Developer Pages

# Account recovery

Page contents

# About account recovery

Our account recovery feature allows your end-user to recover their authentication credentials using two-factor authentication. The end-user can recover your app on the same or another device.

This enables your end-users to come back to your services, without the need to perform costly and time-consuming reactivations.

Example of account recovery with code click-to-zoom​​

# Example use cases

  • Your end-users can recover their account if their device has been lost, broken or stolen.
  • Your end-users can recover their account if they have deleted your application.

# How does account recovery work?

To be able to use our account recovery feature, it is required that:

  • You configure account recovery in the application configuration for your MobileID account. You can contact us at support@signicat.com to get help setting this up.
  • Your end-user's device has backup functionality enabled. This is enabled by default; the supported backup providers are Google Cloud and Apple iCloud.
  • Your end-user sets up account recovery in the app by executing the necessary steps as described in How to setup account recovery.

Once these steps have been performed, it will then be possible for the end-user to perform an account recovery when it is needed.

The end-user carries this out through the app, which executes the necessary steps for account recovery. ​

Note

All recovery-related SDK operations require a valid authorisation token.

# Token authorisation

When you are using our SDK APIs for account recovery, you need to provide a token to authorise this operation. An authorisation token is issued by our server and returned back to the app as a response when performing certain SDK operations.

To get a authorisation token, you have to specify what purpose you are going to use the token for in the finish operation in the SDK. The purpose can be either addOrUpdateRecovery or deleteRecovery.

You can request an authorisation token in the following SDK APIs:

  • finishActivation
  • finishAuthentication
  • finishAddOrUpdateRecovery
  • finishRecovery
  • finishDeleteRecovery

# How to set up account recovery

Account recovery can be set up either during the device registration, or it can be added to an existing registration. ​

# How to set up account recovery for new registrations

  1. The app performs a 'normal' registration flow using startActivation/finishActivation.
    • This yields a valid authentication token for the subsequent recovery operation.
  2. The app performs an add recovery flow using startAddRecovery/finishAddRecovery SDK API calls.
    • As a result, the recovery credentials are stored into files that can be backed up.
# Sequence diagram

The following sequence diagram illustrates account recovery being added to a new registration.

Sequence diagram showing account recovery being added to a new registration click-to-zoom

# How to add account recovery to existing registrations

  1. The app obtains a valid authentication token using startAuthentication/finishAuthentication.
  2. The app performs an add recovery flow using startAddRecovery/finishAddRecovery SDK API calls.
    • As a result, the recovery credentials are stored into files that can be backed up.
# Sequence diagram

The following sequence diagram illustrates account recovery being added to an existing registration.

Sequence diagram showing account recovery being added to an existing registration click-to-zoom

# Manage account recovery

Operations to update or delete an account recovery. ​

# How to update an account recovery

  1. The app obtains a valid authentication token using startAuthentication/finishAuthentication.
  2. The app performs startAddOrUpdateRecovery/finishAddOrUpdateRecovery SDK API calls. ​

# How to delete an account recovery

  1. The app obtains a valid authentication token using startAuthentication/finishAuthentication.
  2. The app performs startDeleteRecovery/finishDeleteRecovery SDK API calls. ​

# Perform account recovery

In order to perform the account recovery, the app restores the recovery files by calling startRecovery and finishRecovery.

The device ID (deviceID) that you use as a reference remains unchanged when the app is recovered.

Note

Once a recovery has been performed, it cannot be used again. Your end-users have to set up a new recovery on the device to be able to recover the next time.

# Sequence diagram

The following sequence diagram illustrates an account recovery being performed.

Sequence diagram showing an account recovery being performed click-to-zoom

# Obtaining account recovery information

You can use the MobileID REST API to get information about account recoveries and verify if account recovery is enabled for a specific device.

To do this, you can execute the Get device endpoint, which is a Device management operation.

See the Get device endpoint in our MobileID API reference documentation further details. ​

Note

Ensure that you are using the query parameter detailed=true to be able to see the detailed view of the device.

# Configuration options

Account recovery has to be enabled by updating your application configuration. Once it has been enabled, all devices that are using that application configuration will have the ability to perform the account recovery. ​

# Make changes to your configuration

MobileID's account recovery feature is configured in your application configuration.

To set up and make configuration changes to account recovery, send your preferences to us at support@signicat.com. We will update your application configuration for you.

Last updated: 11/04/2024 07:47 UTC

App attestation