Test connections
This page describes how you can test an authentication with the Signicat Authentication REST API using Postman.
For testing purposes, this guide shows steps to complete a redirect flow using Norwegian BankID. However, you may easily adapt the instructions to test all the other eIDs available in the Signicat eID and Wallet Hub.
Additionally, you can find eID-specific test guides in the respect eID documentation.
We recommend you run test authentications by using a sandbox account.
Initial preparations
Before you can run a test authentication, make sure to complete the following configuration in the Signicat Dashboard.
If you are new to Signicat, we recommend you first read the Get started with Signicat page.
Add an eID
To add an eID to your Signicat account, do the following:
- In the Signicat Dashboard, navigate to Products > eID and Wallet Hub > eIDs.
- Click + Add new in the top right.
- Choose the eID from the list. Then, fill in any required configuration and click Add.
- Now, review that the eID is available and displayed as "Active" in the eIDs page.
Connect to the API
To learn how to connect to this API, follow steps 1-3 in the Connect to Signicat APIs Quick start guide.
Ensure that you set permission Authentication REST API for your API client.
Test with Postman
You can make calls to the Authentication REST API using our Postman collection.
Note that Postman is a tool for testing and learning about APIs. You should not rely on Postman in production.
1. Import the Postman collection
You can fork or import the Postman collection by clicking the button below:
To start using the Postman collection, do the following:
- Fork or import the Postman collection.
- Open Postman and select the Signicat Authentication REST API collection.
- In the Variables tab, edit the following variables:
baseURL: The base URL of the API. Set this to:https://api.signicat.com/auth/rest.oauth_scope: The scope. Set this to:signicat-api.oauth_client_id: The client ID of your API client. For example, this looks likedev-red-pin-123.oauth_client_secret: The client secret associated to your API client.oauth_url: The Authorisation URL. Set this to:https://api.signicat.com/auth/open/connect/token.
- Save your variables by clicking the save icon or pressing Ctrl+S.
Now, you are ready to obtain an access token.
2. Obtain an access token
To authorise requests to the API, you need to pass the access token in your request. To obtain the access token with the Postman collection, do the following:
- In the Postman collection, select the Authorization tab.
- Scroll to the bottom and select Get New Access Token.
- If the request is successful, review the Access Token and select Use Token.
You have now obtained the access token to authenticate to the API. When calling an API endpoint, you supply the access token in the HTTP Authorization header of your request.
Tokens have a default expiry date. If a token expires, repeat the steps above to request a new token.
3. Create an authentication session
This guide shows an example authentication with the redirect flow. We also supports other flow types. Learn more in the Authentication REST API documentation.
To begin an authentication flow, your application needs to build and direct the end-user to the authentication URL where the end-user can authenticate with their eID, such as Norwegian BankID.
To obtain the authentication URL, you send a POST request to the Create a new session endpoint with the appropriate parameters in the body of the request.
The body of the request might look like this:
{
"flow": "redirect",
"requestedAttributes": [
"IdpId",
"nin",
],
"callbackUrls": {
"success": "https://example.com/success",
"abort": "https://example.com/abort",
"error": "https://example.com/error"
},
"allowedProviders": [
"nbid"
],
}
To create the authentication URL in the Postman collection, do the following:
- In the left menu, expand the collection and select the Create a new session endpoint.
- Edit the Body of your request. For example, you can use the example above.
- In the endpoint window, select Send to send the request.
- In the response window, select the Body tab to view the response payload.
- Copy and paste the
authenticationUrlin your browser to start an authentication session with the eID. In this case, this is Norwegian BankID.
Example of response payload
{
"id": "181f6409-107b-4ad8-8bd1-3068b0bde9cf",
"accountId": "<SIGNICAT_ACCOUNT_ID>",
"authenticationUrl": "https://<YOUR_SIGNICAT_DOMAIN>/broker/sp/external-service/login?messageId=4998966e-78ff-114b-b528-d79d423790a1&transactionId=10e8eead-6fdb-c649-a626-fc7cf12d590e",
"status": "CREATED",
"callbackUrls": {
"success": "https://example.com:443/success?sessionId=181f6409-107b-4ad8-8bd1-3068b0bde9cf",
"abort": "https://example.com:443/abort?sessionId=181f6409-107b-4ad8-8bd1-3068b0bde9cf",
"error": "https://example.com:443/error?sessionId=181f6409-107b-4ad8-8bd1-3068b0bde9cf"
},
"allowedProviders": [
"nbid"
],
"language": "en",
"flow": "redirect",
"requestedAttributes": [
"idpId",
"nin",
],
"sessionLifetime": 1200,
"expiresAt": "2026-05-29T09:04:35.7543967+00:00"
}
When implementing login with the redirect flow, you should design your application to redirect the end-user to the authenticationUrl.
4. Authenticate with test users
You need a Norwegian BankID test user to complete the authentication. For example, you can use the following credentials:
Pre-generated test users for Norwegian BankID may become unavailable after a series of failed attempts. If this happens, you can generate more test users.
Once you have completed the authentication flow, you can retrieve the response from successful authentication.
5. Get the authentication results
When using the API, you can check the status of the authentication session at any stage. When the end-user authenticates successfully, you receive the user data attributes in the response. To do this:
- In the left menu, expand the id folder and open the Get session status endpoint.
- To check the session status, select Send. This sends an HTTP GET request using the session ID obtained from the Create a new session endpoint.
- Inspect the response in the Body tab of the response window.
If the authentication was successful ("status": "SUCCESS"), you find the end-user data attributes in the subject field.
{
"id": "9588dba1-f1f6-45f2-8f70-a25b6c3ed858",
"accountId": "<SIGNICAT_ACCOUNT_ID>",
"authenticationUrl": "https://<YOUR_SIGNICAT_DOMAIN>/broker/sp/external-service/login?messageId=1c5400f8-7933-3f49-8913-a4dd38754c75&transactionId=5291ae63-b355-464e-adc8-1c15363401ff",
"status": "SUCCESS",
"provider": "nbid",
"subject": {
"id": "bBl527R7ya3Xp...rQ0lXgh72uoRSnImM=",
"idpId": "9578-XXXX-4-243538",
"nin": {
"value": "01100844350",
"issuingCountry": "NO",
"type": "BIRTH"
}
},
"callbackUrls": {
"success": "https://example.com:443/success?sessionId=9588dba1-f1f6-45f2-8f70-a25b6c3ed858",
"abort": "https://example.com:443/abort?sessionId=9588dba1-f1f6-45f2-8f70-a25b6c3ed858",
"error": "https://example.com:443/error?sessionId=9588dba1-f1f6-45f2-8f70-a25b6c3ed858"
},
"loa": "high",
"allowedProviders": [
"nbid"
],
"language": "en",
"flow": "redirect",
"requestedAttributes": [
"idpId",
"nin"
],
"sessionLifetime": 1200,
"expiresAt": "2026-05-29T09:10:56.9541901+00:00"
}
You have now completed an authentication flow using the Authentication REST API.
Next steps
Learn more about the Authentication REST API and explore our eIDs documentation.