...
...
...
...
border | true |
---|
Column | ||||
---|---|---|---|---|
| ||||
This page:
Services: Management: |
...
width | 70% |
---|
Thank you for subscribing to Freja eID services.
Freja eID is an electronic identification (eID) solution for citizens and organisations which can be used for identity assertion, authentication and signing. The essential part of Freja eID service is a smartphone application used for login and signing to all the services that are connected to the user´s eID. The second part is a web portal – My Pages – where the user can control how their eID is to be used and has a full record of user history.
In terms of relying parties, Freja eID offers great flexibility in terms of addressing end users. For example, the identity assurance level of end users registered with Freja eID can vary. If the user has followed an entry-level registration flow, their identity will be assured to level 2 within the scheme, also known as Freja eID Basic. At this level a user will have confirmed an email address and/or a mobile phone number, perfectly enough to allow, for example, login authentication in situations where an absolute identity is not of significance for the relying party - knowing that the end user accessing a relying party's service is the same one that accessed the service a week ago without the hassle of teaching the end user an additional password is perfectly enough for many web-based services.
However, if the end user opted for an extended registration process, their identity will be assured to level 3 within the scheme, also known as Freja eID+. The extended registration process involves, amongst other controls, vetting physical ID documents of the end user and face enrolment with Freja eID. Freja eID+ users can be referred to through their social security number (SSN). In Sweden, this would equate to having established a "personnummer" for the end user. Also, Freja eID+ users can be involved in interactions with web parties that involve login, but also legally binding signatures and identity assertion. If you want to find out more about identity assertion levels, please have a look at the Tillitsnivåer för elektronisk legitimation published by the Swedish e-Identification board.
This document contains instructions for enabling Relying Party (RP) applications to use services offered by Freja eID. It is of a technical nature - if you are not a software architect or developer, it is probably the wrong document to read.
Freja eID offers three services to RPs: Identity Assertion Service, Authentication service and Signing service. Our recommendation is to read the sections of interest to you in their entirety at least once. On later occasions, use the links to quickly navigate to the section of interest.
Document Versions
Version | Date | Comment |
---|---|---|
1.0 | 2017-04-26 | This document is a preliminary version. The content of this document is still under review and subject to change. |
2.0 | 2017-05-29 | Included Authentication Services. Changed examples to use signing certificate under Freja eID TEST root. |
2.1 | 2017-06-23 | Adjusted error codes to comply with conventions within other services. |
2.2 | 2017-06-30 | Adjusted error codes for validation errors. Instead of generic error 1000 and list of specific errors, specific error is returned directly. |
2.3 | 2017-08-03 | Opaque data must be max128 characters long. Adjusted identity assertion error codes. |
2.4 | 2017-08-10 | Changed the URL for posting the response for identity assertion. |
2.5 | 2017-09-13 | Changed the JWS header value from x5c to x5t. |
2.6 | 2017-11-01 | Added support for requesting additional user attributes when initiating the authentication. |
3.0 | 2018-01-19 | Changed the endpoint URLs for all Authentication Services methods. Adjusted error codes in Authentication Services. Included Signature Services. |
4.0 | 2018-03-29 | Included Integrator Relying Party Management. Included Custom Identifier Management and updated the support for requesting additional user attributes when initiating the authentication accordingly. Added support for cancelling an authentication or a signing request. Added example requests for all methods in all the services. Updated the custom URL scheme for automatic launch of Freja eID app. |
4.1 | Added support for returning two more user attributes in the Authentication Services - SSN (personal identity number) and integratorSpecificUserId (a unique user identifier, specific for a particular Integrator RP) |
Abbreviations
CA | Certificate Authority |
CSR | Certificate signing request |
eID | Electronic identification |
JSON | JavaScript Object Notation |
JWS | JSON Web Signature |
PKCS | Portable Symmetric Key Container |
PKI | Public Key Infrastructure |
REST | Representational State Transfer |
RP | Relying Party |
RSA (cryptosystem) | Rivest–Shamir–Adleman |
SSL/TLS | Secure Sockets Layer/Transport Layer Security |
SSN | Social security number (''perssonnummer'' in Sweden) |
Getting started IN PROGRESS
About Freja eID environments
Freja eID system offers two environments:
- Test or Demo Environment, which is designed for testing purposes, it is intended to be used by Relying Parties during the process of integration with Freja eiD to test the integrated services.
- Production Environment, which is where the Freja eID services are actually available for business use and where the real-time staging of integrated services is executed.
Note that the Test Environment tries to resemble the Production Environment in all segments.
Before you begin
Test environment checklist
There are several technical requirements that must be in place before the integration with Freja eID can start. Before proceeding, you need to:
- Obtain an SSL/TLS client certificate providing you access to the Freja eID Test Environment. For more information, refer to the Certificates section.
- Import Freja eID Test root certificate as trusted into the trust store of your application.
- Using Freja eID mobile application, register one or more users with the Freja eID Test infrastructure.
Production environment checklist
In order to use Freja eID in a production environment, you must fulfil the following:
- Sign a contract allowing your organisation to access the production Freja eID Authentication service.
- Provide Freja eID with a logo suitable to represent your organisation in the mobile application, as well as a display name, a URL and a short description. Please note that:
- The logo must be delivered in one of the vector file formats: AI (Adobe Illustrator Artwork), EPS (Encapsulated PostScript) or editable PDF (Portable Document Format). The preferable format is AI (filename extension is .ai).
- The display name is restricted to the maximum length of 20 characters and the description should not exceed 75 characters. The URL can be up to 100 characters long.
- Obtain an SSL/TLS client certificate providing you access to the Freja eID Production Environment. For more information, refer to the Certificates section.
- Import Freja eID Production root certificate as trusted into the trust store of your application.
...
Freja eID system requires usage of SSL/TLS certificates for communication with Relying Party applications. The following certificates are used:
- Freja eID's server certificate:
- Freja eID Test root certificate
- Freja eID Production root certificate
- Relying Party's client certificate:
- Test client certificate
- Production client certificate
Additionaly, JWS certificates are used to digitally sign the results of authentication and signature requests.
Server certificate
Freja eID server certificate is used so that RPs can autheticate Freja eID as trusted in their environment. Freja eID's server certificate should be imported in the trust store of the RP's application. There are two server certificates which you need to use:
- Freja eID Test root certificate, when you want to start the integration in the Test Environment
- Freja eID Production root certificate, when you want to execute your integration in the Production Environment
Below are Freja eID's Test and Production root certificates, PEM encoded:
Test root certificate | Production root certificate |
Client certificate
As mentioned before, to access and use Freja eID services, you need to obtain a client SSL/TLS certificate. Two client certificates are needed, one for access to the Testing Environment and one for access to the Production Environment. Client certificate autheticates your application when it tries to communicate with Freja eID services. Additionally, Freja eID uses your Client certificate to identify you in its system when you try to send an authentication or sigining request.
The following section provides you with instructions on how to generate an SSL/TLS key and a certificate signing request (CSR), which you can then send to Freja eID partner support to provide you with the ready-made client certificate. It also documents how to create a PKCS#12 file.
Note |
---|
For this purpose, we used OpenSSL, an open-source criptography and SSL/TLS toolkit. For more information about OpenSSL, please refer to their official website. Of course, you can use any other CSR generator. |
What is an SSL/TLS key and what is it used for?
The SSL/TLS key is a part of the Public Key Infrastructure (PKI) that is generally used in case of SSL/TLS certificates. A Public Key Infrastructure assumes asymmetric encryption, where two types of keys are used: a Private Key and a Public Key (included in an SSL/TLS certificate). The private key is based on the RSA algorithm and is used for authentication and the establishment of an SSL/TLS session. Since encrypted data transmission takes too much time in case of asymmetric encryption, this kind of encryption is only used for a secure exchange of the symmetric key, which is used for actual transmitted data encryption and decryption.
What is a certificate signing request (CSR)?
A certificate signing request (also CSR or certification request) is a block of encoded text that is given to a certificate authority (CA) when applying for an SSL/TLS certificate. It is usually generated on the server where the certificate will be installed on and contains information that will be included in the certificate, such as the organisation name, common name (domain name), locality and country. It also contains the public key that will be included in the certificate. The private key is usually created at the same time as the CSR, thus making a key pair. A CSR is generally encoded using ASN.1, according to the PKCS #10 specification.
Distinguished name
SSL/TLS certificates contain identifying information, such as the qualified domain name used for DNS lookups of your server (also called Common Name), your organisation or company name and location information. This information is called the certificate's Distinguished Name. When generating a CSR on your server, you are asked to enter the Distinuguished Name, which uniquely identifies your server.
This is an example list of required fields for the Distinguished Name (i.e. Subject) used when generating a CSR request for a Freja eID Relying Party named "ACME AB":
DN field | Name | Explanation | Example |
---|---|---|---|
CN | Common Name | (Optional) Function qualifier, if required. | Document signing service |
OU | Organisational Unit | (Optional) Internal organisational qualifier, if required. | Production |
O | Organisation Name | Legal name of the organisation, as registered with the company register of the country it operates in. | ACME AB |
OI | Organisational identifier | Organisational number, as registered with the company register of the country it operates in. | 556677-8888 |
C | Country | The two-letter ISO abbreviation of the country the company operates in. | SE |
Note |
---|
The following characters cannot be used in the |
Client certificate generation - Step-by-step guide
Launch Open SSL (preferably on the production server) and generate your private key with the genrsa command (see below). Command arguments are the location and file name where you wish to store your key and the key strength (with minimum value of 2048 bits). You will also be prompted to choose a secure passphrase for the key.
Code Block |
---|
openssl genrsa -F4 -aes256 -out <PATH_TO_YOUR_PRIVATE_KEY>.key 2048 |
...
...
Section | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Samples REMOVE THIS SECTION?There are several examples where the data has been signed using RSA keys and certificates below. In all cases, the private key corresponding to the following certificate chain has been used:
All JWS headers are, therefore, identical and equal to the following: Field | Value | Header | "alg":"RS256"
Base64 encoding of header Code Block |
Anchor |
|
Test JWS certificate x5t | Test JWS certificate | From/Until |
---|---|---|
HwMHK_gb3_iuNF1advMtlG0-fUs | -----BEGIN CERTIFICATE----- MIIEETCCAvmgAwIBAgIUTeCJ0hz3mbtyONBEiap7su74LZwwDQYJKoZIhvcNAQEL BQAwgYMxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9ja2hvbG0xFDASBgNVBGET CzU1OTExMC00ODA2MR0wGwYDVQQKExRWZXJpc2VjIEZyZWphIGVJRCBBQjENMAsG A1UECxMEVGVzdDEcMBoGA1UEAxMTUlNBIFRFU1QgSXNzdWluZyBDQTAeFw0xNzA3 MTIxNTIwMTNaFw0yMDA3MTIxNTIwMTNaMIGKMQswCQYDVQQGEwJTRTESMBAGA1UE BxMJU3RvY2tob2xtMRQwEgYDVQRhEws1NTkxMTAtNDgwNjEdMBsGA1UEChMUVmVy aXNlYyBGcmVqYSBlSUQgQUIxDTALBgNVBAsTBFRlc3QxIzAhBgNVBAMTGkZyZWph IGVJRCBURVNUIE9yZyBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAgMINs87TiouDPSSmpn05kZv9TN8XdopcHnElp6ElJLpQh3oYGIL4B71o IgF3r8zRWq8kQoJlYMugmhsld0r0EsUJbsrcjBJ5CJ1WYZg1Vu8FpYLKoaFRI/qx T6xCMvd238Q99Sdl6G6O9sQQoFq10EaYBa970Tl3nDziQQ6bbSNkZoOYIZoicx4+ 1XFsrGiru8o8QIyc3g0eSgrd3esbUkuk0eH65SeaaOCrsaCOpJUqEziD+el4R6d4 0dTz/uxWmNpGKF4BmsNWeQi9b4gDYuFqNYhs7bnahvkK6LvtDThV79395px/oUz5 BEDdVwjxPJzgaAuUHE+6A1dMapkjsQIDAQABo3QwcjAOBgNVHQ8BAf8EBAMCBsAw DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRqfIoPnXAOHNpfLaA8Jl+I6BW/nDAS BgNVHSAECzAJMAcGBSoDBAUKMB0GA1UdDgQWBBT7j90x8xG2Sg2p7dCiEpsq3mo5 PTANBgkqhkiG9w0BAQsFAAOCAQEAaKEIpRJvhXcN3MvP7MIMzzuKh2O8kRVRQAoK Cj0K0R9tTUFS5Ang1fEGMxIfLBohOlRhXgKtqJuB33IKzjyA/1IBuRUg2bEyecBf 45IohG+vn4fAHWTJcwVChHWcOUH+Uv1g7NX593nugv0fFdPqt0JCnsFx2c/r9oym +VPP7p04BbXzYUk+17qmFBP/yNlltjzfeVnIOk4HauR9i94FrfynuZLuItB6ySCV mOlfA0r1pHv5sofBEirhwceIw1EtFqEDstI+7XZMXgDwSRYFc1pTjrWMaua2Uktm JyWZPfIY69pi/z4u+uAnlPuQZnksaGdZiIcAyrt5IXpNCU5wyg== -----END CERTIFICATE----- | Until 2020-07-12 |
2LQIrINOzwWAVDhoYybqUcXXmVs | -----BEGIN CERTIFICATE----- MIIEETCCAvmgAwIBAgIUf/dquk5/rxf1bf1oKN3DK/dldfAwDQYJKoZIhvcNAQEL BQAwgYMxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9ja2hvbG0xFDASBgNVBGET CzU1OTExMC00ODA2MR0wGwYDVQQKExRWZXJpc2VjIEZyZWphIGVJRCBBQjENMAsG A1UECxMEVGVzdDEcMBoGA1UEAxMTUlNBIFRFU1QgSXNzdWluZyBDQTAeFw0yMDA1 MTMxMzUxNTJaFw0yMzA1MTMxMzUxNTJaMIGKMQswCQYDVQQGEwJTRTESMBAGA1UE BxMJU3RvY2tob2xtMRQwEgYDVQRhEws1NTkxMTAtNDgwNjEdMBsGA1UEChMUVmVy aXNlYyBGcmVqYSBlSUQgQUIxDTALBgNVBAsTBFRlc3QxIzAhBgNVBAMTGkZyZWph IGVJRCBURVNUIE9yZyBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAgMINs87TiouDPSSmpn05kZv9TN8XdopcHnElp6ElJLpQh3oYGIL4B71o IgF3r8zRWq8kQoJlYMugmhsld0r0EsUJbsrcjBJ5CJ1WYZg1Vu8FpYLKoaFRI/qx T6xCMvd238Q99Sdl6G6O9sQQoFq10EaYBa970Tl3nDziQQ6bbSNkZoOYIZoicx4+ 1XFsrGiru8o8QIyc3g0eSgrd3esbUkuk0eH65SeaaOCrsaCOpJUqEziD+el4R6d4 0dTz/uxWmNpGKF4BmsNWeQi9b4gDYuFqNYhs7bnahvkK6LvtDThV79395px/oUz5 BEDdVwjxPJzgaAuUHE+6A1dMapkjsQIDAQABo3QwcjAOBgNVHQ8BAf8EBAMCBsAw DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRqfIoPnXAOHNpfLaA8Jl+I6BW/nDAS BgNVHSAECzAJMAcGBSoDBAUKMB0GA1UdDgQWBBT7j90x8xG2Sg2p7dCiEpsq3mo5 PTANBgkqhkiG9w0BAQsFAAOCAQEArir0lrtYRqxqPc3GmyL09tQEPcVGd/VuKMaj JqoB6v219Ky/7atRaMdmY3NVHoGFY2gf2EB0MU2dGMuIbjYlC7EBi7T/ByIUJbKj 9gK5qUNtgHvOaTT0RFfGlCT45JTyCWMWZEM03DMXEvFMqqqJVXSyE212WfgbuZ9R XVVT3BMJ23WY4wZp2Qi4NwUUjUNHf6EQKlrFuX9YjIGI0+JEITvQ3t20sU1yZt7x EHOxZQ7gsgXydG/daFPsz08KJ+XH0i3vsRerh/lfodvBISudPeoUNkSPzd10KJRs 9OVsgi20aG7liHTRAtY8QSkV+973QUdw6EorceX6RG2AGlhljQ== -----END CERTIFICATE----- | From 2020-05-13 |
DiZbzBfysUm6-IwI-GtienEsbjc | -----BEGIN CERTIFICATE----- MIID+zCCAuOgAwIBAgIUXB3gwjUzjQcd77CDrCgXXbeQPowwDQYJKoZIhvcNAQEL BQAwgYMxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9ja2hvbG0xFDASBgNVBGET CzU1OTExMC00ODA2MR0wGwYDVQQKExRWZXJpc2VjIEZyZWphIGVJRCBBQjENMAsG A1UECxMEVGVzdDEcMBoGA1UEAxMTUlNBIFRFU1QgSXNzdWluZyBDQTAeFw0yMzAy MjMxMTQ4MThaFw0yNjAyMjMxMTQ4MThaMHUxIzAhBgNVBAMTGkZyZWphIGVJRCBU RVNUIEpXUyBTaWduaW5nMRQwEgYDVQRhEws1NTkxMTAtNDgwNjENMAsGA1UECxME VGVzdDEcMBoGA1UEChMTRnJlamEgZUlEIFN3ZWRlbiBBQjELMAkGA1UEBhMCU0Uw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiMthhWkZT9Ovye8qzJpL/ jHQODkVUUvQTvrE7uhG8rLKfya125XzIqfCAltazpfHS8e4o1cfET9PJ1YgsMlcE UszMpgvDbBeBm28LipFUk1njXTtGV39+lQ88KLpTHKhRPRxEdmRpcMuX1tHD13a3 N0jwhcAWrFuZLsiheP1i7xNKda2Rontsg3prFPtzY4sW9kO1UQfOecay/MqIpGbs uH7kQbIDrY18Z1TNX8YRc5E+K69gZTBl+pLjjpZy49P02HriKA3a8upU0QKSqio8 X1pkllBpXiIjib+Hxoze6xqnHfi3iHXidNjtxsam8b+gwwafKpSCFfl/rswTpPNR AgMBAAGjdDByMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY MBaAFGp8ig+dcA4c2l8toDwmX4joFb+cMBIGA1UdIAQLMAkwBwYFKgMEBQowHQYD VR0OBBYEFL10m8p9GIWlWojIKxoXROpmkDdfMA0GCSqGSIb3DQEBCwUAA4IBAQAU YsxIpDi7iju0yvupfhrGDyJk8AX7aDmhpyYWx+EitDHqI9aqULH+9GxEFRCor+Y2 a0d7hzkRzSITma0bvS+evpd4QwIhRRf00RASqnY4g4J+8knFoT7AJ7r2oJpogrzR 8L7e5BJUnnDA9btBh01Jq5Rh4aY3azRHFeS9E26/NaRbZhOaE23r8EDGGt1oYGOA DkC2ouiJgnELga7DnYjroCDXRfzTeb2lmQzjyAp+tjW1MO1fQuN5cElyJkxDRtAS 0TTGXdXux9UDCFjJL+ZaMJxOFdX9i2gQTlMitY8FzQ10pFiGt77h93TQjTS/Sfz1 K2wpZ6CXk/WQQs1aXOl7 -----END CERTIFICATE----- | From 2023-02-23 |
JWS certificates in production
Production JWS certificate x5t | Production JWS certificate | From/Until |
---|---|---|
onjnxVgI3oUzWQMLciD7sQZ4mqM | -----BEGIN CERTIFICATE----- MIIEvTCCAyWgAwIBAgIUZBsJTBnWAwJ2kWEgFlvLkadSONAwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCU0UxFDASBgNVBGETCzU1OTExMC00ODA2MR0wGwYDVQQK ExRWZXJpc2VjIEZyZWphIGVJRCBBQjETMBEGA1UECxMKUHJvZHVjdGlvbjEgMB4G A1UEAxMXRnJlamEgZUlEIElzc3VpbmcgQ0EgdjEwHhcNMTcwODAyMTYyODIzWhcN MjAwODAyMTYyODIzWjB6MSEwHwYDVQQDExhGcmVqYSBlSUQgSldTIFNpZ25pbmcg djExFDASBgNVBGETCzU1OTExMC00ODA2MRMwEQYDVQQLEwpQcm9kdWN0aW9uMR0w GwYDVQQKExRWZXJpc2VjIEZyZWphIGVJRCBBQjELMAkGA1UEBhMCU0UwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7y2YjMYwNq5j09dQQp293NdBskxEL puPUEYE6DD0m3HvWZq3bJqaVuav9NSSXqevtuBm0BUpEFFDARief6bgozJY+WGkP tURLjCoroHbkjA9jeX6Z1BpFdi/zOOlg4i19u0QxznBTTes41UT5uFwIrS2yq867 o8kczUs6RCGdw30Ikysm3t/zWWjHu6y4BTkMWvxLMQZFpuAad/vEjG+y0/+3oxzl 3CH9HhwQtT4xPH3UpcFw4nKt6hTXQDNSQUEQTQbB86Z6sAEPxwnvL/SZS7cmARw6 CeDX+fvJv6sXwBjsNGL7B3YMib/1rBPKE2jskqMrF1hYuqRd/xi1jjFRAgMBAAGj gbswgbgwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwWAYIKwYBBQUHAQEE TDBKMEgGCCsGAQUFBzAChjxodHRwczovL3d3dy5mcmVqYWVpZC5jb20vdGMvY2Vy dHMvZnJlamFlaWRfaXNzdWluZ19jYV92MS5jZXIwHwYDVR0jBBgwFoAUED8kN9o6 iEfwKOPN0xXwS6n2sVAwHQYDVR0OBBYEFJJt+ukaSQCnRFQpuEVrwG9c2EDNMA0G CSqGSIb3DQEBCwUAA4IBgQAZiytgukQ4ka0VXnkDbtEiF8LluPz3pFIZrXJTllmF EGYT3RSb4e52wKkEzPZG0z0JlpjeZHeU8LOyKDe3jqDMSc7N0t5mA25GgjNOGYme JZYsFlZZrP6jmNTSfFJKpy3Uvoj7+CKt+0qei4CB/RPscRrGHDMyc8lLVH6Bh1oI 9NRMB1m23AWFEXEKtQJUMTBOcMVcUaHm2jjZvagLf/SJ+jU1VFc/OzJYud8IAL6J EfWn4deY5qUEJTQrLskF2jyL/5VTHJsk8DC90wjt0lJFX7nKS/MqCr+0yEIHIwST APa/7M16YKBkEdQidcu2uYp4GHZCcB72XDxXO8JtL62OPTS80HgA9kMb5MZdJeo2 awGyCBVPbZXAgfypr6pGQafMFkZoBzp9N1z+YGEJqEAFgljS5vNtEUGsPiRe8DUP A59tnAEF09W7HQDw3hSabyYNGuMndtV575CvyXFBOH4VM6bda+MC+8oy0SyubD/h daqqd+KNF8QMZrDM6RqcWao= -----END CERTIFICATE----- | Until 2020-08-02 |
aRw9OLn2BhM7hxoc458cIXHfezw | -----BEGIN CERTIFICATE----- MIIEvTCCAyWgAwIBAgIUHOOkesGZPQnJ2w/tfx3ia9LQR1swDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCU0UxFDASBgNVBGETCzU1OTExMC00ODA2MR0wGwYDVQQK ExRWZXJpc2VjIEZyZWphIGVJRCBBQjETMBEGA1UECxMKUHJvZHVjdGlvbjEgMB4G A1UEAxMXRnJlamEgZUlEIElzc3VpbmcgQ0EgdjEwHhcNMjAwNTE0MDkxODU1WhcN MjMwNTE0MDkxODU1WjB6MSEwHwYDVQQDExhGcmVqYSBlSUQgSldTIFNpZ25pbmcg djIxFDASBgNVBGETCzU1OTExMC00ODA2MRMwEQYDVQQLEwpQcm9kdWN0aW9uMR0w GwYDVQQKExRWZXJpc2VjIEZyZWphIGVJRCBBQjELMAkGA1UEBhMCU0UwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1b0Napazk5UxsaV5aO82d1ab6wXMO ci+Tvv08sIGx8PXYYOvA1GRsJy+l5hDjbdzhk3ftrlx1gq7WmRhFgFuwP8ZHAWIq OF/JQQtKUEPrUbMulqJyMyAvb+tpGyBNTHpvOSIvcazTq9jdDkKQ5xuaGpVdE3dh 8og2bJbKbXBlSuBxB85L5IxZvkQJ8Fs40rLVN58p3ppX36d5aHVLBp+7f1hRGpI9 KTKoeH5RVtF/BaVLNWnKZ5WEiG5G4tbzc6H06UeUFu/XGXTl3ji7Kd5w5/aSFP1+ XF0ntRtdJkCvPI/eYEF8KDsJR9V1wOn+Wje/J2YLZ33giD+HLUbZfNBxAgMBAAGj gbswgbgwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwWAYIKwYBBQUHAQEE TDBKMEgGCCsGAQUFBzAChjxodHRwczovL3d3dy5mcmVqYWVpZC5jb20vdGMvY2Vy dHMvZnJlamFlaWRfaXNzdWluZ19jYV92MS5jZXIwHwYDVR0jBBgwFoAUED8kN9o6 iEfwKOPN0xXwS6n2sVAwHQYDVR0OBBYEFLPEmwpnlugc7/DRNhyS4Uaw3d/PMA0G CSqGSIb3DQEBCwUAA4IBgQAn4coTJBL7PUQhpRVNbGyigWIyOfumxkiIU1GumLqe G/8z0C0JI4OV5olFOVm0xjGW2WkdMq5vZVTZCfur7L/ftQ06C5tyE2IubWOdUVFp IL3ephlFYCTVzOCZuh2fRmL8XzuyGCNauQh5r4UsxwGh8Gh039uf77ZprcsnbsIg XgvkT1fuvB/VoUGJ6OrLWAd+U0i7DHBWkh+siGZiiE1xaaMDjnXa7+3ks0W2Ukwa tt+Jj+zCcmGP/R0luhsPM/RWC5ARQq2zWCzoU7dRyhlX1qPEecDId7vTT+8umaMc jYt9L1+D1botwUOX/y7V49eOKulGOGlBCsrwxnE4tt+29k26UPGoxvdwleifFx4g dh9QjbwKjqXnZ6oip9r76yjP7pASgqWtcTdKQV9Cav66W6Ta21oxgNRq2S8xSeiS DR7uXDX7RqAEjd0k3tCUxXwVMH6WorUQA+NszpR5hr0lTRYALTsTSj8VdgFJDam0 vsYzHH84bfb942CcNv9bbOA= -----END CERTIFICATE----- | From 2020-05-14 |
wSYLdhe93ToPR2X1UrNXxOg1juI | -----BEGIN CERTIFICATE----- MIIEvDCCAySgAwIBAgIUO7H1JLQMSMERte/IgsBUOP6qBSYwDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCU0UxFDASBgNVBGETCzU1OTExMC00ODA2MR0wGwYDVQQK ExRWZXJpc2VjIEZyZWphIGVJRCBBQjETMBEGA1UECxMKUHJvZHVjdGlvbjEgMB4G A1UEAxMXRnJlamEgZUlEIElzc3VpbmcgQ0EgdjEwHhcNMjMwMjIzMTI1NDI5WhcN MjYwMjIzMTI1NDI5WjB5MSEwHwYDVQQDExhGcmVqYSBlSUQgSldTIFNpZ25pbmcg djMxFDASBgNVBGETCzU1OTExMC00ODA2MRMwEQYDVQQLEwpQcm9kdWN0aW9uMRww GgYDVQQKExNGcmVqYSBlSUQgU3dlZGVuIEFCMQswCQYDVQQGEwJTRTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALBpp0UVzAVmZFiTVxhdJcAwkAt6hUmn JVi9uddgMUQLQnKNa6ip3np3iOydHcq627LENg9PIBVyRy/CjMoLQ2eiOQi7r4hs cJPBECYuBwQJEPxeMuP2b4BTk1dh2w1HDD4ZijRV4bbo8E4H39EbZvvBPaB1C7BK wVGJmV471A+5MpvgkSMisROz9xtqhVKy94+zYValv6mYq90X42L489aOEu8wY1N+ VvzFH5CGZpgY9ttulfT4ykfstDZE4qKXnN4VAJlEU9PKnE+8HlGK15S8Mo9rwE80 lklPnZPSMuiBztpZkYy4ug4cBu2ZTwxydu5J6PfdJMfnk+JaCjgc8bMCAwEAAaOB uzCBuDAOBgNVHQ8BAf8EBAMCBsAwDAYDVR0TAQH/BAIwADBYBggrBgEFBQcBAQRM MEowSAYIKwYBBQUHMAKGPGh0dHBzOi8vd3d3LmZyZWphZWlkLmNvbS90Yy9jZXJ0 cy9mcmVqYWVpZF9pc3N1aW5nX2NhX3YxLmNlcjAfBgNVHSMEGDAWgBQQPyQ32jqI R/Ao483TFfBLqfaxUDAdBgNVHQ4EFgQUAIg4CkKACFOmRUmry1/9Pb48No0wDQYJ KoZIhvcNAQELBQADggGBAH/lokazs32mk5QlUYTZBkoP5IOxuYbm8pbr/pgDfz/E NEJ8OWycfDuS/fBBL59OwjOfWBlmFdDtUXoTYCjYjNVrIvfNOE62dAXN4RzqBq+c Uoov6MDvYfARi1B3wWuAwbZ2swNRuh/NyNLB3RsfHXya/XjA3w2MYfIeytKdBvcS LMOiwx4wxePtox8OuL0H6wAA8mmJdW0lCPyAyYiRRmP91DpLQwpXGCgN6MLJwpAA t611z17VoZhYT6PaSHvhyV05q3o/ayRFAp2xTh7ZoAALsBcEeaSg27RuuxxHFDeW 6aqsZiUbkqEdBvaUcbN7s33O1gTLnPLhsTjMTtjwKfLCd+1jR32MQw1WdXXpgZRF pIgy5DW9jrOeFGUOfc+wErAeykm+XlrsBC/I3/mRra1fLYnvLToTkHPfWl1jQYfA E38EAlxcQpaV46znmReHq/xB+/yTWLboJO/UMgp8PyqCiumP4kXu7oLJ++48R+nu kptNjrjW1RSy4YOYySFxuA== -----END CERTIFICATE----- | From 2023-02-23 |
General information about Freja eID RESTful APIs
Authentication and Signature services are exposed through a RESTful API. This section presents information common to both services. Firstly, the following applies to HTTP response codes.
HTTP response code | Interpretation |
---|---|
200 OK | Success, additional information is available in the body. |
204 No Content | Success, no additional information is available in the body. |
400 Bad Request | The request is malformed. For example, the body cannot be parsed. |
404 Not Found | Requested resource does not exist. |
410 Gone | Requested resource is no longer available. For example, an obsolete API version. |
422 Unprocessable Entity | Validation or processing errors. Additional information is available in the body. If the input is corrected, the request can be resubmitted. |
500 Internal server error | The request, although probably OK, could not be processed due to an internal server error. Repeating the request is not recommended, the application should return a sensible error message to the end user. |
General information on error handling
Where errors need to be conveyed (for example, in the case of HTTP 422 code for a RESTful API), the following structure is returned in the body. Note that the code and error message are always present in a case of error.
Code Block |
---|
{ "code": "Integer with error code value", "message": "Error description" } |
Tip | |||
---|---|---|---|
| Continue
| ||
Go to:
|