Introduction
IDkollen provides a JSON/REST API for authenticating and signing with BankID.
The API is only accessible with SSL and a unique key provided by IDkollen. The key is private and should not be shared with a third party. The API should only be called from a server application, not directly from the client.
When signing up you will receive API keys for IDKollens staging and live environment.
| Environment | URL | Callback IP | BankID environment |
|---|---|---|---|
| Live | https://api.idkollen.se | 13.53.114.219 13.48.243.11 | Live |
| Staging | https://stgapi.idkollen.se | 13.53.56.116 13.53.92.159 | Test |
Usage flow
- The user initiates an authentication via the partner's interface.
- The partner calls IDkollen's API with the secret key to get to initiate an authentication.
- IDkollen sends response to partner with information about the initiated authentication.
- The partner uses the information to launch BankID on the users device.
- The user identifies him- or herself with BankID.
- The partner fetches the result or gets it via their callback endpoint.
Staging environment (test)
Please note that the Staging environment only works with Test BankID: https://www.bankid.com/en/utvecklare/test/skaffa-testbankid/test-bankid-get
Authentication
To initiate requests to the API a secret key is needed. To request a secret key, contact support@idkollen.se. All API endpoints are authenticated using Basic Auth, where the "username" is the API key (account ID) and the "password" is the secret key.
Authorization: Basic ${ base64(accountId + ':' + secretKey) }
More information
For more information about error messages and how the BankID API works in general, please refer to the BankID Relying Party Guidelines.
If you have any questions, please contact us at support@idkollen.se.