Attributes reference
When you integrate Czech Bank iD to verify the identity of users accessing your online services, you request and obtain personal information relevant to your use case.
To discover what kind of information is available for a given authentication protocol, visit the respective pages listed below:
- Czech Bank iD attributes in OpenID Connect (OIDC)
- Czech Bank iD attributes in the Signicat Authentication REST API
- Czech Bank iD attributes in SAML 2.0
The pages above also contain examples of requests and responses to help you understand the structure and format of the data.
Data properties
Explore additional information about the data provided by Czech Bank iD.
AML compliancy with profile verification
Czech Bank iD provides bank-verified personal data to help you comply with Anti-Money Laundering (AML) regulations. The following attributes are available:
- Verification process: Contains the company identification number of the bank that completed the physical identity verification process.
- Trust framework: The AML framework governing the verification process (always
cz_aml).
If you have an AML-compliant contract with Czech Bank iD and want to request the attributes above, you must follow these steps:
- Set
profile.verificationas Required when configuring your app in the Czech Bank iD Dashboard. - Specify at least one AML-specific attribute in your authentication request. These are:
- OpenID Connect (OIDC):
bankid-cz-aml - Signicat Authentication REST API:
bankidCzVerificationProcess,bankidCzVerificationTrustFramework - SAML 2.0:
bankidCzVerificationProcess,bankidCzVerificationTrustFramework
- OpenID Connect (OIDC):
The authentication process fails and returns an error, if you only complete one of the steps above.
Sector identifier as subject
Bank iD uses pairwise subject identifiers, therefore each end user has a unique subject (sub) identifier per sector identifier.
The sector identifier is the host address (domain) of the sector identifier URI, which hosts a JSON array with all the Redirect URIs used across all your apps. When no sector identifier URI is provided, then the sector identifier corresponds to Redirect URI (host address).
To have consistent subject identifiers across multiple apps with distinct Redirect URIs, you need to use a common sector identifier URI to unify the sector identifier of the apps.