Skip to main content

Migrating from Express

For the Signicat Digital Trust Platform (DTP), we have made the Signicat Authentication REST API more tightly integrated with the platform to take full advantage of its possibilities. However, we have taken care to make the migration from the old API in Express as seamless as possible.

Key differences

  • Authorization: DTP does not use the same access and identity and access management (IAM) control as Express.
  • Endpoints: The general flow is the same, but with minor differences.
  • Data models: The request and response objects have slightly different structures.
  • Encrypted responses: DTP does not sign encrypted responses.

In addition, there are some general differences between Express and DTP; the concept of organisations and accounts, eIDs, platform differences, etc. You can find more information about these concepts in the General information section.

Authorization

Signicat DTP features a richer and more powerful access and IAM control. Although technically different, it is practically similar as it is still using an OAuth2 client credentials flow.

The executive summary is that you will use a new token URL, a new client (client ID and client secret) and a different scope.

For more information on how to authorize, see Accessing Signicat API products.

Endpoints

We have made some minor changes to our endpoints, but the general structure remains much the same.

NameEndpointChange
Create sessionPOST /sessionsNew parameter, signicat-accountId.
Retrieve sessionGET /sessions/{id}New parameter, signicat-accountId.
List sessionsGET /sessions/{id}This endpoint has been deprecated.
Invalidate sessionGET /sessions/{id}This endpoint has been deprecated.
Deprecated endpoints

"List sessions" and "Invalidate session" have been deprecated because of a different way of treating non-permanent data in DTP. When a session expires in DTP (with sessionLifetime), it's completely deleted from our system. It's done this way to increase protection of PII and simplify data management.

Data models

We have improved the structure of the request and response objects to make them clearer and more concise.

Request

Old name (Express)New name (DTP)Comment
allowedProvidersallowedProvidersSame field name, but new values: ["nbid", "sbid"].
includerequestedAttributesNew field name and new values (see API specification for details).
redirectSettingsCallbackUrlsNew field name and new values: ["success", "abort", "error"].
-sessionLifetimeNew field (not required).
-themeIdNew field (not required).

Response

Old Name (Express)New Name (DTP)Comment
urlauthenticationUrlNew field name, but the same purpose.
statusstatusSame field name, but values are capitalized.
identitysubjectNew field name and new values: (see API specification for details).
identity.providerIdsubject.idpIdNew field name, but the same purpose. Field representing the user's unique ID from the eID provider.

Encrypted responses

Although it is possible to encrypt the response you receive from Signicat, DTP does not sign the response (with a digital signature). This means that you only need to decrypt the response, as explained in Encrypted responses from Signicat page.