link

# Backend-initiated operations: URL construction

This page contains URL construction guides in the context of backend-initiated operations.

# Requests and responses

# Login hints

The full list of available login hints is as follows:

Field Description
Applies to
externalRef A shared identifier between you and Signicat that points to the end-user account on the Signicat MobileID identity store Registration,
Authentication,
Authorisation,
Consent signature
deviceName A device identifier that is either set by you using the API or by the end-user via the user interface Registration
deviceId A device identifier that is either set by you using the API or by the end-user via the user interface Authentication,
Authorisation,
Consent signature
artifact An identifier that has to be passed to Signicat's registration service when registration is initiated Registration
encapAuthLevel The authentication level of the operation Registration,
Authentication,
Authorisation,
Consent signature
encapAuthMethod The authentication method to use for the operation Authentication,
Authorisation,
Consent signature
preContextTitle Title to be shown before the operation Authentication,
Authorisation
preContextMessage Context message that contains details to be shown before the operation Authentication,
Authorisation
postContextTitle Title to be shown after the operation Registration,
Authentication,
Authorisation,
Consent signature
postContextMessage Context message that contains details to be shown after the operation Registration,
Authentication,
Authorisation,
Consent signature
sendPush Boolean that determines if a push notification is to be sent for the operation.

To use this login hint, push notifications have to be enabled for your application's applicationId. If you would like us to set this up for you, contact Signicat at support@signicat.com.
Authentication,
Authorisation,
Consent signature
pushPayload A custom payload sent to the device in the push notification Authentication,
Authorisation,
Consent signature
metaData Metadata about the MobileID authentication-based or native signature transaction, to be passed back to your app Consent signature

These are the possible values for the encapAuthLevel attribute:

Authentication level Description
ONE_FACTOR Authentication level for one factor
TWO_FACTOR Authentication level for two factors

These are the possible values for the encapAuthMethod attribute:

Authentication method Description
DEVICE Device
DEVICE_PIN PIN
DEVICE_IOS_FACE_ID Face ID for iOS
DEVICE_ANDROID_FINGERPRINT Touch ID for Android
DEVICE_STRONG_TOUCH_ID Touch ID for iOS where the registered fingerprints at activation time cannot be updated
DEVICE_ANDROID_BIOMETRIC_PROMPT Biometric ID for Android

# Parameters

The full list of available URL parameters is as follows:

Parameter Description
STATE_IDENTIFIER Random text used together with CUSTOMER_REG_METHOD_NAMEto uniquely identify the ongoing registration session in your backend.

The session state can be compared when callback/ redirect data is received from Signicat.
ACTIVATION_CODE Code to be used with Encap.
STATUS_URL URL (towards Signicat's backend) that is used to get the status of the ongoing operation.
COMPLETE_URL URL (towards Signicat's backend) that is used to signal the completion of the transaction.

This will need to be used when your app gets a notification from MobileID that the registration is done.
DEVICE_ID Device ID
CODE_CHALLENGE PKCE Code Challenge. Base64UrlEncoded SHA256 of the the value for CODE_VERIFIER (to be used later when the authentication code is exchanged for access_token)
CODE_CHALLENGE_METHOD PKCE Code Challenge Method. Recommended: S256

# Further reading

Last updated: 26/08/2022 16:11 UTC