATTEST_VERIFICATION_FAILED The device is locked because it failed the verification of the App Attest attestation.
PLAYINTEGRITY_VERIFICATION_FAILED The device is locked because it failed the verification of the Play Integrity attestation.

Operation context maximum character length

The maximum character length that the operation context content (content) can be for the different MobileID operations.

Property name Registration Authentication Signature
Pre-operation context content (content) Not applicable. 5000 characters. 20000 characters.
Post-operation context content (content) 5000 characters. 5000 characters. 5000 characters.

Operation error codes

Operation error code Description
CANCELLED_BY_DEVICE The operation failed because the session was cancelled by the device.
CANCELLED_BY_SP The operation failed because the session was cancelled by the service provider.
CANCELLED_AUTH_METHOD_DEACTIVATED The operation failed because the session was cancelled by the device. The device started a deactivation of authentication method(s).
CANCELLED_NEW_ACTIVATION The operation failed because the session was cancelled when a new activation was started.
EXPIRED The operation failed because the session has expired.
LOCKED The operation failed because the device is locked.
LOCKED_BY_ADMIN The operation failed because the device is locked by admin.
LOCKED_DEVICE_VERIFICATION_FAILED The operation failed because the device is locked by device verification.
LOCKED_PIN_VERIFICATION_FAILED The operation failed because the device is locked by PIN verification.
LOCKED_INCORRECT_SALT_KEY_ID The operation failed because the device is locked by incorrect Salt-key ID.
CALLBACK_FAILED The operation failed because the session callback failed. Legacy value from synchronous callback model.
LOCKED_HW_KEY_VERIFICATION_FAILED The operation failed because the device provided incorrect signed challenge.
LOCKED_INTERMEDIATE_PUSH_VERIFICATION_FAILED The operation failed because the intermediate push attestation validation failed.
CANCELLED_INTERMEDIATE_PUSH_REQUIRED The operation failed because of missing intermediate push attestation details.
AUTHORIZATION_TOKEN_VERIFICATION_FAILED The operation failed because authorisation token validation failed.
CANCELLED_PERFORM_RECOVERY_STARTED The operation failed because the session was cancelled when recovery was started.
FAILED_RECOVERY_DOES_NOT_EXIST The operation failed because the recovery does not exist.
LOCKED_PERFORM_RECOVERY_FAILED The operation failed because the recovery is locked.
GEOFENCING_FAILED The operation failed because the geofencing validation failed.
LOCKED_APPATTEST_VERIFICATION_FAILED The operation failed because the App Attest validation failed.
CANCELLED_APPATTEST_REQUIRED The operation failed because of missing App Attest attestation details.
CALLBACK_PROCESSING_ERROR The operation failed because of an error in the data sent from the client.
LOCKED_PLAYINTEGRITY_VERIFICATION_FAILED The operation failed because the Play Integrity attestation validation failed.

Operation states

The state of the operation. The state and the values that are returned in the response depend on the API call you are executing.

Operation status Description
PENDING The operation has been successfully initiated, and is waiting for the device to complete the operation.
COMPLETED The operation has been completed.
FAILED The operation has failed. The response contains an errorCode, and the cause of the error is given in the errorDescription. See operation error codes for possible values.

Operation types

Operation type Description
REGISTRATION The operation type is registration.
RE_REGISTRATION The operation type is re-registration.
AUTHENTICATION The operation type is authentication.
SIGNING The operation type is signing.
PASSPORT_SCAN The operation type is passport scan.
RECOVERY An existing recovery has been used to perform a recovery for a new device.
AUTH_AND_ACTIVATE An additional authentication method is activated for an existing device.
AUTH_AND_DEACTIVATE An authentication method is deactivated for an existing device.
ADD_OR_UPDATE_RECOVERY A recovery is set up for an existing device.

Passport scan states

The status of the passport scan.

Passport scan status Description
ACCEPTED The passport verification was successful.
REJECTED The passport verification has failed.
INCONCLUSIVE It was not possible to finish the passport scan operation. There are multiple reasons why a verification may fail, therefore the end-user should retry 1-2 more times.
FAILED The operation has failed.

Play Integrity statuses

Play Integrity attestation status for the device.

Play Integrity status Description
VERIFIED Attestation verification was successful.
FAILED_INTEGRITY_CHECK Attestation failed because the integrity check failed.
FAILED_UNRECOGNIZED_PLAY_APP Attestation failed because the Google Play app is unrecognized.
FAILED_UNLICENSED_PLAY_APP Attestation failed because the Google Play app is unlicensed.
FAILED_INCORRECT_PACKAGE_NAME Attestation failed because of incorrect package name.
FAILED_INVALID_JWS Attestation failed because of invalid JWS format.
FAILED_CLIENT_API_FAILURE Attestation failed because Google Play Integrity returned an API exception.
FAILED_CLIENT_TIMEOUT Attestation failed due to request taking longer than the configured timeout.
FAILED_INCORRECT_NONCE Attestation failed because of incorrect nonce.
FAILED_MISSING_JWS Attestation failed because of missing JWS.
FAILED_MISSING_STATUS Attestation failed because of missing status returned from the client.
FAILED_INVALID_TIMESTAMP Attestation failed because the timestamp is not within the lifetime of the Encap server session.
FAILED_CLIENT_PLAY_SERVICES_OUT_OF_DATE Attestation failed due to client doesn't have Google Play or the version is too old.

Recovery statuses

Recovery status Description
ACTIVATED Recovery has been set up for the device and is ready to be used.
DEACTIVATED Recovery has been deactivated.
RECOVERED Recovery has been used to recover the device.
LOCKED Recovery has been locked.

Risk attributes

The risk attributes that can be collected for the device.

You can configure which attributes are collected in the application configuration.

  • Risk attributes marked with Yes in the Always configured column are always collected, for debugging purposes.
  • Risk attributes marked with No in the Always configured column are only collected if configured in the application configuration.
  • The Platform column indicates whether the risk attribute is available for Android, iOS, or both.
Risk attribute Type Description Always collected Platform
operatingSystemFingerprint String A fingerprint of the operating system. You can use this to detect whether the device is running a custom ROM or operating system. Yes Android
operatingSystemVersion String The operating system version of the mobile device.

Examples: 6.0.1, iOS 14.4		 Yes Android, iOS
inputMethod String The input method that was used to enter text in the application. You can use this to detect when a custom keyboard is being used on the device.

Note: See Create an input method in the Android developer documentation for details.		 No Android
isDebuggable Boolean Indicates whether the application running can be debugged using a source-level debugger, either by manifest entry or in an emulator.

Note: Looks for android:debuggable=true in the manifest.		 No Android
isDebugEnabled Boolean Indicates whether debug is enabled on the mobile device, either by the end-user setting (USB-debugging enabled) or when running in emulator (debugging enabled by default). No Android
isDebuggerConnected Boolean Indicates whether a debugger is connected to the application. No Android
isEmulator Boolean Indicates whether the application is running in an emulator. No Android
isRootAvailable Boolean Indicates whether or not the mobile device has been rooted/jailbroken.

Note: For iOS, this value has to be passed to Encap using the setRiskParameter API.

If the application is using Shield, then the callback value can be passed to Encap.		 No Android, iOS
isSecureScreenLockEnabled Boolean Indicates whether or not the mobile device has secure screen enabled.

Note: This indicates whether the end-user has enabled either biometric or passcode authentication for unlocking their mobile device.		 No Android, iOS
isUnknownSourcesEnabled Boolean Indicates whether the mobile device allows installation of apps outside of the app store. No Android (Android 9 and older only)
serverClientIp String The host address that the request originated from. It contains the value of the X-Forwarded-For (XFF) header from the request, and can contain multiple IP addresses depending on proxy and load balancers.

Note: If XFF is not present, we will use the remote address of the request. It can be either the IP of the client or the last proxy that sent the request.

It is specified by the value of the Common Gateway Interface (CGI) variable REMOTE_ADDR.		 No Android, iOS
signerHashes Base64 A SHA-256 hash of the public key, certificate, and application signer. If there are more signers, then each hash is comma-separated.

Note: You can use this to detect whether the application has been re-signed.		 No Android
userAgent String The HTTP User-Agent as reported from the mobile device application. No Android, iOS
deviceHash Base64 The SHA256 hash of the unique hardware device ID for the client device. Yes Android, iOS
deviceManufacturer String The manufacturer of the mobile device.

Examples: Samsung, Apple.		 Yes Android, iOS
deviceModel String The model name of the mobile device.

Examples: Nexus S, iPad2,2		 Yes Android, iOS
operatingSystemType String The operating system type of the mobile device.

Examples: Android, iOS		 Yes Android, iOS
applicationHash Base64 The SHA256 hash of the application name.

Note: The server can use this for detecting re-packaging.		 No Android, iOS
clientSideIp JSON An array containing the client network interfaces. This includes the type of the network and the IP address.

Note: The list can contain multiple interfaces if the end-user's device is connected to more than one at the time of the transaction.

Examples: [{"Type":"Cellular","IPAddress":"123.123.123.123"}, {"Type":"Wifi","IPAddress":"124.124.124.124"}]		 No Android, iOS
hwKeyClientStatus String The status of the hardware-protected key signature preformed by the Encap client SDK.

Note: See Hardware-protected key client statuses for possible values.		 No Android, iOS
hwKeyServerResult String The result of the hardware-protected key signature verification on the Encap server.

Note: See Hardware-protected key server results for possible values.		 No Android, iOS
batteryLevel Integer The battery level of the mobile device, given as a percentage. No Android, iOS
isPowerConnected Boolean Indicates whether or not the mobile device is being charged or is connected to a charger. No Android, iOS

User

The MobileID user API provides you with operations related to creating and managing users (sometimes referred to as identities) for MobileID.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

Most operations in the MobileID service require a MobileID user, which is identified by a valid user ID (userId).

A user may optionally contain attributes such as an address or phone number, in the form of key-value pairs.

A MobileID user can have two different states:

User stateDescription
ACTIVEAn active state represents a normal MobileID user which is successfully registered.
LOCKEDA locked state represents a MobileID user which has been locked.

You cannot perform any device operations on a MobileID user in a locked state.

Create user

The Create user operation creates a valid MobileID user with an active (ACTIVE) user state (state).

Once the user is successfully created, a unique user ID (userId) is generated. This userId is then used to identify the user in all subsequent MobileID operations.

Request Body schema: application/json
required
externalRef
string

An identifier generated by you (the customer), that points to the user ID (userId) generated by MobileID when a new user is created.

The identifier must

  • be unique in the scope of the account
  • have a max length of 128 characters.
segment
string

An optional parameter, used for segmentation of end-users and their corresponding transactions.

It can have any value, but it cannot exceed the maximum possible length of 128 characters.

object

The user attributes, given as key-value pairs.

The keys must:

  • Start with a letter (a-z), digit or an underscore (_).
  • Contain only digits, lowercase letters (a-z), or certain special characters (-._~:@).
  • Have a max length of 128 characters.
The values must have a max length of 256 characters.

Responses

Request samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "SE",
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "SE",
  • "id": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "created": "2022-08-23T12:28:57.123Z",
  • "state": "ACTIVE",
  • "attributes": {
    }
}

Resolve external reference

The Resolve external reference operation resolves a specified external reference for an end-user and returns the associated user ID (userId) to use for subsequent MobileID operations.

Request Body schema: application/json
required
externalRef
string

An identifier generated by you (the customer), that points to the user ID (userId) generated by MobileID when a new user is created.

The identifier must

  • be unique in the scope of the account
  • have a max length of 128 characters.

Responses

Request samples

Content type
application/json
{
  • "externalRef": "Empl10300469"
}

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e"
}

Get user

The Get user operation retrieves detailed information for a MobileID user, specified by the user ID (userId).

path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "SE",
  • "id": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "created": "2022-08-23T12:28:57.123Z",
  • "state": "ACTIVE",
  • "attributes": {
    }
}

Delete user

The Delete user operation deletes a MobileID user, specified by the user ID (userId).

Only user entities in a locked (LOCKED) user state (state) can be deleted.

path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{}

Update user

The Update user operation updates the attributes of a MobileID user, specified by the user ID (userId).

To do this, you must specify the key-value pairs that you want to add, update or remove. If an attribute is not mentioned, it will stay the same.

In summary, this means that:

  • If the attribute in the list does not exist, then the new attribute will be added.
  • If the attribute in the list already exists, then the existing attribute will be updated (patched).
  • If the attribute in the list already exists and null is specified, then the existing attribute will be removed.
  • If the attribute in the list does not exist and null is specified, then no action will occur.

Example

If the following attributes were given in the Create user operation:

{
    "externalRef":"test1",
    "attributes": {
        "abc": "123",
        "def": "456",
        "ghi": "789"
    }
}

And the following attributes were given in the Update user operation:

{
    "abc": "example1",
    "xxx": "example2",
    "ghi": null
}

Then the result would be the following attributes:

{
    "abc": "example1",
    "def": "456",
    "xxx": "example2"
}
path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

Request Body schema: application/json
required
externalRef
string

An identifier generated by you (the customer), that points to the user ID (userId) generated by MobileID when a new user is created.

The identifier must

  • be unique in the scope of the account
  • have a max length of 128 characters.
segment
string

An optional parameter, used for segmentation of end-users and their corresponding transactions.

It can have any value, but it cannot exceed the maximum possible length of 128 characters.

state
string
Enum: "ACTIVE" "LOCKED"

The state of the user.

This is returned as an enum, and can be either ACTIVE or LOCKED.

object

The user attributes, given as key-value pairs.

The keys must:

  • Start with a letter (a-z), digit or an underscore (_).
  • Contain only digits, lowercase letters (a-z), or certain special characters (-._~:@).
  • Have a max length of 128 characters.
The values must have a max length of 256 characters.

Responses

Request samples

Content type
application/json
{
  • "segment": "NO",
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "NO",
  • "id": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "created": "2021-01-21T22:47:27.123Z",
  • "lastUsed": "2021-01-21T22:47:27.123Z",
  • "state": "ACTIVE",
  • "attributes": {
    }
}

Get transactions for user

The Get transactions for user operation returns a list of device transactions for an end-user's devices.

Note: The list contains device transactions from all of their available devices.

path Parameters
userId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

query Parameters
deviceId
string
Example: deviceId=20874199-f4d1-4e9d-86ee-dd4a46030acb

An optional parameter that you should only pass if you get an error due to a broadcast operation.

limit
string
Example: limit=10

An optional parameter that determines the number of objects (device transactions) that are shown on each page.

It must be a whole number ranging from 1 to 100.

If not provided, the the default value of 100 will be used.

offset
string
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

An optional parameter that determines the ID of the first transaction to include in the operation response, specified by the transaction ID (transactionId).

If not provided, then the result will start with the first transaction in the device history.

Responses

Response samples

Content type
application/json
{
  • "previous": "/users/d910994d-80b2-4125-a6b1-062b5b2f43ba/transactions?limit=1&offset=39277b72-53c2-4780-ad56-a8c8d8a33542",
  • "next": "/users/d910994d-80b2-4125-a6b1-062b5b2f43ba/transactions?limit=1&offset=a1c66944-e5e3-46e3-ba36-750622205ef3",
  • "limit": 1,
  • "transactions": [
    ]
}

Get proofings for user

The Get proofings for user operation returns a list of proofings for an end-user, from the stored proofing data.

The list of proofings contains:

  • The proofing operation.
  • The proofing state.
  • The expiry time.
path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    },
  • {
    },
  • {
    }
]

Registration

The MobileID registration API provides you with operations related to registering devices for MobileID.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All registration operations return a registration response containing an operation state.

Registration modes

There are two registration modes (registrationMode) for creating and updating a registration:

Registration mode Description
REGISTRATION Registration (REGISTRATION) is the default registration mode, and will be set automatically if no registration mode is specified in the request for the Start registration operation.

You can also set this manually by specifying REGISTRATION as the registration mode.
RE_REGISTRATION In re-registration (RE_REGISTRATION) mode, users can be re-registered and create new login credentials on the same device ID (deviceId), given that they are using the same device that they were originally enrolled on. This allows you to reuse the same device ID, instead of creating a new one.

To trigger a re-registration, you must set RE_REGISTRATION as the registration mode in the Start registration operation.

Operation context

When you perform a registration, you can use our post-operation context (postOperationContext).

To learn more, see our operation context feature documentation.

Start registration

The Start registration operation initiates a registration for the end-user's device.

The operation response is returned with an operation state (state) set to PENDING, as the end-user now has to complete the operation on their device.

The operation response contains:

  • A transaction ID (transactionId) that will be used for subsequent operations, such as checking the status of the operation.
  • An activation code (activationCode) which is to be used for registration of the device in the app.
Request Body schema: application/json
required
userId
required
string

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

object (DeviceRequest)

An object that contains the properties of the device to be used for this operation.

For registration:

  • When a REGISTRATION is executed, this object is optional. If specified, you can only supply the device name, since the device id is generated by this operation.
  • When a RE_REGISTRATION of the existing device is executed, then this object is mandatory and the id field must be specified.

For authentication or signing

  • The device object is mandatory except if broadcast is enabled.
  • If broadcast is enabled, then then the device object does not need to be supplied.
  • See the broadcast (broadcast) operation property for details.
tags
Array of strings

Used to tag callback event to enable filtering.

object (RegistrationOperationPropertiesRequest)

An object that describes the properties used to carry out the operation.

Responses

Request samples

Content type
application/json
{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "operationProperties": {
    }
}

Response samples

Content type
application/json
{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2021-01-21T22:47:27.123Z",
  • "device": {
    },
  • "user": {
    }
}

Get state of ongoing registration

The Get state of ongoing registration operation returns the registration response with an operation state for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a registration is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2021-01-21T22:47:27.123Z",
  • "device": {
    },
  • "user": {
    }
}

Cancel ongoing registration

The Cancel ongoing registration operation allows you to cancel the ongoing registration for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'mobileid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Authentication

The MobileID authentication API provides you with operations related to authentication and authorisation for MobileID.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All authentication operations return an authentication response containing an operation state.

Operation context

When you perform an authentication, you can use our pre-operation context (preOperationContext) and post-operation context (postOperationContext).

To learn more, see our operation context feature documentation.

Start authentication

The Start authentication operation initiates an authentication on the end-user's device.

The operation response is returned with an operation state (state) set to PENDING, as the end-user now has to complete the operation on their device.

The operation response contains a transaction ID (transactionId) that will be used for subsequent operations, such as checking the status of the operation.

Request Body schema: application/json
required
userId
required
string

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

object (DeviceRequest)

An object that contains the properties of the device to be used for this operation.

For registration:

  • When a REGISTRATION is executed, this object is optional. If specified, you can only supply the device name, since the device id is generated by this operation.
  • When a RE_REGISTRATION of the existing device is executed, then this object is mandatory and the id field must be specified.

For authentication or signing

  • The device object is mandatory except if broadcast is enabled.
  • If broadcast is enabled, then then the device object does not need to be supplied.
  • See the broadcast (broadcast) operation property for details.
tags
Array of strings

Used to tag callback event to enable filtering.

object (AuthenticationOperationPropertiesRequest)

An object that describes the properties used to carry out the operation.

Responses

Request samples

Content type
application/json
Example

The device is specified.

{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "operationProperties": {
    },
  • "tags": [
    ]
}

Response samples

Content type
application/json
Example

The device is specified.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:01:37.123Z",
  • "device": {
    },
  • "user": {
    },
  • "tags": [
    ]
}

Get state of ongoing authentication

The Get state of ongoing authentication operation returns the authentication response with an operation state for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when an authentication is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:01:37.123Z",
  • "device": {
    },
  • "user": {
    },
  • "tags": [
    ]
}

Cancel ongoing authentication

The Cancel ongoing authentication operation allows you to cancel the ongoing authentication for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'mobileid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Signature

The MobileID signature API provides you with operations related to signing for MobileID.

You can read more about the signature operation in our Signature feature documentation.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All signature operations return a signature response containing an operation state.

Operation context

When you perform a signing, you can use our pre-operation context (preOperationContext) and post-operation context (postOperationContext).

To learn more, see our operation context feature documentation.

Start signing

The Start signing operation initiates a signing on the end-user's device.

The operation response is returned with an operation state (state) set to PENDING, as the end-user now has to complete the operation on their device.

The operation response contains a transaction ID (transactionId) that will be used for subsequent operations, such as checking the status of the operation.

Request Body schema: application/json
required
userId
required
string

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

object (DeviceRequest)

An object that contains the properties of the device to be used for this operation.

For registration:

  • When a REGISTRATION is executed, this object is optional. If specified, you can only supply the device name, since the device id is generated by this operation.
  • When a RE_REGISTRATION of the existing device is executed, then this object is mandatory and the id field must be specified.

For authentication or signing

  • The device object is mandatory except if broadcast is enabled.
  • If broadcast is enabled, then then the device object does not need to be supplied.
  • See the broadcast (broadcast) operation property for details.
tags
Array of strings

Used to tag callback event to enable filtering.

object (SignatureOperationPropertiesRequest)

An object that describes the properties used to carry out the operation.

Responses

Request samples

Content type
application/json
{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "operationProperties": {
    }
}

Response samples

Content type
application/json
{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:03:23.123Z",
  • "device": {
    },
  • "user": {
    }
}

Get state of ongoing signing

The Get state of ongoing signing operation returns the signing response with an operation state for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a signing is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:03:23.123Z",
  • "device": {
    },
  • "user": {
    }
}

Cancel ongoing signing

The Cancel ongoing signing operation allows you to cancel the ongoing signing for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{}

Device management

The MobileID device management API provides you with operations related to device management for MobileID.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All device management operations require:

  • A MobileID user, identified by a user ID (userID).
  • A registered device, identified by a device ID (deviceID).

Get recovery lock

You can use the Get recovery lock operation to check whether the MobileID account recovery feature is locked or not for a given end-user's device, specified by the device ID (deviceID).

If the account recovery feature is enabled in the application configuration, then all devices can use account recovery by default, and the recovery lock (recoveryLock) parameter will have value false.

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "recoveryLock": false
}

Update recovery lock

You can use the Update recovery lock operation to disable the MobileID account recovery feature for a given end-user's device, specified by the device ID (deviceID).

This is done by updating the recovery lock (recoveryLock) parameter to true. This means that recovery operations cannot be performed.

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
recoveryLock
boolean

A setting for a user's device which indicates whether the account recovery feature is enabled or not.

  • When false, the account recovery feature is enabled and recovery operations can be performed.
  • When true, the account recovery feature is disabled and recovery operations can not be performed.

Responses

Request samples

Content type
application/json
{
  • "recoveryLock": true
}

Response samples

Content type
application/json
{
  • "recoveryLock": true
}

Get geofencing settings

Retrieve geofencing configuration for the given device.

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "mode": "OPTIONAL",
  • "allowedContinents": "EU",
  • "allowedCountries": "CT",
  • "deniedCountries": "RU"
}

Update geofencing settings

Update geofencing configuration for the given device

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
mode
string

The geofencing mode.

This can be either OFF, OPTIONAL, or REQUIRED.

allowedContinents
string

Comma-separated list of continents where authentication is allowed for a specific device, in a two-letter continent code format.

This can be either AF, NA, OC, AN, AS, EU, or SA.

allowedCountries
string

Comma-separated list of countries where authentication is allowed for a specific device, in an ISO 3166-1 alpha-2 two-letter country code format.

These countries are in addition to those covered by the allowed continents parameter.

You can find a list of countries and corresponding codes at GeoNames.

deniedCountries
string

Comma-separated list of countries where authentication is not allowed for a specific device, in an ISO 3166-1 alpha-2 two-letter country code format.

These countries will be excluded from those covered by the allowed continents parameter.

You can find a list of countries and corresponding codes at GeoNames.

Responses

Request samples

Content type
application/json
{
  • "mode": "OPTIONAL",
  • "allowedContinents": "EU",
  • "allowedCountries": "CT",
  • "deniedCountries": "RU"
}

Response samples

Content type
application/json
{
  • "mode": "OPTIONAL",
  • "allowedContinents": "EU",
  • "allowedCountries": "CT",
  • "deniedCountries": "RU"
}

Delete geofencing settings

Delete geofencing configuration for the given device

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{}

Get device

The Get device operation retrieves detailed information for an end-user's device, specified by the device ID (deviceId).

You can use the detailed (detailed) query parameter to return a more extensive set of device information in the operation response.

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

detailed
string
Example: detailed=true

Control whether the device details object (deviceDetails) is returned in the response.

To return this object, you must set this parameter to true.

Responses

Response samples

Content type
application/json
Example

The default response, when detailed is not set to 'true'.

{
  • "id": "20874199-f4d1-4e9d-86ee-dd4a46030acb",
  • "name": "sampleDevice",
  • "state": "ACTIVE",
  • "lastOperationType": "AUTHENTICATION",
  • "lastUsed": "2021-01-21T22:47:27.123Z",
  • "created": "2021-01-21T22:47:27.123Z"
}

Delete device

The Delete device operation deletes an end-user's device, specified by the device ID (deviceId).

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{}

Update device

The Update device operation updates the properties of an end-user's device, specified by the device ID (deviceId).

Update properties such as:

  • The device name.
  • The device state (whether the device is locked or not).
  • The device lock reason (pass information about why the device is locked).
path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
name
string

The new name for the end-user's device.

The device name must:

  • Start with a letter (a-zA-Z), digit or an underscore (_).
  • Only contain digits, letters (a-zA-Z), spaces or certain special characters (-._~:@).
  • Have a max length of 128 characters.
state
string

The new state of the end-user's device.

This is returned as an enum, and can be either ACTIVE or LOCKED.

lockReason
string

Information about why the device is locked.

This can be added if the device is in a locked (LOCKED) state.

Responses

Request samples

Content type
application/json
{
  • "name": "My New iPhone",
  • "state": "LOCKED",
  • "lockReason": "Admin operation"
}

Response samples

Content type
application/json
{
  • "id": "20874199-f4d1-4e9d-86ee-dd4a46030acb",
  • "name": "My New iPhone",
  • "state": "LOCKED",
  • "lockReason": "Admin operation",
  • "lastOperationType": "AUTHENTICATION",
  • "lastUsed": "2021-01-21T22:47:27.123Z",
  • "created": "2021-01-21T22:47:27.123Z"
}

Get devices

The Get devices operation retrieves the list of devices for a MobileID user, specified by the user ID (userId).

query Parameters
states
string
Example: states=ACTIVE,LOCKED

A comma-separated list of the device states to fetch.

If not provided, then devices in both ACTIVE and LOCKED states are listed.

userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get device transactions

The Get device transactions operation returns a list of device transactions for an end-user's device, specified by the device ID (deviceId).

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

limit
string
Example: limit=10

An optional parameter that determines the number of objects (device transactions) that are shown on each page.

It must be a whole number ranging from 1 to 100.

If not provided, the the default value of 100 will be used.

offset
string
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

An optional parameter that determines the ID of the first transaction to include in the operation response, specified by the transaction ID (transactionId).

If not provided, then the result will start with the first transaction in the device history.

Responses

Response samples

Content type
application/json
{
  • "previous": "/devices/d910994d-80b2-4125-a6b1-062b5b2f43ba/transactions?limit=1&offset=39277b72-53c2-4780-ad56-a8c8d8a33542&userId=6f29e1d4-6b36-4b80-9187-52dfc61c4a51",
  • "next": "/devices/d910994d-80b2-4125-a6b1-062b5b2f43ba/transactions?limit=1&offset=a1c66944-e5e3-46e3-ba36-750622205ef3&userId=6f29e1d4-6b36-4b80-9187-52dfc61c4a51",
  • "limit": 1,
  • "transactions": [
    ]
}

Passport scan

THIS FEATURE IS DEPRECATED

The MobileID Passport scan feature is now deprecated, and is replaced by our ReuseID solution.

ReuseID allows you to perform ID document and biometric verification for either onboarding end-users to MobileID or existing MobileID users.

You can read more about this update in our release notes.

The MobileID passport scan API provides you with operations for our MobileID passport scan feature.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All passport scan operations return a passport scan response containing an operation state.

Get started with passport scan

To use our passport scan feature, we need to set up and configure all necessary properties for you. You can request this by contacting us at support@signicat.com.

You can find more information about passport scan in our feature documentation.

Start passport scan Deprecated

THIS ENDPOINT IS DEPRECATED

The MobileID Passport scan feature is now deprecated, and is replaced by our ReuseID solution.

The Start passport scan operation initiates a passport scan for the end-user's device.

The operation response is returned with an operation state (state) set to PENDING, as the end-user now has to complete the operation on their device.

The operation response contains a transaction ID (transactionId) that will be used for subsequent operations, such as checking the status of the operation.

Request Body schema: application/json
required
userId
required
string

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

object (DeviceRequest)

An object that contains the properties of the device to be used for this operation.

For registration:

  • When a REGISTRATION is executed, this object is optional. If specified, you can only supply the device name, since the device id is generated by this operation.
  • When a RE_REGISTRATION of the existing device is executed, then this object is mandatory and the id field must be specified.

For authentication or signing

  • The device object is mandatory except if broadcast is enabled.
  • If broadcast is enabled, then then the device object does not need to be supplied.
  • See the broadcast (broadcast) operation property for details.
tags
Array of strings

Used to tag callback event to enable filtering.

redirectMessage
string

The message that is displayed in the app, once the passport scan is complete.

Responses

Request samples

Content type
application/json
{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "redirectMessage": "Please proceed connecting to <URL>"
}

Response samples

Content type
application/json
{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "created": "2021-01-21T22:47:27.123Z",
  • "proofingId": "xyz4c1f2c-da1e-4a23-9372-1yfgc0dd0f72",
  • "sessionExpiryTime": "2021-01-21T22:52:27.654Z",
  • "redirectMessage": "Please proceed connecting to <URL>",
  • "device": {
    },
  • "user": {
    }
}

Get state of ongoing passport scan Deprecated

THIS ENDPOINT IS DEPRECATED

The MobileID Passport scan feature is now deprecated, and is replaced by our ReuseID solution.

The Get state of ongoing passport scan operation returns the passport scan response with an operation state for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a passport scan is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "created": "2021-01-21T22:47:27.123Z",
  • "proofingId": "xyz4c1f2c-da1e-4a23-9372-1yfgc0dd0f72",
  • "sessionExpiryTime": "2021-01-21T22:52:27.654Z",
  • "redirectMessage": "Please proceed connecting to <URL>",
  • "device": {
    },
  • "user": {
    }
}

Cancel ongoing passport scan Deprecated

THIS ENDPOINT IS DEPRECATED

The MobileID Passport scan feature is now deprecated, and is replaced by our ReuseID solution.

The Cancel ongoing passport scan operation allows you to cancel the ongoing passport scan for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'mobileid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Get final result of the passport scan

The Get final result of the passport scan operation returns the final result of an executed passport scan for a specified proofing ID (proofingID).

The proofingId is returned in the operation response of the Start passport scan and Get state of ongoing passport scan operations.

This operation is only available when the verification has been completed, and when the passport scan state (passportScanState) is ACCEPTED.

The final result is returned as a JSON body.

Unlike the full final result, images of the passport are not included in the final result.

The JSON body contains information about the passport contents that can be retrieved from Electronic Machine Readable Travel Documents (eMRTD), in addition to information about the verification process.

path Parameters
proofingId
required
string
Example: a54aa489e-6b35-46ca-83a4-001ba2ea35f68

The ID of the passport scan.

Responses

Response samples

Content type
application/json

Response sample of when a passport scan is in progress.

{
  • "id": "b87486f4-3894-4bb1-8c5c-769e2fe625c1",
  • "provider": "readid",
  • "status": "ACCEPTED",
  • "processType": "sdk",
  • "createdAt": "2023-01-11T14:42:27Z",
  • "updatedAt": "2023-01-11T14:54:11Z",
  • "providerSpecific": {
    },
  • "finalResult": {
    },
  • "depictions": [
    ]
}

Get full final result of the passport scan

The Get full final result of the passport scan operation returns the full final result of an executed passport scan for a specified proofing ID (proofingID).

The proofingId is returned in the operation response of the Start passport scan and Get state of ongoing passport scan operations.

This operation is only available when the verification has been successfully completed, and when the passport scan state (passportScanState) is ACCEPTED.

The full final result is returned as a ZIP file, which typically consists of:

  • The portrait picture in the passport.
  • The picture that was taken of the data page during the scan.
  • A JSON file containing information about the passport contents that can be retrieved from Electronic Machine Readable Travel Documents (eMRTD), in addition to information about the verification process.
path Parameters
proofingId
required
string
Example: a54aa489e-6b35-46ca-83a4-001ba2ea35f68

The ID of the passport scan.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'mobileid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Account recovery

The MobileID account recovery API provides you with operations for our MobileID account recovery feature.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

The operations in this API require the session ID (session_id) of the recovery.

This is returned as the transaction ID (transactionId) in the device transactions.

To find the session_id, you need to:

  1. Use the Get device transactions endpoint to see all device transactions for a specified device.
  2. Look for transactions with operation type (operationType) as RECOVERY.
  3. Locate the transactionId in this response. This is what you should use as the session_id for operations in this API.

Get details of account recovery

The Get details of account recovery operation returns the details of the recovery that is carried out for a specific device.

These recovery details give you:

  • The state of the recovery.
  • Access to risk data and all other attributes created as part of the recovery process, if the operation is finished.

To use this endpoint, you need the session ID (session_id) of the recovery. You can find out how to obtain this in the Useful information section for this API.

path Parameters
sessionId
required
string
Example: 1daa489e-6b35-46ca-83a4-1bba2ea35f69

The ID of the transaction.

Responses

Response samples

Content type
application/json

Sample response when account recovery has been completed successfully.

{
  • "transactionId": "a75064fe-c528-478d-81d3-0a7b404b84b9",
  • "accountId": "a-ppge-abcd1234ABCDxxxxxxx",
  • "state": "COMPLETED",
  • "device": {
    },
  • "user": {
    },
  • "created": "2024-06-25T06:18:23.000UTC",
  • "operationProperties": {
    },
  • "riskAttributes": [
    ]
}

Identity verification

The MobileID identity verification API provides you with operations related to managing the results of identity verification processes, and allows you to link them to the MobileID users that perform them.

The identity verification processes are performed in the Signicat ID Document and Biometric Verification product.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

Some operations in this API require the proofing ID (proofingId) of the identity verification, which is created when the identity verification is added.

Add identity verification

The Add identity verification operation adds an entry to the list of an end-user's identity verifications.

Once the identity verification is successfully added, a unique proofing ID (proofingId) is generated. This proofingId is then used to identify the identity verification for subsequent operations.

Request Body schema: application/json
required
userId
required
string

The ID of the user (userId), in a valid UUID format.

provider
required
string

The name of the provider that performs the identity verification.

This should be the same as the provider used in the Create process request.

dossierId
required
string

The ID of the identity verification dossier, in a valid UUID format.

You can obtain this from the Create dossier response body.

processId
required
string

The ID of the identity verification process, in a valid UUID format.

You can obtain this from the Create process response body.

Responses

Request samples

Content type
application/json
{
  • "userId": "49ded4a2-1617-45a7-991d-785c2ad77fa5",
  • "provider": "eid",
  • "dossierId": "66666666-1617-45a7-991d-785c2ad77111",
  • "processId": "88888888-1617-45a7-991d-785c2ad77222"
}

Response samples

Content type
application/json
{
  • "proofingId": "b477c7fc-93d0-4e9d-bc58-7444bc33ef12",
  • "userId": "49ded4a2-1617-45a7-991d-785c2ad77fa5",
  • "proofingType": "ID_VERIFICATION",
  • "provider": "eid",
  • "dossierId": "66666666-1617-45a7-991d-785c2ad77111",
  • "processId": "88888888-1617-45a7-991d-785c2ad77222",
  • "created": "2023-01-03T07:55:05.233Z"
}

Get identity verification

The Get identity verification operation returns the identity verification specified by the proofing ID (proofingId).

path Parameters
proofingId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the identity verification, in a valid UUID format.

Note:This is created when the identity verification is added.

Responses

Response samples

Content type
application/json
{
  • "proofingId": "b477c7fc-93d0-4e9d-bc58-7444bc33ef12",
  • "userId": "49ded4a2-1617-45a7-991d-785c2ad77fa5",
  • "proofingType": "ID_VERIFICATION",
  • "provider": "eid",
  • "dossierId": "66666666-1617-45a7-991d-785c2ad77111",
  • "processId": "88888888-1617-45a7-991d-785c2ad77222",
  • "created": "2023-01-03T07:55:05.233Z"
}

Delete identity verification

The Delete identity verification deletes the identity verification specified by the proofing ID (proofingId).

path Parameters
proofingId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the identity verification, in a valid UUID format.

Note:This is created when the identity verification is added.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'mobileid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}