Organisation ID Service

Overview

The Freja eID Organisation ID service allows Relying Parties to set a specific, organisation-related identifier to any user. The end user will have previously downloaded the Freja eID mobile application on one or more iOS or Android devices they possess, and registered an account in Freja eID, allowing Relying Parties to refer to them through the use of one or more usernames.

The Organisation ID service is available to end users that have Freja eID Extended (users whose identity has been validated with an ID document) or Plus (users who, in addition to Extended, have had a physical meeting as a further measure of security; this level is only available in Sweden.)

Before you begin

Disclaimer

We retain the right to extend the API with new optional parameters, new response fields and error codes. Within the same API version, these additions shall be made strictly without altering existing response fields and error codes so as not to compromise your system's stability. Your application therefore MUST be able to handle unknown response fields and error codes. In the case of unknown response fields, the application SHOULD ignore them and process only those it understands. In the case of unknown error codes, the application MUST present a generic error message to the end-user.

There are several technical requirements that must be in place before the implementation can start. Please complete the checklist below before proceeding:

  • Obtain an SSL client certificate providing you access to the Freja eID test environment.
  • Import Freja eID Test root certificate as trusted into the trust store of your application.
  • Using Freja eID mobile application, register one or more users with the Freja eID Test infrastructure.

Production checklist

In order to use Freja eID in a production environment, you must fulfil the following:

  • Sign a contract allowing your organisation to access the production Freja eID Organisation ID service.
  • Provide Freja eID with a logo suitable to represent your organisation in the mobile application, as well as a display name and a short description. Please note that:
    • The logo must be delivered in one of the vector file formats: AI (Adobe Illustrator Artwork), EPS (Encapsulated PostScript) or editable PDF (Portable Document Format). The preferable format is AI (filename extension is .ai).
    • The display name is restricted to maximum length of 20 characters and the description should not exceed 75 characters. The URL can be up to 100 characters long.
  • Obtain an SSL client certificate providing you access to the Freja eID production environment.
  • Import Freja eID Production root certificate as trusted into the trust store of your application.

Initiate Add Organisation ID method

This method is used by a Relying Party to initiate a transaction for setting an Organisation ID title, identifier name and the identifier itself to a user. The identifier must be unique within the Relying Party's system. If the Organisation ID is set for a user multiple times, the title, identifier name and the identifier will be overridden and the last ones will be active.

The method is called using HTTP POST through the URLs below:

System
Method endpoints
Test
https://services.test.frejaeid.com/organisation/management/orgId/1.0/initAdd
Production
https://services.prod.frejaeid.com/organisation/management/orgId/1.0/initAdd

The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:

Parameter name
Value
initAddOrganisationIdRequest
{
   "userInfoType":"User info type",
   "userInfo":"User information corresponding to user info type",
   "minRegistrationLevel":"Minimum required registration level of a user",
   "expiry":"Expiry time for the request",
   "organisationId":{
      "title":"Title of the Organisation ID to be displayed to the end user",
      "identifierName":"Name of specific organisation identifier",
      "identifier":"Value of specific organisation identifier",
      "identifierDisplayTypes": ["QR_CODE","TEXT"],
      "additionalAttributes": [{"key":"attribute_key",
                                "displayText":"attribute_display_name",
                                "value":"attribute_value"}
                              ]
   }
}


userInfoType: string, mandatory. Describes the type of user information supplied to identify the end user. Currently one of:

  • PHONE (end user's telephone number)
  • EMAIL (end user's email)
  • SSN (end user's social security number)
  • INFERRED (the user need not enter any identifier, their identity will be determined as a result of the authentication process). The INFERRED method is typically used in conjunction with QR codes. 

userInfo: string, mandatory, 256 characters maximum. If userInfoType is EMAIL or PHONE, interpreted as a string value of the email or telephone number of the end user, respectively. If userInfoType is SSN, then it must be a Base64 encoding of the ssnuserinfo JSON structure described below. 

Note: If userInfoType is PHONE, the userInfo value MUST be in the form of: "+4673*******"; the leading plus '+' is present whereas the leading zero from the mobile phone operator code '0' is not. (See example below)

Note: The combination of userInfoType INFERRED and userInfo N/A is used when the user is being authenticated by scanning a QR code. For more details please see Implementation - Troubleshooting and Best Practices.

ssnuserinfo
{
   "country":"Country of SSN",
   "ssn":"Social security number of the end user"
}

country: string, mandatory. Contains the ISO-3166 two-alphanumeric country code of the country where the SSN is issued. In the current version of Freja eID, one of: ''SE'' (Sweden), ''NO'' (Norway), ''FI'' (Finland), ''DK'' (Denmark).
ssn: string, mandatory. Expected SSN of the end user as per pre-registration.

  • If country equal to "SE", the value must be the 12-digit format of the Swedish "personnummer" without spaces or hyphens. Example: 195210131234.
  • If country equal to ''NO'', the value must be the 11-digit format of the Norwegian "personnummer" without spaces or hyphens. Example: 13105212345.
  • If country equal to ''FI'', the value must be the 10-characters format of the Finish ''koodi'', with the hyphen before the last four control characters. Hyphen can be replaced with the letter A. Example format: 131052-308T or 131052A308T.
  • If country equal to ''DK'', the value must be the 10-digit format of the Danish "personnummer" without spaces or hyphens. Example: 1310521234.

minRegistrationLevel: string, optional. Minimum required registration level of a user in order to approve/decline transaction for adding Organisation eID. Can be EXTENDED or PLUS. If not present, default level will be EXTENDED.

expiry: long, optional. Describes the time until which the Relying Party is ready to wait for the user to confirm the initAddOrganisationId request. Expressed in milliseconds since January 1, 1970, 00:00 UTC. Minimum value is current time +2 minutes, maximum value is current time +30 days. If not present, defaults to current time +7 days.

organisationId

{
   "title":"Title of the Organisation ID to be displayed to the end user",
   "identifierName":"Name of specific organisation identifier",
   "identifier":"Value of specific organisation identifier",
   "identifierDisplayTypes": ["QR_CODE","TEXT"],
   "additionalAttributes":[{"key":"attribute_key",
                            "displayText":"attribute_display_name",
                            "value":"attribute_value"}
                          ]
}

title: string, mandatory, 64 characters maximum. The title of the Organisation ID which will be displayed to the end user in the app, on the Organisation ID card and the Organisation ID screen itself.

identifierName: string, mandatory, 30 characters maximum. The name of the specific organisation identifier to be set for the end user. 

identifier: string, mandatory, 128 characters maximum. The value of the specific organisation identifier to be set for the end user. Must be unique within the requesting relying party system inside the Freja eID service.

identifierDisplayTypes: identifierDisplayTypes: list of identifier types, optional. Can be QR_CODE or TEXT, both or neither. If QR_CODE value is provided in the list, the identifier in the Org ID screen in Freja app will be displayed as QR rather than as a text. Default value is TEXT.

additionalAttributes: list of Organisation ID attributes, optional. The maximum number of additional attributes is 10. One attribute contains the key (maximum 64 characters), displayText as friendly name (maximum 64 characters) and value (maximum 256 characters), displayTypes which are not supported yet.

Regarding OrgID Customisation

For more personalisation and flexibility regarding OrgID design, we can offer our OrgID Templates which allow for full customisability of the OrgID. For more information please get in touch with partnersupport@frejaeid.com.

What your users will see

Here you can see a depiction of what your users will see in the mobile application.

Before the user approves Organsation ID

The user will receive a transaction in their Freja mobile application that they need to approve.

In this example, the parameters of organisationId you set in the initAddOrganisationIdRequest are:

title: Frejviks kommun ID

identifier name: Anställningsnummer

identifier: 476-0598

The rest of the text is localised in the Freja mobile application.

After the user approves Organisation ID

After approving, this card will be generated for the user in the Freja mobile application.

Out of the parameters mentioned above, the only one shown here is the title: Frejviks kommun ID.

The user can open the Organisation ID screen.

The following has been set by your Organisation:

titleFrejviks kommun ID

identifier nameAnställningsnummer

identifier476-0598

The name and surname of the employee comes from our database.

Examples with various userInfoTypes

Example request with userInfoType set to EMAIL:

If you wish to initiate an 'Add Organisation ID' request for a user with an email address joe.black@verisec.com, follow these steps:

  1. Create the JSON structure {"userInfoType":"EMAIL","userInfo":"joe.black@verisec.com","minRegistrationLevel":"EXTENDED","expiry":1517526000000,"organisationId": { "title":"Verisec ID", "identifierName":"Domain name", "identifier":"vejodoe" }}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name initAddOrganisationIdRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following (compact format, line broken for clarity only):

initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJFTUFJTCIsInVzZXJJbmZvIjoi
am9lLmJsYWNrQHZlcmlzZWMuY29tIiwibWluUmVnaXN0cmF0aW9uTGV2ZWwiOiJFWFRFTkRFRCIsI
mV4cGlyeSI6MTUxNzUyNjAwMDAwMCwib3JnYW5pc2F0aW9uSWQiOiB7ICJ0aXRsZSI6IlZlcmlzZW
MgSUQiLCAiaWRlbnRpZmllck5hbWUiOiJEb21haW4gbmFtZSIsICJpZGVudGlmaWVyIjoidmVqb2R
vZSIgfX0=
Example request with userIntoType set to PHONE:

If you wish to initiate an 'Add Organisation ID' request for a user with a phone number '+46731234567':

  1. Create the JSON structure {"userInfoType":"PHONE","userInfo":"+46731234567","minRegistrationLevel":"EXTENDED","expiry":1517526000000,
    "organisationId": { "title":"Verisec ID", "identifierName":"Domain name", "identifier":"vejodoe" }}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name initAddOrganisationIdRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following:

initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJQSE9ORSIsInVzZXJJbmZvIjoiK
zQ2NzMxMjM0NTY3IiwibWluUmVnaXN0cmF0aW9uTGV2ZWwiOiJFWFRFTkRFRCIsImV4cGlyeSI6MTU
xNzUyNjAwMDAwMCwib3JnYW5pc2F0aW9uSWQiOiB7ICJ0aXRsZSI6IlZlcmlzZWMgSUQiLCAiaWRlb
nRpZmllck5hbWUiOiJEb21haW4gbmFtZSIsICJpZGVudGlmaWVyIjoidmVqb2RvZSIgfX0=
Example request with userIntoType set to SSN:

If you wish to initiate an 'Add Organisation ID' request for a user with an SSN '198905218072' and country 'SE':

  1. Create the JSON structure {"country":"SE","ssn":"198905218072"}, then do the base64 of this JSON.
  2. This is the Base64 of step 1:   'eyJjb3VudHJ5IjoiU0UiLCJzc24iOiIxOTg5MDUyMTgwNzIifQ==' , which is the userInfo value in our request.
  3. Create the JSON structure {"userInfoType":"SSN","userInfo":"eyJjb3VudHJ5IjoiU0UiLCJzc24iOiIxOTg5MDUyMTgwNzIifQ==",
    "minRegistrationLevel":"EXTENDED","expiry":1517526000000,"organisationId":{ "title":"Verisec ID", "identifierName":"Domain name", "identifier":"vejodoe"}}
  4. Encode the JSON structure to Base64.
  5. Create the HTTP POST request with a POST parameter name initAddOrganisationIdRequest and the Base64 encoded JSON structure from the step 4 as its value.

The HTTP body should be the following:

initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJTU04iLCJ1c2VySW5mbyI6ImV5S
mpiM1Z1ZEhKNUlqb2lVMFVpTENKemMyNGlPaUl4T1RnNU1EVXlNVGd3TnpJaWZRPT0iLCJtaW5SZWd
pc3RyYXRpb25MZXZlbCI6IkVYVEVOREVEIiwiZXhwaXJ5IjoxNTE3NTI2MDAwMDAwLCJvcmdhbmlzY
XRpb25JZCI6IHsgInRpdGxlIjoiVmVyaXNlYyBJRCIsICJpZGVudGlmaWVyTmFtZSI6IkRvbWFpbiB
uYW1lIiwgImlkZW50aWZpZXIiOiJ2ZWpvZG9lIiB9fQ==


Example request with userIntoType set to INFERRED:

If you wish to initiate an 'Add Organisation ID' request for a user via a QR code:

  1. Create the JSON structure {"userInfoType":"INFERRED","userInfo":"N/A","minRegistrationLevel":"EXTENDED","expiry":1517526000000,
    "organisationId": { "title":"Verisec ID", "identifierName":"Domain name", "identifier":"vejodoe" }}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name initAddOrganisationIdRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following:

initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJJTkZFUlJFRCIsInVzZXJJbmZvI
joiTi9BIiwibWluUmVnaXN0cmF0aW9uTGV2ZWwiOiJFWFRFTkRFRCIsImV4cGlyeSI6MTUxNzUyNjA
wMDAwMCwib3JnYW5pc2F0aW9uSWQiOiB7ICJ0aXRsZSI6IlZlcmlzZWMgSUQiLCAiaWRlbnRpZmllc
k5hbWUiOiJEb21haW4gbmFtZSIsICJpZGVudGlmaWVyIjoidmVqb2RvZSIgfX0=
Example request with identifierDisplayTypes and additionalAttributes:

If you wish to initiate an 'Add Organisation ID' request for a user via a QR code:

  1. Create the JSON structure {"userInfoType":"INFERRED","userInfo":"N/A","minRegistrationLevel":"EXTENDED","expiry":1517526000000,
    "organisationId": { "title":"Verisec ID", "identifierName":"Domain name", "identifier":"vejodoe","identifierDisplayTypes":["QR_CODE","TEXT"],
    "additionalAttributes":[{"key":"USER_ID","displayText":"ID","value":"123456789"}] }}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name initAddOrganisationIdRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following:

initAddOrganisationIdRequest=eyJ1c2VySW5mb1R5cGUiOiJJTkZFUlJFRCIsInVzZXJJbmZvIjoi
Ti9BIiwibWluUmVnaXN0cmF0aW9uTGV2ZWwiOiJFWFRFTkRFRCIsImV4cGlyeSI6MTUxNzUyNjAwMDAwM
CwKIm9yZ2FuaXNhdGlvbklkIjogeyAidGl0bGUiOiJWZXJpc2VjIElEIiwgImlkZW50aWZpZXJOYW1lIj
oiRG9tYWluIG5hbWUiLCAiaWRlbnRpZmllciI6InZlam9kb2UiLCJpZGVudGlmaWVyRGlzcGxheVR5cGV
zIjpbIlFSX0NPREUiLCJURVhUIl0sCiJhZGRpdGlvbmFsQXR0cmlidXRlcyI6W3sia2V5IjoiVVNFUl9J
RCIsImRpc3BsYXlUZXh0IjoiSUQiLCJ2YWx1ZSI6IjEyMzQ1Njc4OSJ9XSB9fQ==

Possible errors returned by the method are the following:

Return code
Explanation
1001Invalid or missing userInfoType.
1002Invalid or missing userInfo.
1004You are not allowed to call this method.
1005The user has not enabled your service.
1007Invalid min registration level.
1008Unknown Relying Party.
1009You are not allowed to request integratorSpecificUserId parameter.
1010JSON request cannot be parsed.
1012User with the specified userInfo does not exist in the Freja eID database.
4000Invalid or missing Organisation ID identifier.
4002This Organisation ID identifier is already used.
4003Invalid expiry.
4004Invalid or missing Organisation ID title.
4005Invalid or missing Organisation ID identifier name.
4006Invalid or missing Organisation ID.
4008Invalid display type.
4009Invalid additional attributes.


If HTTP 200 is returned from the method, the following return value will be present in the body of the response:

JSON Response Value in body
{
   "orgIdRef":"Reference to be submitted in getOneResult method"
}

orgIdRef: string, mandatory. A reference unique to the transaction, that can be used to query the result of a specific transaction for adding Organisation ID (see Get One Organisation ID Result method below).

 

Get One Organisation ID Result method

The method is called using HTTP POST through the URLs below:

System
Method endpoint
Test
https://services.test.frejaeid.com/organisation/management/orgId/1.0/getOneResult
Production
https://services.prod.frejaeid.com/organisation/management/orgId/1.0/getOneResult


The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:

Parameter name
Value
getOneOrganisationIdResultRequest
{
   "orgIdRef":"Organisation ID reference"
}

orgIdRef: string, mandatory. The value must be equal to a reference previously returned from a call to the Initiate Add Organisation ID method. The time period during which a specific reference is available for checking will depend on the longevity of the operation (see the expiry parameter in the Initiate Add Organisation ID method) and is calculated as the expiry time plus 3 days.

Example request:

If you wish to fetch an Organisation ID result with the reference previously returned from a call to initAddOrganisationIdRequest (for a user with an email address: joe.black@verisec.com), follow these steps:

  1. Create the JSON structure {"orgIdRef":"TrLA9zdxCBlNOQNvkdhAM14mJmlL20digC7+QgEVRwmE7SH8Qm0swWIc6whfKm4Y"}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name getOneOrganisationIdResultRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following (compact format, line broken for clarity only):

getOneOrganisationIdResultRequest=eyJvcmdJZFJlZiI6IlRyTEE5emR4Q0JsTk9RTnZrZGh
BTTE0bUptbEwyMGRpZ0M3K1FnRVZSd21FN1NIOFFtMHN3V0ljNndoZkttNFkifQ==


Possible errors returned by the method are the following:

Return code
Explanation
1004You are not allowed to call this method.
1008Unknown Relying Party.
1100Invalid reference (for example, nonexistent or expired).


If HTTP 200 is returned from the method, the following return value will be present in the body of the response:


JSON Response Value in body
Response body
{
   "orgIdRef":"Organisation ID reference",
   "status":"Status of Organisation ID transaction",
   "details":"Signed data, see below"
}

orgIdRef: string, mandatory. The reference of the Add Organisation ID request.

status: string, mandatory. One of:

  • STARTED (the transaction has been started but not yet delivered to the user's Freja eID application),
  • DELIVERED_TO_MOBILE (the Freja eID app has received the transaction),
  • CANCELED (the end user declined the 'Add Organisation ID' request), 
  • RP_CANCELED (the 'Add Organisation ID' request was sent to the user but cancelled by the Relying Party before the user could respond),
  • EXPIRED (the 'Add Organisation ID' request was not approved by the user within the set time frame),
  • APPROVED (the end user has approved the 'Add Organisation ID' request).

details: A signed object (see below), optional. Provides details and evidence of the signing if status was equal to APPROVED.

details

The content of this response element will contain a JWS in compact serialised form as following:

BASE64URL(UTF8(JWS Protected Header)) || ’.’ || BASE64URL(JWS Payload) || ’.’ || BASE64URL(JWS Signature)


JWS Protected Header

{
   "x5t":"SHA-1 digest of the signing certificate",
   "alg":"Algorithm used to secure the JWS"
}

x5t: mandatory, Base64URL encoding of the certificate's SHA-1 digest.
alg: mandatory, the value shall be RS256 which corresponds to 'RSA PKCS#1 signature with SHA-256'.


JWS Payload

{
   "orgIdRef":"Organisation ID reference",
   "status":"Status of Organisation ID transaction",
   "userInfoType":"User info type",
   "userInfo":"User information corresponding to user info type",
   "minRegistrationLevel":"Minimum required registration level of a user",
   "timestamp":"Time when transaction was approved by end user",
   "signatureType":"Signature type",
   "signatureData":{
      "userSignature":"The signature produced by the end user",
      "certificateStatus":"Evidence of end-users certificate status"
   }
}

orgIdRef: See orgIdRef above.

status: See status above.

userInfoType: See userInfoType as described in Initiate Add Organisation ID method.

userInfo: See userInfo as described in Initiate Add Organisation ID method.

minRegistrationLevel: See registrationLevel as described in Initiate Add Organisation ID method.

timestamp: long, mandatory. Describes the time when the confirmation by the end user was validated on Freja eID server side. Expressed in milliseconds, since January 1, 1970, 00:00 UTC.

signatureType: string, mandatory. For the Organisation ID service, this field has value SIMPLE. See signatureType as described in Signature Services.

signatureData: see fields below, mandatory.

userSignature: the produced signature, string, mandatory. Contains the user's signature in the requested format. The user's signature will implicitly contain the signed text which will contain Organisation ID identifier set to the user.

certificateStatus: Base64 string, mandatory. Contains the OCSP response regarding the state of the user certificate at the time of validating the signature.

  

Cancel Add Organisation ID method

This method is used by a Relying Party to cancel an 'Add Organisation ID' request.

The method is called using HTTP POST through the URLs below:

System
Method endpoints
Test
https://services.test.frejaeid.com/organisation/management/orgId/1.0/cancelAdd
Production
https://services.prod.frejaeid.com/organisation/management/orgId/1.0/cancelAdd


The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:

Parameter name
Value
cancelAddOrganisationIdRequest
{
   "orgIdRef":"Organisation ID reference"
}

orgIdRef: string, mandatory. The value must be equal to an Organisation ID reference previously returned from a call to the Initiate Add Organisation ID method.

Example request:

If you wish to cancel an Add Organisation ID request, follow these steps:

  1. Create the JSON structure {"orgIdRef":"TrLA9zdxCBlNOQNvkdhAM14mJmlL20digC7+QgEVRwmE7SH8Qm0swWIc6whfKm4Y"}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name cancelAddOrganisationIdRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following (line broken for clarity only):

cancelAddOrganisationIdRequest=eyJvcmdJZFJlZiI6IlRyTEE5emR4Q0JsTk9RTnZrZGhBTTE
0bUptbEwyMGRpZ0M3K1FnRVZSd21FN1NIOFFtMHN3V0ljNndoZkttNFkifQ==

Possible errors returned by the method are the following:

Return code
Explanation
1004You are not allowed to call this method.
1008Unknown Relying Party.
1100Invalid reference (for example, nonexistent or expired).

If HTTP 200 is returned from the method, the request was successfully fulfilled.

Update Organisation ID method

This method is used by a Relying Party to update additional attributes for an existing Organisation ID.

The method is called using HTTP POST through the URLs below:

System
Method endpoints
Test
https://services.test.frejaeid.com/organisation/management/orgId/1.0/update
Production
https://services.prod.frejaeid.com/organisation/management/orgId/1.0/update

The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:

Parameter name
Value
updateOrganisationIdRequest
{
    "identifier": "Value of specific organisation identifier",
    "additionalAttributes": [
        {
            "key": "exampleKey",
            "displayText": "Example display text",
            "value": "Value of attribute"
        }
    ]
}

identifier: string, mandatory, 128 characters maximum. The value of the specific organisation identifier previously set for the end user.

additionalAttributes: list of Organisation ID attributes to be updated. The maximum number of additional attributes is 10. One attribute contains the key (maximum 64 characters), displayText as friendly name (maximum 64 characters) and value (maximum 256 characters). The logic behind attributes processing is the following:

  • If the attribute with a specific key already exists, it will be updated.
  • If the attribute with a specific key doesn't previously exist, it will be added.
  • If only the key is specified for an attribute, and the value is omitted (or null), the attribute will be deleted.
Example request:

If you wish to update an Organisation ID, follow these steps:

  1. Create the JSON structure {"identifier": "vejodoe","additionalAttributes":[{"key": "exampleKey","displayText": "Example display text","value": "Value of attribute"}]} 
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name updateOrganisationIdRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following (line broken for clarity only):

updateOrganisationIdRequest=eyJpZGVudGlmaWVyIjogInZlam9kb2UiLCJhZGRpdGlvbmFsQXR0cmlidXRlcyI6W3sia2V5IjogImV4YW1wbGVLZXkiLCJkaXNwbGF5VGV4dCI6ICJFeGFtcG
xlIGRpc3BsYXkgdGV4dCIsInZhbHVlIjogIlZhbHVlIG9mIGF0dHJpYnV0ZSJ9XX0=


Possible errors returned by the method are the following:

Return code
Explanation
1004You are not allowed to call this method.
1008Unknown Relying Party.

4001

There is no user for given Organisation ID identifier.

4000

Invalid or missing Organisation ID identifier.

4009

Invalid additional attributes.


If HTTP 200 is returned from the method, the following return value will be present in the body of the response:

JSON Response Value in body
{
"updateStatus":{
"added":"1",
"updated":"1",
"deleted":"1"
}
}

updateStatus: JSON object, mandatory. Contains number of added, updated and deleted attributes.

added: integer, mandatory. Number of added attributes.
updated:integer, mandatory. Number of updated attributes.
deleted:integer, mandatory. Number of deleted attributes

Delete Organisation ID method

This method is used by a Relying Party to delete an Organisation ID identifier from a user. Note that this method is not to be used if you wish to change the Organisation ID title or identifier name. This is done by calling again Initiate Add Organisation ID method

The method is called using HTTP POST through the URLs below:

SystemMethod endpoints
Test
https://services.test.frejaeid.com/organisation/management/orgId/1.0/delete
Production
https://services.prod.frejaeid.com/organisation/management/orgId/1.0/delete

The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:

Parameter nameValue
deleteOrganisationIdRequest
{
   "identifier":"Value of specific organisation identifier"
}

identifier: string, mandatory, 128 characters maximum. The specific organisation identifier to be deleted.

Example request

If you wish to delete an Organisation ID identifier from a user, follow these steps:

  1. Create the JSON structure {"identifier":"vejodoe"}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name deleteOrganisationIdRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following (line broken for clarity only):

deleteOrganisationIdRequest=eyJpZGVudGlmaWVyIjoidmVqb2RvZSJ9

Possible errors returned by the method are the following:

Return codeExplanation
1004You are not allowed to call this method.
1008Unknown Relying Party.
4000Invalid or missing Organisation ID identifier.
4001There is no user for given Organisation ID identifier.

Get All Organisation ID Users method

This method is used to get information about users who have been assigned an Organisation ID. If there are no users with Organisation ID, an empty list will be returned.

This method is called using a HTTP POST through the URLs below:

SystemMethod Endpoints
Test
https://services.test.frejaeid.com/organisation/management/orgId/1.0/users/getAll
Production
https://services.prod.frejaeid.com/organisation/management/orgId/1.0/users/getAll

Please note that this POST does not have a request parameter.

Possible errors returned by the method are the following:

Return codeExplanation
1004You are not allowed to call this method.
1008Unknown Relying party.

If HTTP 200 is returned from the method, the following return value will be present in the body of the response:

JSON Response Value in body

[
	{
		"organisationId" : {
			"title" : "Organisation ID title which is set when user approved the transaction for adding Organisation ID.",
			"identifierName" : "Organisation ID identifier name which is set when user approved the transaction for adding Organisation ID.",
			"identifier" : "Unique Organisation ID identifier which is set when user approved the transaction for adding Organisation ID."
		},
		"ssn" : {
			"country" : "Country where the SSN is issued.",
			"ssn" : "Social security number."
		},
		"registrationState" : "User's registration state."
	},
	...
]

organisationId: JSON object, mandatory. Contains Organisation ID parameters which are set by the Relying Party: title, identifierName, identifier.

ssn: JSON object, mandatory. Contains the ISO-3166 two-alphanumeric country code of the country where the SSN is issued. If the user is from a country where social security numbers do not exist, country will be returned while ssn will be empty.

registrationState: string, mandatory. User's registration state. Possible values are: EXTENDED, VETTING_CONFIRMED and PLUS.