Skip to content

Testing ID-Card API

To be able to test the integration we need a way to create QRCodes on demand. We have therefore made an endpoint that creates QRCodes based on some dummy users. This endpoint is only available in test environment.

Getting Test QR codes

Use /api/merchant/qrtest/{userNumber} to generate QR-Codes that can be scanned. The userNumber should be replaces with on of the pre-defined users bellow.

List of valid test users

User Number Name Gender Dob (yyyy.mm.dd) Age
1 EDGAR HETLAND MALE 1980-09-02 43
2 ANNETTE INGVILD BERGAN FEMALE 1994-09-02 29
3 JAKOB HALVORSEN MALE 2010-03-05 14
4 NORA SOLBERG FEMALE 2005-09-14 18

In this example we are getting a QRCode of user number 2.

Example Request

curl -X 'GET' \
'https://visleg-test-merchantservice-cnhvehb0cvdgggah.z01.azurefd.net/api/qrtest/2'
-H 'accept: application/json' \
-H "Authorization: Bearer <ACCESS_TOKEN>"

The response model consists of the QRCode as a byte array. ttl or time to live, this indicates how long the QRCode is valid in seconds. ts is a timestamp of when the QRCode was made in epoch-time.

Example Response

HTTP/1.1 200 OK
Content-Type: application/json

{
"qrCode": "Byte[]",
"ttl": 35,
"ts": 1728994466
}

Postman Collection

To make it easier, we have created a Postman collection you can use to generate a BankId OIDC Token and test QRCodes as described above.

To use the Postman Collection, you will need to have obtained the client_id and client_secret from us. (Read more)

Setting up the Postman Collection

Postman Collection as json-file

Download Postman Collection

  • Open Postman, select 'Import,' and import the collection you downloaded from the link above. Alternatively, you can drag and drop the collection.json file into the Postman window.

  • Fill in missing client_id, client_secret and thescope parameters in the body of the ID-card Test POST as shown bellow: Filling in missing client_id, and client_secret

Setting Scope

The value for scope must be one that you have permission to use. Any other value will result in an error.

  • Add QRCode visualization to the Post-Response script of the ID-card Test GET request to display the QRCode

Visualization script:

const jsonData = pm.response.json()
pm.visualizer.set(`
    <body>
    <img id="ItemPreview" width="200" height="200" src="">
    <p>time-to-live: \${jsonData.ttl}</p>
    <p>createdAt(epoch): \${jsonData.ts}</p>
    </body>
    <script>
    document.getElementById("ItemPreview").src = "data:image/png;base64, \${jsonData.qrCode}";
    </script>
`);

Filling in missing script

Using the Postman Collection

  1. Make a call to the ID-card Test POST with client_id, client_secret, and scope to recieve an access_token in the response. step 1
  2. Use the ID-card Test GET request with the access_token set in the Authorization field using Bearer Token Auth. step 2
  3. Check the Visualize tab in the Body section to see the QRCode. step 3

Using a QRCode

Now that we can generate QRCodes, they can be scanned as you would with a real user and get a sessionId. Use that sessionId in api/merchant/session-endpoint to get the user data for that test user.

In this example we have a sessionId for user number 3.

Request

curl -X 'POST' \
'https://visleg-test-merchantservice-cnhvehb0cvdgggah.z01.azurefd.net/api/merchant/session'
-H 'accept: application/json' \
-H "Authorization: Bearer <ACCESS_TOKEN>"
-d "{"sessionId":"<SessionId from QRCode>"}"

Response

HTTP/1.1 200 OK
Content-Type: application/json
{
"firstName": "JAKOB",
"lastName": "HALVORSEN",
"documentPhoto": "<base64>",
"age": 14
}