Technical requirements
Short name | Requirement |
---|---|
RFT1 |
RP must contact BankID’s Web service API from RP’s backend server. RP must NOT contact BankID’s Web service API from RP’s client app. |
RFT2 |
RP should try to be up-to-date with the latest version of the Web service API. The general rule is that old versions will shut down 2 years after the release of the successor, unless shorter time is communicated. |
RFT3 |
RP must use the issuer of the server cert as trusted root. If the RP trusts the presented server cert directly rather than its issuer, the RP service will not be able to access the BankID server when the server cert is changed. |
RFT1
RP must contact BankID’s Web service API from RP’s backend server. RP must NOT contact BankID’s Web service API from RP’s client app.
RFT2
RP should try to be up-to-date with the latest version of the Web service API. The general rule is that old versions will shut down 2 years after the release of the successor, unless shorter time is communicated.
RFT3
RP must use the issuer of the server cert as trusted root. If the RP trusts the presented server cert directly rather than its issuer, the RP service will not be able to access the BankID server when the server cert is changed.