## 🇫🇮 Finland
### FTN (Finnish Trust Network) and MobileID (Mobiilivarmenne)
FTN and MobileID are widely-adopted electronic identification (eID) solutions in Finland, offering secure and convenient authentication methods for citizens, businesses, and public institutions. Both solutions enable users to access a wide range of online services, including banking, e-commerce, government portals, and healthcare services.
FTN is provided by banks operating in Finland and relies on a combination of a unique user ID, a personal password, and one-time codes generated through a security device or online banking service. This eID solution is integrated into various online services, ensuring secure authentication and transactions.
MobileID is an eID solution that utilizes a mobile device and a SIM card with an integrated digital certificate. It requires users to enter a personal identification number (PIN) for authentication. MobileID provides a secure and user-friendly method for online identification without the need for additional hardware or software.
Both FTN and MobileID play vital roles in ensuring the privacy and safety of users' online transactions, offering secure and seamless authentication experiences across various sectors in Finland.
## API Overview
### Core Functionalities
**Environments**
We provide two environments for use:
Test: https://test.zignsec.com/v2/
Production: https://api.zignsec.com/v2/
#### Authentication
Each request to our API should be authenticated by sending your api key in the “Authorization” header. Our support creates api keys for you (a pair for each environment), and it’s highly recommended to regularly rotate the keys (currently it’s done by sending a support request, but please let us know if you’d like to automate it).
### REST API
##### Headers
| **Header** | **Description** | **Required** |
| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
| Authorization | This header parameter is the api key you received from ZignSec during the registration process. Example: Authorization: 123456add0cff22873c428e987654321 | Yes |
| Content-Type | Specifies the media type of the request body data. Set to application/json if JSON object. | Yes |
#### API Endpoints
##### Authentication
**Endpoint:** POST /eid/fbid
**Description:** This API endpoint allows for identity verification using the FTN/MobileID in Finland. The API facilitates user authentication, providing secure verification based on Finnish national identity standards.
**Endpoint:** GET /eid/{sessionId}
**Description:** This API endpoint retrieves the status and details of a FTN/MobileID identity verification session in Finland. It allows you to check the outcome of a previously initiated verification request.
### Call Sequence
#### 1. Session Setup
After making the setup call, you'll receive a redirect_url. This is for initiating the browser-based login, identified by sessionid.
##### Request example
``` bash
curl --location 'https://test.zignsec.com/v2/eid/fbid' \
--header 'Content-Type: application/json' \
--header 'authorization: Api-Key' \
--data '{
"language": "en",
"relaystate": "my-internal-user-id",
"target": "https://google.com?q=success",
"targetError": "https://google.com?q=error",
"webhook": "https://webhook.site/zignsec"
}'
```
#### 2. Login Workflow Execution
To start, navigate to the provided redirect_url in your web browser. The exact user interactions differ by country and bank and might even necessitate an external device. If you prefer, embed the URL in an HTML IFrame for a more integrated web experience. Concurrently, an eID session will be initiated client-side with JavaScript.
##### Response
``` json
{
"id": "08d0382b-d429-4563-a704-776493bf57f7",
"errors": [],
"redirect_url": "https://tunnistus-pp.telia.fi/uas/oauth2/authorization?response_type=code&scope=openid&client_id=7fb547fc-48d2-40d7-93e4-ae9a3c90aecc&redirect_uri=https:%2f%2ftest.zignsec.com%2fv2%2fcallback%2foidcfi&state=08d0382b-d429-4563-a704-776493bf57f7&ui_locales=en"
}
```
#### 3. Retrieve Status/Results
To gather details about the logged-in individual, use the unique sessionid from the workflow. Fetch the data during or post-workflow completion. The process may notify you of the status, like pending, completed, or error through a browser redirect to a specified URL, a set webhook, or via JavaScript through the Window.postMessage() event.
##### Request example
``` bash
curl --location 'https://test.zignsec.com/v2/eid/08d0382b-d429-4563-a704-776493bf57f7' \
--header 'Content-Type: application/json' \
--header 'authorization: Api-Key' \
--data ''
```
Notifications on Workflow Completion
You can be alerted both actively and passively once the workflow concludes:
- Callback: Specify the Target URL during the first step. Once this URL is accessed, follow the collect-GET mentioned above.
- Webhook: To designate a webhook URL for callbacks, liaise with ZignSec. Results will then be sent to the given URL.
- Polling: Consistently call the collect-GET until the end result appears.
##### Result Response
``` json
{
"id": "87fef88b-236b-49ce-b243-affd04ca6985",
"errors": [],
"identity": {
"CountryCode": "FI",
"FirstName": "Tero Testi",
"LastName": "Äyrämö",
"FullName": "Tero Testi Äyrämö",
"PersonalNumber": "010170-999R",
"DateOfBirth": "1970-01-01",
"Age": 54,
"Gender": null,
"IdProviderName": "BankIDFI",
"IdentificationDate": "2024-09-24T11:42:42.5005886Z",
"IdProviderRequestId": "",
"IdProviderPersonId": "",
"CustomerPersonId": ""
},
"FBID": "{\"sub\":\"PFPIK7C5GJQT7XNX5SZISVTVOLJWAOF2\",\"iss\":\"https://tunnistus-pp.telia.fi/uas\",\"aud\":[\"7fb547fc-48d2-40d7-93e4-ae9a3c90aecc\"],\"exp\":1727181758,\"iat\":1727178161,\"auth_time\":1727178157,\"acr\":\"oidc.aktia.1\",\"amr\":[\"https://tunnistus-pp.telia.fi/uas/saml2/names/ac/oidc.aktia.1\"],\"azp\":\"7fb547fc-48d2-40d7-93e4-ae9a3c90aecc\",\"session_index\":\"_f8f47475dacab8f58ab0dde62e0379c8eab5e6bd\",\"urn:oid:1.3.6.1.5.5.7.9.1\":[\"1970-01-01\"],\"urn:oid:1.2.246.21\":[\"010170-999R\"],\"urn:oid:2.5.4.4\":[\"Äyrämö\"],\"urn:oid:1.2.246.575.1.14\":[\"Tero Testi\"],\"urn:oid:2.16.840.1.113730.3.1.241\":[\"Tero Testi Äyrämö\"],\"PersonIDHash\":[\"47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=\"],\"bank-tupasid\":[\"400\"]}",
"method": "fbid",
"result": {
"identity": {
"state": "FINISHED"
}
}
}
```
| **Parameter** | **Description** |
| ------------------- | ----------------------------------------------------------------------------------------- |
| id | A unique session identifier generated for each workflow instance. |
| errors | A JSON array of error conditions, see error handling. |
| result | An object that describes the main result of the service call. |
| Identity | A verified identity of the customer, containing the following details. |
| state | Indicates the verification status. Values: PENDING, FINISHED, ERROR. |
| CountryCode | ID provider’s country/nationality. |
| FirstName | Extracted first name from ID provider. |
| LastName | Extracted last name from ID provider. |
| PersonalNumber | Finnish social security number |
| DateOfBirth | Date of birth of person format yyyy-mm-dd (year-month-day) |
| Age | Computed from DateOfBirth. |
| IdProviderName | ZignSec’s name for the Identity provider. |
| IdentificationDate | Time the identification was performed. |
| IdProviderRequestID | Unique ID from the identity provider for the request. Not present for this product |
| IdProviderPersonID | Technical key uniquely identifying the authenticated person. Not present for this product |
| CustomerPersonID | Customer specific reference for the person. Not present for this product |
| method | Name of the initiated method, e.g. “fbid”. |
### Error Handling
ZignSec´s REST APIs have a general return object format that includes an `errors` field. This field contains an array of error objects, each of which has two fields, `code` and `description`.
| **Property** | **Type** | **Description** |
| ------------ | -------- | -------------------------------------------------------------------------------- |
| code | string | A code indicating what type of error occurred. |
| description | string | A descriptive error message (in English) indicating what type of error occurred. |
##### Example of a returned error:
``` json
{
"errors": [
{
"code": "INVALID_PERSONALNUMBER",
"description": "1637217431 is an invalid Danish CPR Number."
}
]
}
```
#### Error Codes
The following is a list of error codes that may be generated by the ZignSec API
| Error code | Description |
| ---------------------- | ----------------------------------------------------------------------------------------- |
| INVALID_PERSONALNUMBER | RFU: Reserved for Future Use. Invalid Personal number, for example missing or bad format. |
| INVALID_DATEOFBIRTH | Invalid Date of birth, for example missing |
| INVALID_APPID | Invalid AppID |
| INVALID_ADDRESS | Invalid address |
| MISSING_CONFIG | Your account has a missing config, contact ZignSec for help. |
| INVALID_APPID | … |
| INVALID_REQUEST | … |
| INVALID_COUNTRYCODE | … |
| INVALID_PHONE | … |
| INVALID_IP | … |
| INVALID_TARGET | Target URL is invalid |
| INVALID_TARGETERROR | TargetError URL is invalid |
| INVALID_WEBHOOK | Webhook URL is invalid |
| SESSION_NOT_FOUND | Session not found |
### Testing
#### In web browser
Use either of the following test user:
| Bank | User name | Password | OTP | Name | SSN |
| ---------------- | ---------------------------- | --------- | --------- | --------------------- | ----------- |
| Osuuspankki | 12345678 | Prefilled | Prefilled | Väinö Tunnistus | 070770-905D |
| Nordea | DEMOUSER1 | None | None | Onni Juhani Korhonen | 010200A9618 |
| Nordea | DEMOUSER2 | None | None | Aino Olivia Virtanen | 291292-918R |
| Nordea | DEMOUSER3 | None | None | Eino Ilmari Mäkinen | 030883-925M |
| Nordea | DEMOUSER4 | None | None | Helmi Aurora Nieminen | 170677-924F |
| Nordea | DEMOUSER5 (legal person) | None | None | | |
| Nordea | DEMOUSER6 (legal person) | None | None | | |
| Danske Bank | 78985110 | 4545 | None | Teemu Antero Testaaja | 280453-111A |
| Handelsbanken | 11111111 | 123456 | 123456 | Testaaja Teemu | 010100A001N |
| Ålandsbanken | Need to test with real user. | - | - | - | - |
| S-Pankki | Need to test with real user. | - | - | - | - |
| Aktia | 12345678 | 123456 | 1234 | Tero Testi Äyrämö | 010170-999R |
| POP Pankki | 11111111 | 123456 | - | Testaaja Teemu | 010100A001N |
| Säästöpankki | 11111111 | 123456 | - | Testaaja Teemu | 010100A001N |
| Oma Säästöpankki | 11111111 | 123456 | - | Testaaja Teemu | 010100A001N |
#### Testing from mobile
To test your solution, you must use real user data.
#### Production testing
There are no test users available for the production environment. Merchants who wish to conduct tests in staging areas using the production environment will need to use real users.