API - Verify digital ID card from BankID
Protocol between Relying Party and BankID for performing verification of digital ID card from BankID, given holder successfully performed 'open ID card'. The API protocol is HTTP-based and uses JSON request/response payloads. Relying parties authenticates with the API using mutual TLS client authentication using their relying party certificates. See Introduction for more details on API usage.
Endpoints
RelyingParty
POST /rp/v1/verify
Operation Id
verify
Perform verification of digital ID card from BankID.
Description
See request and response description below for more details.
Parameters
Body Parameter
Name | Description | Required | Default |
---|---|---|---|
VerifyRequest |
See request and response description below for more details. |
X |
VerifyRequest
See request and response description below for more details.
X
Return Type
VerifyResponse
Content Type
• application/json
Responses
http response codes
Code | Message | Datatype |
---|---|---|
200 |
OK |
VerifyResponse |
400 |
Errors due to bad input |
Error |
401 |
Unauthorized |
Error |
500 |
Used for unexpected errors. |
Error |
200
OK
VerifyResponse
400
Errors due to bad input
Error
401
Unauthorized
Error
500
Used for unexpected errors.
Error
Samples
Required request parameters
{
"qrCode": "BANKIDF.74226FAAE3E64E70BB03F8E8E18D0439.8.79C416AA74278A70FAC25855F728A3206789B87B6FF6EB00688DB9622EFD2D33"
}
HTTP 200 OK
{
"transactionType": "ID-kort-validering",
"user": {
"personalNumber": "191212121212",
"name": "Tolvan Tolvansson",
"givenName": "Tolvan",
"surname": "Tolvansson",
"age": 25
},
"verification": {
"verifiedAt": "2023-03-03T07:29:26Z",
"verificationId": "4ace3920-91f9-4129-870e-0efee6ff9846",
"signature": "LIIm0n9un123456f7js7fs0df.)... truncated for brevity"
},
"authentication": {
"identifiedAt": "2023-03-03T07:29:25Z",
"orderRef": "567f6d19-85ff-4425-a18b-d970a65b955a",
"signature": "MIIm0n9un097089f7js7fs0d8f.... truncated for brevity",
"ocspResponse": "MIIHfgoBAKCCB3cwggdzBgkrBgE... truncated for brevity"
}
}
AuthenticationData
Information related to the BankID authentication of the digital ID cardholder during 'open ID card'.
Field Name | Required | Type | Description |
---|---|---|---|
identifiedAt |
X |
String |
Timestamp in ISO 8601 indicating date and time in UTC when digital ID cardholder was identified using BankID. |
orderRef |
X |
String |
The orderRef received during BankID authentication in 'open ID card' |
signature |
X |
String |
The signature received during BankID authentication in 'open ID card'. The content of the signature is described in BankID Signature Profile specification. String. Base64-encoded. XML signature. |
ocspResponse |
X |
String |
The OCSP response received during BankID authentication in 'open ID card'. |
identifiedAt
X
String
Timestamp in ISO 8601 indicating date and time in UTC when digital ID cardholder was identified using BankID.
orderRef
X
String
The orderRef received during BankID authentication in 'open ID card'
signature
X
String
The signature received during BankID authentication in 'open ID card'. The content of the signature is described in BankID Signature Profile specification. String. Base64-encoded. XML signature.
ocspResponse
X
String
The OCSP response received during BankID authentication in 'open ID card'.
Error
Error to take action on.
Field Name | Required | Type | Description |
---|---|---|---|
errorCode |
X |
String |
Error code to help relying parties to take correct action. |
details |
X |
String |
An optional description of something related to the error. |
errorCode
X
String
Error code to help relying parties to take correct action.
details
X
String
An optional description of something related to the error.
UserData
Information related to the authenticated ID cardholder.
Field Name | Required | Type | Description |
---|---|---|---|
personalNumber |
X |
String |
The ID number of the digital ID cardholder. The ID number is a Swedish personal identity number (12 digits). |
name |
X |
String |
The digital ID cardholder's given name and surname. |
givenName |
X |
String |
The digital ID cardholder's given name. |
surname |
X |
String |
The digital ID cardholder's surname. |
age |
X |
Integer |
The digital ID cardholder's age. |
personalNumber
X
String
The ID number of the digital ID cardholder. The ID number is a Swedish personal identity number (12 digits).
name
X
String
The digital ID cardholder's given name and surname.
givenName
X
String
The digital ID cardholder's given name.
surname
X
String
The digital ID cardholder's surname.
age
X
Integer
The digital ID cardholder's age.
VerificationData
Information related to the verification of the authenticated digital ID cardholder.
Field Name | Required | Type | Description |
---|---|---|---|
verificationId |
X |
String |
Unique identifier for the performed |
verifiedAt |
X |
String |
Timestamp in ISO 8601 indicating date and time in UTC when the verification of the digital ID card was performed. |
signature |
X |
String |
Base64-encoded enveloping XAdES signature conforming to ETSI TS 103 171 v2.1.1 Baseline Profile B-B. See section Signature for detailed information about the contents of the signature. |
verificationId
X
String
Unique identifier for the performed
verification, UUID.
verifiedAt
X
String
Timestamp in ISO 8601 indicating date and time in UTC when the verification of the digital ID card was performed.
signature
X
String
Base64-encoded enveloping XAdES signature conforming to ETSI TS 103 171 v2.1.1 Baseline Profile B-B. See section Signature for detailed information about the contents of the signature.
VerifyRequest
Field Name | Required | Type | Description |
---|---|---|---|
qrCode |
X |
String |
The complete content of the scanned QR code. |
qrCode
X
String
The complete content of the scanned QR code.
VerifyResponse
A successful request returns authentication, verification and digital ID cardholder information. See each property for details. Relying parties should control the digital ID cardholder information and continue their process. Relying parties should keep the data for future references/compliance/audit.
A failed request will return HTTP error response.
Field Name | Required | Type | Description |
---|---|---|---|
transactionType |
X |
String |
Type of transaction, a fixed value of ID-kort-validering. |
user |
X |
UserData |
|
verification |
X |
VerificationData |
|
authentication |
X |
AuthenticationData |
transactionType
X
String
Type of transaction, a fixed value of ID-kort-validering.
user
X
UserData
verification
X
VerificationData
authentication
X
AuthenticationData