Skip to main content

MobileID service

Follow the release notes on this page for the latest updates.

2026

21.04.2026

Signicat Dashboard

Device statistics in the Signicat Dashboard

It is now possible to view device statistics in the Signicat Dashboard, for your active MobileID devices.

What is an active MobileID device?

A MobileID device is active if it has performed at least one operation in the last six months.

On this new page, you can find the following information:

  • Distribution of devices by SDK version and platform
  • Device OS version
  • Device manufacturer
  • Device model

To test it yourself, see the Statistics page in the Signicat Dashboard!

2025

11.11.2025

Removed passport scan feature

We have now completely removed the MobileID passport scan feature, that was deprecated on 30.10.2024.

To replace this feature, you can use our ReuseID solution instead.

What is ReuseID?

Our ReuseID solution allows you to perform ID document and biometric verification for either onboarding end-users to MobileID or existing MobileID users.

03.11.2025

MobileID API, MobileID Admin API, Signicat Dashboard

New risk data attributes

We have extended the set of device risk attributes that can be collected during a transaction. These attributes give you a deeper insight into the state of the device at the time of use:

CategoryDescription
Sensor insightsThese attributes give you access to motion and environmental sensor data, to support advanced behavioural or situational analysis: magnetometer, gravity, barometer.
Network contextThese attributes enable you to evaluate the trust level of the network connection and identify potential spoofing or untrusted Wi-Fi environments: ssid, bssid, isVpnEnabled, isProxyEnabled.
Device integrityThese attributes enable you to detect signs of tampering or unsafe configurations that may indicate a compromised device: isDeveloperMode, isOverlayDetected.
Locale & environmentThese attributes enable you to gain better understanding of the end-user's regional context and time-based patterns for anomaly detection: timeZone, locale.

To collect these new risk attributes, you need to both:

  • Upgrade your mobile app to use version 3.21 of our SDK.
  • Enable them using the MobileID risk data feature in the Signicat Dashboard.

 

Want to learn more?

To learn more about the new risk attributes, see the Risk attributes table in the Common concepts of our MobileID API reference documentation.

28.10.2025

MobileID API

Recovery method name change

To have a consistent naming scheme, we have changed the name of recovery method CLOUD_BACKUP to CLOUD_BACKUP_RECOVERY_CODE.

To learn more, see our MobileID API reference documentation:

Concurrency improvements

We have improved the database lock handling so that multiple concurrent requests for the same device get a proper error message, instead of an HTTP 500 error.

To learn more, see our MobileID API reference documentation:

Audit logs

Renamed audit event types

We have rewritten most event type names to make them more readable. They now follow a general pattern of ORIGIN_ACTION_EVENT.

To see all changes, together with the previous naming scheme, see the Signicat developer documentation.

Purpose field removed

We have removed the purpose field, as the purpose is already a part of the event type name.

28.08.2025

MobileID API

Deprecated endpoint for 'User' resource

We have deprecated the Get proofings for user endpoint for the User resource in the MobileID API. This endpoint will be completely removed in the near future.

01.08.2025

MobileID API

Removed endpoint for 'Passport scan' resource

We have removed the Get full final result of the passport scan endpoint for the Passport scan resource in the MobileID API.

If you need to get the full final result of an executed passport scan, then you can contact us by creating a support ticket in the Signicat Dashboard.

10.07.2025

End-of-life for passport scan feature

The MobileID passport scan feature that was deprecated on 30.10.2024 will be removed completely on 01.11.2025.

To replace this feature, you can use our ReuseID solution instead.

08.07.2025

MobileID API

Account recovery with server-side face authentication

Our Account recovery feature enables your end-users to recover their account when they have lost access to it, using your app.

We have now improved our account recovery feature by adding support for server-side face authentication.

This authentication method is:

  • More user-friendly, as there is no recovery code to remember.
  • More secure, as there is no recovery code which can be shared.

To retrieve information about how the account recovery was performed, the Get details of account recovery response has been extended with two new properties: recoveryMethod and recoveryStatus.

Want to learn more?

27.06.2025

MobileID API

Deprecated lock reason attribute

We have removed the lockReason attribute from the device object.

To get the lock reason, you must use the Get device endpoint in the MobileID Device management API. The lock reason is returned in the deviceDetails object, so you must use query parameter detailed=true.

Note

Although it is still possible to pass the lockReason attribute in the request body when using the Update device endpoint, it is no longer applied.

21.05.2025

MobileID API

Removed device name limitations

We have removed the character set limitations for the device name.

This means that there are no longer restrictions on what letters, digits or special characters the device name can contain or must start with.

Note

The device name must still not exceed the maximum character length.

01.04.2025

MobileID API, MobileID Admin API, Signicat Dashboard

Removed risk attribute

We have removed the obsolete risk attribute isUnknownSourcesEnabled. This means that:

  • The MobileID API can no longer return this in a response as a part of the riskAttributes object.
  • You can no longer set this risk attribute in the enabledRiskData in your application configuration with the MobileID Admin API or the Signicat Dashboard.
Want to learn more?

19.03.2025

Signicat Dashboard

Quick configuration in the Signicat Dashboard

On the Details page, we have added a button that allows you to quickly configure the Authenticator App for your account with a QR code.

To test it yourself, see the Details page!

12.03.2025

Signicat Dashboard

Try out MobileID in the Signicat Dashboard

It is now possible to try out MobileID in the Signicat Dashboard. On the new Try it out page, you can:

  • Install our Authenticator App on iOS or Android by scanning a QR code.
  • Scan a QR code to configure the app for your account.
  • Carry out registrations and authentications.
  • Manage your devices.

To test it yourself, see the Try it out page!

07.03.2025

Signicat Dashboard

Test MobileID as an eID in the Signicat Dashboard

It is now possible to test out MobileID as an eID with the Authorization Code Flow using the Signicat Dashboard.

To learn how to do this, see our MobileID Test it out documentation.

06.03.2025

Signicat Dashboard

Simplified configuration of face authentication feature

In this release, we have simplified the way in which you configure the face authentication feature for MobileID in the Signicat Dashboard.

What does this mean?

This means that you no longer have to enable/disable the feature using the Server-side face page. Now, you only need to configure it as an allowed authentication method.

To configure face authentication:

  1. Go to Signicat Dashboard > Products > Application behaviour, then select the Authentication tab.
  2. Use the check boxes to enable server-side face as an authentication method, then click Save.

To learn more about our face authentication feature, see our Face authentication feature documentation.

27.02.2025

MobileID Admin API

End-to-end (E2E) keys API extended

Our MobileID Admin End-to-end (E2E) keys API is extended with endpoints that allow you to create and manage your E2E keys.

You can read more about this in our MobileID Admin API reference documentation:

See all new endpoints

26.02.2025

MobileID API

Updated signature request parameter

From this release, the signature request parameter signedJwtCertificateOption no longer supports values SINGLE or CHAIN.

  • For backwards compatibility, you can still use this parameter with value NONE.
  • When this parameter is not passed in the signature request, the default value is still NONE.

To learn more about our signature operation, see our Signature feature documentation.

2024

19.12.2024

MobileID with Authorization Code Flow released

You can now access MobileID features using the OpenID Connect (OIDC) protocol with the Authorization Code Flow.

To learn more about this see our MobileID Authorization Code Flow documentation.

31.10.2024

Face authentication feature released

In this release, we have added a new authentication method in MobileID called Face Authentication.

This authentication method performs a biometric authentication that is verified on the server side, in addition to a Liveness check.

To learn more about our face authentication feature:

  • See our Face authentication feature documentation.
  • See our Application configuration feature documentation:
    • New property for enabling/disabling face authentication in the Face authentication section.
    • New allowed value for the allowedAuthMethods and allowedAuthMethodsForAuthAndActivate properties in the Application behaviour section.

30.10.2024

Passport scan is replaced by ReuseID

The MobileID Passport scan feature is now deprecated, and is replaced by our ReuseID solution.

What does this mean?
  • You can use ReuseID to perform ID document and biometric verification for either onboarding of users to MobileID or on existing MobileID users.
  • We will remove the APIs for starting a new passport scan on a MobileID user.
  • All previous passport scan processes will remain linked to the user.
  • The APIs used to fetch a full passport scan result will continue to be available.

22.10.2024

MobileID events

Added event for account recovery state change

In this release, we have added a new MobileID event which you can subscribe to, called Account recovery state change (account-recovery.state.change).

If subscribed, then you will receive this event whenever an account recovery is added or deleted by an end-user on their device.

Want to learn more?

You can learn more about MobileID events in the Events section of our MobileID API reference documentation.

17.10.2024

MobileID API

Risk Data

Previously, the MobileID authentication response only returned risk data if the operation completed successfully.

In this release, risk data is now also returned when the operation completes with an error status or is expired.

03.07.2024

MobileID API

Account recovery API added

Our MobileID API is extended with a new API for Account recovery.

The new Get details of account recovery endpoint allows you to fetch the details of an account recovery carried out for a device.

You can read more about this in our MobileID API reference documentation:

MobileID events

Added event for device state change

In this release, we have added a new MobileID event which you can subscribe to called Device state change (device.state.change).

You will receive this event whenever a device is deactivated or locked externally.

Example

If subscribed, then you will receive this event if a device is locked due to too many failed authentication attempts.

Want to learn more?

You can learn more about MobileID events in the Events section of our MobileID API reference documentation.

28.06.2024

Signicat Dashboard

Transaction statistics

MobileID is now updated with transaction statistics in the Signicat Dashboard.

On the new MobileID Overview page in the Signicat Dashboard, you can now view key statistics for your MobileID account, and visualise them in a graph. These statistics provide you with an activity overview of the following for the last 30 days:

  • Authentication count
  • Authentication success rate
  • Registration count
Improved usability

We have also improved the usability of MobileID in the Signicat Dashboard:

  • The page containing details about your MobileID account in the Signicat Dashboard is now called Details instead of Overview.
  • The Active devices and Active users statistics have now been moved to the new key statistics Overview page.

13.06.2024

MobileID API

Added field for requested user attributes

In this release, we have extended the operationProperties of registration, authentication and signature requests with a new field called requestedUserAttributes.

In this field, you can list the user attributes to be included in the response when the operation completes successfully.

You can read more about this in our MobileID API reference documentation:

See all extended endpoints

05.04.2024

MobileID CIBA

Added field for user and transaction segmentation

In this release, we have added a new claim called mobileid_user_segment.

This claim belongs to the mobileid_extra scope, and is returned in the ID token part of the token response.

This is an optional field configured on user accounts, which allows you to segment end-users and corresponding transactions. You can also use it for statistics.

To learn more about this, see MobileID extra scope claims in our MobileID CIBA documentation.

19.03.2024

MobileID API

Added field for user and transaction segmentation

In this release, we have extended all requests and responses containing user data with a new field called segment.

This is an optional field configured on user accounts, which allows you to segment end-users and corresponding transactions. You can also use it for statistics.

You can read more about this in our MobileID API reference documentation:

See all extended endpoints

08.03.2024

MobileID Admin API

Accounts API extended

Our MobileID Accounts API is extended with a new endpoint that allows you to change the state of your account.

You can read more about this in our MobileID Admin API reference documentation:

20.02.2024

MobileID Admin API

Implemented cleanup of inactive devices

In this release, we have implemented cleanup of inactive devices. This means that we remove devices that have not be used for an extended period of time.

The default inactive period is set to 365 days; this starts from the time when the device was last used to carry out an operation.

  • To see the value configured for your account, see the Details page in the Signicat Dashboard.
  • To change this value, you need to contact us by creating a support ticket in the Signicat Dashboard.
Want to learn more?

To learn more, see the Cleanup of inactive devices section in our Application configuration feature documentation.

Updated values for activation code length

We have updated the minimum and default values for the application configuration property activationCodeLength:

  • The minimum length is now 6.
  • The default length is now 10.

To learn more about this, see the Application behaviour section in our Application configuration feature documentation.

13.02.2024

Signicat Dashboard

Updated MobileID with new features

In this release, we have updated MobileID with many new features in the Signicat Dashboard!

You can now configure:

  • Account recovery
  • App attestation
  • Application behaviour
  • Geofencing
  • Push messaging
  • Risk data

You can read about how to test MobileID out in our Quick start guide.

11.01.2024

MobileID API

User API

In our MobileID User API, we have now removed the previously deprecated Resolve external reference endpoint which used the HTTP GET method.

This means that you can now only use the newer Resolve external reference endpoint which uses the HTTP POST method.

Why have we done this?

You can read about why the previous endpoint was deprecated and improved in our 31.10.2023 release notes.

2023

04.12.2023

MobileID API

Authentication and signature responses extended

Responses for successfully completed MobileID authentication and signature operations are extended with a new field called clientData.

This field contains data that the client application has optionally passed at the time of the authentication, in the SDK startAuthentication call.

Device management API extended

Our MobileID Device management API is extended with a new set of endpoints that allow you to manage geofencing settings per device.

You can read more about this in our MobileID API reference documentation:

24.11.2023

MobileID available in the Signicat Dashboard

MobileID is now available in the Signicat Dashboard.

Here, you can:

  • Create an account to use with MobileID in a single click.
  • Find useful information about your MobileID account.
  • List signing certificates and public keys linked to your MobileID account.

You can read about how to test MobileID out in our Quick start guide.

20.11.2023

Geofencing feature released

Our new geofencing feature enables you to strengthen security for transactions by evaluating the current location of a device against a list of allowed regions.

If you have configured our geofencing feature in your application configuration, then you can now see the geofencing object as a part of the operation response.

To learn more about our geofencing feature:

16.11.2023

Default risk attributes

We now collect a set of default risk attributes for debugging purposes. This means that now, some risk data is always collected and returned, regardless of how your application configuration is configured.

You can find a list of what risk data is always enabled in the MobileID API reference documentation:

To learn more about risk data:

  • See the Risk data section in our Application configuration feature documentation.

09.11.2023

MobileID Admin API

Application configuration API added

Our MobileID Admin API is extended with a new API for Application configuration.

The new endpoints allow you to administer and manage your application configuration.

You can read more about this in our MobileID Admin API reference documentation:

APNs token API added

Our MobileID Admin API is extended with a new API for APNs tokens.

These new endpoints allow you to create and manage your Apple Push Notification service (APNs) tokens.

You can read more about this in our MobileID Admin API reference documentation:

31.10.2023

MobileID API

User API improved

Our MobileID User API is improved with a new endpoint to resolve the user ID based on an external reference.

Why have we done this?

The new endpoint improves security and flexibility, as the external reference is now passed in the JSON body when executing the operation.

In summary, we have:

  • Added a new Resolve external reference endpoint which uses the HTTP POST method.
  • Deprecated the existing Resolve external reference endpoint which uses the HTTP GET method.

You can read more about this in our MobileID API reference documentation:

25.10.2023

MobileID API

User API extended

Our MobileID User API is extended with a new endpoint that allows you to get device transactions for all of the end-user's devices.

You can read more about this in our MobileID API reference documentation:

06.10.2023

MobileID API

Device management API extended

Our MobileID Device Management API is extended with a new endpoint that allows you to get device transactions for an end-user's device.

You can read more about this in our MobileID API reference documentation:

Registration and Device management APIs improved

The length and character set for the device name is now validated.

You can read more about this in our MobileID API reference documentation:

05.05.2023

MobileID Admin API released

Our MobileID Admin API allows you to manage and administer your MobileID account.

To learn more about this API:

02.04.2023

Passport scan feature released

Our new passport scan feature allows you to validate the authenticity of an end-user's passport and collect passport attributes.

To learn more about our passport scan feature:

  • See our Passport scan feature documentation.
  • See our MobileID API reference documentation.
On this page