Identity Verification with Nem ID or mitID including a CPR Match
Step 1: Initialize session
POST to
Test enviornment : https://test-gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow_with_cpr_match
Production enviornment : https://gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow_with_cpr_match
Request Example
POST https://test-gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow_with_cpr_match
Content-Type: application/json
Authorization: 12345678-YOUR-ACCESS-TOKEN-5352305c9fb0
Content-Length: 725
{
"locale": "En",
"metadata": {
"personal_number": "2312813846"
},
"redirect_failure": "https://my_failure_url.com",
"redirect_success": "https://my_success_url.com",
"relay_state": "my-unique-customer-id",
"webhook": "https://my_webhook_url.com"
}
1.2: Description of Request Model
| Paramter | Description | Required |
| locale | Preferred Language to Use . example: En | |
| personal_number | The CPR Number of the individual that you wish to identify | Yes |
| redirect_failure | URL to redirect the end-user to on failure | |
| redirect_success | URL to redirect the end-user to on success | |
| relay_state | This optional parameter will be returned to you at the redirect back to your server. Use it to link an unique ID of your choice that you can parse. Example: relaystate=zignsec_eid_1234 | No |
| webhook | A URL where success/error results will automatically be POST:ed. During test you try https://webhook.site/ for free webhook URLs. | No |
1.3 Example of Response Body
{
"data": {
"id": "b2961aeb-eb69-4ed2-a5c3-d78b6a15715c",
"redirect_url": "https://test-gateway.zignsec.com/core/workflow_instances/b2961aeb-eb69-4ed2-a5c3-d78b6a15715c"
}
}
1.4: Description of Response Model
| id | A unique session identifier generated for each workflow instance. |
| redirect_url | Redirected URL will open the below form |
| Step 1 | Step 2 :MitID | Step 2 :NemID |
 |  |  |
Step 2: GET Results
GET to
Test enviornment: https://test-gateway.zignsec.com/core/api/sessions/b2961aeb-eb69-4ed2-a5c3-d78b6a15715c
Prod enviornment: https://gateway.zignsec.com/core/api/sessions/b2961aeb-eb69-4ed2-a5c3-d78b6a15715c
How to get notified of Workflow Finished
There is both active and passive notification for when the workflow is finished:
- Callback: Set Target URL parameter in step 1 and when the target URL is navigated you can do the above collect-GET.
- Webhook. To set up a webhook URL for callback, contact ZignSec. Results will be posted to the URL.
2.1: Response Body for MitID
{
"data": {
"request_data": {
"locale": "En",
"metadata": {
"personal_number": "2003290762"
},
"redirect_failure": "https://my_failure_url.com",
"redirect_success": "https://my_success_url.com",
"relay_state": "my-unique-customer-id",
"webhook": "https://my_webhook_url.com"
},
"id": "c5431006-b47e-4e8d-bde4-94812f83218c",
"signedIdentity": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE1ZTk3NTZmLTgxMzItNDdhYy1hZmY3LTE5Y2FjMjY0ZTQ0MCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3ppZ25zZWMudGVzdC5taXRpZC5kay8iLCJpYXQiOjE2NjAwMzc3ODQsIm5iZiI6MTY2MDAzNzc4NCwiZXhwIjoxNjYwMDQxMzg0LCJpZGVudGl0eSI6eyJjcHJOdW1iZXJNYXRjaCI6dHJ1ZSwiaGFzQ3ByIjp0cnVlLCJjb3VudHJ5Q29kZSI6IkRLIiwiZmlyc3ROYW1lIjoiR2FyaW1hIFZlcm1hIiwiZnVsbE5hbWUiOiJHYXJpbWEgVmVybWEiLCJwZXJzb25hbE51bWJlciI6IiIsImRhdGVPZkJpcnRoIjoiMTkyOS0wMy0yMCIsImFnZSI6OTMsImlkUHJvdmlkZXJOYW1lIjoiTWl0SUQiLCJpZGVudGlmaWNhdGlvbkRhdGUiOiIyMDIyLTA4LTA5VDA5OjM2OjI0LjM0MDM0ODRaIiwiaWRQcm92aWRlclJlcXVlc3RJZCI6IjBjOWEyZTg3LThmMGYtNDhjZi1iNzI3LTdiNTI1YzEwMDM1YiIsImlkUHJvdmlkZXJQZXJzb25JZCI6IjIyNTMwYTY5LWE4Y2ItNGUxYS04MTdkLWJkMTI4NzhjMTMxOCJ9LCJwcm92aWRlckRhdGEiOnsiZGsubWl0aWQuYXNzdXJhbmNlbGV2ZWwiOnsibG9hIjoiU1VCU1RBTlRJQUwiLCJpYWwiOiJTVUJTVEFOVElBTCIsImFhbCI6IlNVQlNUQU5USUFMIiwiZmFsIjoiSElHSCJ9LCJzdWIiOiIyMjUzMGE2OS1hOGNiLTRlMWEtODE3ZC1iZDEyODc4YzEzMTgiLCJkay5taXRpZC5wc2QyIjp0cnVlLCJhbXIiOlsiYXBwOjE2NjAwMzc3ODIwNzA6U1VCU1RBTlRJQUw6U1VCU1RBTlRJQUw6SElHSDpISUdIIl0sImtpZCI6Imp3dF9taXRpZF8yMTAzMjMiLCJpc3MiOiJNaXRJRCIsImRrLm1pdGlkLmhhc0NQUiI6dHJ1ZSwiZXhwIjoxNjYwMDU1NzgyLCJpYXQiOjE2NjAwMzc3ODIsImp0aSI6Ijc5YzNlNmY0LWVlNGQtNDU3NC1hMTFhLTU3MmU5YjgyNTNmMyIsImRrLm1pdGlkLnRyYW5zYWN0aW9uaWQiOiIwYzlhMmU4Ny04ZjBmLTQ4Y2YtYjcyNy03YjUyNWMxMDAzNWIiLCJhdWQiOiIxY2RlMzE0NC0zNGZjLTRkZTctYTU1My1lNWIxNjA3MDJiMTIiLCJuYmYiOjE2NjAwMzc3ODIsImRrLm1pdGlkLmF0dHJpYnV0ZXMiOnsibWl0aWQuZGsuZGF0ZV9vZl9iaXJ0aCI6IjE5MjktMDMtMjAiLCJtaXRpZC5kay5pZGVudGl0eV9uYW1lIjoiR2FyaW1hIFZlcm1hIiwibWl0aWQuZGsuaWFsX2lkZW50aXR5X2Fzc3VyYW5jZV9sZXZlbCI6IlNVQlNUQU5USUFMIiwibWl0aWQuZGsuYWdlIjoiOTMifX19.arkrP9Y86cRDfNBe6U3zYcwYT5A730Qb9UYc8wQ8PkP7xXyGOCKUxKPu4CV3FDtdL6NN83YgGt31Mw_tDIZLtiRA7v34UyW5mGOQ4XRXzVTiN5_rVxU1DLgiYG9xYcTOZxFSvvPd42hJbP_v7vl6NnwD-UbVHicNIsrREbx_012cHCc6iuxdp8AKVDzJl2WMxFih-XR1s822HHRXlOg3pcS2k94nZHfhoJMyLm3P9Bz2S6PAdh1i3KFhpyvTrpT88DBUwxWlG7tsSzZl4xc15Th8jmthS4TMJXttsq3V9Eh5Oj01IDIsQCGZR7H59B0m6NQP6Zr0j4Q6oLhMgezDbQ",
"state": "complete"
}
}
| Description | |
signedIdentity | Represents result with a signed identity in a JSON Web Token form, see JWT-signature. |
2.1.1: Decoded JWT Response
The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.
{
"iss": "https://zignsec.test.mitid.dk/",
"iat": 1660037784,
"nbf": 1660037784,
"exp": 1660041384,
"identity": {
"cprNumberMatch": true,
"hasCpr": true,
"countryCode": "DK",
"firstName": "Linda Marie",
"fullName": "Linda Marie Hassan Ahmed",
"personalNumber": "",
"dateOfBirth": "1929-03-20",
"age": 93,
"idProviderName": "MitID",
"identificationDate": "2022-08-09T09:36:24.3403484Z",
"idProviderRequestId": "0c9a2e87-8f0f-48cf-b727-7b525c10035b",
"idProviderPersonId": "22530a69-a8cb-4e1a-817d-bd12878c1318"
},
"providerData": {
"dk.mitid.assurancelevel": {
"loa": "SUBSTANTIAL",
"ial": "SUBSTANTIAL",
"aal": "SUBSTANTIAL",
"fal": "HIGH"
},
"sub": "22530a69-a8cb-4e1a-817d-bd12878c1318",
"dk.mitid.psd2": true,
"amr": [
"app:1660037782070:SUBSTANTIAL:SUBSTANTIAL:HIGH:HIGH"
],
"kid": "jwt_mitid_210323",
"iss": "MitID",
"dk.mitid.hasCPR": true,
"exp": 1660055782,
"iat": 1660037782,
"jti": "79c3e6f4-ee4d-4574-a11a-572e9b8253f3",
"dk.mitid.transactionid": "0c9a2e87-8f0f-48cf-b727-7b525c10035b",
"aud": "1cde3144-34fc-4de7-a553-e5b160702b12",
"nbf": 1660037782,
"dk.mitid.attributes": {
"mitid.dk.date_of_birth": "1929-03-20",
"mitid.dk.identity_name": "Linda Marie Hassan Ahmed",
"mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL",
"mitid.dk.age": "93"
}
}
}
2.1.2: Decoded Identity for MitID identity Verification Response
| Name | Description | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
iss | URL of issuer | |||||||||||
iat | time session was issued in Unix time format | |||||||||||
nbf | not before timestamp in Unix time format | |||||||||||
exp | time of expiry of session in Unix time format | |||||||||||
identity |
| |||||||||||
providerData | data node from provider (MitID) containing raw original data. Note that this node should only be used as reference since this node could change at provider side. |
