Skip to main content
API docs by Redocly

Signicat ReuseID API reference (1.0)

Download OpenAPI specification:Download

  • Base URL: https://api.signicat.com/reuseid/core/
  • Documentation: See the ReuseID developer documentation.
  • Support: Create a support ticket in the Signicat Dashboard.

Introduction

The Signicat ReuseID API enables you to create, manage and authenticate your end-users securely across your entire digital ecosystem.

ReuseID supports two authentication methods:

  • MobileID: Strong customer authentication within a mobile app.
  • Passkeys: Passwordless, browser-based authentication.

This REST API uses the OAuth 2.0 protocol for authorisation. All request and response bodies are formatted in JSON.

Get started

1. Connect to this API

Before you can start making requests to this API, you need to learn how to connect to it. To do this, see the Connect to Signicat APIs Quick start guide.

2. Add an authentication product

You need to add the authentication product which can be MobileID and/or Passkeys. To do this, you can use the Signicat Dashboard by following the steps below.

Add Passkeys to your account

  1. Go to Signicat Dashboard > Products > MobileID.
  2. Click the Add MobileID button.

Add MobileID to your account

  1. Go to Signicat Dashboard > Products > Passkeys.
  2. From the left-side menu, select the Get started page.
  3. Click the + Add Passkeys to the account button.

3. Next steps

Success! You can now start making requests to the ReuseID API.

  1. For your ReuseID account, you can now create users.
  2. Each user can register one or more passkeys and/or devices.
  3. The passkeys and devices can be used to perform authentication and authorisation operations with your app.

To test it out, you can follow the steps in our quick start guides:

Using this API

Audit logs

Use the Signicat Audit logs service to see documented evidence of the sequence of activities that have affected a system.

  • Access it: Signicat Dashboard > Settings > Audit logs
  • For information generic to all Signicat audit logs, see the general Audit logs documentation.

Errors

When you make an API call to Signicat and an error occurs, you will receive a response message with an error code.

  • For errors generic to all Signicat APIs, see the general Error codes documentation.
  • For errors specific to ReuseID, see this Error codes documentation.

Events (callback)

Use the Signicat Events service to automatically receive information about when something happens in one of our services into your system.

Note: This is often referred to as callback.

  • Access it: Go to Signicat Dashboard > Settings > Events
  • For information generic to all Signicat events, see the general Events documentation.
  • For information specific to ReuseID, see this Events documentation.

Response headers

All ReuseID responses set the following headers:

Header name Description Type
X-TRACE-ID The unique identifier of the request in the tracing system. This makes it possible for us to trace the history of the request in detail. String

Common concepts

App Attest statuses

Possible values for the App Attest attestation status (appAttestStatus).

Status name Description
VERIFIED Attestation verification was successful
FAILED_CLIENT_APPLE_SERVER_UNAVAILABLE Attestation failed because the Apple App Attest server was unavailable.
FAILED_CLIENT_NOT_SUPPORTED Attestation failed because Apple App Attest is not supported on the device.
FAILED_CLIENT_UNEXPECTED_ERROR Attestation failed because of an unexpected error; you can find further details in the error message.
FAILED_CLIENT_TIMEOUT Attestation failed because the request took longer than the configured timeout.
FAILED_VALIDATION_EXCEPTION Validation of the attestation object failed because the integrity check failed.

Authentication levels

Possible values for the authentication level (authLevel).

Level name Description
ONE_FACTOR One factor authentication.
TWO_FACTOR Two factor authentication.

Authentication methods

Possible values for the authentication method (authMethod).

Method name Description
DEVICE Device.
DEVICE_PIN PIN code.
DEVICE_IOS_FACE_ID Face ID for iOS.
DEVICE_STRONG_TOUCH_ID Touch ID for iOS, where the registered fingerprints at activation time cannot be updated.
DEVICE_ANDROID_BIOMETRIC_PROMPT Biometric ID for Android.
DEVICE_SERVER_SIDE_FACE Server side face authentication.

Device registration modes

Possible values for the MobileID device registration mode (registrationMode).

Mode name Description
REGISTRATION Initiates a registration of a MobileID device.

Note: This is the default registration mode, which means that it is automatically used if no value is supplied.
RE_REGISTRATION Initiates a re-registration of a MobileID device.

In a re-registration, the end-user creates new login credentials for the same deviceId, instead of registering a new device.

Note: The end-user must use the same device that they were originally enrolled on.

Important: Re-registration should only be used if you have a requirement to retain the same deviceId. If you do not have this requirement, then we recommend that you use the normal registration mode.

Device states

Possible values for the Mobile device state (state).

State name Description
ACTIVE Represents a normal, successfully registered device.
LOCKED Represents a locked device.

Note: Devices in a locked state cannot perform any operations.
DELETED Represents a deleted device.

Geofencing client statuses

Possible values for the geofencing client status (clientStatus).

Status name Description
OK The country code was obtained.
LOCATION_NOT_ENABLED Either:
  • The location was not requested by the SDK.
  • The end-user declined access to location services for the SDK on their device.
LOCATION_TIMEOUT The device did not obtain a location within the configured accuracy before timeout.
LOCATION_MOCKED Android devices only

The location of the device was mocked.

This is based on the location methods isFromMockProvider() and isMock(), which indicate whether this location is marked as a mock location.

Note: To test faking the GPS location of the device, you can download and install a mock location app, then enable it in the Developer options on the device.
GEOCODER_NOT_SUPPORTED Android devices only

Geocoder is not supported on the device.
GEOCODER_NETWORK_ERROR Either:
  • The geocoder network or service is not available.
  • Too many requests have been made to the geocoder service (offered by Apple or Google), as it is rate-limited for each app.
GEOCODER_UNEXPECTED_ERROR An unexpected geocoder error occurred.
GEOCODER_TIMEOUT The geocoder call did not finish within time the limit.
GEOCODER_NO_RESULT_FOUND The reverse geocode request yielded an empty result for the current location.

Geofencing server boundary validation statuses

Possible values for the geofencing server boundary validation status (serverBoundaryValidation).

Status name Description
SUCCESS The evaluation of the country against the allowed region succeeded.
FAILURE The evaluation of the country against the allowed region failed.

Hardware-protected key client statuses

Possible values for the hardware-protected key client status (hwKeyClientStatus).

Status name Description Operation
OK_KEY_PROVIDED Activation of hardware-protected keys was successful on the client. Registration
OK_SIGNED_SUCCESS The authentication challenge was successfully signed with the hardware-protected key on the client. Authentication, Signature
INFO_NO_HARDWARE_SUPPORT The client device does not have Secure Enclave, or it is running in a simulator.

Note: This is only applicable for iOS.		 Registration
INFO_NO_OPERATING_SYSTEM_SUPPORT The client operating system does not support hardware-protected keys.

It is supported on:
  • Android 6 (most devices)
  • Android 7 or later (all devices)
  • iOS 10 or later (devices with Secure Enclave)
 Registration
INFO_NOT_ACTIVATED_WITH_HW_KEY The registration was not activated with hardware-protected keys support, because the device hardware does not support hardware crypto-protected keys. Authentication, Signature
ERR_KEY_GENERATION_FAILED There was an unexpected error during the generation of a keypair on the client. Registration
ERR_RETRIEVE_PUBLIC_KEY_FAILED There was an unexpected error retrieving the public key.

Note: This is only applicable for iOS.		 Registration
ERR_RETRIEVE_PRIVATE_KEY_REF_FAILED There was an unexpected error when retrieving the reference to the private key. Registration, Authentication, Signature
ERR_SIGN_OPERATION_FAILED There was an unexpected error when generating the signature. Registration, Authentication, Signature

Hardware-protected key server results

Possible values for the hardware-protected key server result (hwKeyServerResult).

Result name Description Validation strategy
SIGNATURE_VERIFICATION_SUCCESS Verification of the hardware-protected key signature was successful. The operation will be successful in both validation strategies (SUPPORTED, RISK_PARAMS).
SIGNATURE_VERIFICATION_FAILED Verification of the hardware-protected key signature failed. The operation will fail if using the SUPPORTED validation strategy.
NOT_ACTIVATED_WITH_HW_KEY The signature could not be verified because the registration was not activated with hardware-protected keys.

Note: This is only applicable for authentication.		 The operation will not fail, regardless of which validation strategy is used (SUPPORTED, RISK_PARAMS).
NOT_PROVIDED_BY_CLIENT The client is on an Encap version that does not support the hardware-protected keys feature.

Note: This is only applicable for registration.		 The operation will not fail, regardless of which validation strategy is used (SUPPORTED, RISK_PARAMS). The device will be activated without hardware-protected keys. The device will be able to perform all operations, but will not be able to use the hardware-protected keys feature.

To enable this feature, the client must use Encap version 3.8 or newer.

Lock reason

Possible values for the lock reason (lockReason).

Reason name Description
OPEN The device is unlocked.
DEVICE_OR_PIN_VERIFICATION_FAILED The device is locked due to a failed authentication, caused by use of the wrong device and/or a second-factor error (incorrect PIN code or biometrics).
LOCKED_BY_ADMIN The device is locked by administrative operation.
DEVICE_VERIFICATION_FAILED The device is locked due to a failed authentication with the wrong device.
PIN_VERIFICATION_FAILED The device is locked due to a failed authentication, caused by a second-factor error (incorrect PIN code or biometrics).
INCORRECT_SALT_KEY_ID The device is locked because it provided an incorrect Salt-key ID.
HW_KEY_VERIFICATION_FAILED The device is locked because it failed the verification of the hardware-protected key (the key provided was incorrect).
APPATTEST_VERIFICATION_FAILED The device is locked because it failed the verification of the App Attest attestation.
PLAYINTEGRITY_VERIFICATION_FAILED The device is locked because it failed the verification of the Play Integrity attestation.

Operation context maximum character lengths

The maximum character length that the operation context content (content) can be for the different ReuseID operations.

Property name Registration Authentication Signature
Pre-operation context content (content) Not applicable. 5000 characters. 20000 characters.
Post-operation context content (content) 5000 characters. 5000 characters. 5000 characters.

Operation error codes

Possible values for the operation error code.

MobileID

Error code name Description
AUTHORIZATION_TOKEN_VERIFICATION_FAILED The operation failed because authorisation token validation failed.
CALLBACK_FAILED The operation failed because the session callback failed. Legacy value from synchronous callback model.
CALLBACK_PROCESSING_ERROR The operation failed because of an error in the data sent from the client.
CANCELLED_APPATTEST_REQUIRED The operation failed because of missing App Attest attestation details.
CANCELLED_AUTH_METHOD_DEACTIVATED The operation failed because the session was cancelled by the device. The device started a deactivation of authentication method(s).
CANCELLED_BY_DEVICE The operation failed because the session was cancelled by the device.
CANCELLED_BY_SP The operation failed because the session was cancelled by the service provider.
CANCELLED_INTERMEDIATE_PUSH_REQUIRED The operation failed because of missing intermediate push attestation details.
CANCELLED_NEW_ACTIVATION The operation failed because the session was cancelled when a new activation was started.
CANCELLED_PERFORM_RECOVERY_STARTED The operation failed because the session was cancelled when recovery was started.
EXPIRED The operation failed because the session has expired.
FAILED_RECOVERY_DOES_NOT_EXIST The operation failed because the recovery does not exist.
GEOFENCING_FAILED The operation failed because the geofencing validation failed.
LOCKED_APPATTEST_VERIFICATION_FAILED The operation failed because the App Attest validation failed.
LOCKED_BY_ADMIN The operation failed because the device is locked by admin.
LOCKED_DEVICE_VERIFICATION_FAILED The operation failed because the device is locked by device verification.
LOCKED_HW_KEY_VERIFICATION_FAILED The operation failed because the device provided an incorrect signed challenge.
LOCKED_INCORRECT_SALT_KEY_ID The operation failed because the device is locked by incorrect Salt-key ID.
LOCKED_INTERMEDIATE_PUSH_VERIFICATION_FAILED The operation failed because the intermediate push attestation validation failed.
LOCKED_PERFORM_RECOVERY_FAILED The operation failed because the recovery is locked.
LOCKED_PIN_VERIFICATION_FAILED The operation failed because the device is locked by PIN verification.
LOCKED_PLAYINTEGRITY_VERIFICATION_FAILED The operation failed because the Play Integrity attestation validation failed.
LOCKED The operation failed because the device is locked.

Passkeys

Error code name Description
CANCELLED_BY_SP The operation failed because the session was cancelled by the service provider.
CANCELLED_BY_USER The operation failed because the session was cancelled by the end-user.
EXPIRED The operation failed because the session has expired.
FAILED_VERIFICATION The Passkeys service could not verify the passkey. There was an error in the interaction between the service and the browser.
INVALID_SEQUENCE_PARAMETERS The passkey received an unexpected call from the browser. This can occur if the end-ser refreshes the page during the operation.
MISSING_PASSKEY The end-user selected a passkey not found in the Passkeys service.

Note: This can happen if the passkey has been deleted from the service.
PASSKEY_DOES_NOT_EXIST The passkey could not be mapped to an existing end-user in this service.

Operation states

Possible values for the operation state (state).

Note: The state and the values that are returned in the response depend on the API call you are carrying out.

State name Description
PENDING The operation has been successfully initiated.

It is waiting for the device to complete the operation.
COMPLETED The operation has been completed.
FAILED The operation has failed.

The response contains an errorCode and an errorDescription which you can use to determine the cause of the error.

For more information, see Operation error codes for possible values.

Operation types

Possible values for the operation type.

Operation type Description
REGISTRATION The operation type is registration.
RE_REGISTRATION The operation type is re-registration.
AUTHENTICATION The operation type is authentication.
SIGNING The operation type is signing.
RECOVERY An existing recovery has been used to perform a recovery for a new device.
AUTH_AND_ACTIVATE An additional authentication method is activated for an existing device.
AUTH_AND_DEACTIVATE An authentication method is deactivated for an existing device.
ADD_OR_UPDATE_RECOVERY A recovery is set up for an existing device.

Passkey session timeout values

The allowed values that the passkey session timeout (sessionTimeout) can be, which vary depending on what is passed for the userVerification parameter.

  • The minimum allowed value is always 30000 milliseconds.
  • The maximum allowed value is shown in the table below.
  • The default value is shown in the table below.

Note: The default value is used if you do not pass a value for the passkey sessionTimeout.

User verification Session timeout values
When userVerification is set to required:
  • The default sessionTimeout value is 300000 milliseconds.
  • The maximum sessionTimeout value is 600000 milliseconds.
When userVerification is set to preferred:
  • The default sessionTimeout value is 300000 milliseconds.
  • The maximum sessionTimeout is value is 600000 milliseconds.
When userVerification is set to discouraged:
  • The default sessionTimeout value is 120000 milliseconds.
  • The maximum sessionTimeout value is 180000 milliseconds.

Note: For more information about userVerification values, see the Passkey user verification table.

Passkey user verification

Possible values for the passkey user verification (userVerification).

Value Description
required The authenticator must perform a user verification. If not, then the operation should fail.

Note: For example, this verification could be with biometrics or PIN.
preferred The authenticator should perform a user verification if available. If not, then the operation can still proceed.

Note: This is the default value.
discouraged The authenticator should not perform a user verification.

Play Integrity statuses

Possible values for the Play Integrity attestation status (playIntegrityStatus).

Status name Description
VERIFIED Attestation verification was successful
FAILED_INTEGRITY_CHECK Attestation failed because the integrity check failed.
FAILED_UNRECOGNIZED_PLAY_APP Attestation failed because the Google Play app is unrecognized.
FAILED_UNLICENSED_PLAY_APP Attestation failed because the Google Play app is unlicensed.
FAILED_INCORRECT_PACKAGE_NAME Attestation failed because of incorrect package name.
FAILED_INVALID_JWS Attestation failed because of invalid JWS format.
FAILED_CLIENT_API_FAILURE Attestation failed because Google Play Integrity returned an API exception.
FAILED_CLIENT_TIMEOUT Attestation failed due to request taking longer than the configured timeout.
FAILED_INCORRECT_NONCE Attestation failed because of incorrect nonce.
FAILED_MISSING_JWS Attestation failed because of missing JWS.
FAILED_MISSING_STATUS Attestation failed because of missing status returned from the client.
FAILED_INVALID_TIMESTAMP Attestation failed because the timestamp is not within the lifetime of the Encap server session.
FAILED_CLIENT_PLAY_SERVICES_OUT_OF_DATE Attestation failed due to client doesn't have Google Play or the version is too old.

Recovery methods

Possible values for the recovery method (recoveryMethod).

Recovery method Description
CLOUD_BACKUP_RECOVERY_CODE Recovery is based on cloud backup and a recovery key locked with a PIN.
CLOUD_BACKUP_SERVER_SIDE_FACE Recovery is based on cloud backup and a recovery key locked with server-side face authentication.

Recovery statuses

Possible values for the recovery status (recoveryStatus).

Status name Description
ACTIVATED Recovery has been set up for the device and is ready to be used.
DEACTIVATED Recovery has been deactivated.
RECOVERED Recovery has been used to recover the device.
LOCKED Recovery has been locked.

Risk attributes

The risk attributes that can be collected for the device (riskAttributes).

You can configure which attributes are collected in the application configuration. To learn more, see Risk data in the Application configuration feature documentation.

  • Risk attributes marked with Yes in the Always configured column are always collected, for debugging purposes.
  • Risk attributes marked with No in the Always configured column are only collected if configured in the application configuration.
  • The Platform column indicates whether the risk attribute is available for Android, iOS, or both.
Attribute name Type Description Always collected Platform
operatingSystemFingerprint String A fingerprint of the operating system. You can use this to detect whether the device is running a custom ROM or operating system. Yes Android
operatingSystemVersion String The operating system version of the mobile device.

Examples: 6.0.1, iOS 14.4		 Yes Android, iOS
inputMethod String The input method that was used to enter text in the application. You can use this to detect when a custom keyboard is being used on the device.

Note: See Create an input method in the Android developer documentation for details.		 No Android
isDebuggable Boolean Indicates whether the application running can be debugged using a source-level debugger, either by manifest entry or in an emulator.

Note: Looks for android:debuggable=true in the manifest.		 No Android
isDebugEnabled Boolean Indicates whether debug is enabled on the mobile device, either by the end-user setting (USB-debugging enabled) or when running in emulator (debugging enabled by default). No Android
isDebuggerConnected Boolean Indicates whether a debugger is connected to the application. No Android
isEmulator Boolean Indicates whether the application is running in an emulator. No Android
isRootAvailable Boolean Indicates whether or not the mobile device has been rooted/jailbroken.

Note: This value has to be passed to Encap using the setRiskParameter API.

If the application is using Promon Shield, then the callback value can be passed to Encap.		 No Android, iOS
isSecureScreenLockEnabled Boolean Indicates whether or not the mobile device has secure screen enabled.

Note: This indicates whether the end-user has enabled either biometric or passcode authentication for unlocking their mobile device.		 No Android, iOS
serverClientIp String The host address that the request originated from. It contains the value of the X-Forwarded-For (XFF) header from the request, and can contain multiple IP addresses depending on proxy and load balancers.

Note: If XFF is not present, we will use the remote address of the request. It can be either the IP of the client or the last proxy that sent the request.

It is specified by the value of the Common Gateway Interface (CGI) variable REMOTE_ADDR.		 No Android, iOS
signerHashes Base64 A SHA-256 hash of the public key, certificate, and application signer. If there are more signers, then each hash is comma-separated.

Note: You can use this to detect whether the application has been re-signed.		 No Android
userAgent String The HTTP User-Agent as reported from the mobile device application. No Android, iOS
deviceHash Base64 The SHA256 hash of the unique hardware device ID for the client device. Yes Android, iOS
deviceManufacturer String The manufacturer of the mobile device.

Examples: Samsung, Apple.		 Yes Android, iOS
deviceModel String The model name of the mobile device.

Examples: Nexus S, iPad2,2		 Yes Android, iOS
operatingSystemType String The operating system type of the mobile device.

Examples: Android, iOS		 Yes Android, iOS
applicationHash Base64 The SHA256 hash of the application name.

Note: The server can use this for detecting re-packaging.		 No Android, iOS
clientSideIp JSON An array containing the client network interfaces. This includes the type of the network and the IP address.

Note: The list can contain multiple interfaces if the end-user's device is connected to more than one at the time of the transaction.

Examples: [{"Type":"Cellular","IPAddress":"123.123.123.123"}, {"Type":"Wifi","IPAddress":"124.124.124.124"}]		 No Android, iOS
hwKeyClientStatus String The status of the hardware-protected key signature preformed by the Encap client SDK.

Note: See Hardware-protected key client statuses for possible values.		 No Android, iOS
hwKeyServerResult String The result of the hardware-protected key signature verification on the Encap server.

Note: See Hardware-protected key server results for possible values.		 No Android, iOS
batteryLevel Integer The battery level of the mobile device, given as a percentage. No Android, iOS
isPowerConnected Boolean Indicates whether or not the mobile device is being charged or is connected to a charger. No Android, iOS
timeZone String The current time zone setting of the device. Android, iOS
locale String The current locale or language setting of the device. Android, iOS
isDeveloperMode Boolean Indicates whether the developer settings are enabled on the device. Android
isOverlayDetected Boolean Indicates whether a screen overlay is detected on the device. Android
magnetometer JSON An array containing the magnetic field strength measurements with timestamp from the device's magnetometer sensor. iOS, Android
barometer JSON An array containing atmospheric pressure measurements with timestamp from the device's barometer sensor. iOS, Android
gravity JSON An array containing gravity force measurements with timestamp from the device's gravity sensor. iOS, Android
ssid Base64 Provides the name of the Wi-Fi network that the device is connected to. iOS, Android
bssid String Provides the MAC address of the Wi-Fi access point to which the device is connected to. iOS, Android
isVpnEnabled Boolean Indicates whether the mobile device is connected to a VPN. iOS, Android
isProxyEnabled Boolean Indicates whether the mobile device is connected to a HTTP/HTTPS proxy. iOS, Android

User states

Possible values for the ReuseID user state (state).

State name Description
ACTIVE Represents an active, successfully enrolled user.
LOCKED Represents a locked user.

Note: Users in a locked state cannot perform any operations.

User

You can use the User resource for operations related to creating, managing and retrieving information about ReuseID users.

Useful information

  • A user corresponds to one of your end-users in the ReuseID service.
  • When a user is created, we generate a valid UUID to identify it called a userId.
  • The userId is required for carrying out most ReuseID operations such as registration and authentication.

Create user

This operation creates an active ReuseID user.

Once a user is successfully created, they can then register MobileID devices and/or passkeys.

Request Body schema: application/json
required
externalRef
string
Default: ""

An identifier generated by you, that points to the userId generated by ReuseID.

Allowed values:

  • It must be unique in the scope of the account.
  • It cannot exceed the maximum character length of 128 characters.
segment
string
Default: ""

A parameter that allows you to segment ReuseID users and their corresponding transactions.

Allowed values:

  • It can have any value.
  • It cannot exceed the maximum character length of 128 characters.

Example: Group ReuseID users by country using country codes such as NO, SE, DK.

object
Default: ""

An object that allows you to add user attributes to the ReuseID user, given as key-value pairs.

Allowed values:

  • The keys can only start with a letter (a-z), digit or an underscore (_).
  • The keys can only contain digits, lowercase letters (a-z), or certain special characters (-._~:@).
  • The keys cannot exceed the maximum character length of 128 characters.
  • The values cannot exceed the maximum character length of 256 characters.

Example: They could contain contact information such as name, address and phone number.

property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "SE",
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "SE",
  • "id": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "created": "2022-08-23T12:28:57.123Z",
  • "state": "ACTIVE",
  • "attributes": {
    }
}

Get identity verifications for user

This operation returns a list of all identity verifications that a ReuseID user has carried out.

path Parameters
userId
required
string
Default: null
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

Add identity verification

This operation adds an entry to the list of identity verifications that a ReuseID user has carried out.

path Parameters
userId
required
string
Default: null
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
provider
required
string non-empty
Default: ""

The name of the provider that performed the identity verification.

Note: This should be the same as the provider used in the Create process request.

dossierId
required
string non-empty
Default: ""

The ID of the identity verification dossier, in a valid UUID format.

Note: You can obtain this from the Create dossier response body.

processId
required
string non-empty
Default: ""

The ID of the identity verification process, in a valid UUID format.

Note: You can obtain this from the Create process response body.

orchestrationId
required
string non-empty
Default: ""

The ID of the orchestration, used for workflow synchronisation, in a valid UUID format.

property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "provider": "signicatvideoid",
  • "dossierId": "66666666-1617-45a7-991d-785c2ad77111",
  • "processId": "88888888-1617-45a7-991d-785c2ad77222",
  • "orchestrationId": "7777777-1617-45a7-991d-785c2ad77111"
}

Response samples

Content type
application/json
{
  • "verificationId": "b477c7fc-93d0-4e9d-bc58-7444bc33ef12",
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "provider": "signicatvideoid",
  • "dossierId": "66666666-1617-45a7-991d-785c2ad77111",
  • "processId": "88888888-1617-45a7-991d-785c2ad77222",
  • "created": "2023-01-03T07:55:05.233Z",
  • "orchestrationId": "7777777-1617-45a7-991d-785c2ad77111"
}

Resolve external reference

This operation returns the userId for a ReuseID user that corresponds to the external reference that you specified.

Request Body schema: application/json
required
externalRef
required
string non-empty
Default: ""

An identifier generated by you, that points to the userId generated by ReuseID.

Allowed values:

  • It must be unique in the scope of the account.
  • It cannot exceed the maximum character length of 128 characters.
property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "externalRef": "Empl10300469"
}

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e"
}

Get user

This operation returns information about a ReuseID user.

path Parameters
userId
required
string
Default: null
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "SE",
  • "id": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "created": "2022-08-23T12:28:57.123Z",
  • "state": "ACTIVE",
  • "attributes": {
    }
}

Delete user

This operation deletes a ReuseID user.

Note: You can only delete users that have their state set to LOCKED. This means that you cannot delete ACTIVE users.

path Parameters
userId
required
string
Default: null
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{}

Update user

This operations updates the parameters of a ReuseID user such as the user attributes, user state and user segment.

How to update user attributes

  • To update user attributes, you must specify the key-value pairs that you want to add, update or remove.
  • If an attribute is not mentioned, then it stays the same.

To learn about the update logic, see the table below:

Action Description
Add new attribute If the attribute in the list does not exist, then the new attribute is added.
Update existing attribute If the attribute in the list already exists, then the existing attribute is updated (patched).
Remove existing attribute If the attribute in the list already exists and null is specified, then the existing attribute is removed.
No action If the attribute in the list does not exist and null is specified, then no action occurs.

To learn about how this works in practice, see the example below:

  1. The following attributes are set in the Create user operation:
{
    "externalRef":"test1",
    "attributes": {
        "abc": "123",
        "def": "456",
        "ghi": "789"
    }
}
  1. Next, the following attributes are set in the Update user operation:
{
    "abc": "example1",
    "xxx": "example2",
    "ghi": null
}
  1. As a result, the following attributes are returned:
{
    "abc": "example1",
    "def": "456",
    "xxx": "example2"
}
path Parameters
userId
required
string
Default: null
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
externalRef
string
Default: ""

An identifier generated by you, that points to the userId generated by ReuseID.

Allowed values:

  • It must be unique in the scope of the account.
  • It cannot exceed the maximum character length of 128 characters.
segment
string
Default: ""

A parameter that allows you to segment ReuseID users and their corresponding transactions.

Allowed values:

  • It can have any value.
  • It cannot exceed the maximum character length of 128 characters.

Example: Group ReuseID users by country using country codes such as NO, SE, DK.

state
string
Default: ""
Enum: "ACTIVE" "LOCKED"

The new state to set for the ReuseID user.

Allowed values:

  • An enum that must be either ACTIVE or LOCKED.
  • See the User states table.
object
Default: ""

An object that allows you to add user attributes to the ReuseID user, given as key-value pairs.

Allowed values:

  • The keys can only start with a letter (a-z), digit or an underscore (_).
  • The keys can only contain digits, lowercase letters (a-z), or certain special characters (-._~:@).
  • The keys cannot exceed the maximum character length of 128 characters.
  • The values cannot exceed the maximum character length of 256 characters.

Example: They could contain contact information such as name, address and phone number.

property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "segment": "NO",
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "externalRef": "Empl10300469",
  • "segment": "NO",
  • "id": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "created": "2021-01-21T22:47:27.123Z",
  • "lastUsed": "2021-01-21T22:47:27.123Z",
  • "state": "ACTIVE",
  • "attributes": {
    }
}

Get transactions for user

This operation returns a list of all transactions that a ReuseID user has carried out.

path Parameters
userId
required
string
Default: null
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

query Parameters
credentialType
required
string
Default: null
Example: credentialType=device

A required parameter that determines the credential type of the transactions that are returned for this operation.

Allowed values: It must be either device or passkey.

limit
string
Default: null
Example: limit=10

A parameter that determines the number of objects (transactions) that are shown on each page.

Allowed values:

  • It must be a whole number ranging from 1 to 100.
  • If no value is set, then the default value 100 is used.
offset
string
Default: null
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

A parameter that determines the first transaction to show in the operation response.

Allowed values:

  • You must specify this transaction using its transactionId.
  • If no value is set, then the result starts with the first transaction in the ReuseID user's history.

Responses

Response samples

Content type
application/json
{
  • "next": "/users/db4b1fc1-57fa-46fd-94c6-58aa2bd59d44/transactions?limit=3&offset=22c80f75-3d2e-41e1-a1dd-69050eaa17b5&credentialType=device",
  • "limit": 3,
  • "transactions": [
    ]
}

Get identity verification

This operation returns a specific identity verification that a ReuseID user has carried out.

path Parameters
userId
required
string
Default: null
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

verificationId
required
string
Default: null
Example: b477c7fc-93d0-4e9d-bc58-7444bc33ef12

The ID of the identity verification, in a valid UUID format.

Note: The verificationId is created when the identity verification is added.

Responses

Response samples

Content type
application/json
{
  • "verificationId": "b477c7fc-93d0-4e9d-bc58-7444bc33ef12",
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "provider": "signicatvideoid",
  • "dossierId": "66666666-1617-45a7-991d-785c2ad77111",
  • "processId": "88888888-1617-45a7-991d-785c2ad77222",
  • "created": "2023-01-03T07:55:05.233Z",
  • "orchestrationId": "7777777-1617-45a7-991d-785c2ad77111"
}

Delete identity verification

This operation deletes a specific identity verification that a ReuseID user has carried out.

path Parameters
userId
required
string
Default: null
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

verificationId
required
string
Default: null
Example: b477c7fc-93d0-4e9d-bc58-7444bc33ef12

The ID of the identity verification, in a valid UUID format.

Note: The verificationId is created when the identity verification is added.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Get credentials for user

This operation returns a list of all device and/or passkey credentials for a ReuseID user.

path Parameters
userId
required
string
Default: null
Example: 0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

query Parameters
credentialType
required
string
Default: null
Example: credentialType=device

A required parameter that determines the credential type of the transactions that are returned for this operation.

Allowed values: It must be either device or passkey.

limit
string
Default: null
Example: limit=10

A parameter that determines the number of objects (transactions) that are shown on each page.

Allowed values:

  • It must be a whole number ranging from 1 to 100.
  • If no value is set, then the default value 100 is used.
offset
string
Default: null
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

A parameter that determines the first transaction to show in the operation response.

Allowed values:

  • You must specify this transaction using its transactionId.
  • If no value is set, then the result starts with the first transaction in the ReuseID user's history.

Responses

Response samples

Content type
application/json
{
  • "next": "/users/db4b1fc1-57fa-46fd-94c6-58aa2bd59d44/credentials?credentialType=device&limit=3&offset=381007a5-56d6-48f2-a9f3-1f6b114b62b8",
  • "credentials": [
    ]
}

MobileID device registration

You can use the MobileID device registration resource for operations related to registering MobileID devices for your ReuseID users.

Useful information

  • A MobileID device registration operation is identified by its transactionId.
  • The transactionId can be used for subsequent operations such as to check the state of an ongoing registration or to cancel it.
  • Once a device is registered, it can be identified by its universally unique identifier (UUID) called a deviceId.
  • The deviceId is required for carrying out ReuseID operations such as authentication and signing on a specific device.

Start registration

This operation initiates a MobileID device registration or re-registration for a ReuseID user.

Request Body schema: application/json
required
userId
required
string non-empty
Default: ""

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

object (DeviceRegistrationRequest)
Default: ""

The device object, which contains the properties of the ReuseID user's device to be registered or re-registered:

  • When the registration mode is set to REGISTRATION, you can optionally supply this object.
  • When the registration mode is set to RE_REGISTRATION, you must supply this object.
tags
Array of strings
Default: ""

A parameter that can be used to add tags to the callback events, so that you can filter them.

object (RegistrationOperationPropertiesRequest)
Default: ""

An object used to configure the properties of the operation, which determines how it is carried out.

property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "operationProperties": {
    }
}

Response samples

Content type
application/json
{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2021-01-21T22:47:27.123Z",
  • "device": {
    },
  • "user": {
    }
}

Get state of ongoing registration

This operation returns the registration response for an ongoing MobileID device registration.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a registration is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2021-01-21T22:47:27.123Z",
  • "device": {
    },
  • "user": {
    }
}

Cancel ongoing registration

This operation cancels an ongoing MobileID device registration.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

MobileID device authentication

You can use the MobileID device authentication resource for operations related to authenticating and authorising with MobileID devices for your ReuseID users.

Useful information

  • A MobileID device authentication operation is identified by its transactionId.
  • The transactionId can be used for subsequent operations such as to check the state of an ongoing authentication or to cancel it.

Start authentication

This operation initiates a MobileID device authentication on a ReuseID user's device.

Request Body schema: application/json
required
userId
required
string non-empty
Default: ""

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

object (DeviceAuthSignRequest)
Default: ""

The device object, which contains the properties of the ReuseID user's device to be used for this operation.

  • If broadcast is not enabled, then you must supply this object.
  • If broadcast is enabled, then you do not need to supply this object.

Note: To learn more, see our Broadcast feature documentation and broadcast operation property.

tags
Array of strings
Default: ""

A parameter that can be used to add tags to the callback events, so that you can filter them.

object (AuthenticationOperationPropertiesRequest)
Default: ""

An object used to configure the properties of the operation, which determines how it is carried out.

property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
Example

The device is specified.

{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "operationProperties": {
    },
  • "tags": [
    ]
}

Response samples

Content type
application/json
Example

The device is specified.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:01:37.123Z",
  • "device": {
    },
  • "user": {
    },
  • "tags": [
    ]
}

Get state of ongoing authentication

This operation returns the authentication response for an ongoing MobileID device authentication.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when an authentication is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:01:37.123Z",
  • "device": {
    },
  • "user": {
    },
  • "tags": [
    ]
}

Cancel ongoing authentication

This operation cancels an ongoing MobileID device authentication.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

MobileID device signature

You can use the MobileID device signature resource for operations related to signing with MobileID devices for your ReuseID users.

Useful information

  • A MobileID device signature operation is identified by its transactionId.
  • The transactionId can be used for subsequent operations such as to check the state of an ongoing signing or to cancel it.

Start signing

This operation initiates a MobileID device signing on a ReuseID user's device.

Request Body schema: application/json
required
userId
required
string non-empty
Default: ""

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

object (DeviceAuthSignRequest)
Default: ""

The device object, which contains the properties of the ReuseID user's device to be used for this operation.

  • If broadcast is not enabled, then you must supply this object.
  • If broadcast is enabled, then you do not need to supply this object.

Note: To learn more, see our Broadcast feature documentation and broadcast operation property.

tags
Array of strings
Default: ""

A parameter that can be used to add tags to the callback events, so that you can filter them.

object (SignatureOperationPropertiesRequest)
Default: ""

An object used to configure the properties of the operation, which determines how it is carried out.

property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "userId": "0e99b25c-abde-4553-973b-8d94d49cd87e",
  • "device": {
    },
  • "operationProperties": {
    }
}

Response samples

Content type
application/json
{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:03:23.123Z",
  • "device": {
    },
  • "user": {
    }
}

Get state of ongoing signing

This operation returns the signing response for an ongoing MobileID device signing.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a signing is in progress.

{
  • "transactionId": "7daa489e-6b35-46ca-83a4-1bba2ea35f68",
  • "accountId": "a-sdge-Abcdefghijk123456789",
  • "state": "PENDING",
  • "operationProperties": {
    },
  • "created": "2022-08-19T06:03:23.123Z",
  • "device": {
    },
  • "user": {
    }
}

Cancel ongoing signing

This operation cancels an ongoing MobileID device signing.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{}

MobileID device management

You can use the MobileID device management resource for operations related to managing MobileID devices for your ReuseID users.

Useful information

All device management operations require both:

  • A ReuseID user, identified by their userId.
  • A registered MobileID device, identified by its deviceId.

Get recovery lock

This operation returns the lock status of the MobileID account recovery feature for a ReuseID user's device.

Note: If you enable account recovery in your application configuration, then recoveryLock is set to false by default. This means that the device can use account recovery.

path Parameters
deviceId
required
string
Default: null
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the ReuseID user's device, as returned when the device was registered.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "recoveryLock": false
}

Update recovery lock

This operation updates the lock status of the MobileID account recovery feature for a ReuseID user's device.

path Parameters
deviceId
required
string
Default: null
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the ReuseID user's device, as returned when the device was registered.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
recoveryLock
boolean
Default: false

A parameter that determines whether the recovery lock is activated, which can be used to lock the account recovery feature for a ReuseID user's device.

Example: When false, the account recovery feature is not locked for the ReuseID user's device and recovery operations can be performed.

property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "recoveryLock": true
}

Response samples

Content type
application/json
{
  • "recoveryLock": true
}

Get geofencing settings

This operation returns the geofencing configuration for a ReuseID user's device.

path Parameters
deviceId
required
string
Default: null
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the ReuseID user's device, as returned when the device was registered.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "mode": "OPTIONAL",
  • "allowedContinents": "EU",
  • "allowedCountries": "CT",
  • "deniedCountries": "RU"
}

Update geofencing settings

This operation updates the geofencing configuration for a ReuseID user's device.

path Parameters
deviceId
required
string
Default: null
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the ReuseID user's device, as returned when the device was registered.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
mode
string
Default: ""

The geofencing mode.

Allowed values: It can be either OFF, OPTIONAL, or REQUIRED.

allowedContinents
string
Default: ""

The continents where authentication is allowed for a specific device.

Allowed values:

  • Must be given in a two-letter continent code format, represented as AF, NA, OC, AN, AS, EU, and SA.
  • Must be formatted as a comma-separated list.
allowedCountries
string
Default: ""

The countries where authentication is allowed for a specific device.

Note: These countries are in addition to those covered by the allowed continents parameter.

Allowed values:

  • Must be given in an ISO 3166-1 alpha-2 two-letter country code format.
  • For a list of countries and corresponding codes, see the GeoNames website.
  • Must be formatted as a comma-separated list.
deniedCountries
string
Default: ""

The countries where authentication is not allowed for a specific device.

Note: These countries will be excluded from those covered by the allowed continents parameter.

Allowed values:

  • Must be given in an ISO 3166-1 alpha-2 two-letter country code format.
  • For a list of countries and corresponding codes, see the GeoNames website.
  • Must be formatted as a comma-separated list.
property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "mode": "OPTIONAL",
  • "allowedContinents": "EU",
  • "allowedCountries": "CT",
  • "deniedCountries": "RU"
}

Response samples

Content type
application/json
{
  • "mode": "OPTIONAL",
  • "allowedContinents": "EU",
  • "allowedCountries": "CT",
  • "deniedCountries": "RU"
}

Delete geofencing settings

This operation deletes the geofencing configuration for a ReuseID user's device.

path Parameters
deviceId
required
string
Default: null
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the ReuseID user's device, as returned when the device was registered.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{}

Get device

This operation returns information about a ReuseID user's device.

Note: To return a more extensive set of device information, you must set the detailed query parameter to true.

path Parameters
deviceId
required
string
Default: null
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the ReuseID user's device, as returned when the device was registered.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

detailed
boolean
Default: null
Example: detailed=true

A parameter that determines whether the deviceDetails object is returned in the response.

Note: To return this object, you must set this parameter to true.

Responses

Response samples

Content type
application/json
Example

The default response, when detailed is not set to 'true'.

{
  • "id": "20874199-f4d1-4e9d-86ee-dd4a46030acb",
  • "name": "sampleDevice",
  • "state": "ACTIVE",
  • "lastOperationType": "AUTHENTICATION",
  • "lastUsed": "2021-01-21T22:47:27.123Z",
  • "created": "2021-01-21T22:47:27.123Z"
}

Delete device

This operation deletes a ReuseID user's device.

path Parameters
deviceId
required
string
Default: null
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the ReuseID user's device, as returned when the device was registered.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{}

Update device

This operation updates the name and/or state of a ReuseID user's device.

path Parameters
deviceId
required
string
Default: null
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the ReuseID user's device, as returned when the device was registered.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Request Body schema: application/json
required
name
string
Default: ""

The new name to set for the ReuseID user's device. It cannot exceed the maximum character length of 128 characters.

state
string
Default: ""

The new state to set for the ReuseID user's device.

Allowed values:

  • An enum that must be either ACTIVE or LOCKED.
  • See the Device states table.
property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "name": "My New iPhone",
  • "state": "LOCKED"
}

Response samples

Content type
application/json
{
  • "id": "20874199-f4d1-4e9d-86ee-dd4a46030acb",
  • "name": "My New iPhone",
  • "state": "LOCKED",
  • "lastOperationType": "AUTHENTICATION",
  • "lastUsed": "2021-01-21T22:47:27.123Z",
  • "created": "2021-01-21T22:47:27.123Z"
}

Get device transactions

This operation returns a list of the transactions that a ReuseID user's device has carried out.

path Parameters
deviceId
required
string
Default: null
Example: 20874199-f4d1-4e9d-86ee-dd4a46030acb

The ID of the ReuseID user's device, as returned when the device was registered.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

limit
string
Default: null
Example: limit=10

A parameter that determines the number of objects (transactions) that are shown on each page.

Allowed values:

  • It must be a whole number ranging from 1 to 100.
  • If no value is set, then the default value 100 is used.
offset
string
Default: null
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

A parameter that determines the first transaction to show in the operation response.

Allowed values:

  • You must specify this transaction using its transactionId.
  • If no value is set, then the result starts with the first transaction in the ReuseID user's history.

Responses

Response samples

Content type
application/json
{
  • "previous": "/devices/d910994d-80b2-4125-a6b1-062b5b2f43ba/transactions?limit=1&offset=39277b72-53c2-4780-ad56-a8c8d8a33542&userId=6f29e1d4-6b36-4b80-9187-52dfc61c4a51",
  • "next": "/devices/7fd01f14-151b-48f4-9aa6-7cfa2140989e/transactions?limit=1&offset=a1c66944-e5e3-46e3-ba36-750622205ef3&userId=6f29e1d4-6b36-4b80-9187-52dfc61c4a51",
  • "limit": 1,
  • "transactions": [
    ]
}

MobileID account recovery

You can use the MobileID account recovery resource for operations related to MobileID account recovery for your ReuseID users.

Useful information

  • A MobileID account recovery operation is identified by its transactionId.
  • The transactionId can be used to get details about the recovery.

Get details of account recovery

This operation returns information about a recovery that a ReuseID user carried out for a specific device.

How to get the transaction ID

To get the transactionId required for the operation request, you need to do the following steps:

  1. Use the Get device transactions endpoint to see all device transactions for a specified device.
  2. Look for transactions with operationType returned as RECOVERY.
  3. Locate the transactionId in this response.
path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json

Sample response when account recovery has been completed successfully.

{
  • "transactionId": "a75064fe-c528-478d-81d3-0a7b404b84b9",
  • "accountId": "a-ppge-abcd1234ABCDxxxxxxx",
  • "state": "COMPLETED",
  • "device": {
    },
  • "user": {
    },
  • "created": "2024-06-25T06:18:23.000UTC",
  • "operationProperties": {
    },
  • "riskAttributes": [
    ],
  • "recoveryMethod": "CLOUD_BACKUP_SERVER_SIDE_FACE",
  • "recoveryStatus": "RECOVERED"
}

Passkey registration

You can use the Passkey registration resource for operations related to registering passkeys for your ReuseID users.

Useful information

  • A passkey registration operation is identified by its transactionId.
  • The transactionId can be used for subsequent operations such as to check the state of an ongoing passkey registration or to cancel it.

Start passkey registration

This operation initiates a passkey registration valid for the given domain, for a ReuseID user.

How to add a passkey name and display name

During this operation, we attempt to retrieve the following user attributes from the ReuseID user:

  • passkeys-name
  • passkeys-displayname

If they do exist, then they are used as the name and displayName respectively when creating the passkey.

Depending on the passkey provider that the ReuseID user is using, these may be displayed in the overlays to help identify the passkey during registration and authentication operations.

If they do not exist, then the userId supplied in the request is used instead when creating the passkey.

Note: To add these user attributes to a user, you can use the Update user endpoint.

Request Body schema: application/json
required
string
Default: ""

Responses

Request samples

Content type
application/json
{
  • "rpRedirectUri": "https://customerdomain.com/final",
  • "userId": "8710745d-18bd-441d-91f8-44fd040323a9",
  • "passkey": {
    },
  • "operationProperties": {
    },
  • "tags": [
    ]
}

Response samples

Content type
application/json
{}

Get ongoing passkey registration

This operation returns the registration response for an ongoing passkey registration.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a passkey registration is in progress.

{}

Cancel ongoing passkey registration

This operation cancels an ongoing passkey registration.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Passkey authentication

You can use the Passkey authentication resource for operations related to authenticating and authorising with passkeys for your ReuseID users.

Useful information

  • A passkey authentication operation is identified by its transactionId.
  • The transactionId can be used for subsequent operations such as to check the state of an ongoing passkey registration or to cancel it.

Start Passkey authentication

This operation initiates a passkey authentication for a ReuseID user.

Request Body schema: application/json
required
rpRedirectUri
string
Default: ""

Your redirect URI, where the ReuseID user's browser is redirected to after the passkey operation is completed.

object (PasskeyAuthOperationPropertiesRequest)
Default: ""

An object used to configure the properties of the operation, which determines how it is carried out.

tags
Array of strings
Default: ""

A parameter that can be used to add tags to the callback events, so that you can filter them.

property name*
additional property
any
Default: ""

Responses

Request samples

Content type
application/json
{
  • "rpRedirectUri": "https://www.customuserdomain.com",
  • "operationProperties": {
    },
  • "tags": [
    ]
}

Response samples

Content type
application/json
{}

Get ongoing passkey authentication

This operation returns the authentication response for an ongoing passkey registration.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
Example

Response sample of when a passkey authentication is in progress.

{}

Cancel ongoing passkey authentication

This operation cancels an ongoing passkey authentication.

path Parameters
transactionId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the transaction.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Passkey management

You can use the Passkey management resource for operations related to managing passkeys for your ReuseID users.

Useful information

All passkey management operations require both:

  • A ReuseID user, identified by their userId.
  • A registered passkey, identified by its passkeyId.

Get passkey

This operation returns the passkey object, which contains information about a ReuseID user's passkey.

path Parameters
passkeyId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the ReuseID user's passkey.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "id": "8812343d3-73c5-4bc6-bb5a-xde38089ce02",
  • "keyId": "M3NQdUxFLWJVaENKOVVXQlNjd2g2UQ",
  • "accountId": "a-sdge-UWPzmkeEVjkxJPkQtm0b",
  • "name": "myPassKeyName",
  • "publicKey": "pQECAyYgASFYIKX7DMSfoBbTydTaBdljbOWJQhfOd+HubLLKU5R1pwV1IlggxEg1nWI6fts1Q8ary2Qtz4Kwd6EAVpsR9BvPKvEXMxk=",
  • "domain": "acme.com",
  • "created": "2025-06-10T04:12:31.132Z",
  • "lastUsed": "2025-06-10T04:12:31.132Z",
  • "aaGuid": "ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4",
  • "userVerification": true,
  • "userPresence": true
}

Delete passkey

This operation deletes a ReuseID user's passkey.

path Parameters
passkeyId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the ReuseID user's passkey.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

Responses

Response samples

Content type
application/json
{
  • "code": "missing_permission",
  • "detail": "The subject with ID 'dev-ghastly-thread-446' does not have the required permission 'reuseid:user:read' on the target resource 'a-sdge-c2z0wgHkZjpBnS7uB621'",
  • "status": 403,
  • "traceId": "4bf239c088089f2bca77d3a413909f1c",
  • "title": "You do not have the required permission to perform this operation on the target resource",
  • "type": "https://developer.signicat.com/errors?code=missing_permission"
}

Get passkey transactions

This operation returns a list of the transactions that a ReuseID user's passkey has carried out.

path Parameters
passkeyId
required
string
Default: null
Example: 7daa489e-6b35-46ca-83a4-1bba2ea35f68

The ID of the ReuseID user's passkey.

query Parameters
userId
required
string
Default: null
Example: userId=0e99b25c-abde-4553-973b-8d94d49cd87e

The ID of the ReuseID user that will carry out the operation, in a valid UUID format.

limit
string
Default: null
Example: limit=10

A parameter that determines the number of objects (transactions) that are shown on each page.

Allowed values:

  • It must be a whole number ranging from 1 to 100.
  • If no value is set, then the default value 100 is used.
offset
string
Default: null
Example: offset=0e99b25c-abde-4553-973b-8d94d49cd87e

A parameter that determines the first transaction to show in the operation response.

Allowed values:

  • You must specify this transaction using its transactionId.
  • If no value is set, then the result starts with the first transaction in the ReuseID user's history.

Responses

Response samples

Content type
application/json
{
  • "transactions": [
    ]
}