This documentation is now deprecated.
We are migrating our documentation to a new platform. Please navigate to our new documentation:
# Backend-initiated operations: URL construction
This page contains URL construction guides in the context of backend-initiated operations.
# Requests and responses
# Login hints
The full list of available login hints is as follows:
Field | Description | Applies to |
---|---|---|
externalRef | A shared identifier between you and Signicat that points to the end-user account on the Signicat MobileID identity store | Registration, Authentication, Authorisation, Consent signature |
deviceName | A device identifier that is either set by you using the API or by the end-user via the user interface | Registration |
deviceId | A device identifier that is either set by you using the API or by the end-user via the user interface | Authentication, Authorisation, Consent signature |
artifact | An identifier that has to be passed to Signicat's registration service when registration is initiated | Registration |
encapAuthLevel | The authentication level of the operation | Registration, Authentication, Authorisation, Consent signature |
encapAuthMethod | The authentication method to use for the operation | Authentication, Authorisation, Consent signature |
preContextTitle | Title to be shown before the operation | Authentication, Authorisation |
preContextMessage | Context message that contains details to be shown before the operation | Authentication, Authorisation |
postContextTitle | Title to be shown after the operation | Registration, Authentication, Authorisation, Consent signature |
postContextMessage | Context message that contains details to be shown after the operation | Registration, Authentication, Authorisation, Consent signature |
sendPush | Boolean that determines if a push notification is to be sent for the operation. To use this login hint, push notifications have to be enabled for your application's applicationId . If you would like us to set this up for you, contact Signicat at support@signicat.com. | Authentication, Authorisation, Consent signature |
pushPayload | A custom payload sent to the device in the push notification | Authentication, Authorisation, Consent signature |
metaData | Metadata about the MobileID authentication-based or native signature transaction, to be passed back to your app | Consent signature |
These are the possible values for the encapAuthLevel
attribute:
Authentication level | Description |
---|---|
ONE_FACTOR | Authentication level for one factor |
TWO_FACTOR | Authentication level for two factors |
These are the possible values for the encapAuthMethod
attribute:
Authentication method | Description |
---|---|
DEVICE | Device |
DEVICE_PIN | PIN |
DEVICE_IOS_FACE_ID | Face ID for iOS |
DEVICE_ANDROID_FINGERPRINT | Touch ID for Android |
DEVICE_STRONG_TOUCH_ID | Touch ID for iOS where the registered fingerprints at activation time cannot be updated |
DEVICE_ANDROID_BIOMETRIC_PROMPT | Biometric ID for Android |
# Parameters
The full list of available URL parameters is as follows:
Parameter | Description |
---|---|
STATE_IDENTIFIER | Random text used together with CUSTOMER_REG_METHOD_NAME to uniquely identify the ongoing registration session in your backend.The session state can be compared when callback/ redirect data is received from Signicat. |
ACTIVATION_CODE | Code to be used with Encap. |
STATUS_URL | URL (towards Signicat's backend) that is used to get the status of the ongoing operation. |
COMPLETE_URL | URL (towards Signicat's backend) that is used to signal the completion of the transaction. This will need to be used when your app gets a notification from MobileID that the registration is done. |
DEVICE_ID | Device ID |
CODE_CHALLENGE | PKCE Code Challenge. Base64UrlEncoded SHA256 of the the value for CODE_VERIFIER (to be used later when the authentication code is exchanged for access_token ) |
CODE_CHALLENGE_METHOD | PKCE Code Challenge Method. Recommended: S256 |
# Further reading
- MobileID InApp overview
- Mobile app-initiated operations via OIDC
- Mobile app-initiated operations: URL construction
- Mobile app-initiated operations: Finalise operation
- Backend-initiated operations via OIDC
- Backend-initiated operations: URL construction
- Backend-initiated operations: Finalise operation
- MobileID InApp upgrade guide
- MobileID InApp release notes