iDIN attributes in the Signicat Authentication REST API

This page contains information about the user attributes that you can request and retrieve from iDIN when using the Signicat Authentication REST API as an authentication protocol.

Attributes table

The Signicat Authentication REST API supports the following request and response attributes for iDIN:

For further details about attributes and data formats, see the official iDIN documentation - Consumer attributes.

Age verification

To initiate an Age verification flow, use only the 18OrOlder attribute in your authorization request, without including other scopes, except for the optional idpId.

If you include other scopes in your request, it will cause an error or initiate authentications with other use cases. Learn more in the Age verification section.

Authentication REST API examples

Request examples

To create a session using the Authentication REST API, you send a POST request to the Create a new session endpoint of the Authentication REST API. The URL is https://api.signicat.com/auth/rest/sessions.

You define the parameters of the session in the payload of the request. For example:

Login

Requested attributes: idpId (optional)

{
    "allowedProviders": [
        "idin"
    ],
    "flow": "redirect",
    "requestedAttributes": [
      "idpId",
	],
    "callbackUrls": {
        "success": "https://example.com/success",
        "abort": "https://example.com/abort",
        "error": "https://example.com/error"
	}
}

Age verification

Requested attributes: idpId (optional), 18OrOlder

{
    "allowedProviders": [
        "idin"
    ],
    "flow": "redirect",
    "requestedAttributes": [
      "idpId",
      "18OrOlder"
	],
    "callbackUrls": {
        "success": "https://example.com/success",
        "abort": "https://example.com/abort",
        "error": "https://example.com/error"
	}
}

Including other scopes

Note that including any additional scopes in your request, for example gender, triggers an Identification process.

If you include both 18OrOlder and dateOfBirth in your request, Signicat returns an error and the authentication fails.

Identification

Requested attributes: idpId (optional), gender, lastName, preferredLastName, legalLastName, partnerLastName, legalLastNamePrefix, preferredLastNamePrefix, partnerLastNamePrefix, initials, dateOfBirth, address, phoneNumber, email

{
    "allowedProviders": [
        "idin"
    ],
    "flow": "redirect",
    "requestedAttributes": [
      "idpId",
      "gender",
      "name",
      "lastName",
      "legalLastName",
      "legalLastNamePrefix",
      "preferredLastNamePrefix",
      "partnerLastNamePrefix",
      "initials",
      "dateOfBirth",
      "address",
      "phoneNumber",
      "email",
	],
    "callbackUrls": {
        "success": "https://example.com/success",
        "abort": "https://example.com/abort",
        "error": "https://example.com/error"
	}
}

Response examples

Below, you can find some examples of response data you receive when submitting requests to the Signicat Authentication REST API for iDIN.

Login

Requested attributes: idpId (optional)

The subject object of the response:

{
  "id": "VsQFCIOdsM-brFXDGQhMyMfnlkQyeb8pNfkxq6VFppY=",
  "idpId": "NLRABOtestdata8de3695d048d9da76b7c09d5a800b51897441e8ae3210731a058e",
}

Age verification

Requested attributes: idpId (optional), 18OrOlder

The subject object of the response:

{
  "id": "VsQFCIOdsM-brFXDGQhMyMfnlkQyeb8pNfkxq6VFppY=",
  "idpId": "NLRABOtestdata8de3695d048d9da76b7c09d5a800b51897441e8ae3210731a058e",
  "18OrOlder": "true"
}

Identification

Requested attributes: idpId (optional), gender, lastName, preferredLastName, legalLastName, partnerLastName, legalLastNamePrefix, preferredLastNamePrefix, partnerLastNamePrefix, initials, dateOfBirth, address, phoneNumber, email

The subject object of the response:

{
  "id": "VsQFCIOdsM-brFXDGQhMyMfnlkQyeb8pNfkxq6VFppY=",
  "idpId": "NLRABOtestdata8de3695d048d9da76b7c09d5a800b51897441e8ae3210731a058e",
  "name": "VJ de Vries",
  "lastName": "de Vries",
  "dateOfBirth": "1975-07-25",
  "legalLastNamePrefix": "de",
  "preferredLastName": "Vries-Jansen",
  "partnerLastName": "Jansen",
  "initials": "VJ",
  "partnerLastNamePrefix": "de",
  "legalLastName": "Vries",
  "preferredLastNamePrefix": "de",
  "phoneNumber": "+31203051900",
  "gender": "1",
  "address": "Pascalstreet 19 A, 0000AA, Aachen, DE",
  "addressFormatted": {
    "FullAddress": "Pascalstreet 19 A, 0000AA, Aachen, DE",
    "Street": "Pascalstreet",
    "HouseNumber": "19",
    "HouseNumberSuffix": "A",
    "City": "Aachen",
    "PostalCode": "0000AA",
    "Country": "DE"
  },
  "email": "info@equensworldline.nl"
}

Routing to issuer bank portal

You can display the issuer bank selection page directly on your side and route the end-user to the issuer authentication portal.

iDIN requirements

Make sure to list all the issuers that are active in your Signicat account. You can find the full list at https://<YOUR_ACCOUNT_DOMAIN>.com/broker/authn/idin/issuers, where <YOUR_ACCOUNT_DOMAIN> is the domain you registered in the Dashboard > Settings > Domain Management.

Authentication REST API example

To route end-users directly to the issuer authentication portal, you need to pass idin_idp in the additionalParameters field in the payload of the request to the Create a new session endpoint. For example, to route to the ING bank authentication portal, pass the following:

{
    "allowedProviders": [
        "idin"
    ],
    "additionalParameters": {
        "idin_idp": [
            "INGBNL2A"
        ]
    }
}