Insomnia collection and other information on how to use Swedish Test BankId.
Bankid uses two way mutual ssl connection where a client certificate is needed to communicate with bankid api endpoints. In production this certificate is replaced with a "Relying party certificate".
Note Its possible to add this to the OS certificate store as well, but a bit unnessisary in test environment. In production environment however, you will need to either install in OS certificate store, disable verification in CURL or the http client library your application uses or pass the certificate to CURL. (i will add instructions on how to do it next time i build a bankid application)
There are three requests prepared. Fill out personal number with your test bankid personal number and make sure you have your public ip adress filled out. Start with the auth request and save the orderRef. After authentication is completed on phone, use the orderref in the collect request. If you need to cancel, use the orderref in the cancel request.
- Create a API that acts as a proxy from frontend to bankid endpoints. Your frontend should call your API and then your API should call bankid API.
- Dont bundle your RP certificate into a Frontend APP!
- First call
/authwith personalnumber and ipadress. - Second, save the orderref in a session or temporary variable untill the authentication is either complete or canceled/failed.
- Poll
/collectendpoint from your API which in turn should call bankid API with the orderref parameter. Once every 2 seconds is a pretty good interval. - Eventually you will get a "complete" status or an error.
- The orderref can be saved as a reference but most likley it can be thrown away.
- Text messages are provided in bankid rp info document or i have them in this repo: