Skip to main content
Version: v3


IDkollen provides a JSON/REST API for authenticating and signing with BankID.

The API is only accessible with SSL and a unique key provided by IDkollen. The key is private and should not be shared with a third party. The API should only be called from a server application, not directly from the client.

When signing up you will receive API keys for IDKollens staging and live environment.

EnvironmentURLCallback IPBankID environment

Usage flow

  1. The user initiates an authentication via the partner's interface.
  2. The partner calls IDkollen's API with the secret key to get to initiate an authentication.
  3. IDkollen sends response to partner with information about the initiated authentication.
  4. The partner uses the information to launch BankID on the users device.
  5. The user identifies him- or herself with BankID.
  6. The partner fetches the result or gets it via their callback endpoint.

Staging environment (test)

Please note that the Staging environment only works with Test BankID:

Callback URL

For security reasons it is not possible to supply the callbackUrl in the Authentication request. This must be whitelisted by IDkollen in your accounts preferences. Please provide your callbackUrl by emailing us at

QR Codes and autoStartToken

The V3 API supplies autoStartToken, qrStartToken and qrStartSecret with every request without needing to send "enableQR": true, like in V2.

Secret key

To initiate requests to the API a secret key is needed. To request a secret key, contact


All API endpoints are authenticated using Basic Auth, where the "username" is the account ID and the "password" is the secret key.

Authorization: Basic ${ base64(accountId + ':' + secretKey) }

More information

For more information about error messages and how the BankID API works in general, please refer to the BankID Relying Party Guidelines.

If you have any questions, please contact us at