serviceId

Yes

Relying parties identify themselves for the GRP API using the parameter "serviceId". This is a value assigned by the GRP service operator when signing up.

policy

provider

Yes

The relying party selects eID provider using the argument "provider". Examples are "bankid", "freja" and "nias"

provider

displayName

Yes

Name of the certificate to be used by the IdP

rpDisplayName

requestType

No

Which type of request, "AUTH" for authentication and "SIGN" for signing. Defaults to AUTH if not specified.

transactionId

Yes

A client provided random string unique for the specific authentication or sign request. UUID format is recommended. The same value is returned in the response and this is used for tracing and logging purposes.

transactionId

endUserInfo

Yes

IP-address of the end-user connected to the RP.

endUserInfo.IP_ADDR

orgIdIssuer

No

Only used for Freja Organisation ID. Can be set to "ANY" to allow organisation IDs set by other Relying Parties.

callInitiator

Conditional

Indicate if the user or RP initiated the phone call. Possible values are "USER" and "RP".

NB: This must be present if flowType is set to "PHONE", as this is a required parameter for a BankID phone auth/sign request. Otherwise it can be left out or with an empty value.

flowType

No

Specify what type of flow the request is for. Currently only supports one value "PHONE", used for BankID phone auth/sign. Defaults to regular BankID auth/sign if not specified. 

NB: If this parameter is active and set to "PHONE", then it's required to also use the parameter "callInitiator".

https://eid-connect.test.funktionstjanster.se/grp/v3/init?serviceId=cgitest001&provider=bankid&requestType=AUTH&displayName=CGI+Sverige+AB+Test&transactionId=l8ng1BYH&endUserInfo=127.0.0.1

Header:

Host: eid-connect.test.funktionstjanster.se

Accept-Encoding: gzip, deflate

Accept: */*

Content-Type: application/json

accessToken: 01010101-0101-0101-0101-010101010101

subjectIdentifier

User unique identifier, like SSN. For some eID provider it is always required, for others it is only required when eID is on another device

subjectIdentifier.type

Specifies subject identifier type. Currently used are: "TIN" (personnummer), "EMAIL" - user e-mail address.

userMessage

userMessage.nonVisible

Data to be signed, not displayed to user in the eID app. Should be Base64 encoded. Max length depends on the eID provider. Example for BankID is 200 000 characters after Base64 encoding.

userNonVisibleData

userMessage.visible

Text to be signed and displayed to user in the eID app. Should be a Base64 encoded UTF-8 string. Max length depends on the eID provider. Example for BankID is 40 000 characters after Base64 encoding.

userVisibleData

userMessage.format

Format of the visible text, types available are: PLAIN_TEXT, MARKDOWN, HTML

refId

An order reference that should be used in subsequent calls to the collect endpoint.

autoStartToken

A unique token used by some providers to start the app on the same device.

qrStartToken

A token used to compute the animated QR code, not used by all providers

qrStartSecret

A token used to compute the animated QR code, not used by all providers

transactionId

The same transactionId that was provided in the request, used for tracing and logging purposes.

refId

Yes

The value received in Authenticate / Sign response.

orderId

transactionId

Yes

A client provided random string unique for the specific authentication or sign request. UUID format is recommended. The same value is returned in the response and this is used for tracing and logging purposes.

transactionId

progressStatus

Object with status of the order

progressStatus.status

General status of the attempt. Possible values: COMPLETED, FAILED, CANCELLED, PENDING

progressStatus.substatus

Status from the provider

progressStatus.message

Status message from the provider

attributes

Key-value pairs with information from the certificate or sign/auth operation.

userInfo

Basic information about the user

userInfo.subjectIdentifier

Identifier of the subject

userInfo.subjectIdentifier.value

Unique identifier of the subject.

userInfo.subjectIdentifier.type

Specifies subject identifier type. Currently used are: "tin" (personnummer), "email" - user e-mail address.

userInfo.displayName

User display name. Used by some providers for given name + surname

userInfo.givenName

User given name

userInfo.sn

User surname

userInfo.tin

User TIN (personnummer)

userInfo.ipAddress

IP address of the eID client

validationInfo

Information about the validation. May contain the actual signature and OCSP response from certificate validation.

validationInfo.signature

Base64 encoded signature in the format specified by "signatureFormat".

validationInfo.signatureFormat

Current supported formats are: "xmldsig" - Standard XML based format used by BankID. "pkcs7" - PKCS#7, binary format used by NetID etc. "jws" - JSON Web Signature format used by Freja.

validationInfo.ocspResponse

Base64 encoded OCSP response (not available for all providers).

transactionId

The same transactionId that was provided in the request, used for tracing and logging purposes.

refId

Yes

The value received in Authenticate / Sign response.

orderId

transactionId

Yes

A client provided random string unique for the specific authentication or sign request. UUID format is recommended. The same value is returned in the response and this is used for tracing and logging purposes.

transactionId

progressStatus

Object with status of the order

progressStatus.status

General status of the attempt, should be CANCELLED

transactionId

The same transactionId that was provided in the request, used for tracing and logging purposes.

refId

Yes

The value received in Authenticate / Sign response.

transactionId

Yes

A client provided random string unique for the specific authentication or sign request. UUID format is recommended. The same value is returned in the response and this is used for tracing and logging purposes.

refId

Yes

The value received in Authenticate / Sign response.

transactionId

Yes

A client provided random string unique for the specific authentication or sign request. UUID format is recommended. The same value is returned in the response and this is used for tracing and logging purposes.

size

No

The size of the generated QR-code image (in pixels). Default is 200.

ACCESS_DENIED_RP

The request was not allowed for the given provider. Check provider and accessToken.

INVALID_PARAMETERS

Could not handle request. Check input parameters.

RETRY

An error occurred. RP should not automatically retry, but let user try again.

INTERNAL_ERROR

Internal error in GRP or eID provider system.

EXPIRED_TRANSACTION

The operation has timed out and user needs to retry.

USER_CANCEL

The operation was cancelled by the user.

CLIENT_ERR

An error has occurred in the client.

CERTIFICATE_ERR

An error with the certificate has occurred.

CANCELLED

The operation was cancelled because another order for the same user was added.

START_FAILED

The client could not be started.

ALREADY_IN_PROGRESS

Another operation for the same user is already in progress. That order is cancelled and no new order is created. RP needs to try again.

SIGN_VALIDATION_FAILED

Validation of a signature could not be validated. Also applies to the signature of an authentication operation.

UNKNOWN_USER

Invalid user identifier. Used for some eID providers instead of INVALID_PARAMETERS.

MISSING_CALL_INITIATOR

No call initiator specified when the phone flow type is used.