Skip to main content


The /auth API is used to authenticate a user with BankID.

The pno can be left out when authenticating from the device where BankID is installed. In these cases the autoStartToken parameter must be used when you start the BankID app. See table below for information about each parameter.

"pno": "191234567890",
"ipAddress": "",
"callbackUrl": "https://partner.url/idkollen/response",
"refID": "12398698",
"secretKey": "123456"
"avsikt": "Intention text"
pnoNoThe personal number to authenticate. 12 characters, no - character. Can be left out when authenticating from the device where BankID is installed.
ipAddressYesThe IP-address of the end user, or as close to the end user as possible.
callbackUrlNoThe URL to where IDkollen will send the callback on successful or failed requests. Not required when using /collect to check status. The callbackUrl can also be set on account level for increased security.
allowFingerprintNoAllow user to authenticate with fingerprint or face recognition in BankID app. (Default value: true)
refIDNoReference ID which will be returned in the callback or collect.
secretKeyYesSecret key to be used for increased security. Provided by IDkollen.
enableQRNoSet to true returns qrStartToken and qrStartSecret for animated QR-codes.
intentNoText to be displayed in the users BankID app during authentication, for purposes of adding an intention for requesting the authentication. Max 1500 characters after base64. Formatting options can be found here:

IDkollen will respond with HTTP status 201 for successful request, or 4xx/5xx on errors. For more information about errors, please see the Errors section.

HTTP/2.0 201 Created
"orderRef": "1668b9da-bff1-4dfc-ad48-60507b5a8d12",
"autoStartToken": "6e8fdb9e-4cc7-42a7-9ce7-59947aeec6e6"
orderRefBankID reference number, can be used to collect response.
autoStartTokenIf pno is not included in the request, the BankID app must be started using this token.