MitID is a secure and user-friendly digital ID. You use the same login, regardless of whether you want to use your online bank, see your information on borger.dk, download your annual statement from Skat.dk or shop online.
MitID is a flexible and well-thought-out solution. It will be easy to further develop MitID to match a life where technology plays a greater role.
Most of us are already familiar with the NemID app – all we need to do is to download the new MitID app and use it in the same way. But the key card disappears. That is an important difference. It is still important that you never share codes or your user ID for MitID with others. Your MitID is just as important as your passport.
*NemID users will be migrated gradually to MitID during the next 6months*
To Test MitID, please contact our sales: [email protected]
After Registration, Service providers will be provided with Functional and Technical Links to access with Credentials.
1. MitID Identity Verification
POST to Zignsec URL:
Test Env : https://test-gateway.zignsec.com/core/api/sessions/identity_verification/mitid
Production : https://gateway.zignsec.com/core/api/sessions/identity_verification/mitid
Swagger link : https://test-gateway.zignsec.com/
{ { "metadata": { "action": "LogOn", "language": "En", "level": "Low", "method": "Loa", "popup_context": false, "psd2": true, "reference_text_body": "Log on to My Service", "relay_state": "user-id-123456", "requested_attributes": [ "DATE_OF_BIRTH", "AGE", "IAL_IDENTITY_ASSURANCE_LEVEL", "IDENTITY_NAME" ], "service_provider_reference": " My Service " }, "redirect_failure": "https://my_failure_url.com", "redirect_success": "https://my_success_url.com", "relay_state": "my-unique-customer-id", "webhook": "https://my_webhook_url.com" } }
Parameter | Description | Required |
---|---|---|
metadata | See table below | Yes |
Parameter | Description | Required |
---|---|---|
language | The requested language. Possible values are En | Da | Kl | No |
level | Authenticator combinations: Low|Substantial|High | |
popup_context | Identifies if the MitId broker page will be opened in a popup or it will be redirect. True – used a popup, false – redirect to another page. | No |
reference_text_body | Business reference text body Ex: “Log on to my Service” | No |
requested_attributes | Person Identity details Ex: Date of Birth, CPR Name , etc… | No |
redirect_success | If this parameter is supplied the browser session will finally be redirected to this URL-value. | No |
redirect_failure | targetError works as target except it is navigated on user cancel or error situations. | No |
relay_state | Use it to link an unique ID of your choice that you can parse. Example: | No |
webhook | A URL where success/error results will automatically be POST:ed | No |
Each request returns a response with status and details.
id | A unique session identifier generated for each workflow instance. |
errors | A JSON array of error conditions, see error handling. |
redirect_url | MitId redirect url |
status | Created, Pending, Finished, Failed, Declined |
{ "data": { "errors": [], "id": "10358350-72e3-4a4c-800b-6e97c0d6d8c8", "redirect_url": "https://zignsec.test.mitid.dk/ui/mitid?otp=EKddfNyl1Eu47VimqTDDxQ", "status": "Pending" } }
2. MitID CPR Match
POST to Zignsec URL:
Test Env : https://test-gateway.zignsec.com/core/api/sessions/match_cpr/mitid
Production : https://gateway.zignsec.com/core/api/sessions/match_cpr/mitid
2.1 Request
{ { "metadata": { "action": "LogOn", "cpr_number": "260169-6218", "language": "En", "level": "Low", "method": "Loa", "popup_context": false, "psd2": true, "reference_text_body": "Log on to My Service", "relay_state": "user-id-123456", "requested_attributes": [ "DATE_OF_BIRTH", "AGE", "IAL_IDENTITY_ASSURANCE_LEVEL", "IDENTITY_NAME" ], "service_provider_reference": " My Service " }, "redirect_failure": "https://my_failure_url.com", "redirect_success": "https://my_success_url.com", "relay_state": "my-unique-customer-id", "webhook": "https://my_webhook_url.com" } }
Parameter | Description | Required |
---|---|---|
metadata | See table below | Yes |
Parameter | Description | Required |
---|---|---|
cpr_number | Denmark Personal Id number Ex: 3012764749 | Yes |
language | The requested language. Possible values are Da | En | Kl | No |
level | Authenticator combinations: Low|Substantial|High | |
popup_context | Identifies if the MitId broker page will be opened in a popup or it will be redirect. True – used a popup, false – redirect to another page. | No |
reference_text_body | Business reference text body Ex: “Log on to my Service” | No |
requested_attributes | Person Identity details Ex: Date of Birth, CPR Name , etc… | No |
Additional request parameters
redirect_success | If this parameter is supplied the browser session will finally be redirected to this URL-value. | No |
redirect_failure | targetError works as target except it is navigated on user cancel or error situations. | No |
relay_state | Use it to link an unique ID of your choice that you can parse. Example: | No |
webhook | A URL where success/error results will automatically be POST:ed | No |
2.2 Response
Each request returns a response with status and details.
id | A unique session identifier generated for each workflow instance. |
errors | A JSON array of error conditions, see error handling. |
redirect_url | MitId redirect url |
status | Created, Pending, Finished, Failed, Declined |
{ "data": { "errors": [], "id": "3c2ce9d2-c4de-4e26-8d71-aea9008dae0a", "redirect_url": "https://zignsec.test.mitid.dk/ui/mitid?otp=3DsRWdwfTUyldGmVp9-bJw", "status": "Pending" } }
3. MitID Lookup CPR
3.1 Start session
POST to Zignsec URL:
Test Env : https://test-gateway.zignsec.com/core/api/sessions/lookup_cpr/mitid
Production : https://gateway.zignsec.com/core/api/sessions/lookup_cpr/mitid
3.2 Request
{ "metadata": { "action": "LogOn", "language": "En", "level": "Low", "method": "Loa", "popup_context": false, "psd2": true, "reference_text_body": "Log on to My Service", "relay_state": "user-id-123456", "requested_attributes": [ "DATE_OF_BIRTH", "AGE", "IAL_IDENTITY_ASSURANCE_LEVEL", "IDENTITY_NAME" ], "service_provider_reference": " My Service " }, "redirect_failure": "https://my_failure_url.com", "redirect_success": "https://my_success_url.com", "relay_state": "my-unique-customer-id", "webhook": "https://my_webhook_url.com" }
Parameter | Description | Required |
---|---|---|
metadata | See table below | Yes |
Parameter | Description | Required |
---|---|---|
language | The requested language. Possible values are Da | En | Kl | No |
level | Authenticator combinations: Low|Substantial|High | |
popup_context | Identifies if the MitId broker page will be opened in a popup or it will be redirect. True – used a popup, false – redirect to another page. | No |
reference_text_body | Business reference text body Ex: “Log on to my Service” | No |
requested_attributes | Person Identity details Ex: Date of Birth, CPR Name , etc… | No |
Additional request parameters
redirect_success | If this parameter is supplied the browser session will finally be redirected to this URL-value. | No |
redirect_failure | targetError works as target except it is navigated on user cancel or error situations. | No |
relay_state | Use it to link an unique ID of your choice that you can parse. Example: | No |
webhook | A URL where success/error results will automatically be POST:ed | No |
3.3 Response
Each request returns a response with status and details.
id | A unique session identifier generated for each workflow instance. |
errors | A JSON array of error conditions, see error handling. |
redirect_url | MitId redirect url |
status | Created, Pending, Finished, Failed, Declined |
3.3.1 Response example
{ "data": { "errors": [], "id": "eb23a111-3767-4125-bde4-ab9318e52b2b", "redirect_url": "https://zignsec.test.mitid.dk/ui/mitid?otp=MUwtumF65ECHhfsnHUCA_g", "state": "Pending" } }
GET to https://test-gateway.zignsec.com/core/api/sessions/sessionid
How to get notified when workflow is finished:
There is both active and passive notification for when the workflow is finished
- Callback: Set
redirect_success
andredirect_failure
URL parameter in step 1 and you can do the above GET when navigation will occur. - Webhook. You can set
webhook
URL parameter in step 1 Result will be posted to the URL. - Polling: Repeatedly call the above collect-GET until the results contain a final result.
https://test-gateway.zignsec.com/core/api/sessions
Each request returns a response with status and details.
id | A unique session identifier generated for each workflow instance. |
errors | A JSON array of error conditions, see error handling. |
result | Represents result with a signed identity in a JSON Web Token form, see JWT-signature. |
status | Created, Pending, Finished, Failed, Declined |
{ "data": { "errors": [], "id": "9df74aed-7a4a-4684-92ab-43da417c1ac2", "result": { "signedIdentity": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE1ZTk3NTZmLTgxMzItNDdhYy1hZmY3LTE5Y2FjMjY0ZTQ0MCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3ppZ25zZWMudGVzdC5taXRpZC5kay8iLCJpYXQiOjE2NTM2NDMwNjUsIm5iZiI6MTY1MzY0MzA2NSwiZXhwIjoxNjUzNjQ2NjY1LCJpZGVudGl0eSI6eyJoYXNDcHIiOnRydWUsImNvdW50cnlDb2RlIjoiREsiLCJmaXJzdE5hbWUiOiJTdGlnIFBldGVyc2VuIiwiZnVsbE5hbWUiOiJTdGlnIFBldGVyc2VuIiwicGVyc29uYWxOdW1iZXIiOiIiLCJkYXRlT2ZCaXJ0aCI6IjE5NDktMDUtMTAiLCJhZ2UiOjczLCJpZFByb3ZpZGVyTmFtZSI6Ik1pdElEIiwiaWRlbnRpZmljYXRpb25EYXRlIjoiMjAyMi0wNS0yN1QwOToxNzo0NS40OTU0NzU0WiIsImlkUHJvdmlkZXJSZXF1ZXN0SWQiOiI2OTFlMjE4My1mNjc3LTQ3YTQtOWQ0MC1kOWM0MmU4YzZhMGYiLCJpZFByb3ZpZGVyUGVyc29uSWQiOiJmMTRmMzA5My1mNjYxLTQ2ZjMtYTJlYS0zZTEzNjRiMzA1ODQifSwicHJvdmlkZXJEYXRhIjp7ImRrLm1pdGlkLmFzc3VyYW5jZWxldmVsIjp7ImxvYSI6IlNVQlNUQU5USUFMIiwiaWFsIjoiU1VCU1RBTlRJQUwiLCJhYWwiOiJTVUJTVEFOVElBTCIsImZhbCI6IkhJR0gifSwic3ViIjoiZjE0ZjMwOTMtZjY2MS00NmYzLWEyZWEtM2UxMzY0YjMwNTg0IiwiZGsubWl0aWQucHNkMiI6dHJ1ZSwiYW1yIjpbImFwcDoxNjUzNjQzMDY0MTgyOlNVQlNUQU5USUFMOlNVQlNUQU5USUFMOkhJR0g6SElHSCJdLCJraWQiOiJqd3RfbWl0aWRfMjEwMzIzIiwiaXNzIjoiTWl0SUQiLCJkay5taXRpZC5oYXNDUFIiOnRydWUsImV4cCI6MTY1MzY2MTA2NCwiaWF0IjoxNjUzNjQzMDY0LCJqdGkiOiJmNzE3NGMyMS03ZTcyLTRkYTktYTBkMS0yZGRkMmEzOTY3MDUiLCJkay5taXRpZC50cmFuc2FjdGlvbmlkIjoiNjkxZTIxODMtZjY3Ny00N2E0LTlkNDAtZDljNDJlOGM2YTBmIiwiYXVkIjoiMWNkZTMxNDQtMzRmYy00ZGU3LWE1NTMtZTViMTYwNzAyYjEyIiwibmJmIjoxNjUzNjQzMDY0LCJkay5taXRpZC5hdHRyaWJ1dGVzIjp7Im1pdGlkLmRrLmRhdGVfb2ZfYmlydGgiOiIxOTQ5LTA1LTEwIiwibWl0aWQuZGsuaWRlbnRpdHlfbmFtZSI6IlN0aWcgUGV0ZXJzZW4iLCJtaXRpZC5kay5pYWxfaWRlbnRpdHlfYXNzdXJhbmNlX2xldmVsIjoiU1VCU1RBTlRJQUwiLCJtaXRpZC5kay5hZ2UiOiI3MyJ9fX0.EWJiJuLoXk_x_nVp-oGdDtVLDl9moijNzrCCaGEtY2WceLMniH3eHF0HsiWDAyI4y92IORMQm4vxWQOUivMCyxJUv_0uebU3R854D06IDauG9-I24hMERsDE1uUsnAjC4W-CZbpzjuSFS0fq3g-H-garM7hwAHGtN4e2H9-M3A1TcP2SwZ8oEmPq5Eb6nQiZqjD8FmWfU1rB0IyRs9Z0KbQy8WwYZxt4YsRyJ9iP44-kz7_AprSwDygkjBC6gyyH8YJIx-SIy7C27r1e0UkDoe8JFaDOdWvfQR6jmX7PBfC2v9Hn8vLMGwHxuLeb5xecRNhTw8NwZM4BMIzorh6CFw" }, "status": "Finished" } }
The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.
Name | Description | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
iss | URL of issuer | |||||||||||
iat | time session was issued in Unix time format | |||||||||||
nbf | not before timestamp in Unix time format | |||||||||||
exp | time of expiry of session in Unix time format | |||||||||||
identity |
| |||||||||||
providerData | data node from provider (MitID) containing raw original data. Note that this node should only be used as reference since this node could change at provider side. |
Response Example
{ "iss": "https://zignsec.test.mitid.dk/", "iat": 1653643065, "nbf": 1653643065, "exp": 1653646665, "identity": { "hasCpr": true, "countryCode": "DK", "firstName": "Stig Petersen", "fullName": "Stig Petersen", "personalNumber": "", "dateOfBirth": "1949-05-10", "age": 73, "idProviderName": "MitID", "identificationDate": "2022-05-27T09:17:45.4954754Z", "idProviderRequestId": "691e2183-f677-47a4-9d40-d9c42e8c6a0f", "idProviderPersonId": "f14f3093-f661-46f3-a2ea-3e1364b30584" }, "providerData": { "dk.mitid.assurancelevel": { "loa": "SUBSTANTIAL", "ial": "SUBSTANTIAL", "aal": "SUBSTANTIAL", "fal": "HIGH" }, "sub": "f14f3093-f661-46f3-a2ea-3e1364b30584", "dk.mitid.psd2": true, "amr": [ "app:1653643064182:SUBSTANTIAL:SUBSTANTIAL:HIGH:HIGH" ], "kid": "jwt_mitid_210323", "iss": "MitID", "dk.mitid.hasCPR": true, "exp": 1653661064, "iat": 1653643064, "jti": "f7174c21-7e72-4da9-a0d1-2ddd2a396705", "dk.mitid.transactionid": "691e2183-f677-47a4-9d40-d9c42e8c6a0f", "aud": "1cde3144-34fc-4de7-a553-e5b160702b12", "nbf": 1653643064, "dk.mitid.attributes": { "mitid.dk.date_of_birth": "1949-05-10", "mitid.dk.identity_name": "Stig Petersen", "mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL", "mitid.dk.age": "73" } } } }
4.4 Decoded Identity for MitID CPR Match
The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.
Response Example
{ "iss": "https://zignsec.test.mitid.dk/", "iat": 1665410883, "nbf": 1665410883, "exp": 1665414483, "identity": { "cprNumberMatch": true, "hasCpr": true, "countryCode": "DK", "fullName": "Egon Olsen", "personalNumber": "", "dateOfBirth": "1925-03-12", "age": 97, "idProviderName": "MitID", "identificationDate": "2022-10-10T14:08:03.1159263Z", "idProviderRequestId": "c02e376d-67c3-4ad9-ba94-9827087adb04", "idProviderPersonId": "040fa512-332a-4788-b7ab-eaa2ae72f217" }, "providerData": { "dk.mitid.assurancelevel": { "loa": "SUBSTANTIAL", "ial": "SUBSTANTIAL", "aal": "SUBSTANTIAL", "fal": "HIGH" }, "sub": "040fa512-332a-4788-b7ab-eaa2ae72f217", "dk.mitid.psd2": true, "amr": [ "app:1665410881502:SUBSTANTIAL:SUBSTANTIAL:HIGH:HIGH" ], "kid": "jwt_mitid_210323", "iss": "MitID", "dk.mitid.hasCPR": true, "exp": 1665428881, "iat": 1665410881, "jti": "75c80e20-f602-4269-82c3-21d6500fccdb", "dk.mitid.transactionid": "c02e376d-67c3-4ad9-ba94-9827087adb04", "aud": "1cde3144-34fc-4de7-a553-e5b160702b12", "nbf": 1665410881, "dk.mitid.attributes": { "mitid.dk.date_of_birth": "1925-03-12", "mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL", "mitid.dk.age": "97" } } }
4.5 Decoded Identity for MitD Lookup CPR
The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.
Response Example
{ "iss": "https://zignsec.test.mitid.dk/", "iat": 1645705167, "nbf": 1645705167, "exp": 1645708767, "identity": { "cprNumber": "3008571901", "countryCode": "DK", "firstName": "Freddy Andresen", "fullName": "Freddy Andresen", "personalNumber": "", "dateOfBirth": "1957-08-30", "age": 64, "idProviderName": "MitID", "identificationDate": "2022-02-24T12:19:27.7662392Z" }, "providerData": { "mitid.dk.date_of_birth": "1957-08-30", "mitid.dk.identity_name": "Freddy Andresen", "mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL", "mitid.dk.age": 64 } }