This page:

Related pages:

Initiate authentication method

This method is used by a Relying Party to initiate an authentication request. The method is intended for authentication in online contexts where the access to the Relying Party's service or application is initiated by the end user. The authentications are therefore short-lived — from the point of initiation, the user has a maximum of two minutes to confirm the authentication through a Freja eID mobile application. Only one active authentication may exist for any given end user at any given time. An attempt to concurrently start a second authentication, by the same or a different Relying Party, will cancel both initiated authentication requests.

The method is called using HTTP POST through the URLs below:

System
Method endpoint
Test
https://services.test.frejaeid.com/organisation/authentication/1.0/init
Production
https://services.prod.frejaeid.com/organisation/authentication/1.0/init

You need to have an Organisation ID set for a user to be able to initiate authentication requests using these URLs. If that is not the case, please refer to Organisation ID Service


The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:

Parameter name
Value
initAuthRequest
{
   "userInfoType":"User info type",
   "userInfo":"User information corresponding to user info type",
   "attributesToReturn":
     [
        {
           "attribute":"Type of attribute to be returned"
        }
     ]
}

userInfoType: string, mandatory. Describes the type of user information supplied to identify the end user. Currently one of:

  • ORG_ID (specific organisation identifier)
  • PHONE (end user's telephone number)
  • EMAIL (end user's email)
  • SSN (end user's social security number)
  • INFERRED (the user need not enter any identifier, their identity will be determined as a result of the authentication process). The INFERRED method is typically used in conjunction with QR codes.

userInfo: string, mandatory, 256 characters maximum. If the userInfoType is ORG_ID, interpreted as a string value of the specific organisation identifier set for the end user. If userInfoType is EMAIL or PHONE, interpreted as a string value of the email or telephone number of the end user, respectively. If userInfoType is SSN, then it must be a Base64 encoding of the ssnuserinfo JSON structure described below. If userInfoType is INFERRED, then userInfo must be set to: "N/A" because there is no data for the user to enter (see example below).

Note: If userInfoType is PHONE, the userInfo value MUST be in the form of: "+4673*******"; the leading plus '+' is present whereas the leading zero from the mobile phone operator code '0' is not. (See example below)

Note: The combination of userInfoType INFERRED and userInfo N/A is used when the user is being authenticated by scanning a QR code. For more details please see Implementation - Troubleshooting and Best Practices.

attributesToReturn: list of objects, optional. When retrieving results, additional information about the user can be returned based on the type of attributes required through this parameter. Each object should contain one attribute. Currently supported attribute types are:

  • BASIC_USER_INFO (name and surname), 
  • EMAIL_ADDRESS (user's email address),
  • DATE_OF_BIRTH (date of birth),
  • ORGANISATION_ID_IDENTIFIER (specific organisation identifier set for the end user by the Relying Party through the Organisation ID Service), 
  • SSN (social security number and country),
  • RELYING_PARTY_USER_ID (a unique, user-specific value that allows the Relying Party to identify the same user across multiple sessions),
  • INTEGRATOR_SPECIFIC_USER_ID (a unique, user-specific value that allows the Integrator to identify the same user across multiple sessions regardless of the Integrated Relying Party service that the user is using. For more info, see Integrator Relying Party Management),
  • CUSTOM_IDENTIFIER (a unique, Relying Party-specific, user identifier, set by the Relying Party through the Custom Identifier Management).
ssnuserinfo
{
"country":"Country of SSN",
"ssn":"Social security number of the end user"
}

country: string, mandatory. Contains the ISO-3166 two-alphanumeric country code of the country where the SSN is issued. In the current version of Freja eID, one of: ''SE'' (Sweden), ''NO'' (Norway), ''FI'' (Finland), ''DK'' (Danmark).
ssn: string, mandatory. Expected SSN of the end user as per pre-registration.

  • If country equal to "SE", the value must be the 12-digit format of the Swedish "personnummer" without spaces or hyphens. Example: 195210131234.
  • If country equal to ''NO'', the value must be the 11-digit format of the Norwegian "personnummer" without spaces or hyphens. Example: 13105212345.
  • If country equal to ''FI'', the value must be the 10-characters format of the Finish ''koodi'', with the hyphen before the last four control characters. Hyphen can be replaced with the letter A. Example format: 131052-308T or 131052A308T.
  • If country equal to ''DK'', the value must be the 10-digit format of the Danish "personnummer" without spaces or hyphens. Example: 1310521234.
Example request with userInfoType set to ORG_ID:

If you wish to initiate authentication request for a user with the specific organisation identifier 'vejodoe'  and request their name, surname and SSN, follow these steps:

  1. Create the JSON structure {"userInfoType":"ORG_ID","userInfo":"vejodoe", "attributesToReturn":[{"attribute":"BASIC_USER_INFO"},{"attribute":"SSN"}]}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name initAuthRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following (compact format, line broken for clarity only):

initAuthRequest=eyJ1c2VySW5mb1R5cGUiOiJPUkdfSUQiLCJ1c2VySW5mbyI6InZlam9kb2UiLCAiYXR0cmlidXRlc1RvUmV0dXJuIjpbeyJhdHRyaWJ1d
GUiOiJCQVNJQ19VU0VSX0lORk8ifSx7ImF0dHJpYnV0ZSI6IlNTTiJ9XX0=
Example request with userInfoType set to EMAIL:

If you wish to initiate authentication request for a user with an email address joe.black@verisec.com and request their name, surname, SSN and organisation identifier, follow these steps:

  1. Create the JSON structure {"userInfoType":"EMAIL","userInfo":"joe.black@verisec.com","attributesToReturn":[{"attribute":"BASIC_USER_INFO"},{"attribute":"SSN"},{"attribute":"ORGANISATION_ID_IDENTIFIER"}]}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name initAuthRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following (compact format, line broken for clarity only):

initAuthRequest=eyJ1c2VySW5mb1R5cGUiOiJFTUFJTCIsInVzZXJJbmZvIjoiam9lLmJsYWNrQHZlcmlzZWMuY29tIiwiYXR0cmlidXRlc1RvUmV0dXJuI
jpbeyJhdHRyaWJ1dGUiOiJCQVNJQ19VU0VSX0lORk8ifSx7ImF0dHJpYnV0ZSI6IlNTTiJ9LHsiYXR0cmlidXRlIjoiT1JHQU5JU0FUSU9OX0lEX0lERU5USU
ZJRVIifV19
Example request with userIntoType set to PHONE:

If you wish to initiate authentication request for a user with a phone number '+46731234567':

  1. Create the JSON structure {"userInfoType":"PHONE","userInfo":"+46731234567"}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name initAuthRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following:

initAuthRequest=eyJ1c2VySW5mb1R5cGUiOiJQSE9ORSIsInVzZXJJbmZvIjoiKzQ2NzMxMjM0NTY3In0=
Example request with userIntoType set to SSN:

If you wish to initiate authentication request for a user with an SSN '198905218072' and country 'SE':

  1. Create the JSON structure {"country":"SE","ssn":"198905218072"}, then do the base64 of this JSON.
  2. This is the Base64 of step 1, 'eyJjb3VudHJ5IjoiU0UiLCJzc24iOiIxOTg5MDUyMTgwNzIifQ==', which is the userInfo value in our request.
  3. Create the JSON structure {"userInfoType":"SSN","userInfo":"eyJjb3VudHJ5IjoiU0UiLCJzc24iOiIxOTg5MDUyMTgwNzIifQ=="}
  4. Encode the JSON structure to Base64.
  5. Create the HTTP POST request with a POST parameter name initAuthRequest and the Base64 encoded JSON structure from the step 4 as its value.

The HTTP body should be the following:

initAuthRequest=eyJ1c2VySW5mb1R5cGUiOiJTU04iLCJ1c2VySW5mbyI6ImV5SmpiM1Z1ZEhKNUlqb2lVMFVpTENKemMyNGlPaUl4T1RnNU1EVXlNVG
d3TnpJaWZRPT0ifQ==


Example request with userIntoType set to INFERRED:

If you wish to authenticate a user via a QR code:

  1. Create the JSON structure {"userInfoType":"INFERRED","userInfo":"N/A"}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name initAuthRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following:

initAuthRequest=eyJ1c2VySW5mb1R5cGUiOiJJTkZFUlJFRCIsInVzZXJJbmZvIjoiTi9BIn0=



Possible errors returned by the method are the following:

Return code
Explanation
1001Invalid or missing userInfoType.
1002Invalid or missing userInfo.
1004You are not allowed to call this method.
1005User has disabled your service.
1007Invalid min registration level.
1008Unknown Relying Party.
1009You are not allowed to request integratorSpecificUserId parameter.
1010JSON request cannot be parsed.
1012User with the specified userInfo does not exist in Freja eID database.
2000Authentication request failed. Previous authentication request was rejected due to security reasons.
2002Invalid attributesToReturn parameter.
2003Custom identifier has to exist when it is requested.
4001In order to use organisational transactions, user must have an Organisation ID set. 


If HTTP 200 is returned from the method, the following return value will be present in the body of the response:

JSON Response Value in body
{ 
   "authRef":"Reference to be submitted in getAuthResults method"
}

authRef: string, mandatory. A reference unique to the transaction that can be used to query the result of a specific transaction (see Get authentication results method below).

Methods for retrieving authentication results

There are two methods that can be used for fetching authentication results: one that returns a single result for a specified authentication reference (authRef returned from a call to Initiate authentication method), and one that returns multiple authentication results. The latter is the preferred way of fetching results in situations where a Relying Party has many concurrent authentications in progress, as it reduces the number of polling requests.

Get one authentication result method

The method is called using HTTP POST through the URLs below:

System
Method endpoint
Test
https://services.test.frejaeid.com/organisation/authentication/1.0/getOneResult
Production
https://services.prod.frejaeid.com/organisation/authentication/1.0/getOneResult


The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:

Parameter name
Value
getOneAuthResultRequest
{
   "authRef":"Authentication reference"
}

authRef: string, mandatory . The value must be equal to an authentication reference previously returned from a call to the Initiate authentication method. As mentioned above, authentications are short-lived and, once initiated by a Relying Party, must be confirmed by an end user within two minutes. Consequently, fetching the result of an authentication for a given authentication reference is only possible within 10 minutes of the call to Initiate authentication method that returned the said reference.

Example request:

If you wish to fetch an authentication result with the authentication reference previously returned from a call to initAuthRequest (for a user with specific organisation identifier 'vejodoe'), follow these steps:

  1. Create the JSON structure {"authRef":"GOHPyJcoKLJ+zKCEy4abi6jOO+q5VK+S1+UO5OXRmOPu42ixvVnsVgs7ADYUfG8m"}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name getOneAuthResultRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following (compact format, line broken for clarity only):

getOneAuthResultRequest=eyJhdXRoUmVmIjoiR09IUHlKY29LTEorektDRXk0YWJpNmpPTytxNV
ZLK1MxK1VPNU9YUm1PUHU0Mml4dlZuc1ZnczdBRFlVZkc4bSJ9


Possible errors returned by the method are the following:

Return code
Explanation
1004You are not allowed to call this method.
1008Unknown Relying Party.
1100Invalid reference (for example, nonexistent or expired).


If HTTP 200 is returned from the method, the following return value will be present in the body of the response:


JSON Response Value in body
Response Body
{
   "authRef":"Authentication reference",
   "status":"Authentication status",
   "requestedAttributes":
    {
      "basicUserInfo":{
                        "name":"User's name",
                        "surname":"User's surname"
                      },
      "emailAddress":"User's email address",
      "dateOfBirth":"User's date of birth",
      "organisationIdIdentifier":"Specific organisation identifier",
      "ssn":{
			  "ssn":"Social security number of the end user",
			  "country":"Country of SSN"
			},
      "relyingPartyUserId":"Unique user ID reserved for Relying Parties",
      "integratorSpecificUserId":"Unique user ID reserved for Integrators",
      "customIdentifier":"Custom identifier set by the Relying Party"
    },
   "details":"JWS signed data, see below"
}

authRef: string, mandatory. The authentication reference of the authentication.

status: string, mandatory. One of:

  • STARTED (the transaction has been started but not yet delivered to Freja eID application associated with the end user),
  • DELIVERED_TO_MOBILE (the Freja eID app has downloaded the transaction),
  • CANCELED (the end user declined the authentication request),
  • RP_CANCELED (the authentication request was sent to the user but cancelled by the RP before the user could respond),
  • EXPIRED (the authentication request was not approved by the end user within the authentication validity limit of two minutes),
  • APPROVED (the authentication was successful),
  • REJECTED (e.g. if you try to run more than one authentication transaction for the same user at the same time).

requestedAttributes: JSON object (see below), optional. Provides additional attributes about a user if required in attributestToReturn parameter in related initAuthRequest and the status was equal to APPROVED.

details: JWS signed object (see below), optional. Provides details and evidence of the authentication if status was equal to APPROVED.

details

JWS in compact serialised form as following:

BASE64URL(UTF8(JWS Protected Header)) || ’.’ || BASE64URL(JWS Payload) || ’.’ || BASE64URL(JWS Signature)


JWS Protected Header

{
  "x5t": "SHA-1 digest of the signing certificate",
  "alg": "Algorithm used to secure the JWS"
}

x5t: mandatory, Base64URL encoding of the certificate's SHA-1 digest.

alg: mandatory, the value shall be RS256 which corresponds to 'RSA PKCS#1 signature with SHA-256'.


JWS Payload

{
   "authRef":"Authentication reference",
   "status":"Authentication status",
   "userInfoType":"User info type",
   "userInfo":"User information corresponding to user info type",
   "minRegistrationLevel":"Minimum registration level of user required when Organisation ID was added",
   "requestedAttributes":
    {
      "basicUserInfo":{
                        "name":"User's name",
                        "surname":"User's surname"
                      },
      "emailAddress":"User's email address",
      "dateOfBirth":"User's date of birth",
      "organisationIdIdentifier":"Specific organisation identifier",
      "ssn":{
			  "ssn":"Social security number of the end user",
			  "country":"Country of SSN"
			},
      "relyingPartyUserId": "Unique user ID reserved for Relying Parties",
      "integratorSpecificUserId":"Unique user ID reserved for Integrators"
      "customIdentifier":"Custom identifier set by the Relying Party"
    },
   "timestamp":"Time when authentication confirmed by end user"
}

authRef: See authRef above.

status: See status above.

userInfoType: See userInfoType as described in Initiate authentication method.

userInfo: See userInfo as described in Initiate authentication method.

Note: If userInfoType was set to INFERRED in the initAuthRequest, then userInfoType will be INFERRED and the userInfo will be N/A. We recommend you explicitly ask for attributesToReturn in the initAuth method.

minRegistrationLevel: Minimum registration level of a user required by the Relying Party when the Organisation ID was added.

requestedAttributes: JSON object, optional. See requestedAttributes below.

timestamp: long, mandatory. Describes the time when the confirmation by the end user was validated on Freja eID server side. Expressed in milliseconds, since January 1, 1970, 00:00 UTC.

requestedAttributes
{
      "basicUserInfo":{
                        "name":"User's name",
                        "surname":"User's surname"
                      },
      "emailAddress":"User's email address",
      "dateOfBirth":"User's date of birth",
      "organisationIdIdentifier": "Specific organisation identifier",
      "ssn":{
			  "ssn":"Social security number of the end user",
			  "country":"Country of SSN"
			},
      "relyingPartyUserId": "Unique user ID reserved for Relying Parties",
      "integratorSpecificUserId":"Unique user ID reserved for Integrators",
      "customIdentifier":"Custom identifier set by the RP"
}

basicUserInfo: JSON object which contains user's name and surname.

emailAddress: String, representing the user's email address.

dateOfBirth: String, containing date of birth in format: YYYY-MM-DD

organisationIdIdentifier: String, the specific organisation identifier set for the end user. Must be unique within the requesting Relying Party system inside the Freja eID service. 

ssn: JSON object which contains social security number and country.

relyingPartyUserId: String, represents a unique, user-specific value that allows the Relying Party to identify the same user across multiple sessions.

integratorSpecificUserId: String, represents a unique, user-specific value that allows Integrators to identify the same user across multiple sessions regardless of the Integrated Relying Party service that the user is using. For more info, see Integrator Relying Party Management

customIdentifier: String, a unique, Relying Party-specific, user identifier, set by the Relying Party itself through the Custom Identifier Management.


Example data for APPROVED response, JSON response body:

{
"authRef":"12345-67890-abcdef",
"status":"APPROVED",
"details":"JWS content as per below",
"requestedAttributes":
    {
      "basicUserInfo":{
                        "name":"John",
                        "surname":"Doe"
                      },
      "emailAddress":"joe.black@verisec.com",
      "dateOfBirth":"1985-11-17",
      "organisationIdIdentifier": "vejodoe",
      "ssn":{
	          "ssn":"198511170040",
	          "country":"SE"
	        }, 	  
      "relyingPartyUserId": "94039a98c8d",
      "integratorSpecificUserId":"54059a95c8d",
      "customIdentifier":"vejodoe",
    }
}
Field
Value
Certificate info

See above.

Header

See above.

Payload"authRef":"12345-67890-abcdef"
"status":"APPROVED"
"userInfoType":"EMAIL"
"userInfo":"john.doe@somedomain.com"
''requestedAttributes":"basicUserInfo":{"name":"John","surname":"Doe"},"emailAddress":"joe.black@verisec.com","dateOfBirth":"1985-11-17",
"organisationIdIdentifier":"vejodoe","ssn":{"ssn":"198511170040","country":"SE"},"relyingPartyUserId": "94039a98c8d","integratorSpecificUserId":"54059a95c8d",''customIdentifier'':''vejodoe''
"timestamp":"12345-67890-abcdef" 
Final JWS (compact
format, line broken
for clarity only)

(header omitted for brevity)

eyJ1c2VySW5mbyI6ImpvaG4uZG9lQHNvbWVkb21haW4uY29tIiwicmVxdWVzdGVkQXR0cmlidXRlcyI6eyJiYXNpY1VzZXJJbmZvIjp7
Im5hbWUiOiJKb2huIiwic3VybmFtZSI6IkRvZSJ9LCAiZW1haWxBZGRyZXNzIjoiam9lLmJsYWNrQHZlcmlzZWMuY29tIiwgImRhdGVP
ZkJpcnRoIjoiMTk4NS0xMS0xNyIsCiJvcmdhbmlzYXRpb25JZElkZW50aWZpZXIiOiAidmVqb2RvZSIsICJzc24iOnsic3NuIjoiMTk4
NTExMTcwMDQwIiwiY291bnRyeSI6IlNFIn0sICJyZWx5aW5nUGFydHlVc2VySWQiOiAiOTQwMzlhOThjOGQiLCAiaW50ZWdyYXRvclNw
ZWNpZmljVXNlcklkIjoiNTQwNTlhOTVjOGQiLCAiY3VzdG9tSWRlbnRpZmllciI6InZlam9kb2UifSwidXNlckluZm9UeXBlIjoiRU1B
SUwiLCJhdXRoUmVmIjoiMTIzNDUtNjc4OTAtYWJjZGVmIiwic3RhdHVzIjoiQVBQUk9WRUQiLCJ0aW1lc3RhbXAiOjE0OTEzODgxNjMz
ODl9.qEF5K4VRvuKc4VCoc4jBVY5bkqgrPKyEyVPe6eZoUh_mE9DVK_p2cldyKsVfEmKHqKFdKQyuEweS39lm20Q2NlZq6kBgUb7C3AG
R8Mlx-e0iAM2wlLqkQ6ke_U-42Y9G8m8PaWKNvOmSs8K_cfWGzNUsA5EzvNNJGljsdXWXR9Y3cFxzYg5tiwVlRQJbJIdsuiOa7aP1JlO
VZIa6T7Fz2jCxdtC0qaJBlIq3jZwz16mQHITyuWqf3kQfzJ8QiI9qJpF0U7B8fiSM9cLCP0kAVDd1ZVgChQnN8vvq6VjRbVySPTQUA7N
BELd578ErFk_DcsvAGPnPR66DQnNqLI4taA

Get authentication results method

The method allows a Relying Party to fetch the results of multiple outstanding authentications. It is our recommendation that relying parties generally use the aggregate method, as it is more efficient and reduces network traffic. This is the default behaviour of client libraries supplied by Freja eID. 

The method is called using HTTP POST through the URLs below:

System
Method endpoint
Test
https://services.test.frejaeid.com/organisation/authentication/1.0/getResults
Production
https://services.prod.frejaeid.com/organisation/authentication/1.0/getResults


The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:

Parameter name
Value
getAuthResultsRequest
{
   "includePrevious":"Include previously returned results"
}

includePrevious: string, mandatory. Must be equal to ALL. Indicates that the complete list of authentications successfully initiated by the Relying Party within the last 10 minutes will be returned, including results for previously completed authentication results that have been reported through an earlier call to one of the methods for getting authentication results.

Example request:

If you wish to fetch multiple authentication results, follow these steps:

  1. Create the JSON structure {"includePrevious":"ALL"}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name getAuthResultsRequest and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following:

getAuthResultsRequest=eyJpbmNsdWRlUHJldmlvdXMiOiJBTEwifQ==


Possible errors returned by the method are the following:

Return code
Explanation
1004You are not allowed to call this method.
1008Unknown Relying Party.
1200Invalid or missing includePrevious parameter.

If HTTP 200 is returned from the method, the following return value will be present in the body of the response:


JSON Response Value in body
Response body
{
"authenticationResults":[
    {
      "authref":"Authentication reference",
      "status":"Authentication status",
      "relyingPartyUserId":"Unique user ID reserved for Relying Parties",
      "details":"JWS signed data, see below",
      "requestedAttributes":
        {
          "basicUserInfo":{
                        	"name":"John",
                        	"surname":"Doe"
                      	  },
          "emailAddress":"john.doe@somedomain.com",
          "dateOfBirth":"1987-10-18",
          "organisationIdIdentifier": "vejodoe",
          "ssn":{
	          		"ssn":"198710180040",
	          		"country":"SE"
	            },
          "relyingPartyUserId": "94039a98c8d",
          "integratorSpecificUserId":"54059a95c8d",
          "customIdentifier":"vejodoe"
        },
    },
    {
      "authref":...
    }
  ]
}

authenticationResults: an array of JSON objects, mandatory. An array of authentication result objects (if the authRef parameter was passed, the array will always be of length 1).

authref: string, mandatory . The authentication reference of the authentication.

status: string, mandatory. One of:

  • STARTED (the transaction has been started but not yet delivered to Freja eID application associated with the end user),
  • DELIVERED_TO_MOBILE (the Freja eID app has downloaded the transaction),
  • CANCELED (the end user declined the authentication request), 
  • RP_CANCELED (the authentication request was sent to the user but canceled by the Relying Party before the user could respond),
  • EXPIRED (the authentication request was not approved by the end user within the authentication validity limit of two minutes),
  • APPROVED (the authentication was successful),
  • REJECTED (e.g. if you try to run more than one authentication transaction for the same user at the same time).

details: JWS signed object (see details as described in the Get one authentication result method above), optional.

requestedAttributes: JSON object (see details as described in the Get one authentication result method above), optional.

Cancel authentication method

This method is used by a Relying Party to cancel an authentication request.

The method is called using HTTP POST through the URLs below:

System
Method endpoint
Test
https://services.test.frejaeid.com/organisation/authentication/1.0/cancel
Production
https://services.prod.frejaeid.com/organisation/authentication/1.0/cancel


The parameter of the method is a Base64 UTF8-encoded JSON payload according to the following:

Parameter name
Value
cancelAuthRequest
{
   "authRef":"Authentication reference"
}

authRef: string, mandatory . The value must be equal to an authentication reference previously returned from a call to the Initiate authentication method.


Example request:

If you wish to fetch multiple authentication results, follow these steps:

  1. Create the JSON structure {"authRef":"GOHPyJcoKLJ+zKCEy4abi6jOO+q5VK+S1+UO5OXRmOPu42ixvVnsVgs7ADYUfG8m"}
  2. Encode the JSON structure to Base64.
  3. Create the HTTP POST request with a POST parameter name cancelAuth and the Base64 encoded JSON structure from the step 2 as its value.

The HTTP body should be the following (line broken for clarity only):

cancelAuthRequest=eyJhdXRoUmVmIjoiR09IUHlKY29LTEorektDRXk0YWJpNmpPTytxNVZLK1MxK1VP
NU9YUm1PUHU0Mml4dlZuc1ZnczdBRFlVZkc4bSJ9


Possible errors returned by the method are the following:

Return code
Explanation
1004You are not allowed to call this method.
1008Unknown Relying Party.
1100Invalid reference (for example, nonexistent or expired).


If HTTP 200 is returned from the method, the request was successfully fulfilled.