This documentation is now deprecated.

We are migrating our documentation to a new platform. Please navigate to our new documentation:

# MobileID InApp

# About MobileID InApp

Signicat MobileID InApp offers a secure, low latency multi-channel authentication, authorisation and identity solution.

MobileID InApp provides a simple way to implement and use two-factor authentication on mobile devices, with an API which allows you to first register a user by tying a device to an identity. We use on-device biometrics and device binding as the primary factors when authenticating users. This improves security, UX and customer engagement.

# Supported use cases

  • Registration or device activation. This is the prerequisite for all other MobileID operations.
  • Authentication of previously registered users in your (the merchant's) existing mobile app.
  • Consent Signature for the signing of text elements with evidence output. Refer to our InApp mobile app-initiated operations guide for Consent Signature for details. For general information on Consent Signature, visit our Consent Signature documentation.
  • Authorisation by means of consent texts without evidence output, compliant with the PSD2 SCA and Dynamic Linking requirements.
  • Authentication-based signing of documents on mobile devices. This functionality uses Signicat's electronic signature solution.
  • Native signing of text elements such as consent messages. This functionality uses Signicat's electronic signature solution.

# Key features

Provides Strong Customer Authentication (SCA) satisfying PSD 2 requirements.

Supports both PIN and biometric identifiers depending on the platform

Hardware-protected keys

App attestation optional

Realtime Application Self Protection (RASP) optional

Push notification service for Android and iOS optional

Risk attributes optional

Electronic signatures through Signicat's electronic signature solution. optional

# Integrate with MobileID InApp

MobileID InApp has native multi-channel support. This means that the MobileID solution supports use cases where the initiating party, initiating channel or initiating component can vary. Different operations can take place entirely within your mobile app (mobile app-initiated operations) or can start through a non-mobile channel such as a web application (backend-initiated operations).

Click the buttons below for guides that illustrate how to integrate the registration, authentication, Consent Signature and Authorisation operations with MobileID InApp, including detailed diagrams and step-by-step descriptions.

# Mobile app-initiated operations

# Backend-initiated operations

# MobileID InApp Architecture

Key concepts

Signicat: MobileID InApp Solution Provider

Merchant: You, as a customer of Signicat that will integrate and use the MobileID InApp solution

# Component descriptions

The main components involved in the Signicat MobileID InApp solution are as follows. The diagram illustrates how each component fits into the solution.

Expand/ collapse component descriptions


Merchant web app

This is the browser-based user interface that you will optionally develop and offer to your end-users.

Merchant mobile app

This is the mobile app that you will develop and offer to your end-users. Your mobile app integrates the Encap SDK.

Merchant backend

This is the backend component that you will develop. Your backend is the initial point of contact for your web app and your mobile app. This component will usually communicate with services provided by Signicat via the OIDC/OAuth protocol.

Signicat backend

This is the cloud service provided by Signicat. The Signicat backend is the primary point of contact for your backend and your mobile and web apps. Signicat currently offers a plugin architecture-based variant, with a microservice-based variant under development.

# MobileID service (OIDC interface)

This component uses Signicat's proprietary plugin-based architecture which provides various HTTP endpoints that are recommended to be accessed according to the OpenID Connect (OIDC) protocol. SOAP interfaces are provided for some features. Additionally, it provides endpoints to consume other services and products offered by Signicat, such as signing and authentication with other ID methods.

# MobileID service (REST interface)

This component is currently under development and will use Signicat's microservice-based architecture which provides similar features to Signicat's plugin-based architecture. Endpoints offered by microservices are recommended to be accessed according to the OIDC or OAuth 2.0 protocols.

MobileID Encap server

This is the core security server offered and maintained by Signicat in collaboration with AllClearID (opens new window). The MobileID Encap server takes care of secure communication with your app (via the Encap client SDK) and also offers push notification services that make use of the Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM).

MobileID Encap client SDK

This the mobile client SDK, which you will need to import and use in your mobile apps.

Signicat Identity Store

This is an internal Signicat component. The Signicat Identity Store is not exposed to the public or to you.

# Upgrade guide and release notes

MobileID InApp requires that you regularly update your client applications throughout the product's lifetime.

  • Signicat MobileID uses Encap Security technology, which is a proven, certified, banking-grade security solution for mobile applications. For details on how to update the Encap client, refer to our MobileID InApp upgrade guide.
  • You can find information on new MobileID features in our MobileID InApp release notes.

# Support

If you have any further questions, contact us at

# Further reading

Last updated: 20/09/2023 12:20 UTC