eID

POST /eid/init

Start a verification process and get an eID initialization reference to complete the process.

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave us a comment.

Request

POST /api/2/eid/init

ssn

required

userId

required

hash

required

A verified request hash signed with your client sign secret.

Example request

cURL
curl https://login.schibsted.com/api/2/eid/init \
   -X POST \
   -d "ssn=12399912" \
   -d "userId=42" \
   -d "hash=7374163eed7a0e88f9bf28e128d8da82"
Java
Map<String, String> params = new HashMap<>() {{
    put("ssn", "12399912");,
    put("userId", "42");,
    put("hash", "7374163eed7a0e88f9bf28e128d8da82");
}};

SpidOAuthToken token = spidClient.getServerToken();
String responseJSON = spidClient.
    POST(token, "/eid/init", params).
    getResponseBody();

This example is an excerpt, see a full example

PHP
<?php
$params = array(
    "ssn" => "12399912",
    "userId" => "42",
    "hash" => "7374163eed7a0e88f9bf28e128d8da82"
);

$client->auth();
echo var_dump($client->api("/eid/init", "POST", $params));

This example is an excerpt, see a full example

Clojure
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-server-token client)]
  (spid/POST client token "/eid/init" {"ssn" "12399912"
                                       "userId" "42"
                                       "hash" "7374163eed7a0e88f9bf28e128d8da82"}))

Response

This endpoint supports the JSON response format.

Success: 200 OK

returns eID initialization object

Eidinit

Failure cases

Some HTTP response codes are used for multiple error situations. There is no consistent way to tell these apart, but the error object will contain a textual explanation of the reason for the error. For explanation on OAuth related failures and errors see OAuth authentication failures.

  • 400 Bad Request Only active users can have eID
  • 400 Bad Request ssn is required
  • 400 Bad Request userId is required
  • 400 Bad Request User is already verified
  • 400 Bad Request User is banned from eID
  • 400 Bad Request User is blocked for verification
  • 400 Bad Request SSN is blocked for verification
  • 400 Bad Request SSN is taken by other user
  • 400 Bad Request User has been verified with another SSN in the past
  • 401 Unauthorized You don't have administration rights for this client.
  • 401 Unauthorized Your client doesn't have administration rights for this client.
  • 403 Forbidden Client is not authorized to access this API endpoint. Contact SPiD to request access.
  • 403 Forbidden Requesting IP is not whitelisted
  • 403 Forbidden Invalid verification hash
  • 403 Forbidden Token is not authorized to access this user
  • 404 Not Found Unknown client ID
  • 404 Not Found Client ID mismatch. The client making the request is no the owner of this resource, and does not have administrative privileges for it.
  • 420 Request Ratelimit exceeded

Sample response

JSON
{}
JSON-P
callback({});

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.