Introduction
IDkollen provides a JSON/REST API for authenticating and signing with BankID (NO).
The API is only accessible with SSL and a unique key provided by IDkollen. The key is private and should not be shared with a third party. The API should only be called from a server application, not directly from the client.
When signing up you will receive API keys for IDKollens staging and live environment.
| Environment | URL | Callback IP |
|---|---|---|
| Live | https://api.idkollen.se/ | 13.53.114.219 13.48.243.11 |
| Staging | https://stgapi.idkollen.se/ | 13.53.56.116 13.53.92.159 |
Usage flow
- The user initiates an authentication or sign via the partner's interface.
- The partner calls IDkollen's API with the secret key to get the login link or sign link to BankID (NO).
- The partner sends the login link or sign link to the end user to use to authenticate themselves or sign with.
- Once the end user has authenticated themselves, the user will be redirected to a redirect URL provided to IDkollen by you, with a code.
- The partner uses the code to verify the end user's credentials with or get the result of the signing with.
- IDkollen will respond with the end user's credentials or sign result.
Test users
The following test users are available:
| National ID (SSN) | Last name | First name | One-time password | Password |
|---|---|---|---|---|
| 20123931743 | Duck | Donald | otp | qwer1234 |
| 04081138481 | Mouse | Minnie | otp | qwer1234 |
Authentication
To initiate requests to the API a secret key is needed. To request a secret key, contact support@idkollen.se. All API endpoints are authenticated using Basic Auth, where the "username" is the API key (account ID) and the "password" is the secret key.
Authorization: Basic ${ base64(accountId + ':' + secretKey) }
More information
If you have any questions, please contact us at support@idkollen.se.