Skip to main content

Receiving Callbacks

IDkollen can POST TeleID events to a callback url supplied to us. This endpoint should respond with HTTP status 204 on success, or 4xx/5xx on errors.

POST {{ callbackUrl }}
Content-Type: application/json
X-Signature-SHA256: abcdefghijkl

The following events are supported:

TeleID Completed
{
  "type": "TELEID_COMPLETED",
  "log": {
    "id": "abcdef"
  }
}

Signature

To protect your server from unauthorized requests, a Hash-based Message Authentication Code (HMAC) signature is included in each request. By verifying this signature, you confirm that the request was sent by IDkollen, and was not modified during transit. The signature is calculated using a shared key and is the Base64-encoded HMAC SHA-256 hash of the request payload.

Here is some pseudocode:

base64(hmacSha256({HMAC-key}, {payload}))

Your server should only accept requests whose X-Signature-SHA256 header match the expected signature.

It is important that the signature is created from the original string payload, and that it's not deserialized by a library/framework and then re-serialized into a string, as this may cause issues in the future if, for example, the formatting or spacing would change in an update.

If your account does not currently use a HMAC signature, please send us a request support@idkollen.se.