Skip to main content
API docs by Redocly

Signicat ReuseID API reference (1.0)

Download OpenAPI specification:Download

  • Base URL: https://api.signicat.com/reuseid/core/
  • Documentation: See the ReuseID developer documentation.
  • Support: Create a support ticket in the Signicat Dashboard.

Introduction

The Signicat ReuseID API enables you to create, manage and authenticate your end-users securely across your entire digital ecosystem.

ReuseID supports two authentication methods:

  • MobileID: Strong customer authentication within a mobile app.
  • Passkeys: Passwordless, browser-based authentication.

This REST API uses the OAuth 2.0 protocol for authorisation. All request and response bodies are formatted in JSON.

Get started

1. Connect to this API

Before you can start making requests to this API, you need to learn how to connect to it. To do this, see the Connect to Signicat APIs Quick start guide.

2. Next steps

Success! You can now start making requests to the ReuseID API.

  1. For your ReuseID account, you can now create users.
  2. Each user can register one or more passkeys and/or devices.
  3. The passkeys and devices can be used to perform authentication and authorisation operations with your app.

To learn how to test out ReuseID MobileID authentication using the Authenticator App and the ReuseID MobileID API, see this Quick start guide.

Using this API

Audit logs

Use the Signicat Audit logs service to see documented evidence of the sequence of activities that have affected a system.

  • Access it: Signicat Dashboard > Settings > Audit logs
  • For information generic to all Signicat audit logs, see the general Audit logs documentation.

Errors

When you make an API call to Signicat and an error occurs, you will receive a response message with an error code.

  • For errors generic to all Signicat APIs, see the general Error codes documentation.
  • For errors specific to ReuseID, see this Error codes documentation.

Events (callback)

Use the Signicat Events service to automatically receive information about when something happens in one of our services into your system.

Note: This is often referred to as callback.

  • Access it: Go to Signicat Dashboard > Settings > Events
  • For information generic to all Signicat events, see the general Events documentation.
  • For information specific to ReuseID, see this Events documentation.

Response headers

All ReuseID responses set the following headers:

Header name Description Type
X-TRACE-ID The unique identifier of the request in the tracing system. This makes it possible for us to trace the history of the request in detail. String

Common concepts

App Attest statuses

Possible values for the App Attest attestation status (appAttestStatus).

Status name Description
VERIFIED Attestation verification was successful
FAILED_CLIENT_APPLE_SERVER_UNAVAILABLE Attestation failed because the Apple App Attest server was unavailable.
FAILED_CLIENT_NOT_SUPPORTED Attestation failed because Apple App Attest is not supported on the device.
FAILED_CLIENT_UNEXPECTED_ERROR Attestation failed because of an unexpected error; you can find further details in the error message.
FAILED_CLIENT_TIMEOUT Attestation failed because the request took longer than the configured timeout.
FAILED_VALIDATION_EXCEPTION Validation of the attestation object failed because the integrity check failed.

Authentication levels

Possible values for the authentication level (authLevel).

Level name Description
ONE_FACTOR One factor authentication.
TWO_FACTOR Two factor authentication.

Authentication methods

Possible values for the authentication method (authMethod).

Method name Description
DEVICE Device.
DEVICE_PIN PIN code.
DEVICE_IOS_FACE_ID Face ID for iOS.
DEVICE_STRONG_TOUCH_ID Touch ID for iOS, where the registered fingerprints at activation time cannot be updated.
DEVICE_ANDROID_BIOMETRIC_PROMPT Biometric ID for Android.
DEVICE_SERVER_SIDE_FACE Server side face authentication.

Geofencing client statuses

Possible values for the geofencing client status (clientStatus).

Status name Description
OK The country code was obtained.
LOCATION_NOT_ENABLED Either:
  • The location was not requested by the SDK.
  • The end-user declined access to location services for the SDK on their device.
LOCATION_TIMEOUT The device did not obtain a location within the configured accuracy before timeout.
LOCATION_MOCKED Android devices only

The location of the device was mocked.

This is based on the location methods isFromMockProvider() and isMock(), which indicate whether this location is marked as a mock location.

Note: To test faking the GPS location of the device, you can download and install a mock location app, then enable it in the Developer options on the device.
GEOCODER_NOT_SUPPORTED Android devices only

Geocoder is not supported on the device.
GEOCODER_NETWORK_ERROR Either:
  • The geocoder network or service is not available.
  • Too many requests have been made to the geocoder service (offered by Apple or Google), as it is rate-limited for each app.
GEOCODER_UNEXPECTED_ERROR An unexpected geocoder error occurred.
GEOCODER_TIMEOUT The geocoder call did not finish within time the limit.
GEOCODER_NO_RESULT_FOUND The reverse geocode request yielded an empty result for the current location.

Geofencing server boundary validation statuses

Possible values for the geofencing server boundary validation status (serverBoundaryValidation).

Status name Description
SUCCESS The evaluation of the country against the allowed region succeeded.
FAILURE The evaluation of the country against the allowed region failed.

Hardware-protected key client statuses

Possible values for the hardware-protected key client status (hwKeyClientStatus).

Status name Description Operation
OK_KEY_PROVIDED Activation of hardware-protected keys was successful on the client. Registration
OK_SIGNED_SUCCESS The authentication challenge was successfully signed with the hardware-protected key on the client. Authentication, Signature
INFO_NO_HARDWARE_SUPPORT The client device does not have Secure Enclave, or it is running in a simulator.

Note: This is only applicable for iOS.		 Registration
INFO_NO_OPERATING_SYSTEM_SUPPORT The client operating system does not support hardware-protected keys.

It is supported on:
  • Android 6 (most devices)
  • Android 7 or later (all devices)
  • iOS 10 or later (devices with Secure Enclave)
 Registration
INFO_NOT_ACTIVATED_WITH_HW_KEY The registration was not activated with hardware-protected keys support, because the device hardware does not support hardware crypto-protected keys. Authentication, Signature
ERR_KEY_GENERATION_FAILED There was an unexpected error during the generation of a keypair on the client. Registration
ERR_RETRIEVE_PUBLIC_KEY_FAILED There was an unexpected error retrieving the public key.

Note: This is only applicable for iOS.		 Registration
ERR_RETRIEVE_PRIVATE_KEY_REF_FAILED There was an unexpected error when retrieving the reference to the private key. Registration, Authentication, Signature
ERR_SIGN_OPERATION_FAILED There was an unexpected error when generating the signature. Registration, Authentication, Signature

Hardware-protected key server results

Possible values for the hardware-protected key server result (hwKeyServerResult).

Result name Description Validation strategy
SIGNATURE_VERIFICATION_SUCCESS Verification of the hardware-protected key signature was successful. The operation will be successful in both validation strategies (SUPPORTED, RISK_PARAMS).
SIGNATURE_VERIFICATION_FAILED Verification of the hardware-protected key signature failed. The operation will fail if using the SUPPORTED validation strategy.
NOT_ACTIVATED_WITH_HW_KEY The signature could not be verified because the registration was not activated with hardware-protected keys.

Note: This is only applicable for authentication.		 The operation will not fail, regardless of which validation strategy is used (SUPPORTED, RISK_PARAMS).
NOT_PROVIDED_BY_CLIENT The client is on an Encap version that does not support the hardware-protected keys feature.

Note: This is only applicable for registration.		 The operation will not fail, regardless of which validation strategy is used (SUPPORTED, RISK_PARAMS). The device will be activated without hardware-protected keys. The device will be able to perform all operations, but will not be able to use the hardware-protected keys feature.

To enable this feature, the client must use Encap version 3.8 or newer.

Lock reason

Possible values for the lock reason (lockReason).

Reason name Description
OPEN The device is unlocked.
DEVICE_OR_PIN_VERIFICATION_FAILED The device is locked due to a failed authentication, caused by use of the wrong device and/or a second-factor error (incorrect PIN code or biometrics).
LOCKED_BY_ADMIN The device is locked by administrative operation.
DEVICE_VERIFICATION_FAILED The device is locked due to a failed authentication with the wrong device.
PIN_VERIFICATION_FAILED The device is locked due to a failed authentication, caused by a second-factor error (incorrect PIN code or biometrics).
INCORRECT_SALT_KEY_ID The device is locked because it provided an incorrect Salt-key ID.
HW_KEY_VERIFICATION_FAILED The device is locked because it failed the verification of the hardware-protected key (the key provided was incorrect).
APPATTEST_VERIFICATION_FAILED The device is locked because it failed the verification of the App Attest attestation.
PLAYINTEGRITY_VERIFICATION_FAILED The device is locked because it failed the verification of the Play Integrity attestation.

Operation context maximum character length

The maximum character length that the operation context content (content) can be for the different ReuseID operations.

Property name Registration Authentication Signature
Pre-operation context content (content) Not applicable. 5000 characters. 20000 characters.
Post-operation context content (content) 5000 characters. 5000 characters. 5000 characters.

Operation error codes

Possible values for the operation error code.

MobileID

Error code name Description
AUTHORIZATION_TOKEN_VERIFICATION_FAILED The operation failed because authorisation token validation failed.
CALLBACK_FAILED The operation failed because the session callback failed. Legacy value from synchronous callback model.
CALLBACK_PROCESSING_ERROR The operation failed because of an error in the data sent from the client.
CANCELLED_APPATTEST_REQUIRED The operation failed because of missing App Attest attestation details.
CANCELLED_AUTH_METHOD_DEACTIVATED The operation failed because the session was cancelled by the device. The device started a deactivation of authentication method(s).
CANCELLED_BY_DEVICE The operation failed because the session was cancelled by the device.
CANCELLED_BY_SP The operation failed because the session was cancelled by the service provider.
CANCELLED_INTERMEDIATE_PUSH_REQUIRED The operation failed because of missing intermediate push attestation details.
CANCELLED_NEW_ACTIVATION The operation failed because the session was cancelled when a new activation was started.
CANCELLED_PERFORM_RECOVERY_STARTED The operation failed because the session was cancelled when recovery was started.
EXPIRED The operation failed because the session has expired.
FAILED_RECOVERY_DOES_NOT_EXIST The operation failed because the recovery does not exist.
GEOFENCING_FAILED The operation failed because the geofencing validation failed.
LOCKED_APPATTEST_VERIFICATION_FAILED The operation failed because the App Attest validation failed.
LOCKED_BY_ADMIN The operation failed because the device is locked by admin.
LOCKED_DEVICE_VERIFICATION_FAILED The operation failed because the device is locked by device verification.
LOCKED_HW_KEY_VERIFICATION_FAILED The operation failed because the device provided an incorrect signed challenge.
LOCKED_INCORRECT_SALT_KEY_ID The operation failed because the device is locked by incorrect Salt-key ID.
LOCKED_INTERMEDIATE_PUSH_VERIFICATION_FAILED The operation failed because the intermediate push attestation validation failed.
LOCKED_PERFORM_RECOVERY_FAILED The operation failed because the recovery is locked.
LOCKED_PIN_VERIFICATION_FAILED The operation failed because the device is locked by PIN verification.
LOCKED_PLAYINTEGRITY_VERIFICATION_FAILED The operation failed because the Play Integrity attestation validation failed.
LOCKED The operation failed because the device is locked.

Passkeys

Error code name Description
CANCELLED_BY_SP The operation failed because the session was cancelled by the service provider.
CANCELLED_BY_USER The operation failed because the session was cancelled by the end-user.
EXPIRED The operation failed because the session has expired.
FAILED_VERIFICATION The Passkeys service could not verify the passkey. There was an error in the interaction between the service and the browser.
INVALID_SEQUENCE_PARAMETERS The passkey received an unexpected call from the browser. This can occur if the end-ser refreshes the page during the operation.
MISSING_PASSKEY The end-user selected a passkey not found in the Passkeys service.

Note: This can happen if the passkey has been deleted from the service.
PASSKEY_DOES_NOT_EXIST The passkey could not be mapped to an existing end-user in this service.

Operation states

Possible values for the operation state (state).

Note: The state and the values that are returned in the response depend on the API call you are carrying out.

Status name Description
PENDING The operation has been successfully initiated.

It is waiting for the device to complete the operation.
COMPLETED The operation has been completed.
FAILED The operation has failed.

The response contains an errorCode, and the cause of the error is given in the errorDescription.

See operation error codes for possible values.

Operation types

Possible values for the operation type.

Operation type Description
REGISTRATION The operation type is registration.
RE_REGISTRATION The operation type is re-registration.
AUTHENTICATION The operation type is authentication.
SIGNING The operation type is signing.
RECOVERY An existing recovery has been used to perform a recovery for a new device.
AUTH_AND_ACTIVATE An additional authentication method is activated for an existing device.
AUTH_AND_DEACTIVATE An authentication method is deactivated for an existing device.
ADD_OR_UPDATE_RECOVERY A recovery is set up for an existing device.

Play Integrity statuses

Possible values for the Play Integrity attestation status (playIntegrityStatus).

Status name Description
VERIFIED Attestation verification was successful
FAILED_INTEGRITY_CHECK Attestation failed because the integrity check failed.
FAILED_UNRECOGNIZED_PLAY_APP Attestation failed because the Google Play app is unrecognized.
FAILED_UNLICENSED_PLAY_APP Attestation failed because the Google Play app is unlicensed.
FAILED_INCORRECT_PACKAGE_NAME Attestation failed because of incorrect package name.
FAILED_INVALID_JWS Attestation failed because of invalid JWS format.
FAILED_CLIENT_API_FAILURE Attestation failed because Google Play Integrity returned an API exception.
FAILED_CLIENT_TIMEOUT Attestation failed due to request taking longer than the configured timeout.
FAILED_INCORRECT_NONCE Attestation failed because of incorrect nonce.
FAILED_MISSING_JWS Attestation failed because of missing JWS.
FAILED_MISSING_STATUS Attestation failed because of missing status returned from the client.
FAILED_INVALID_TIMESTAMP Attestation failed because the timestamp is not within the lifetime of the Encap server session.
FAILED_CLIENT_PLAY_SERVICES_OUT_OF_DATE Attestation failed due to client doesn't have Google Play or the version is too old.

Recovery methods

Possible values for the recovery method (recoveryMethod).

Recovery method Description
CLOUD_BACKUP_RECOVERY_CODE Recovery is based on cloud backup and a recovery key locked with a PIN.
CLOUD_BACKUP_SERVER_SIDE_FACE Recovery is based on cloud backup and a recovery key locked with server-side face authentication.

Recovery statuses

Possible values for the recovery status (recoveryStatus).

Status name Description
ACTIVATED Recovery has been set up for the device and is ready to be used.
DEACTIVATED Recovery has been deactivated.
RECOVERED Recovery has been used to recover the device.
LOCKED Recovery has been locked.

Risk attributes

The risk attributes that can be collected for the device (riskAttributes).

You can configure which attributes are collected in the application configuration. To learn more, see Risk data in the Application configuration feature documentation.

  • Risk attributes marked with Yes in the Always configured column are always collected, for debugging purposes.
  • Risk attributes marked with No in the Always configured column are only collected if configured in the application configuration.
  • The Platform column indicates whether the risk attribute is available for Android, iOS, or both.
Attribute name Type Description Always collected Platform
operatingSystemFingerprint String A fingerprint of the operating system. You can use this to detect whether the device is running a custom ROM or operating system. Yes Android
operatingSystemVersion String The operating system version of the mobile device.

Examples: 6.0.1, iOS 14.4		 Yes Android, iOS
inputMethod String The input method that was used to enter text in the application. You can use this to detect when a custom keyboard is being used on the device.

Note: See Create an input method in the Android developer documentation for details.		 No Android
isDebuggable Boolean Indicates whether the application running can be debugged using a source-level debugger, either by manifest entry or in an emulator.

Note: Looks for android:debuggable=true in the manifest.		 No Android
isDebugEnabled Boolean Indicates whether debug is enabled on the mobile device, either by the end-user setting (USB-debugging enabled) or when running in emulator (debugging enabled by default). No Android
isDebuggerConnected Boolean Indicates whether a debugger is connected to the application. No Android
isEmulator Boolean Indicates whether the application is running in an emulator. No Android
isRootAvailable Boolean Indicates whether or not the mobile device has been rooted/jailbroken.

Note: This value has to be passed to Encap using the setRiskParameter API.

If the application is using Promon Shield, then the callback value can be passed to Encap.		 No Android, iOS
isSecureScreenLockEnabled Boolean Indicates whether or not the mobile device has secure screen enabled.

Note: This indicates whether the end-user has enabled either biometric or passcode authentication for unlocking their mobile device.		 No Android, iOS
serverClientIp String The host address that the request originated from. It contains the value of the X-Forwarded-For (XFF) header from the request, and can contain multiple IP addresses depending on proxy and load balancers.

Note: If XFF is not present, we will use the remote address of the request. It can be either the IP of the client or the last proxy that sent the request.

It is specified by the value of the Common Gateway Interface (CGI) variable REMOTE_ADDR.		 No Android, iOS
signerHashes Base64 A SHA-256 hash of the public key, certificate, and application signer. If there are more signers, then each hash is comma-separated.

Note: You can use this to detect whether the application has been re-signed.		 No Android
userAgent String The HTTP User-Agent as reported from the mobile device application. No Android, iOS
deviceHash Base64 The SHA256 hash of the unique hardware device ID for the client device. Yes Android, iOS
deviceManufacturer String The manufacturer of the mobile device.

Examples: Samsung, Apple.		 Yes Android, iOS
deviceModel String The model name of the mobile device.

Examples: Nexus S, iPad2,2		 Yes Android, iOS
operatingSystemType String The operating system type of the mobile device.

Examples: Android, iOS		 Yes Android, iOS
applicationHash Base64 The SHA256 hash of the application name.

Note: The server can use this for detecting re-packaging.		 No Android, iOS
clientSideIp JSON An array containing the client network interfaces. This includes the type of the network and the IP address.

Note: The list can contain multiple interfaces if the end-user's device is connected to more than one at the time of the transaction.

Examples: [{"Type":"Cellular","IPAddress":"123.123.123.123"}, {"Type":"Wifi","IPAddress":"124.124.124.124"}]		 No Android, iOS
hwKeyClientStatus String The status of the hardware-protected key signature preformed by the Encap client SDK.

Note: See Hardware-protected key client statuses for possible values.		 No Android, iOS
hwKeyServerResult String The result of the hardware-protected key signature verification on the Encap server.

Note: See Hardware-protected key server results for possible values.		 No Android, iOS
batteryLevel Integer The battery level of the mobile device, given as a percentage. No Android, iOS
isPowerConnected Boolean Indicates whether or not the mobile device is being charged or is connected to a charger. No Android, iOS
timeZone String The current time zone setting of the device. Android, iOS
locale String The current locale or language setting of the device. Android, iOS
isDeveloperMode Boolean Indicates whether the developer settings are enabled on the device. Android
isOverlayDetected Boolean Indicates whether a screen overlay is detected on the device. Android
magnetometer JSON An array containing the magnetic field strength measurements with timestamp from the device's magnetometer sensor. iOS, Android
barometer JSON An array containing atmospheric pressure measurements with timestamp from the device's barometer sensor. iOS, Android
gravity JSON An array containing gravity force measurements with timestamp from the device's gravity sensor. iOS, Android
ssid Base64 Provides the name of the Wi-Fi network that the device is connected to. iOS, Android
bssid String Provides the MAC address of the Wi-Fi access point to which the device is connected to. iOS, Android
isVpnEnabled Boolean Indicates whether the mobile device is connected to a VPN. iOS, Android
isProxyEnabled Boolean Indicates whether the mobile device is connected to a HTTP/HTTPS proxy. iOS, Android

User

The ReuseID user API provides you with operations related to creating and managing users (sometimes referred to as identities) for ReuseID.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

Most operations require a ReuseID user, which is identified by a valid user ID (userId).

A user may optionally contain attributes such as an address or phone number, in the form of key-value pairs.

A ReuseID user can have two different states:

User stateDescription
ACTIVEAn active state represents a normal ReuseID user which is successfully registered.
LOCKEDA locked state represents a ReuseID user which has been locked.

You cannot perform any device operations on a MobileID user in a locked state.

Create user

The Create user operation creates a valid ReuseID user with an active (ACTIVE) user state (state).

Once the user is successfully created, a unique user ID (userId) is generated. This userId is then used to identify the user in all subsequent ReuseID operations.

Request Body schema: application/json
required
externalRef
string
Example: "Empl10300469"

An identifier generated by you (the customer), that points to the user ID (userId) generated by ReuseID when a new user is created.

The identifier must

  • be unique in the scope of the account
  • have a max length of 128 characters.
segment
string
Example: "NO"

An optional parameter, used for segmentation of end-users and their corresponding transactions.

It can have any value, but it cannot exceed the maximum possible length of 128 characters.

object
Example: {"firstname":"George","lastName":"Harrison"}

The user attributes, given as key-value pairs.

The keys must:

  • Start with a letter (a-z), digit or an underscore (_).
  • Contain only digits, lowercase letters (a-z), or certain special characters (-._~:@).
  • Have a max length of 128 characters.
The values must have a max length of 256 characters.

Responses

Request samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "SE",
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "SE",
  • "id": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "created": "2022-08-23T12:28:57.123Z",
  • "state": "ACTIVE",
  • "attributes": {
    }
}

Get identity verifications for user

The Get identity verifications for user operation returns a list of identity verifications for an end-user, from the stored identity verification data.

The list of identity verifications contains:

  • The verification ID. This can be used in further calls to get all available details for the identity verification.
  • The identity verification operation can be ID_VERIFICATION.
  • The provider used for the identity verification.
path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

Add identity verification

The Add identity verification operation adds an entry to the list of an end-user's identity verifications.

Once the identity verification is successfully added, a unique verification ID (verificationId) is generated. This verificationId is then used to identify the identity verification for subsequent operations.

path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

Request Body schema: application/json
required
provider
required
string non-empty
Example: "signicatvideoid"

The name of the provider that performs the identity verification.

This should be the same as the provider used in the Create process request.

dossierId
required
string non-empty
Example: "12ced477-7ba2-41a6-9f38-4b9f0172bc11"

The ID of the identity verification dossier, in a valid UUID format.

You can obtain this from the Create dossier response body.

processId
required
string non-empty
Example: "7bc36291-b096-4d25-bccc-56680c38c515"

The ID of the identity verification process, in a valid UUID format.

You can obtain this from the Create process response body.

orchestrationId
required
string non-empty
Example: "8cc36291-b096-4d25-bccc-66680c38c516"

The ID, in a valid UUID format, used for workflow synchronization.

Responses

Request samples

Content type
application/json
{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "provider": "signicatvideoid",
  • "dossierId": "66666666-1617-45a7-991d-785c2ad77111",
  • "processId": "88888888-1617-45a7-991d-785c2ad77222",
  • "orchestrationId": "7777777-1617-45a7-991d-785c2ad77111"
}

Response samples

Content type
application/json
{
  • "verificationId": "b477c7fc-93d0-4e9d-bc58-7444bc33ef12",
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "provider": "signicatvideoid",
  • "dossierId": "66666666-1617-45a7-991d-785c2ad77111",
  • "processId": "88888888-1617-45a7-991d-785c2ad77222",
  • "created": "2023-01-03T07:55:05.233Z",
  • "orchestrationId": "7777777-1617-45a7-991d-785c2ad77111"
}

Resolve external reference

The Resolve external reference operation resolves a specified external reference for an end-user and returns the associated user ID (userId) to use for subsequent ReuseID operations.

Request Body schema: application/json
required
externalRef
string
Example: "Empl10300469"

An identifier generated by you (the customer), that points to the user ID (userId) generated by ReuseID when a new user is created.

The identifier must

  • be unique in the scope of the account
  • have a max length of 128 characters.

Responses

Request samples

Content type
application/json
{
  • "externalRef": "Empl10300469"
}

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e"
}

Get user

The Get user operation retrieves detailed information for a ReuseID user, specified by the user ID (userId).

path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "SE",
  • "id": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "created": "2022-08-23T12:28:57.123Z",
  • "state": "ACTIVE",
  • "attributes": {
    }
}

Delete user

The Delete user operation deletes a ReuseID user, specified by the user ID (userId).

Only user entities in a locked (LOCKED) user state (state) can be deleted.

path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{}

Update user

The Update user operation updates the attributes of a ReuseID user, specified by the user ID (userId).

To do this, you must specify the key-value pairs that you want to add, update or remove. If an attribute is not mentioned, it will stay the same.

In summary, this means that:

  • If the attribute in the list does not exist, then the new attribute will be added.
  • If the attribute in the list already exists, then the existing attribute will be updated (patched).
  • If the attribute in the list already exists and null is specified, then the existing attribute will be removed.
  • If the attribute in the list does not exist and null is specified, then no action will occur.

Example

If the following attributes were given in the Create user operation:

{
    "externalRef":"test1",
    "attributes": {
        "abc": "123",
        "def": "456",
        "ghi": "789"
    }
}

And the following attributes were given in the Update user operation:

{
    "abc": "example1",
    "xxx": "example2",
    "ghi": null
}

Then the result would be the following attributes:

{
    "abc": "example1",
    "def": "456",
    "xxx": "example2"
}
path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

Request Body schema: application/json
required
externalRef
string
Example: "Empl10300469"

An identifier generated by you (the customer), that points to the user ID (userId) generated by ReuseID when a new user is created.

The identifier must

  • be unique in the scope of the account
  • have a max length of 128 characters.
segment
string
Example: "NO"

An optional parameter, used for segmentation of end-users and their corresponding transactions.

It can have any value, but it cannot exceed the maximum possible length of 128 characters.

state
string
Enum: "ACTIVE" "LOCKED"
Example: "ACTIVE"

The state of the user.

This is returned as an enum, and can be either ACTIVE or LOCKED.

object
Example: {"firstname":"George","lastName":"Harrison"}

The user attributes, given as key-value pairs.

The keys must:

  • Start with a letter (a-z), digit or an underscore (_).
  • Contain only digits, lowercase letters (a-z), or certain special characters (-._~:@).
  • Have a max length of 128 characters.
The values must have a max length of 256 characters.

Responses

Request samples

Content type
application/json
{
  • "segment": "NO",
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "NO",
  • "id": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "created": "2021-01-21T22:47:27.123Z",
  • "lastUsed": "2021-01-21T22:47:27.123Z",
  • "state": "ACTIVE",
  • "attributes": {
    }
}

Get transactions for user

The Get transactions for user operation returns a list of device transactions for an end-user's devices.

Note: The list contains device transactions from all of their available devices.

path Parameters
userId
required
string
query Parameters
deviceId
string
Example: deviceId=20874199-f4d1-4e9d-86ee-dd4a46030acb

An optional parameter that you should only pass if you get an error due to a broadcast operation.

credentialType
required
string
Example: credentialType=device

An mandatory parameter that determines the type of credential objects (devices or passkeys) that are shown on each page.

It must be have a value: device or passkey.

limit
string
Example: limit=10

An optional parameter that determines the number of objects (device transactions) that are shown on each page.

It must be a whole number ranging from 1 to 100.

If not provided, the the default value of 100 will be used.

offset
string
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

An optional parameter that determines the ID of the first transaction to include in the operation response, specified by the transaction ID (transactionId).

If not provided, then the result will start with the first transaction in the device history.

Responses

Response samples

Content type
application/json
{
  • "next": "/users/db4b1fc1-57fa-46fd-94c6-58aa2bd59d44/transactions?limit=3&offset=22c80f75-3d2e-41e1-a1dd-69050eaa17b5&credentialType=device",
  • "limit": 3,
  • "transactions": [
    ]
}

Get identity verification

The Get identity verification operation returns the identity verification specified by the verification ID (verificationId).

path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

verificationId
required
string
Example: b477c7fc-93d0-4e9d-bc58-7444bc33ef12

The ID of the identity verification, in a valid UUID format.

Note:This is created when the identity verification is added.

Responses

Response samples

Content type
application/json
{
  • "verificationId": "b477c7fc-93d0-4e9d-bc58-7444bc33ef12",
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "provider": "signicatvideoid",
  • "dossierId": "66666666-1617-45a7-991d-785c2ad77111",
  • "processId": "88888888-1617-45a7-991d-785c2ad77222",
  • "created": "2023-01-03T07:55:05.233Z",
  • "orchestrationId": "7777777-1617-45a7-991d-785c2ad77111"
}

Delete identity verification

The Delete identity verification deletes the identity verification specified by the verification ID (verificationId).

path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) as generated upon user creation, in a valid UUID format.

verificationId
required
string
Example: b477c7fc-93d0-4e9d-bc58-7444bc33ef12

The ID of the identity verification, in a valid UUID format.

Note:This is created when the identity verification is added.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Get credentials for user

The Get credentials operation retrieves the list of credentials for a ReuseID user, specified by the user ID (userId).

path Parameters
userId
required
string
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

query Parameters
credentialType
required
string
Example: credentialType=device

An mandatory parameter that determines the type of credential objects (devices or passkeys) that are shown on each page.

It must be have a value: device or passkey.

limit
string
Example: limit=10

An optional parameter that determines the number of objects (device transactions) that are shown on each page.

It must be a whole number ranging from 1 to 100.

If not provided, the the default value of 100 will be used.

offset
string
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

An optional parameter that determines the ID of the first transaction to include in the operation response, specified by the transaction ID (transactionId).

If not provided, then the result will start with the first transaction in the device history.

Responses

Response samples

Content type
application/json
{
  • "next": "/users/db4b1fc1-57fa-46fd-94c6-58aa2bd59d44/credentials?credentialType=device&limit=3&offset=381007a5-56d6-48f2-a9f3-1f6b114b62b8",
  • "credentials": [
    ]
}

MobileID Registration

The MobileID registration API provides you with operations related to registering MobileID devices.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All registration operations return a registration response containing an operation state.

Registration modes

There are two registration modes (registrationMode) for creating and updating a registration:

Registration mode Description
REGISTRATION Registration (REGISTRATION) is the default registration mode, and will be set automatically if no registration mode is specified in the request for the Start registration operation.

You can also set this manually by specifying REGISTRATION as the registration mode.
RE_REGISTRATION In re-registration (RE_REGISTRATION) mode, users can be re-registered and create new login credentials on the same device ID (deviceId), given that they are using the same device that they were originally enrolled on. This allows you to reuse the same device ID, instead of creating a new one.

To trigger a re-registration, you must set RE_REGISTRATION as the registration mode in the Start registration operation.

Operation context

When you perform a registration, you can use our post-operation context (postOperationContext).

To learn more, see our operation context feature documentation.

Start registration

The Start registration operation initiates a registration for the end-user's device.

The operation response is returned with an operation state (state) set to PENDING, as the end-user now has to complete the operation on their device.

The operation response contains:

  • A transaction ID (transactionId) that will be used for subsequent operations, such as checking the status of the operation.
  • An activation code (activationCode) which is to be used for registration of the device in the app.
Request Body schema: application/json
required
userId
required
string non-empty
Example: "0e99b25c-abde-4553-973b-8d94d49cd87e"

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

object (DeviceRegistrationRequest)

An object that contains the properties of the device to be used for this operation.

  • When a REGISTRATION is executed, this object is optional. If specified, you can only supply the device name, since the device id is generated by this operation.
  • When a RE_REGISTRATION of the existing device is executed, then this object is mandatory and the id field must be specified.
tags
Array of strings

Used to tag callback event to enable filtering.

object (RegistrationOperationPropertiesRequest)

An object that describes the properties used to carry out the operation.

Responses

Request samples

Content type
application/json
{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "operationProperties": {
    }
}

Response samples

Content type
application/json
{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2021-01-21T22:47:27.123Z",
  • "device": {
    },
  • "user": {
    }
}

Get state of ongoing registration

The Get state of ongoing registration operation returns the registration response with an operation state for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a registration is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2021-01-21T22:47:27.123Z",
  • "device": {
    },
  • "user": {
    }
}

Cancel ongoing registration

The Cancel ongoing registration operation allows you to cancel the ongoing registration for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

MobileID Authentication

The MobileID authentication API provides you with operations related to authentication and authorisation for MobileID devices.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All authentication operations return an authentication response containing an operation state.

Operation context

When you perform an authentication, you can use our pre-operation context (preOperationContext) and post-operation context (postOperationContext).

To learn more, see our operation context feature documentation.

Start authentication

The Start authentication operation initiates an authentication on the end-user's device.

The operation response is returned with an operation state (state) set to PENDING, as the end-user now has to complete the operation on their device.

The operation response contains a transaction ID (transactionId) that will be used for subsequent operations, such as checking the status of the operation.

Request Body schema: application/json
required
userId
required
string non-empty
Example: "0e99b25c-abde-4553-973b-8d94d49cd87e"

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

object (DeviceAuthSignRequest)

An object that contains the properties of the device to be used for this operation.

  • The device object is mandatory except if broadcast is enabled.
  • If broadcast is enabled, then then the device object does not need to be supplied.
  • See the broadcast (broadcast) operation property for details.
tags
Array of strings

Used to tag callback event to enable filtering.

object (AuthenticationOperationPropertiesRequest)

An object that describes the properties used to carry out the operation.

Responses

Request samples

Content type
application/json
Example

The device is specified.

{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "operationProperties": {
    },
  • "tags": [
    ]
}

Response samples

Content type
application/json
Example

The device is specified.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:01:37.123Z",
  • "device": {
    },
  • "user": {
    },
  • "tags": [
    ]
}

Get state of ongoing authentication

The Get state of ongoing authentication operation returns the authentication response with an operation state for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when an authentication is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:01:37.123Z",
  • "device": {
    },
  • "user": {
    },
  • "tags": [
    ]
}

Cancel ongoing authentication

The Cancel ongoing authentication operation allows you to cancel the ongoing authentication for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

MobileID Signature

The MobileID signature API provides you with operations related to signing for MobileID devices.

You can read more about the signature operation in our Signature feature documentation.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All signature operations return a signature response containing an operation state.

Operation context

When you perform a signing, you can use our pre-operation context (preOperationContext) and post-operation context (postOperationContext).

To learn more, see our operation context feature documentation.

Start signing

The Start signing operation initiates a signing on the end-user's device.

The operation response is returned with an operation state (state) set to PENDING, as the end-user now has to complete the operation on their device.

The operation response contains a transaction ID (transactionId) that will be used for subsequent operations, such as checking the status of the operation.

Request Body schema: application/json
required
userId
required
string non-empty
Example: "0e99b25c-abde-4553-973b-8d94d49cd87e"

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

object (DeviceAuthSignRequest)

An object that contains the properties of the device to be used for this operation.

  • The device object is mandatory except if broadcast is enabled.
  • If broadcast is enabled, then then the device object does not need to be supplied.
  • See the broadcast (broadcast) operation property for details.
tags
Array of strings

Used to tag callback event to enable filtering.

object (SignatureOperationPropertiesRequest)

An object that describes the properties used to carry out the operation.

Responses

Request samples

Content type
application/json
{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "operationProperties": {
    }
}

Response samples

Content type
application/json
{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:03:23.123Z",
  • "device": {
    },
  • "user": {
    }
}

Get state of ongoing signing

The Get state of ongoing signing operation returns the signing response with an operation state for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a signing is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:03:23.123Z",
  • "device": {
    },
  • "user": {
    }
}

Cancel ongoing signing

The Cancel ongoing signing operation allows you to cancel the ongoing signing for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{}

MobileID device management

The ReuseID device management API provides you with operations related to managing MobileID devices.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All device management operations require:

  • A ReuseID user, identified by a user ID (userID).
  • A registered device, identified by a device ID (deviceID).

Get recovery lock

You can use the Get recovery lock operation to check whether the ReuseID account recovery feature is locked or not for a given end-user's device, specified by the device ID (deviceID).

If the account recovery feature is enabled in the application configuration, then all devices can use account recovery by default, and the recovery lock (recoveryLock) parameter will have value false.

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "recoveryLock": false
}

Update recovery lock

You can use the Update recovery lock operation to disable the ReuseID account recovery feature for a given end-user's device, specified by the device ID (deviceID).

This is done by updating the recovery lock (recoveryLock) parameter to true. This means that recovery operations cannot be performed.

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
recoveryLock
boolean
Example: "true"

A setting for a user's device which indicates whether the account recovery feature is enabled or not.

  • When false, the account recovery feature is enabled and recovery operations can be performed.
  • When true, the account recovery feature is disabled and recovery operations can not be performed.

Responses

Request samples

Content type
application/json
{
  • "recoveryLock": true
}

Response samples

Content type
application/json
{
  • "recoveryLock": true
}

Get geofencing settings

Retrieve geofencing configuration for the given device.

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "mode": "OPTIONAL",
  • "allowedContinents": "EU",
  • "allowedCountries": "CT",
  • "deniedCountries": "RU"
}

Update geofencing settings

Update geofencing configuration for the given device

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
mode
string

The geofencing mode.

This can be either OFF, OPTIONAL, or REQUIRED.

allowedContinents
string

Comma-separated list of continents where authentication is allowed for a specific device, in a two-letter continent code format.

This can be either AF, NA, OC, AN, AS, EU, or SA.

allowedCountries
string

Comma-separated list of countries where authentication is allowed for a specific device, in an ISO 3166-1 alpha-2 two-letter country code format.

These countries are in addition to those covered by the allowed continents parameter.

You can find a list of countries and corresponding codes at GeoNames.

deniedCountries
string

Comma-separated list of countries where authentication is not allowed for a specific device, in an ISO 3166-1 alpha-2 two-letter country code format.

These countries will be excluded from those covered by the allowed continents parameter.

You can find a list of countries and corresponding codes at GeoNames.

Responses

Request samples

Content type
application/json
{
  • "mode": "OPTIONAL",
  • "allowedContinents": "EU",
  • "allowedCountries": "CT",
  • "deniedCountries": "RU"
}

Response samples

Content type
application/json
{
  • "mode": "OPTIONAL",
  • "allowedContinents": "EU",
  • "allowedCountries": "CT",
  • "deniedCountries": "RU"
}

Delete geofencing settings

Delete geofencing configuration for the given device

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{}

Get device

The Get device operation retrieves detailed information for an end-user's device, specified by the device ID (deviceId).

You can use the detailed (detailed) query parameter to return a more extensive set of device information in the operation response.

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

detailed
boolean
Example: detailed=true

Control whether the device details object (deviceDetails) is returned in the response.

To return this object, you must set this parameter to true.

Responses

Response samples

Content type
application/json
Example

The default response, when detailed is not set to 'true'.

{
  • "id": "20874199-f4d1-4e9d-86ee-dd4a46030acb",
  • "name": "sampleDevice",
  • "state": "ACTIVE",
  • "lastOperationType": "AUTHENTICATION",
  • "lastUsed": "2021-01-21T22:47:27.123Z",
  • "created": "2021-01-21T22:47:27.123Z"
}

Delete device

The Delete device operation deletes an end-user's device, specified by the device ID (deviceId).

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{}

Update device

The Update device operation updates the properties of an end-user's device, specified by the device ID (deviceId).

Update properties such as:

  • The device name.
  • The device state (whether the device is locked or not).
path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
name
string
Example: "My New iPhone"

The new name for the end-user's device.

The name must have a max length of 128 characters.

state
string
Example: "LOCKED"

The new state of the end-user's device.

This is returned as an enum, and can be either ACTIVE or LOCKED.

Responses

Request samples

Content type
application/json
{
  • "name": "My New iPhone",
  • "state": "LOCKED"
}

Response samples

Content type
application/json
{
  • "id": "20874199-f4d1-4e9d-86ee-dd4a46030acb",
  • "name": "My New iPhone",
  • "state": "LOCKED",
  • "lastOperationType": "AUTHENTICATION",
  • "lastUsed": "2021-01-21T22:47:27.123Z",
  • "created": "2021-01-21T22:47:27.123Z"
}

Get device transactions

The Get device transactions operation returns a list of device transactions for an end-user's device, specified by the device ID (deviceId).

path Parameters
deviceId
required
string
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the user's device (deviceId), as returned upon registration.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

limit
string
Example: limit=10

An optional parameter that determines the number of objects (device transactions) that are shown on each page.

It must be a whole number ranging from 1 to 100.

If not provided, the the default value of 100 will be used.

offset
string
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

An optional parameter that determines the ID of the first transaction to include in the operation response, specified by the transaction ID (transactionId).

If not provided, then the result will start with the first transaction in the device history.

Responses

Response samples

Content type
application/json
{
  • "previous": "/devices/d910994d-80b2-4125-a6b1-062b5b2f43ba/transactions?limit=1&offset=39277b72-53c2-4780-ad56-a8c8d8a33542&userId=6f29e1d4-6b36-4b80-9187-52dfc61c4a51",
  • "next": "/devices/d910994d-80b2-4125-a6b1-062b5b2f43ba/transactions?limit=1&offset=a1c66944-e5e3-46e3-ba36-750622205ef3&userId=6f29e1d4-6b36-4b80-9187-52dfc61c4a51",
  • "limit": 1,
  • "transactions": [
    ]
}

MobileID account recovery

The MobileID account recovery API provides you with operations for our ReuseID account recovery feature.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

The operations in this API require the transaction ID (transactionId) of the recovery.

To find the transactionId, you need to:

  1. Use the Get device transactions endpoint to see all device transactions for a specified device.
  2. Look for transactions with operation type (operationType) as RECOVERY.
  3. Locate the transactionId in this response. This is what you should use for operations in this API.

Get details of account recovery

The Get details of account recovery operation returns the details of the recovery that is carried out for a specific device.

These recovery details give you:

  • The state of the recovery.
  • Access to risk data and all other attributes created as part of the recovery process, if the operation is finished.

To use this endpoint, you need the transaction ID (transactionId) of the recovery. You can find out how to obtain this in the Useful information section for this API.

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json

Sample response when account recovery has been completed successfully.

{
  • "transactionId": "a75064fe-c528-478d-81d3-0a7b404b84b9",
  • "accountId": "a-ppge-abcd1234ABCDxxxxxxx",
  • "state": "COMPLETED",
  • "device": {
    },
  • "user": {
    },
  • "created": "2024-06-25T06:18:23.000UTC",
  • "operationProperties": {
    },
  • "riskAttributes": [
    ],
  • "recoveryMethod": "CLOUD_BACKUP_SERVER_SIDE_FACE",
  • "recoveryStatus": "RECOVERED"
}

Passkey Registration

The ReuseID passkey registration API provides you with operations related to registering passkeys for a ReuseID user.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Start passkey registration

The Start passkey registration operation initiates a registration of the passkey for the particular domain.

Note: During the passkey registration process, the service will attempt to retrieve the following attributes from the user:

  • passkeys-name
  • passkeys-displayname

These attributes are used as the name and displayName when creating the passkey. If they are not present in the user's attributes, the service will fall back to using the provided userId. You can add those attributes using the Update user operation.

Depending on the passkey provider the end-user is using, the passkeys-name and/or passkeys-displayname may be displayed to help identify the passkey during both registration and authentication.

For more information, see the WebAuthn 2 Specification

Note:The operation response will contain the field idpRedirectUri. To start the passkey operation, the end-user's browser must be redirected to this URI.

Request Body schema: application/json
required
object (PasskeyRequest)
rpRedirectUri
string

The customer redirect URL where browser is redirect after finished passkey operation.

object (PasskeyRegOperationPropertiesRequest)

Operation properties.

tags
Array of strings

Used to tag callback event to enable filtering.

userId
required
string non-empty
Example: "0e99b25c-abde-4553-973b-8d94d49cd87e"

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Request samples

Content type
application/json
{
  • "rpRedirectUri": "https://customerdomain.com/final",
  • "userId": "8710745d-18bd-441d-91f8-44fd040323a9",
  • "passkey": {
    },
  • "operationProperties": {
    },
  • "tags": [
    ]
}

Response samples

Content type
application/json
{}

Get ongoing passkey registration

The Get ongoing passkey registration operation returns the passkey registration object for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a passkey registration is in progress.

{}

Cancel ongoing passkey registration

The Cancel ongoing passkey registration operation allows you to cancel the ongoing passkey registration for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Passkey Authentication

The ReuseID passkey authentication API provides you with operations related to authentication and authorisation with passkeys.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Start Passkey authentication

The Start passkey authentication operation initiates a authentication using passkey.

Note:The operation response will contain the field idpRedirectUri. To start the passkey operation, the end-user's browser must be redirected to this URI.

Request Body schema: application/json
required
rpRedirectUri
string

The customer redirect URL where browser is redirect after finished passkey operation.

object (PasskeyAuthOperationPropertiesRequest)

Operation properties.

tags
Array of strings

Used to tag callback event to enable filtering.

Responses

Request samples

Content type
application/json
{
  • "rpRedirectUri": "https://www.customuserdomain.com",
  • "operationProperties": {
    },
  • "tags": [
    ]
}

Response samples

Content type
application/json
{}

Get ongoing passkey authentication

The Get ongoing passkey authentication operation returns the authentication object for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a passkey authentication is in progress.

{}

Cancel ongoing passkey authentication

The Cancel ongoing passkey authentication operation allows you to cancel the ongoing passkey authentication for a specified transaction ID (transactionId).

path Parameters
transactionId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Passkey management

The ReuseID passkey management API provides you with operations related to passkey management for ReuseID.

Note: The request and response samples are for illustrative purposes only, and discrepancies can occur between the sample values in request and response objects.

Useful information

All passkey management operations require a ReuseID user, identified by a user ID (userID).

Get passkey

The Get passkey returns the passkey object specified passkey ID (passkeyId).

path Parameters
passkeyId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the Passkey.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "id": "8812343d3-73c5-4bc6-bb5a-xde38089ce02",
  • "keyId": "M3NQdUxFLWJVaENKOVVXQlNjd2g2UQ",
  • "accountId": "a-sdge-UWPzmkeEVjkxJPkQtm0b",
  • "name": "myPassKeyName",
  • "publicKey": "pQECAyYgASFYIKX7DMSfoBbTydTaBdljbOWJQhfOd+HubLLKU5R1pwV1IlggxEg1nWI6fts1Q8ary2Qtz4Kwd6EAVpsR9BvPKvEXMxk=",
  • "domain": "acme.com",
  • "created": "2025-06-10T04:12:31.132Z",
  • "lastUsed": "2025-06-10T04:12:31.132Z",
  • "aaGuid": "ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4",
  • "userVerification": true,
  • "userPresence": true
}

Delete passkey

The Delete passkey operation deletes the passkey, specified by the passkey ID (passkeyId).

path Parameters
passkeyId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the Passkey.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Get passkey transactions

The Get passkey transactions returns the list of transactions for specified passkey ID (passkeyId).

path Parameters
passkeyId
required
string
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the Passkey.

query Parameters
userId
required
string
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the user (userId) that will carry out the operation, in a valid UUID format.

limit
string
Example: limit=10

An optional parameter that determines the number of objects (device transactions) that are shown on each page.

It must be a whole number ranging from 1 to 100.

If not provided, the the default value of 100 will be used.

offset
string
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

An optional parameter that determines the ID of the first transaction to include in the operation response, specified by the transaction ID (transactionId).

If not provided, then the result will start with the first transaction in the device history.

Responses

Response samples

Content type
application/json
{
  • "transactions": [
    ]
}