# MobileID InApp
- About MobileID InApp
- Supported use cases
- Key features
- Integrate with MobileID InApp
- MobileID InApp Architecture
- Realtime Application Self Protection (RASP)
- Push notification service for Android and iOS
- Electronic signing
- Test information
- MobileID InApp upgrade guide
- Further reading
# About MobileID InApp
Signicat MobileID InApp offers a secure, low latency multi-channel authentication, authorization and identity solution. On-device biometrics and device binding are used as the primary factors when authenticating users, improving security, UX and customer engagement and ultimately boosting revenue.
The InApp solution provides a simple way to implement and use two-factor authentication on mobile devices, with an API which allows merchants to first register a user by tying a device to an identity.
# Supported use cases
Registration, or device activation, is the prerequisite for all other operations. Once registration has been completed, MobileID InApp offers functionality for a number of operations:
- Authentication of previously registered users in the merchant's existing mobile app.
- Consent signature for the signing of text elements with evidence output. Refer to our InApp mobile app-initiated operations guide for Consent signature for details. For general information on Consent signature, visit our Consent signature documentation.
- Payment authorization by means of consent texts without evidence output, compliant with the PSD2 SCA and Dynamic Linking requirements.
- Authentication-based signing of documents on mobile devices. This functionality utilizes Signicat's Sign product.
- Native signing of text elements such as consent messages. This functionality utilizes Signicat's Sign product.
# Key features
Provides Strong Customer Authentication (SCA) satisfying PSD2 requirements.
Supports both PIN and fingerprint (Touch ID, Android fingerprint, Samsung fingerprint)
Signing of documents with MobileID is available through Signicat's signing functionality.
# Integrate with MobileID InApp
MobileID InApp has native multi-channel support. This means that the MobileID solution supports use cases where the initiating party, initiating channel or initiating component can vary. Different operations can take place entirely within the merchant's mobile app (mobile app-initiated operations) or can start through a non-mobile channel such as a web application (backend-initiated operations).
Click the buttons below for guides that illustrate how to integrate operations with MobileID InApp, including detailed diagrams and step-by-step descriptions.
# Mobile app-initiated operations
# Backend-initiated operations
# MobileID InApp Architecture
Signicat: MobileID InApp Solution Provider
Merchant: A customer of Signicat that will integrate and use the MobileID InApp solution
# Component descriptions
The main components involved in the Signicat MobileID InApp solution are as follows.
Expand/ collapse component descriptions
Merchant web app
This is the browser-based user interface that a merchant will optionally develop and offer to its end-users.
Merchant mobile app
This is the mobile app that a merchant will develop and offer to its end-users. The merchant's mobile app integrates the MobileID Encap SDK.
This is the backend component that a merchant will develop. The merchant's backend is the initial point of contact for the merchant web app and the merchant's mobile app. This component will usually communicate with services provided by Signicat via the OIDC/OAuth protocol.
This is the cloud service provided by Signicat. The Signicat backend is the primary point of contact for the merchant's backend and the merchant's mobile and web apps. Signicat currently offers a plugin architecture-based variant, with a microservice-based variant under development.
# MobileID service (OIDC interface)
This component uses Signicat's proprietary plugin-based architecture which provides various HTTP endpoints that are recommended to be accessed according to the OpenID Connect (OIDC) protocol. SOAP interfaces are provided for some features. Additionally, it provides endpoints to consume other services and products offered by Signicat, such as signing and authentication with other ID methods.
# MobileID service (REST interface)
This component is currently under development and will use Signicat's microservice-based architecture which provides similar features to Signicat's plugin-based architecture. Endpoints offered by microservices are recommended to be accessed according to the OIDC or OAuth 2.0 protocols.
MobileID Encap server
This is the core security server offered and maintained by Signicat in collaboration with AllClearID (opens new window). The MobileID Encap server takes care of secure communication with the merchant's app (via the Encap client SDK) and also offers push notification services that make use of the Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM).
MobileID Encap client SDK
This the mobile client SDK, which the merchant will need to import and use in its mobile apps.
Signicat Identity Store
This is an internal Signicat component. The Signicat Identity Store is not exposed to the public or to the merchant.
# Realtime Application Self Protection (RASP)
MobileID InApp customers may optionally secure their mobile app using Realtime Application Self Protection (RASP). The RASP option is recommended and is offered through the third-party solution Promon Shield, which is offered through the company Promon.
By applying this layer of protection, you can protect your app against reverse engineering and modification, monitor its runtime behavior, detect whether the app executes in an insecure environment (i.e. on rooted/jailbroken devices) and modify its behavior in real time to interrupt potential attacks. The option is available for Android and iOS.
Promon Shield is integrated as a fully automatic post-compilation step or as an integrated part of building the app with the Android or iOS build systems. Signicat will build a specific software package for customers who decide to implement the RASP option. Contact Signicat at firstname.lastname@example.org for additional information.
# Push notification service for Android and iOS
As part of the MobileID product, Signicat optionally offers a push notification service. The service is typically used to bring the user's attention to the mobile device when authentication is initiated on another device (e.g. in a browser on a desktop or laptop) or in other use cases where there is a need to bring the app to the foreground.
Signicat's push notification service uses Google's FCM service for Android devices and Apple's APNS for iOS devices. Customers may also choose to use their own push notification service with MobileID.
If you are considering using MobileID in more than one of your apps, a good practice is to configure each app with a unique
applicationId to take possible future scenarios into consideration. Signicat will set this up on your behalf. Contact Signicat at email@example.com for additional information.
# Electronic signing
MobileID InApp can be used for electronic signing of documents, such as loan applications or contracts (authentication-based signing), or general consent texts, such as GDPR consent forms (native signing).
For details on electronic signing with MobileID InApp, refer to our MobileID InApp electronic signing documentation.
# Test information
If you would like to see how MobileID InApp works, you can use Signicat's demo service.
# Sample projects and code
View the code for sample apps that demonstrate how to integrate with Signicat's MobileID InApp solution:
This is a sample app (React Native) that demonstrates how to integrate with Signicat's MobileID InApp solution. This app requires a backend.
This is a simple sample backend to be used with a merchant's mobile app. Registration and authentication start either on the merchant's website or on the merchant's mobile app. The sample backend uses the OIDC protocol for communication with Signicat.
# Sample Android and iOS apps
A sample merchant mobile Android app can be downloaded from Google Play (opens new window).
A sample merchant mobile iOS app is available via TestFlight. To test the iOS app via TestFlight, contact us at firstname.lastname@example.org and provide the following:
The name of the app in question; in this case the MobileID InApp sample merchant iOS app.
The email addresses of the testers you would like us to add to TestFlight. These email addresses need to be the same as those used by the Apple accounts on the phones you want to use for testing.
Signicat will then add the testers to TestFlight. You will receive an email from Apple that will prompt you to download the TestFlight app and accept an invitation from Signicat by redeeming a code.
Download the TestFlight app from the App Store.
Redeem the code which will have been sent to you via email by Apple.
You can now start testing the MobileID InApp sample merchant iOS app.
# MobileID InApp upgrade guide
The Signicat MobileID InApp solution requires that our customers regularly update their client applications throughout the product's lifetime.
Signicat MobileID uses Encap Security (opens new window) technology, which is a proven, certified, banking-grade security solution for mobile applications.
For details on how to update the Encap client, refer to our MobileID InApp upgrade guide.
If you have any further questions, contact us at email@example.com.
# Further reading
- MobileID InApp overview
- Mobile app-initiated operations via OIDC
- Mobile app-initiated operations: URL construction
- Mobile app-initiated operations: Finalize operation
- Backend-initiated operations via OIDC
- Backend-initiated operations: URL construction
- Backend-initiated operations: Finalize operation
- MobileID InApp electronic signing
- MobileID InApp upgrade guide