### Start Authentication - Simple Request Source: https://developers.bankid.com/api-references/auth--sign/auth A minimal example request payload for starting an authentication flow. ```APIDOC ## POST /auth ### Description Initiates a simple authentication flow with minimal parameters. ### Method POST ### Endpoint /auth ### Request Body - **endUserIp** (string) - Required - The IP address of the end-user. - **returnUrl** (string) - Required - The URL to redirect the user to after authentication. ### Request Example ```json { "endUserIp": "192.168.1.2", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db" } ``` ### Response #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order. - **autoStartToken** (string) - Required - Used to compile the start URL. - **qrStartToken** (string) - Required - Used to compute the animated QR code. - **qrStartSecret** (string) - Required - Used to compute the animated QR code. #### Response Example ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288", "autoStartToken": "7c40b5c9-fa74-49cf-b98c-bfe651f9a7c6", "qrStartToken": "67df3917-fa0d-44e5-b327-edcc928297f8", "qrStartSecret": "d28db9a7-4cde-429e-a983-359be676944c" } ``` ``` -------------------------------- ### Start Authentication - App Source: https://developers.bankid.com/api-references/auth--sign/auth Example request payload for starting an authentication flow when initiated from an app. ```APIDOC ## POST /auth ### Description Initiates an authentication flow for an app. ### Method POST ### Endpoint /auth ### Request Body - **endUserIp** (string) - Required - The IP address of the end-user. - **returnUrl** (string) - Required - The URL to redirect the user to after authentication. - **userVisibleData** (string) - Optional - Data visible to the user for signing. - **app** (object) - Required - Application details. - **appIdentifier** (string) - Required - The identifier of the application. - **deviceOS** (string) - Required - The operating system of the device. - **deviceModelName** (string) - Required - The model name of the device. - **deviceIdentifier** (string) - Required - The identifier of the device. - **returnRisk** (boolean) - Optional - Whether to return risk information. ### Request Example ```json { "endUserIp": "192.168.1.2", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "userVisibleData": "IFRoaXMgaXMgYSBzYW1wbGUgdGV4dCB0byBiZSBzaWduZWQ=", "app": { "appIdentifier": "com.imadethisup", "deviceOS": "IOS 16.7.7", "deviceModelName": "Apple iPhone14,3", "deviceIdentifier": "f1e3813ab36f114d4b0c2b3636617511467adb353ce8e5ae6c83500d932f2269" } } ``` ### Response #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order. - **autoStartToken** (string) - Required - Used to compile the start URL. - **qrStartToken** (string) - Required - Used to compute the animated QR code. - **qrStartSecret** (string) - Required - Used to compute the animated QR code. #### Response Example ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288", "autoStartToken": "7c40b5c9-fa74-49cf-b98c-bfe651f9a7c6", "qrStartToken": "67df3917-fa0d-44e5-b327-edcc928297f8", "qrStartSecret": "d28db9a7-4cde-429e-a983-359be676944c" } ``` ``` -------------------------------- ### Start Authentication - Web Source: https://developers.bankid.com/api-references/auth--sign/auth Example request payload for starting an authentication flow when initiated from a web browser. ```APIDOC ## POST /auth ### Description Initiates an authentication flow for a web browser. ### Method POST ### Endpoint /auth ### Request Body - **endUserIp** (string) - Required - The IP address of the end-user. - **returnUrl** (string) - Required - The URL to redirect the user to after authentication. - **userVisibleData** (string) - Optional - Data visible to the user for signing. - **web** (object) - Required - Web browser details. - **referringDomain** (string) - Required - The referring domain. - **userAgent** (string) - Required - The user agent string. - **deviceIdentifier** (string) - Required - The identifier of the device. - **returnRisk** (boolean) - Optional - Whether to return risk information. ### Request Example ```json { "endUserIp": "192.168.1.2", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "userVisibleData": "IFRoaXMgaXMgYSBzYW1wbGUgdGV4dCB0byBiZSBzaWduZWQ=", "web": { "referringDomain": "example.com", "userAgent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/114.0", "deviceIdentifier": "f1e3813ab36f114d4b0c2b3636617511467adb353ce8e5ae6c83500d932f2269" } } ``` ### Response #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order. - **autoStartToken** (string) - Required - Used to compile the start URL. - **qrStartToken** (string) - Required - Used to compute the animated QR code. - **qrStartSecret** (string) - Required - Used to compute the animated QR code. #### Response Example ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288", "autoStartToken": "7c40b5c9-fa74-49cf-b98c-bfe651f9a7c6", "qrStartToken": "67df3917-fa0d-44e5-b327-edcc928297f8", "qrStartSecret": "d28db9a7-4cde-429e-a983-359be676944c" } ``` ``` -------------------------------- ### Web Started Authentication Source: https://developers.bankid.com/api-references/auth--sign/sign Example of initiating an authentication flow for a web browser. Includes end-user IP, visible data, return URL, and web-specific details like referring domain and user agent. ```json { "endUserIp": "192.168.1.2", "userVisibleData": "IyBFeGFtcGxlClRoaXMgaXMgYW4gKmV4YW1wbGUqIHRleHQ=", "userVisibleDataFormat": "simpleMarkdownV1", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "web": { "referringDomain": "example.com", "userAgent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/114.0", "deviceIdentifier": "f1e3813ab36f114d4b0c2b3636617511467adb353ce8e5ae6c83500d932f2269" } } ``` -------------------------------- ### App Started Authentication Source: https://developers.bankid.com/api-references/auth--sign/sign Example of initiating an authentication flow for a mobile application. Includes end-user IP, visible data, return URL, and app-specific details. ```json { "endUserIp": "192.168.1.2", "userVisibleData": "IyBFeGFtcGxlClRoaXMgaXMgYW4gKmV4YW1wbGUqIHRleHQ=", "userVisibleDataFormat": "simpleMarkdownV1", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "returnRisk": true, "app": { "appIdentifier": "com.imadethisup", "deviceOS": "ANDROID", "deviceModelName": "Samsung GT-S5830L", "deviceIdentifier": "f1e3813ab36f114d4b0c2b3636617511467adb353ce8e5ae6c83500d932f2269" } } ``` -------------------------------- ### Start Authentication - With Personal Number Source: https://developers.bankid.com/api-references/auth--sign/auth Example request payload for starting an authentication flow with a specified personal number. ```APIDOC ## POST /auth ### Description Initiates an authentication flow with a specified personal number. ### Method POST ### Endpoint /auth ### Request Body - **endUserIp** (string) - Required - The IP address of the end-user. - **returnUrl** (string) - Required - The URL to redirect the user to after authentication. - **userVisibleData** (string) - Optional - Data visible to the user for signing. - **requirement** (object) - Optional - Requirements for the authentication. - **personalNumber** (string) - Required - The personal number of the user. ### Request Example ```json { "endUserIp": "192.168.1.2", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "userVisibleData": "IFRoaXMgaXMgYSBzYW1wbGUgdGV4dCB0byBiZSBzaWduZWQ=", "requirement": { "personalNumber": "200001012384" } } ``` ### Response #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order. - **autoStartToken** (string) - Required - Used to compile the start URL. - **qrStartToken** (string) - Required - Used to compute the animated QR code. - **qrStartSecret** (string) - Required - Used to compute the animated QR code. #### Response Example ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288", "autoStartToken": "7c40b5c9-fa74-49cf-b98c-bfe651f9a7c6", "qrStartToken": "67df3917-fa0d-44e5-b327-edcc928297f8", "qrStartSecret": "d28db9a7-4cde-429e-a983-359be676944c" } ``` ``` -------------------------------- ### Example Payment Request (Direct Transaction) Source: https://developers.bankid.com/api-references/auth--sign/payment This example illustrates a payment request for a direct transaction, including a third-party initiator. ```APIDOC ## POST /payment ### Description Initiates a payment transaction. This endpoint supports various transaction types like card, same-bank, and direct transfers. ### Method POST ### Endpoint /payment ### Request Body - **endUserIp** (string) - Required - The IP address of the end-user. - **returnUrl** (string) - Required - The URL to redirect the user to after the transaction. - **returnRisk** (boolean) - Optional - Whether to return risk information. - **riskFlags** (array of strings) - Optional - Flags indicating risk factors. - **userVisibleTransaction** (object) - Required - Details of the transaction visible to the user. - **transactionType** (string) - Required - Type of transaction (e.g., 'card', 'samebank', 'direct'). - **recipient** (object) - Required - Information about the recipient. - **nameB64** (string) - Required - Base64 encoded recipient name. - **accountNumber** (string) - Optional - Recipient's account number. - **money** (object) - Required - Monetary details of the transaction. - **amount** (string) - Required - The transaction amount. - **currency** (string) - Required - The currency of the transaction. - **riskWarning** (string) - Optional - A risk warning for the transaction. - **date** (string) - Optional - The date of the transaction. - **thirdPartyInitiatorB64** (string) - Optional - Base64 encoded identifier for a third-party initiator. - **userVisibleData** (string) - Optional - Data visible to the user. - **userVisibleDataFormat** (string) - Optional - Format of the user-visible data. - **userNonVisibleData** (string) - Optional - Data not displayed to the user. ### Request Example ```json { "endUserIp": "192.168.1.2", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "returnRisk": true, "riskFlags": [ "newCustomer", "newCard" ], "userVisibleTransaction": { "transactionType": "direct", "recipient": { "nameB64": "UGF5bWVudCBSZWNpcGllbnRzIEluYy4=", "accountNumber": "8862321312" }, "money": { "amount": "9900,01", "currency": "USD" }, "thirdPartyInitiatorB64": "VGhpcmRQYXJ0eSBDb21wYW55" }, "userVisibleData": "IFRoaXMgaXMgYSBzYW1wbGUgdGV4dCB0byBiZSBzaWduZWQ=", "userVisibleDataFormat": "simpleMarkdownV1", "userNonVisibleData": "VGV4dCBpbmNsdWRlZCBidXQgbm90IGRpc3BsYXllZCB0byB0aGUgdXNlcg==" } ``` ### Response #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order. - **autoStartToken** (string) - Required - Used to compile the start URL. - **qrStartToken** (string) - Required - Used to compute the animated QR code. - **qrStartSecret** (string) - Required - Used to compute the animated QR code. #### Response Example ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288", "autoStartToken": "7c40b5c9-fa74-49cf-b98c-bfe651f9a7c6", "qrStartToken": "67df3917-fa0d-44e5-b327-edcc928297f8", "qrStartSecret": "d28db9a7-4cde-429e-a983-359be676944c" } ``` #### Error Responses - **400** - Bad request. - **401** - You do not have access to the service. - **403** - You do not have access to the service. - **404** - An invalid URL path was used. - **405** - Only HTTP method POST is allowed. - **408** - Timeout while transmitting the request. - **415** - The type is missing or invalid. - **500** - Internal technical error in the BankID system. - **503** - The service is temporarily unavailable. ``` -------------------------------- ### Start BankID App on Android using App Links Source: https://developers.bankid.com/how-to-guides/autostart This Kotlin code demonstrates launching the BankID app on Android using an Intent with ACTION_VIEW and a specific URI. Handle potential ActivityNotFoundException if the app is not installed. ```kotlin class MyActivity : AppCompatActivity() { // The calling app should not rely on the value of the result, or on // the result to be returned at any particular time. private val launcher = registerForActivityResult(ActivityResultContracts.StartActivityForResult()) { } ... val intent = Intent().apply { action = Intent.ACTION_VIEW data = Uri.parse("https://app.bankid.com/?autostarttoken=[TOKEN]&redirect=null") } launcher.launch(intent) } ``` -------------------------------- ### Start BankID App on Android using Intent Source: https://developers.bankid.com/how-to-guides/autostart?mtm_campaign=start&mtm_kwd=popular4 This Kotlin code demonstrates how to launch the BankID app on Android using an Intent with ACTION_VIEW. If the BankID app is not installed, an ActivityNotFoundException will be thrown. Note that a valid result is not guaranteed to be returned to your app's activity. ```kotlin class MyActivity : AppCompatActivity() { // The calling app should not rely on the value of the result, or on // the result to be returned at any particular time. private val launcher = registerForActivityResult(ActivityResultContracts.StartActivityForResult()) { } ... val intent = Intent().apply { action = Intent.ACTION_VIEW data = Uri.parse("https://app.bankid.com/?autostarttoken=[TOKEN]&redirect=null") } launcher.launch(intent) } ``` -------------------------------- ### Phone Payment Bulk Request Examples Source: https://developers.bankid.com/api-references/auth--sign/phone-payment-bulk Examples demonstrating how to initiate a phone payment request with bulk transactions. Two scenarios are provided: one where the user calls the service provider, and another where the service provider calls the user. ```APIDOC ## POST /phone-payment-bulk ### Description Initiates a phone payment request with support for multiple transactions. ### Method POST ### Endpoint /phone-payment-bulk ### Request Body - **personalNumber** (string) - Required - The personal number of the user. - **callInitiator** (string) - Required - Indicates who initiated the call ('user' or 'RP'). - **userVisibleData** (string) - Required - Base64 encoded data visible to the user. - **userVisibleTransactionBulk** (object) - Required - Contains bulk transaction details. - **payments** (array) - Required - List of payments. - **transactionType** (string) - Required - Type of transaction (e.g., 'plusgiro', 'bankgiro'). - **recipient** (object) - Required - Recipient details. - **accountNumber** (string) - Required - Recipient's account number. - **nameB64** (string) - Required - Base64 encoded recipient name. - **money** (object) - Required - Monetary details. - **amount** (string) - Required - Transaction amount. - **currency** (string) - Required - Transaction currency. - **riskWarning** (string) - Optional - Risk warning for the transaction. - **date** (string) - Optional - Transaction date in YYYY-MM-DD format. - **sums** (array) - Optional - Summary of amounts. - **amount** (string) - Required - Sum amount. - **currency** (string) - Required - Sum currency. ### Request Example (User Initiated Call) ```json { "personalNumber": "190010101010", "callInitiator": "user", "userVisibleData": "IyBFeGFtcGxlClRoaXMgaXMgYW4gKmV4YW1wbGUqIHRleHQ=", "userVisibleTransactionBulk": { "payments": [ { "transactionType": "plusgiro", "recipient": { "accountNumber": "1234-1234", "nameB64": "UGF5bWVudCBSZWNpcGllbnRzIEluYy4=" }, "money": { "amount": "100,00", "currency": "EUR" }, "riskWarning": "largeAmount", "date": "2025-11-10" }, { "transactionType": "bankgiro", "recipient": { "nameB64": "UGF5bWVudCBSZWNpcGllbnRzIEJhbmtnaXJvIEluYy4=", "accountNumber": "1234-1234" }, "money": { "amount": "100,00", "currency": "SEK" }, "riskWarning": "largeAmount", "date": "2025-11-10" } ], "sums": [ { "amount": "100,00", "currency": "EUR" } ] } } ``` ### Request Example (RP Initiated Call) ```json { "personalNumber": "190010101010", "callInitiator": "RP", "userVisibleData": "IyBFeGFtcGxlClRoaXMgaXMgYW4gKmV4YW1wbGUqIHRleHQ=", "userVisibleTransactionBulk": { "payments": [ { "transactionType": "plusgiro", "recipient": { "accountNumber": "1234-1234", "nameB64": "UGF5bWVudCBSZWNpcGllbnRzIEluYy4=" }, "money": { "amount": "100,00", "currency": "EUR" }, "riskWarning": "largeAmount", "date": "2025-11-29" }, { "transactionType": "bankgiro", "recipient": { "nameB64": "UGF5bWVudCBSZWNpcGllbnRzIEJhbmtnaXJvIEluYy4=", "accountNumber": "1234-1234" }, "money": { "amount": "100,00", "currency": "EUR" }, "riskWarning": "largeAmount", "date": "2025-11-10" } ], "sums": [ { "amount": "200,00", "currency": "EUR" } ] } } ``` ### Responses #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order, used to query status or cancel. ##### Response Example (200) ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288" } ``` #### Error Responses - **400** - Bad request. (Details: `invalidParameters` - Incorrect personalNumber) - **401** - You do not have access to the service. - **403** - You do not have access to the service. - **404** - An invalid URL path was used. - **405** - Only HTTP method POST is allowed. - **408** - Timeout while transmitting the request. - **415** - The type is missing or invalid. - **500** - Internal technical error in the BankID system. - **503** - The service is temporarily unavailable. ``` -------------------------------- ### Example Payment Request (Card Transaction) Source: https://developers.bankid.com/api-references/auth--sign/payment This example demonstrates a payment request for a card transaction, including user IP, return URL, risk flags, transaction details, and user-visible data. ```APIDOC ## POST /payment ### Description Initiates a payment transaction. This endpoint supports various transaction types like card, same-bank, and direct transfers. ### Method POST ### Endpoint /payment ### Request Body - **endUserIp** (string) - Required - The IP address of the end-user. - **returnUrl** (string) - Required - The URL to redirect the user to after the transaction. - **returnRisk** (boolean) - Optional - Whether to return risk information. - **riskFlags** (array of strings) - Optional - Flags indicating risk factors. - **userVisibleTransaction** (object) - Required - Details of the transaction visible to the user. - **transactionType** (string) - Required - Type of transaction (e.g., 'card', 'samebank', 'direct'). - **recipient** (object) - Required - Information about the recipient. - **nameB64** (string) - Required - Base64 encoded recipient name. - **accountNumber** (string) - Optional - Recipient's account number. - **money** (object) - Required - Monetary details of the transaction. - **amount** (string) - Required - The transaction amount. - **currency** (string) - Required - The currency of the transaction. - **riskWarning** (string) - Optional - A risk warning for the transaction. - **date** (string) - Optional - The date of the transaction. - **thirdPartyInitiatorB64** (string) - Optional - Base64 encoded identifier for a third-party initiator. - **userVisibleData** (string) - Optional - Data visible to the user. - **userVisibleDataFormat** (string) - Optional - Format of the user-visible data. - **userNonVisibleData** (string) - Optional - Data not displayed to the user. ### Request Example ```json { "endUserIp": "192.168.1.2", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "returnRisk": true, "riskFlags": [ "largeAmount", "newCustomer", "newCard" ], "userVisibleTransaction": { "transactionType": "card", "recipient": { "nameB64": "UGF5bWVudCBSZWNpcGllbnRzIEluYy4=" }, "money": { "amount": "100,00", "currency": "EUR" }, "riskWarning": "largeAmount" }, "userVisibleData": "IFRoaXMgaXMgYSBzYW1wbGUgdGV4dCB0byBiZSBzaWduZWQ=", "userVisibleDataFormat": "simpleMarkdownV1", "userNonVisibleData": "VGV4dCBpbmNsdWRlZCBidXQgbm90IGRpc3BsYXllZCB0byB0aGUgdXNlcg==" } ``` ### Response #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order. - **autoStartToken** (string) - Required - Used to compile the start URL. - **qrStartToken** (string) - Required - Used to compute the animated QR code. - **qrStartSecret** (string) - Required - Used to compute the animated QR code. #### Response Example ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288", "autoStartToken": "7c40b5c9-fa74-49cf-b98c-bfe651f9a7c6", "qrStartToken": "67df3917-fa0d-44e5-b327-edcc928297f8", "qrStartSecret": "d28db9a7-4cde-429e-a983-359be676944c" } ``` #### Error Responses - **400** - Bad request. - **401** - You do not have access to the service. - **403** - You do not have access to the service. - **404** - An invalid URL path was used. - **405** - Only HTTP method POST is allowed. - **408** - Timeout while transmitting the request. - **415** - The type is missing or invalid. - **500** - Internal technical error in the BankID system. - **503** - The service is temporarily unavailable. ``` -------------------------------- ### Example Payment Request (Same-Bank Transaction) Source: https://developers.bankid.com/api-references/auth--sign/payment This example shows a payment request for a same-bank transaction, including recipient account number and currency. ```APIDOC ## POST /payment ### Description Initiates a payment transaction. This endpoint supports various transaction types like card, same-bank, and direct transfers. ### Method POST ### Endpoint /payment ### Request Body - **endUserIp** (string) - Required - The IP address of the end-user. - **returnUrl** (string) - Required - The URL to redirect the user to after the transaction. - **returnRisk** (boolean) - Optional - Whether to return risk information. - **riskFlags** (array of strings) - Optional - Flags indicating risk factors. - **userVisibleTransaction** (object) - Required - Details of the transaction visible to the user. - **transactionType** (string) - Required - Type of transaction (e.g., 'card', 'samebank', 'direct'). - **recipient** (object) - Required - Information about the recipient. - **nameB64** (string) - Required - Base64 encoded recipient name. - **accountNumber** (string) - Optional - Recipient's account number. - **money** (object) - Required - Monetary details of the transaction. - **amount** (string) - Required - The transaction amount. - **currency** (string) - Required - The currency of the transaction. - **riskWarning** (string) - Optional - A risk warning for the transaction. - **date** (string) - Optional - The date of the transaction. - **thirdPartyInitiatorB64** (string) - Optional - Base64 encoded identifier for a third-party initiator. - **userVisibleData** (string) - Optional - Data visible to the user. - **userVisibleDataFormat** (string) - Optional - Format of the user-visible data. - **userNonVisibleData** (string) - Optional - Data not displayed to the user. ### Request Example ```json { "endUserIp": "192.168.1.2", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "returnRisk": true, "riskFlags": [ "newCustomer", "newCard" ], "userVisibleTransaction": { "transactionType": "samebank", "recipient": { "nameB64": "UGF5bWVudCBSZWNpcGllbnRzIEluYy4=", "accountNumber": "8862321312" }, "money": { "amount": "66,22", "currency": "NOK" }, "riskWarning": "noNameMatch", "date": "2025-11-10" }, "userVisibleData": "IFRoaXMgaXMgYSBzYW1wbGUgdGV4dCB0byBiZSBzaWduZWQ=", "userVisibleDataFormat": "simpleMarkdownV1", "userNonVisibleData": "VGV4dCBpbmNsdWRlZCBidXQgbm90IGRpc3BsYXllZCB0byB0aGUgdXNlcg==" } ``` ### Response #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order. - **autoStartToken** (string) - Required - Used to compile the start URL. - **qrStartToken** (string) - Required - Used to compute the animated QR code. - **qrStartSecret** (string) - Required - Used to compute the animated QR code. #### Response Example ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288", "autoStartToken": "7c40b5c9-fa74-49cf-b98c-bfe651f9a7c6", "qrStartToken": "67df3917-fa0d-44e5-b327-edcc928297f8", "qrStartSecret": "d28db9a7-4cde-429e-a983-359be676944c" } ``` #### Error Responses - **400** - Bad request. - **401** - You do not have access to the service. - **403** - You do not have access to the service. - **404** - An invalid URL path was used. - **405** - Only HTTP method POST is allowed. - **408** - Timeout while transmitting the request. - **415** - The type is missing or invalid. - **500** - Internal technical error in the BankID system. - **503** - The service is temporarily unavailable. ``` -------------------------------- ### App Started Authentication Source: https://developers.bankid.com/api-references/auth--sign/sign Initiates an authentication flow for an application, providing details about the end-user's device and visible data. ```APIDOC ## POST /auth ### Description Initiates an authentication flow for an application. ### Method POST ### Endpoint /auth ### Parameters #### Request Body - **endUserIp** (string) - Required - The IP address of the end-user. - **userVisibleData** (string) - Required - Data visible to the user, formatted as simpleMarkdownV1. - **userVisibleDataFormat** (string) - Required - The format of userVisibleData, must be "simpleMarkdownV1". - **returnUrl** (string) - Required - The URL to return to after authentication. - **returnRisk** (boolean) - Optional - Whether to return risk information. - **app** (object) - Required - Application-specific details. - **appIdentifier** (string) - Required - The identifier of the application. - **deviceOS** (string) - Required - The operating system of the device. - **deviceModelName** (string) - Optional - The model name of the device. - **deviceIdentifier** (string) - Optional - The identifier of the device. ### Request Example ```json { "endUserIp": "192.168.1.2", "userVisibleData": "IyBFeGFtcGxlClRoaXMgaXMgYW4gKmV4YW1wbGUqIHRleHQ=", "userVisibleDataFormat": "simpleMarkdownV1", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "returnRisk": true, "app": { "appIdentifier": "com.imadethisup", "deviceOS": "ANDROID", "deviceModelName": "Samsung GT-S5830L", "deviceIdentifier": "f1e3813ab36f114d4b0c2b3636617511467adb353ce8e5ae6c83500d932f2269" } } ``` ### Response #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order. - **autoStartToken** (string) - Required - Used to compile the start URL. - **qrStartToken** (string) - Required - Used to compute the animated QR code. - **qrStartSecret** (string) - Required - Used to compute the animated QR code. #### Response Example ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288", "autoStartToken": "7c40b5c9-fa74-49cf-b98c-bfe651f9a7c6", "qrStartToken": "67df3917-fa0d-44e5-b327-edcc928297f8", "qrStartSecret": "d28db9a7-4cde-429e-a983-359be676944c" } ``` #### Error Responses - **400** - Bad request. - **401** - You do not have access to the service. - **403** - You do not have access to the service. - **404** - An invalid URL path was used. - **405** - Only HTTP method POST is allowed. - **408** - Timeout while transmitting the request. - **415** - The type is missing or invalid. - **500** - Internal technical error in the BankID system. - **503** - The service is temporarily unavailable. ``` -------------------------------- ### Example Bulk Payment Request Source: https://developers.bankid.com/api-references/auth--sign/payment-bulk Demonstrates the structure of a request to initiate a bulk payment, including transaction details, recipient information, and user-visible data. ```json { "endUserIp": "192.168.1.2", "returnUrl": "https://bankid.example/auth/login_page#nonce=a3618c72-bc71-4002-b3de-509555b175db", "returnRisk": true, "userVisibleTransactionBulk": { "payments": [ { "transactionType": "plusgiro", "recipient": { "nameB64": "UGF5bWVudCBSZWNpcGllbnRzIEluYy4=", "accountNumber": "123-4569" }, "money": { "amount": "100,00", "currency": "SEK" }, "riskWarning": "largeAmount", "date": "2025-11-10" }, { "transactionType": "bankgiro", "recipient": { "nameB64": "UGF5bWVudCBSZWNpcGllbnRzIEJhbmtnaXJvIEluYy4=", "accountNumber": "1234-1234" }, "fromAccount": { "accountNumber": "12312313" }, "money": { "amount": "100,00", "currency": "SEK" }, "riskWarning": "largeAmount", "date": "2025-11-10", "riskFlags": [ "largeAmount", "newCustomer", "newCard" ] } ], "sums": [ { "amount": "200,00", "currency": "SEK" } ], "thirdPartyInitiatorB64": "VGhpcmRQYXJ0eSBDb21wYW55" }, "userVisibleData": "IFRoaXMgaXMgYSBzYW1wbGUgdGV4dCB0byBiZSBzaWduZWQ=", "userNonVisibleData": "VGV4dCBpbmNsdWRlZCBidXQgbm90IGRpc3BsYXllZCB0byB0aGUgdXNlcg==" } ``` -------------------------------- ### Start BankID App on iOS using Universal Links Source: https://developers.bankid.com/how-to-guides/autostart?mtm_campaign=start&mtm_kwd=popular4 Use this Swift code to open the BankID app via a universal link on iOS. Ensure your app is registered with a universal link or custom URL scheme to allow the BankID app to re-launch your app. If the BankID app is not installed, this action will fail. ```swift let url = URL(string: "https://app.bankid.com/?autostarttoken=[TOKEN]") UIApplication.shared.open(url!, options: [.universalLinksOnly:true]) { (success) in // handle success/failure } ``` -------------------------------- ### Error Response Example (400 Bad Request) Source: https://developers.bankid.com/api-references/auth--sign/payment This example shows the structure of a 400 Bad Request error response, including an error code and details. ```APIDOC ## POST /payment ### Description Initiates a payment transaction. This endpoint supports various transaction types like card, same-bank, and direct transfers. ### Method POST ### Endpoint /payment ### Request Body - **endUserIp** (string) - Required - The IP address of the end-user. - **returnUrl** (string) - Required - The URL to redirect the user to after the transaction. - **returnRisk** (boolean) - Optional - Whether to return risk information. - **riskFlags** (array of strings) - Optional - Flags indicating risk factors. - **userVisibleTransaction** (object) - Required - Details of the transaction visible to the user. - **transactionType** (string) - Required - Type of transaction (e.g., 'card', 'samebank', 'direct'). - **recipient** (object) - Required - Information about the recipient. - **nameB64** (string) - Required - Base64 encoded recipient name. - **accountNumber** (string) - Optional - Recipient's account number. - **money** (object) - Required - Monetary details of the transaction. - **amount** (string) - Required - The transaction amount. - **currency** (string) - Required - The currency of the transaction. - **riskWarning** (string) - Optional - A risk warning for the transaction. - **date** (string) - Optional - The date of the transaction. - **thirdPartyInitiatorB64** (string) - Optional - Base64 encoded identifier for a third-party initiator. - **userVisibleData** (string) - Optional - Data visible to the user. - **userVisibleDataFormat** (string) - Optional - Format of the user-visible data. - **userNonVisibleData** (string) - Optional - Data not displayed to the user. ### Response #### Success Response (200) - **orderRef** (string) - Required - A reference ID for an order. - **autoStartToken** (string) - Required - Used to compile the start URL. - **qrStartToken** (string) - Required - Used to compute the animated QR code. - **qrStartSecret** (string) - Required - Used to compute the animated QR code. #### Response Example ```json { "orderRef": "131daac9-16c6-4618-beb0-365768f37288", "autoStartToken": "7c40b5c9-fa74-49cf-b98c-bfe651f9a7c6", "qrStartToken": "67df3917-fa0d-44e5-b327-edcc928297f8", "qrStartSecret": "d28db9a7-4cde-429e-a983-359be676944c" } ``` #### Error Responses - **400** - Bad request. - **401** - You do not have access to the service. - **403** - You do not have access to the service. - **404** - An invalid URL path was used. - **405** - Only HTTP method POST is allowed. - **408** - Timeout while transmitting the request. - **415** - The type is missing or invalid. - **500** - Internal technical error in the BankID system. - **503** - The service is temporarily unavailable. ##### 400 - Bad request. #### Content application/json - **errorCode** (string) - Required - The error code. - **details** (string) - Required - Additional details specific to the error code. ##### Example ```json { "errorCode": "invalidParameters", "details": "Incorrect personalNumber" } ``` ``` -------------------------------- ### HTTP 400 Bad Request - Invalid Parameters Example Source: https://developers.bankid.com/api-references/errors This snippet shows an example response when invalid parameters are provided to the BankID API, such as an invalid order reference. ```HTTP HTTP/1.1 400 Bad Request Content-Type: application/json { "errorCode":"invalidParameters", "details":"No such order" } ```