Identity store
The ReuseID identity store is the central repository for managing ReuseID users, their associated attributes, and their authentication methods.
It allows you to build a reusable identity for each of your end-users by linking their devices, credentials, and attributes together.
ReuseID user
At the core of the identity store is the ReuseID user. Each ReuseID user represents an end-user entity.
Authentication methods
Each ReuseID user can be associated with multiple authentication methods, including MobileID and Passkeys:
The ReuseID user can also register multiple instances of each authentication method, for example:
- They could have multiple passkeys registered, such as one on a smartphone and one on a laptop.
- They could have multiple MobileID devices registered, such as a primary mobile phone and a backup tablet.
This flexibility allows your end-users to securely authenticate across all of their devices using either MobileID, Passkeys, or a combination of both.
User attributes
You can enrich a ReuseID user by attaching User attributes. Attributes are key-value pairs that contain information about the end-user.
These attributes can include:
- Personally Identifiable Information (PII): For example, an end-user's first name, last name, date of birth, or email address.
- Customer-specific properties: For example, roles, permission groups, or membership tiers.
ReuseID user attributes are optional, which means that it is your choice whether you add any and what they are.
{
"attributes": {
"firstname": "Jane",
"lastname": "Doe",
"member-tier": "diamond",
"role": "admin"
}
}
Returning user attributes
When an authentication transaction is completed, you can request that these user attributes are included in the transaction response by using the requestedUserAttributes property inside operationProperties.
This allows your application to seamlessly receive up-to-date user information such as their access level or display name immediately upon successful authentication, simplifying your authorisation logic.
To learn how you can request and receive attributes for MobileID and Passkeys authentications, see the examples below:
{
"operationProperties": {
"requestedUserAttributes": ["firstname", "lastname", "member-tier"]
}
// ... Other request data.
}
{
"transactionId": "a1b2c3d4-e5f6-7890-1234-567890abcdef",
"state": "COMPLETED",
"operationProperties": {
"requestedUserAttributes": {
"firstname": "Jane",
"lastname": "Doe",
"member-tier": "diamond"
}
},
// ... Other response data.
}
External reference
To map a ReuseID user to a user profile in your own system's database, you can use the External Reference property.
This allows you to quickly look up and correlate the ReuseID user with your own backend records.
For example, if your internal user ID is customer-12345, then you can set the externalRef to this value when creating or updating the ReuseID user.
{
"externalRef": "customer-12345",
}
User segment
The User Segment property allows you to group users based on specific criteria or requirements.
This enables you to manage different user groups within the same account, enabling more granular management and reporting.
For example, you could create segments to group users by:
- User type, such as
b2c-customersandb2b-partners. - Country, such as
NO,SE,DE.
{
"segment": "SE",
}
User management operations
You can manage all aspects of the ReuseID identity store programmatically using the ReuseID REST API. For example, you can carry out operations such as:
- Creating users
- Updating attributes
- Managing users
Locking a user
If you detect suspicious activity or need to temporarily disable an end-user's access, you can lock a ReuseID user.
To do this, you can use the Update user endpoint to set the ReuseID user's state to LOCKED.
This blocks all authentication attempts across all of their registered methods (both Passkeys and MobileID), until they are unlocked by an administrator.
Resolving external references
If you want to use your own identifier for the ReuseID user, then you can map the value to the externalRef property.
To then find the ReuseID user, you can use the Resolve user by external reference endpoint to resolve your internal identifier.
This allows you to find the internal Signicat userId without having to store it locally, facilitating operations such as updating the user's attributes or initiating new authentications.
Getting user credentials
To retrieve a complete list of all authentication methods (credentials) that have been registered for a specific ReuseID user, you can use the Get credentials for user endpoint.
This includes all active Passkeys and MobileID devices.
Getting user transactions
To retrieve a complete historical list of all operations, for example authentication and registration transactions that have been performed by a specific ReuseID user, you can use the Get transactions for user endpoint.
You can use this operation to audit user activity, detect anomalies, or display a recent login history to the end-user.