MitID is a secure and user-friendly digital ID. You use the same login, regardless of whether you want to use your online bank, see your information on borger.dk, download your annual statement from Skat.dk or shop online.

MitID is a flexible and well-thought-out solution. It will be easy to further develop MitID to match a life where technology plays a greater role.

Most of us are already familiar with the NemID app – all we need to do is to download the new MitID app and use it in the same way. But the key card disappears. That is an important difference. It is still important that you never share codes or your user ID for MitID with others. Your MitID is just as important as your passport.

*NemID users will be migrated gradually to MitID during the next 6months*

To Test MitID, please contact our sales: [email protected]

After Registration, Service providers will be provided with Functional and Technical Links to access with Credentials.

    Content:

                1.  MitID Identity Verification

                2.  MitID CPR match

                3.  MitID Lookup CPR

                4.  GET Results

                5. Customization Branding  (Optional) 

1. MitID Identity Verification

         POST to Zignsec URL:

         Test Env          :  https://test-gateway.zignsec.com/core/api/sessions/identity_verification/mitid

         Production     :  https://gateway.zignsec.com/core/api/sessions/identity_verification/mitid

         Swagger link  :  https://test-gateway.zignsec.com/

{
  {
  "metadata": {
    "action": "LogOn",
    "language": "En",
    "level": "Low",
    "method": "Loa",
    "popup_context": false,
    "psd2": true,
    "reference_text_body": "Log on to My Service",
    "relay_state": "user-id-123456",
    "requested_attributes": [
      "DATE_OF_BIRTH",
      "AGE",
      "IAL_IDENTITY_ASSURANCE_LEVEL",
      "IDENTITY_NAME"
    ],
    "service_provider_reference": " My Service "
  },
  "redirect_failure": "https://my_failure_url.com",
  "redirect_success": "https://my_success_url.com",
  "relay_state": "my-unique-customer-id",
  "webhook": "https://my_webhook_url.com"
}
}
ParameterDescriptionRequired
metadataSee table belowYes
ParameterDescriptionRequired
languageThe requested language. Possible values are En | Da | KlNo
level Authenticator combinations:  Low|Substantial|High 
popup_contextIdentifies if the MitId broker page will be opened in a popup or it will be redirect. True – used a popup, false – redirect to another page.No
reference_text_body Business reference text body  Ex:  “Log on to my Service” No
requested_attributes Person Identity details Ex:  Date of Birth, CPR Name , etc…No
Additional request parameters
redirect_successIf this parameter is supplied the browser session will finally be redirected to this URL-value.No
redirect_failure targetError works as target except it is navigated on user cancel or error situations.No
 relay_state

Use it to link an unique ID of your choice that you can parse.

Examplerelaystate=zignsec123

No
webhookA URL where success/error results will automatically be POST:edNo

Each request returns a response with status and details.

idA unique session identifier generated for each workflow instance.
errorsA JSON array of error conditions, see error handling.
redirect_urlMitId redirect url
statusCreated, Pending, Finished, Failed, Declined
{
  "data": {
    "errors": [],
    "id": "10358350-72e3-4a4c-800b-6e97c0d6d8c8",
    "redirect_url": "https://zignsec.test.mitid.dk/ui/mitid?otp=EKddfNyl1Eu47VimqTDDxQ",
    "status": "Pending"
  }
}

2. MitID CPR Match

          POST to Zignsec URL:

          Test Env         :  https://test-gateway.zignsec.com/core/api/sessions/match_cpr/mitid

          Production    :  https://gateway.zignsec.com/core/api/sessions/match_cpr/mitid

2.1 Request

{
  {
  "metadata": {
    "action": "LogOn",
    "cpr_number": "260169-6218",
    "language": "En",
    "level": "Low",
    "method": "Loa",
    "popup_context": false,
    "psd2": true,
    "reference_text_body": "Log on to My Service",
    "relay_state": "user-id-123456",
    "requested_attributes": [
      "DATE_OF_BIRTH",
      "AGE",
      "IAL_IDENTITY_ASSURANCE_LEVEL",
      "IDENTITY_NAME"
    ],
    "service_provider_reference": " My Service "
  },
  "redirect_failure": "https://my_failure_url.com",
  "redirect_success": "https://my_success_url.com",
  "relay_state": "my-unique-customer-id",
  "webhook": "https://my_webhook_url.com"
}
}
ParameterDescriptionRequired
metadataSee table belowYes
Meta data parameters
ParameterDescriptionRequired
cpr_number Denmark Personal Id number Ex:  3012764749Yes
languageThe requested language. Possible values are Da | En | KlNo
level Authenticator combinations:  Low|Substantial|High 
popup_contextIdentifies if the MitId broker page will be opened in a popup or it will be redirect. True – used a popup, false – redirect to another page.No
reference_text_body Business reference text body  Ex:  “Log on to my Service” No
requested_attributes Person Identity details Ex:  Date of Birth, CPR Name , etc…No

Additional request parameters

redirect_successIf this parameter is supplied the browser session will finally be redirected to this URL-value.No
redirect_failure targetError works as target except it is navigated on user cancel or error situations.No
 relay_state

Use it to link an unique ID of your choice that you can parse.

Examplerelaystate=zignsec123

No
webhookA URL where success/error results will automatically be POST:edNo

2.2 Response

Each request returns a response with status and details.

idA unique session identifier generated for each workflow instance.
errorsA JSON array of error conditions, see error handling.
redirect_urlMitId redirect url
statusCreated, Pending, Finished, Failed, Declined
{
  "data": {
    "errors": [],
    "id": "3c2ce9d2-c4de-4e26-8d71-aea9008dae0a",
    "redirect_url": "https://zignsec.test.mitid.dk/ui/mitid?otp=3DsRWdwfTUyldGmVp9-bJw",
    "status": "Pending"
  }
}

3. MitID Lookup CPR

3.1 Start session

        POST to Zignsec URL:

        Test Env         : https://test-gateway.zignsec.com/core/api/sessions/lookup_cpr/mitid

        Production    : https://gateway.zignsec.com/core/api/sessions/lookup_cpr/mitid

3.2 Request

    {
  "metadata": {
    "action": "LogOn",
    "language": "En",
    "level": "Low",
    "method": "Loa",
    "popup_context": false,
    "psd2": true,
    "reference_text_body": "Log on to My Service",
    "relay_state": "user-id-123456",
    "requested_attributes": [
      "DATE_OF_BIRTH",
      "AGE",
      "IAL_IDENTITY_ASSURANCE_LEVEL",
      "IDENTITY_NAME"   
    ],
    "service_provider_reference": " My Service "
  },
  "redirect_failure": "https://my_failure_url.com",
  "redirect_success": "https://my_success_url.com",
  "relay_state": "my-unique-customer-id",
  "webhook": "https://my_webhook_url.com"
}
ParameterDescriptionRequired
metadataSee table belowYes
Meta data parameters
ParameterDescriptionRequired
languageThe requested language. Possible values are Da | En  | KlNo
level Authenticator combinations:  Low|Substantial|High 
popup_contextIdentifies if the MitId broker page will be opened in a popup or it will be redirect. True – used a popup, false – redirect to another page.No
reference_text_body Business reference text body  Ex:  “Log on to my Service” No
requested_attributes Person Identity details Ex:  Date of Birth, CPR Name , etc…No

Additional request parameters

redirect_successIf this parameter is supplied the browser session will finally be redirected to this URL-value.No
redirect_failure targetError works as target except it is navigated on user cancel or error situations.No
 relay_state

Use it to link an unique ID of your choice that you can parse.

Examplerelaystate=zignsec123

No
webhookA URL where success/error results will automatically be POST:edNo

3.3 Response

Each request returns a response with status and details.

idA unique session identifier generated for each workflow instance.
errorsA JSON array of error conditions, see error handling.
redirect_urlMitId redirect url
statusCreated, Pending, Finished, Failed, Declined

3.3.1 Response example

{
  "data": {
    "errors": [],
    "id": "eb23a111-3767-4125-bde4-ab9318e52b2b",
    "redirect_url": "https://zignsec.test.mitid.dk/ui/mitid?otp=MUwtumF65ECHhfsnHUCA_g",
    "state": "Pending"
  }
}

GET to  https://test-gateway.zignsec.com/core/api/sessions/sessionid

How to get notified when workflow is finished:

There is both active and passive notification for when the workflow is finished

  • Callback: Set redirect_success and redirect_failure URL parameter in step 1 and you can do the above GET when navigation will occur.
  • Webhook. You can set webhook URL parameter in step 1 Result will be posted to the URL.
  • Polling: Repeatedly call the above collect-GET until the results contain a final result.
    https://test-gateway.zignsec.com/core/api/sessions

Each request returns a response with status and details.

idA unique session identifier generated for each workflow instance.
errorsA JSON array of error conditions, see error handling.
resultRepresents result with a signed identity in a JSON Web Token form, see JWT-signature.
statusCreated, Pending, Finished, Failed, Declined
{
	"data": {
		"errors": [],
		"id": "9df74aed-7a4a-4684-92ab-43da417c1ac2",
		"result": {
			"signedIdentity": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE1ZTk3NTZmLTgxMzItNDdhYy1hZmY3LTE5Y2FjMjY0ZTQ0MCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3ppZ25zZWMudGVzdC5taXRpZC5kay8iLCJpYXQiOjE2NTM2NDMwNjUsIm5iZiI6MTY1MzY0MzA2NSwiZXhwIjoxNjUzNjQ2NjY1LCJpZGVudGl0eSI6eyJoYXNDcHIiOnRydWUsImNvdW50cnlDb2RlIjoiREsiLCJmaXJzdE5hbWUiOiJTdGlnIFBldGVyc2VuIiwiZnVsbE5hbWUiOiJTdGlnIFBldGVyc2VuIiwicGVyc29uYWxOdW1iZXIiOiIiLCJkYXRlT2ZCaXJ0aCI6IjE5NDktMDUtMTAiLCJhZ2UiOjczLCJpZFByb3ZpZGVyTmFtZSI6Ik1pdElEIiwiaWRlbnRpZmljYXRpb25EYXRlIjoiMjAyMi0wNS0yN1QwOToxNzo0NS40OTU0NzU0WiIsImlkUHJvdmlkZXJSZXF1ZXN0SWQiOiI2OTFlMjE4My1mNjc3LTQ3YTQtOWQ0MC1kOWM0MmU4YzZhMGYiLCJpZFByb3ZpZGVyUGVyc29uSWQiOiJmMTRmMzA5My1mNjYxLTQ2ZjMtYTJlYS0zZTEzNjRiMzA1ODQifSwicHJvdmlkZXJEYXRhIjp7ImRrLm1pdGlkLmFzc3VyYW5jZWxldmVsIjp7ImxvYSI6IlNVQlNUQU5USUFMIiwiaWFsIjoiU1VCU1RBTlRJQUwiLCJhYWwiOiJTVUJTVEFOVElBTCIsImZhbCI6IkhJR0gifSwic3ViIjoiZjE0ZjMwOTMtZjY2MS00NmYzLWEyZWEtM2UxMzY0YjMwNTg0IiwiZGsubWl0aWQucHNkMiI6dHJ1ZSwiYW1yIjpbImFwcDoxNjUzNjQzMDY0MTgyOlNVQlNUQU5USUFMOlNVQlNUQU5USUFMOkhJR0g6SElHSCJdLCJraWQiOiJqd3RfbWl0aWRfMjEwMzIzIiwiaXNzIjoiTWl0SUQiLCJkay5taXRpZC5oYXNDUFIiOnRydWUsImV4cCI6MTY1MzY2MTA2NCwiaWF0IjoxNjUzNjQzMDY0LCJqdGkiOiJmNzE3NGMyMS03ZTcyLTRkYTktYTBkMS0yZGRkMmEzOTY3MDUiLCJkay5taXRpZC50cmFuc2FjdGlvbmlkIjoiNjkxZTIxODMtZjY3Ny00N2E0LTlkNDAtZDljNDJlOGM2YTBmIiwiYXVkIjoiMWNkZTMxNDQtMzRmYy00ZGU3LWE1NTMtZTViMTYwNzAyYjEyIiwibmJmIjoxNjUzNjQzMDY0LCJkay5taXRpZC5hdHRyaWJ1dGVzIjp7Im1pdGlkLmRrLmRhdGVfb2ZfYmlydGgiOiIxOTQ5LTA1LTEwIiwibWl0aWQuZGsuaWRlbnRpdHlfbmFtZSI6IlN0aWcgUGV0ZXJzZW4iLCJtaXRpZC5kay5pYWxfaWRlbnRpdHlfYXNzdXJhbmNlX2xldmVsIjoiU1VCU1RBTlRJQUwiLCJtaXRpZC5kay5hZ2UiOiI3MyJ9fX0.EWJiJuLoXk_x_nVp-oGdDtVLDl9moijNzrCCaGEtY2WceLMniH3eHF0HsiWDAyI4y92IORMQm4vxWQOUivMCyxJUv_0uebU3R854D06IDauG9-I24hMERsDE1uUsnAjC4W-CZbpzjuSFS0fq3g-H-garM7hwAHGtN4e2H9-M3A1TcP2SwZ8oEmPq5Eb6nQiZqjD8FmWfU1rB0IyRs9Z0KbQy8WwYZxt4YsRyJ9iP44-kz7_AprSwDygkjBC6gyyH8YJIx-SIy7C27r1e0UkDoe8JFaDOdWvfQR6jmX7PBfC2v9Hn8vLMGwHxuLeb5xecRNhTw8NwZM4BMIzorh6CFw"
		},
		"status": "Finished"
	}
}

The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.

NameDescription
issURL of issuer
iattime session was issued in Unix time format
nbfnot before timestamp in Unix time format
exptime of expiry of session in Unix time format
identity
hasCpr – boolean that indicates whether it is possible to perform lookup/matchCPR e.g. true or false
countryCode – 2 character country code following ISO 3166-1 alpha-2 standard
firstName – name of person associated with the used eID 
fullName – name of person associated with the used eID
personalNumber – CPR number of person associated with used eID only returned when lookup_CPR metod is called
dateOfBirth – date of birth of person associated with the used eID returned in format YYYY-MM-DD (1949-05-10)
age – age of person associated with the used eID
idProviderName – name of product provider (MitID)
identificationDate – date of identification in timestamp format 2022-05-27T09:17:45.4954754Z”,
idProviderRequestId – a call-unique reference string for tracing and support issues e.g. “691e2183-f677-47a4-9d40-d9c42e8c6a0f”
idProviderPersonId – UUID of the eID used “f14f3093-f661-46f3-a2ea-3e1364b30584”
providerDatadata node from provider (MitID) containing raw original data. Note that this node should only be used as reference since this node could change at provider side.

Response Example

{
  "iss": "https://zignsec.test.mitid.dk/",
  "iat": 1653643065,
  "nbf": 1653643065,
  "exp": 1653646665,
  "identity": {
    "hasCpr": true,
    "countryCode": "DK",
    "firstName": "Stig Petersen",
    "fullName": "Stig Petersen",
    "personalNumber": "",
    "dateOfBirth": "1949-05-10",
    "age": 73,
    "idProviderName": "MitID",
    "identificationDate": "2022-05-27T09:17:45.4954754Z",
    "idProviderRequestId": "691e2183-f677-47a4-9d40-d9c42e8c6a0f",
    "idProviderPersonId": "f14f3093-f661-46f3-a2ea-3e1364b30584"
  },
  "providerData": {
    "dk.mitid.assurancelevel": {
      "loa": "SUBSTANTIAL",
      "ial": "SUBSTANTIAL",
      "aal": "SUBSTANTIAL",
      "fal": "HIGH"
    },
    "sub": "f14f3093-f661-46f3-a2ea-3e1364b30584",
    "dk.mitid.psd2": true,
    "amr": [
      "app:1653643064182:SUBSTANTIAL:SUBSTANTIAL:HIGH:HIGH"
    ],
    "kid": "jwt_mitid_210323",
    "iss": "MitID",
    "dk.mitid.hasCPR": true,
    "exp": 1653661064,
    "iat": 1653643064,
    "jti": "f7174c21-7e72-4da9-a0d1-2ddd2a396705",
    "dk.mitid.transactionid": "691e2183-f677-47a4-9d40-d9c42e8c6a0f",
    "aud": "1cde3144-34fc-4de7-a553-e5b160702b12",
    "nbf": 1653643064,
    "dk.mitid.attributes": {
      "mitid.dk.date_of_birth": "1949-05-10",
      "mitid.dk.identity_name": "Stig Petersen",
      "mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL",
      "mitid.dk.age": "73"
    }
  }
}
}

4.4 Decoded Identity for MitID CPR Match

The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.

Response Example

{
  "iss": "https://zignsec.test.mitid.dk/",
  "iat": 1665410883,
  "nbf": 1665410883,
  "exp": 1665414483,
  "identity": {
    "cprNumberMatch": true,
    "hasCpr": true,
    "countryCode": "DK",
    "fullName": "Egon Olsen",
    "personalNumber": "",
    "dateOfBirth": "1925-03-12",
    "age": 97,
    "idProviderName": "MitID",
    "identificationDate": "2022-10-10T14:08:03.1159263Z",
    "idProviderRequestId": "c02e376d-67c3-4ad9-ba94-9827087adb04",
    "idProviderPersonId": "040fa512-332a-4788-b7ab-eaa2ae72f217"
  },
  "providerData": {
    "dk.mitid.assurancelevel": {
      "loa": "SUBSTANTIAL",
      "ial": "SUBSTANTIAL",
      "aal": "SUBSTANTIAL",
      "fal": "HIGH"
    },
    "sub": "040fa512-332a-4788-b7ab-eaa2ae72f217",
    "dk.mitid.psd2": true,
    "amr": [
      "app:1665410881502:SUBSTANTIAL:SUBSTANTIAL:HIGH:HIGH"
    ],
    "kid": "jwt_mitid_210323",
    "iss": "MitID",
    "dk.mitid.hasCPR": true,
    "exp": 1665428881,
    "iat": 1665410881,
    "jti": "75c80e20-f602-4269-82c3-21d6500fccdb",
    "dk.mitid.transactionid": "c02e376d-67c3-4ad9-ba94-9827087adb04",
    "aud": "1cde3144-34fc-4de7-a553-e5b160702b12",
    "nbf": 1665410881,
    "dk.mitid.attributes": {
      "mitid.dk.date_of_birth": "1925-03-12",
      "mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL",
      "mitid.dk.age": "97"
    }
  }
}

4.5 Decoded Identity for MitD Lookup CPR

The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.

Response Example

{
  "iss": "https://zignsec.test.mitid.dk/",
  "iat": 1645705167,
  "nbf": 1645705167,
  "exp": 1645708767,
  "identity": {
    "cprNumber": "3008571901",
    "countryCode": "DK",
    "firstName": "Freddy Andresen",
    "fullName": "Freddy Andresen",
    "personalNumber": "",
    "dateOfBirth": "1957-08-30",
    "age": 64,
    "idProviderName": "MitID",
    "identificationDate": "2022-02-24T12:19:27.7662392Z"
  },
  "providerData": {
    "mitid.dk.date_of_birth": "1957-08-30",
    "mitid.dk.identity_name": "Freddy Andresen",
    "mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL",
    "mitid.dk.age": 64
  }
}