Skip to main content

Server release notes

2025

10.07.2025

End-of-life for passport scan

The MobileID passport scan feature that was deprecated on 30.10.2024 will be removed completely on 01.11.2025.

To replace this feature, you can use our ReuseID solution instead.

08.07.2025

MobileID API

Account recovery with server-side face authentication

Our Account recovery feature enables your end-users to recover their account when they have lost access to it, using your app.

We have now improved our account recovery feature by adding support for server-side face authentication.

This authentication method is:

  • More user-friendly, as there is no recovery code to remember.
  • More secure, as there is no recovery code which can be shared.

To retrieve information about how the account recovery was performed, the Get details of account recovery response has been extended with two new properties: recoveryMethod and recoveryStatus.

Want to learn more?

27.06.2025

MobileID API

Deprecated lock reason attribute

We have removed the lockReason attribute from the device object.

To get the lock reason, you must use the Get device endpoint in the MobileID Device management API. The lock reason is returned in the deviceDetails object, so you must use query parameter detailed=true.

Note

Although it is still possible to pass the lockReason attribute in the request body when using the Update device endpoint, it is no longer applied.

21.05.2025

MobileID API

Removed device name limitations

We have removed the character set limitations for the device name.

This means that there are no longer restrictions on what letters, digits or special characters the device name can contain or must start with.

Note

The device name must still not exceed the maximum character length.

01.04.2025

MobileID API, MobileID Admin API, Signicat Dashboard

Removed risk attribute

We have removed the obsolete risk attribute isUnknownSourcesEnabled. This means that:

  • The MobileID API can no longer return this in a response as a part of the riskAttributes object.
  • You can no longer set this risk attribute in the enabledRiskData in your application configuration with the MobileID Admin API or the Signicat Dashboard.
Want to learn more?

19.03.2025

Signicat Dashboard

Quick configuration in the Signicat Dashboard

On the Details page, we have added a button that allows you to quickly configure the Authenticator App for your account with a QR code.

To test it yourself, see the Details page!

12.03.2025

Signicat Dashboard

Try out MobileID in the Signicat Dashboard

It is now possible to try out MobileID in the Signicat Dashboard. On the new Try it out page, you can:

  • Install our Authenticator App on iOS or Android by scanning a QR code.
  • Scan a QR code to configure the app for your account.
  • Carry out registrations and authentications.
  • Manage your devices.

To test it yourself, see the Try it out page!

07.03.2025

Signicat Dashboard

Test MobileID as an eID in the Signicat Dashboard

It is now possible to test out MobileID as an eID with the Authorization Code Flow using the Signicat Dashboard.

To learn how to do this, see our MobileID Test it out documentation.

06.03.2025

Signicat Dashboard

Simplified configuration of face authentication feature

In this release, we have simplified the way in which you configure the face authentication feature for MobileID in the Signicat Dashboard.

What does this mean?

This means that you no longer have to enable/disable the feature using the Server-side face page. Now, you only need to configure it as an allowed authentication method.

To configure face authentication:

  1. Go to Signicat Dashboard > Products > Application behaviour, then select the Authentication tab.
  2. Use the check boxes to enable server-side face as an authentication method, then click Save.

To learn more about our face authentication feature, see our Face authentication feature documentation.

27.02.2025

MobileID Admin API

End-to-end (E2E) keys API extended

Our MobileID Admin End-to-end (E2E) keys API is extended with endpoints that allow you to create and manage your E2E keys.

You can read more about this in our MobileID Admin API reference documentation:

See all new endpoints

26.02.2025

MobileID API

Updated signature request parameter

From this release, the signature request parameter signedJwtCertificateOption no longer supports values SINGLE or CHAIN.

  • For backwards compatibility, you can still use this parameter with value NONE.
  • When this parameter is not passed in the signature request, the default value is still NONE.

To learn more about our signature operation, see our Signature feature documentation.

2024

19.12.2024

MobileID with Authorization Code Flow released

You can now access MobileID features using the OpenID Connect (OIDC) protocol with the Authorization Code Flow.

To learn more about this see our MobileID Authorization Code Flow documentation.

31.10.2024

Face authentication feature released

In this release, we have added a new authentication method in MobileID called Face Authentication.

This authentication method performs a biometric authentication that is verified on the server side, in addition to a Liveness check.

To learn more about our face authentication feature:

  • See our Face authentication feature documentation.
  • See our Application configuration feature documentation:
    • New property for enabling/disabling face authentication in the Face authentication section.
    • New allowed value for the allowedAuthMethods and allowedAuthMethodsForAuthAndActivate properties in the Application behaviour section.

30.10.2024

Passport scan is replaced by ReuseID

The MobileID Passport scan feature is now deprecated, and is replaced by our ReuseID solution.

What does this mean?
  • You can use ReuseID to perform ID document and biometric verification for either onboarding of users to MobileID or on existing MobileID users.
  • We will remove the APIs for starting a new passport scan on a MobileID user.
  • All previous passport scan processes will remain linked to the user.
  • The APIs used to fetch a full passport scan result will continue to be available.

22.10.2024

MobileID events

Added event for account recovery state change

In this release, we have added a new MobileID event which you can subscribe to, called Account recovery state change (account-recovery.state.change).

If subscribed, then you will receive this event whenever an account recovery is added or deleted by an end-user on their device.

Want to learn more?

You can learn more about MobileID events in the Events section of our MobileID API reference documentation.

17.10.2024

MobileID API

Risk Data

Previously, the MobileID authentication response only returned risk data if the operation completed successfully.

In this release, risk data is now also returned when the operation completes with an error status or is expired.

03.07.2024

MobileID API

Account recovery API added

Our MobileID API is extended with a new API for Account recovery.

The new Get details of account recovery endpoint allows you to fetch the details of an account recovery carried out for a device.

You can read more about this in our MobileID API reference documentation:

MobileID events

Added event for device state change

In this release, we have added a new MobileID event which you can subscribe to called Device state change (device.state.change).

You will receive this event whenever a device is deactivated or locked externally.

Example

If subscribed, then you will receive this event if a device is locked due to too many failed authentication attempts.

Want to learn more?

You can learn more about MobileID events in the Events section of our MobileID API reference documentation.

28.06.2024

Signicat Dashboard

Transaction statistics

MobileID is now updated with transaction statistics in the Signicat Dashboard.

On the new MobileID Overview page in the Signicat Dashboard, you can now view key statistics for your MobileID account, and visualise them in a graph. These statistics provide you with an activity overview of the following for the last 30 days:

  • Authentication count
  • Authentication success rate
  • Registration count
Improved usability

We have also improved the usability of MobileID in the Signicat Dashboard:

  • The page containing details about your MobileID account in the Signicat Dashboard is now called Details instead of Overview.
  • The Active devices and Active users statistics have now been moved to the new key statistics Overview page.

13.06.2024

MobileID API

Added field for requested user attributes

In this release, we have extended the operationProperties of registration, authentication and signature requests with a new field called requestedUserAttributes.

In this field, you can list the user attributes to be included in the response when the operation completes successfully.

You can read more about this in our MobileID API reference documentation:

See all extended endpoints

05.04.2024

MobileID CIBA

Added field for user and transaction segmentation

In this release, we have added a new claim called mobileid_user_segment.

This claim belongs to the mobileid_extra scope, and is returned in the ID token part of the token response.

This is an optional field configured on user accounts, which allows you to segment end-users and corresponding transactions. You can also use it for statistics.

To learn more about this, see MobileID claims in our MobileID CIBA documentation.

19.03.2024

MobileID API

Added field for user and transaction segmentation

In this release, we have extended all requests and responses containing user data with a new field called segment.

This is an optional field configured on user accounts, which allows you to segment end-users and corresponding transactions. You can also use it for statistics.

You can read more about this in our MobileID API reference documentation:

See all extended endpoints

08.03.2024

MobileID Admin API

Accounts API extended

Our MobileID Accounts API is extended with a new endpoint that allows you to change the state of your account.

You can read more about this in our MobileID Admin API reference documentation:

20.02.2024

MobileID Admin API

Implemented clean-up of inactive devices

In this release, we have implemented clean-up of inactive devices. This means that we will remove devices that have not be used for an extended period of time.

The default inactive period is set to 365 days, and starts from the time when the device was last used to carry out an operation.

If you want to change this value, you need to contact us by creating a support ticket in the Signicat Dashboard.

To see the value configured for your account, see clean-up of inactive devices in our application configuration feature documentation.

Updated values for activation code length

We have updated the minimum and default values for the application configuration property activationCodeLength:

  • The minimum length is now 6.
  • The default length is now 10.

To learn more about this, see application behaviour in our application configuration feature documentation.

13.02.2024

Signicat Dashboard

Updated MobileID with new features

In this release, we have updated MobileID with many new features in the Signicat Dashboard!

You can now configure:

  • Account recovery
  • App attestation
  • Application behaviour
  • Geofencing
  • Push messaging
  • Risk data

You can read about how to test MobileID out in our Quick start guide.

11.01.2024

MobileID API

User API

In our MobileID User API, we have now removed the previously deprecated Resolve external reference endpoint which used the HTTP GET method.

This means that you can now only use the newer Resolve external reference endpoint which uses the HTTP POST method.

Why have we done this?

You can read about why the previous endpoint was deprecated and improved in our 31.10.2023 release notes.

2023

04.12.2023

MobileID API

Authentication and signature responses extended

Responses for successfully completed MobileID authentication and signature operations are extended with a new field called clientData.

This field contains data that the client application has optionally passed at the time of the authentication, in the SDK startAuthentication call.

Device management API extended

Our MobileID Device management API is extended with a new set of endpoints that allow you to manage geofencing settings per device.

You can read more about this in our MobileID API reference documentation:

24.11.2023

MobileID available in the Signicat Dashboard

MobileID is now available in the Signicat Dashboard.

Here, you can:

  • Create an account to use with MobileID in a single click.
  • Find useful information about your MobileID account.
  • List signing certificates and public keys linked to your MobileID account.

You can read about how to test MobileID out in our Quick start guide.

20.11.2023

Geofencing feature released

Our new geofencing feature enables you to strengthen security for transactions by evaluating the current location of a device against a list of allowed regions.

If you have configured our geofencing feature in your application configuration, then you can now see the geofencing object as a part of the operation response.

To learn more about our geofencing feature:

16.11.2023

Default risk attributes

We now collect a set of default risk attributes for debugging purposes. This means that now, some risk data is always collected and returned, regardless of how your application configuration is configured.

You can find a list of what risk data is always enabled in the MobileID API reference documentation:

To learn more about risk data configuration:

09.11.2023

MobileID Admin API

Application configuration API added

Our MobileID Admin API is extended with a new API for Application configuration.

The new endpoints allow you to administer and manage your application configuration.

You can read more about this in our MobileID Admin API reference documentation:

APNs token API added

Our MobileID Admin API is extended with a new API for APNs tokens.

These new endpoints allow you to create and manage your Apple Push Notification service (APNs) tokens.

You can read more about this in our MobileID Admin API reference documentation:

31.10.2023

MobileID API

User API improved

Our MobileID User API is improved with a new endpoint to resolve the user ID based on an external reference.

Why have we done this?

The new endpoint improves security and flexibility, as the external reference is now passed in the JSON body when executing the operation.

In summary, we have:

  • Added a new Resolve external reference endpoint which uses the HTTP POST method.
  • Deprecated the existing Resolve external reference endpoint which uses the HTTP GET method.

You can read more about this in our MobileID API reference documentation:

25.10.2023

MobileID API

User API extended

Our MobileID User API is extended with a new endpoint that allows you to get device transactions for all of the end-user's devices.

You can read more about this in our MobileID API reference documentation:

06.10.2023

MobileID API

Device management API extended

Our MobileID Device Management API is extended with a new endpoint that allows you to get device transactions for an end-user's device.

You can read more about this in our MobileID API reference documentation:

Registration and Device management APIs improved

The length and character set for the device name is now validated.

You can read more about this in our MobileID API reference documentation:

05.05.2023

MobileID Admin API released

Our MobileID Admin API allows you to manage and administer your MobileID account.

To learn more about this API:

02.04.2023

Passport scan feature released

Our new passport scan feature allows you to validate the authenticity of an end-user's passport and collect passport attributes.

To learn more about our passport scan feature:

Last updated:
On this page