Services

These services are available in the Pre-Production and Production systems.

Base URLs for the two systems are:

Environment

URL

Pre-Production

https://services-preprod.bankid.no

Production

https://services.bankid.no

Test your BankID

The test tool is meant to be embedded in a merchant's website, for instance in an iframe.

Applicable to the Java applet only: To match the rest of the site, the font and size of the text used outside the applet can be specified to match the rest of the site.

Access URLs

Function

URL

Mobile

Test your Mobile BankID

<baseURL>/test/test?type=mobil&action=authAndSign

Show your Mobile BankID certificate

<baseURL>/test/test?type=mobil&action=showCert

Web-client

Test your BankID Web-client

<baseURL>/test/test?type=webclient&action=authAndSign

Auth

<baseURL>/test/test?type=webclient&action=auth

Sign *

<baseURL>/test/test?type=webclient&action=sign

Sign xml *

<baseURL>/test/test?type=webclient&action=signXml

Sign Pdf *

<baseURL>/test/test?type=webclient&action=signPdf

Sign multi docs

<baseURL>/test/test?type=webclient&action=multisign&clientVersion=2.1

Netpay

<baseURL>/test/test?type=webclient&action=netpay

Changepassword

<baseURL>/test/test?type=webclient&action=changepassword

*Note that the Sign operations (Sign, Sign xml, Sign Pdf) for the Web-client listed above may be called both with and without the &clientVersion=2.1 parameter, i.e.

<baseURL>/test/test?type=webclient&action=sign&clientVersion=2.1
<baseURL>/test/test?type=webclient&action=sign&clientVersion=2.0
<baseURL>/test/test?type=webclient&action=sign

This will determine which BankID version to use for the signing operations. By omitting the clientVersion part the default version (2.0) will be used. Further note that the multisign URL only works for 2.1 as shown in the above table.

<baseURL>/test/test?type=webclient&action=sign&clientVersion=2.0 is also valid.

The following parameters may be added to specify font and font-size, and are only applicable for the Java applet:

FunctionURL
Fontfont=<font-name[,font-name]...>
Font-sizesize=<size>

Example

https://services.bankid.no/test/test?type=webclient&action=authAndSign&clientVersion=2.0

Transaction Counter

Access URLs

Function

URL

Transactions pr. second netcentric

<baseURL>/bankid/netcentric/counter/transactionsprsecond/

Transactions today netcentric

<baseURL>/bankid/netcentric/counter/transactionstoday/

Transactions pr. second mobile

<baseURL>/bankid/mobile/counter/transactionsprsecond/

Transactions today mobile

<baseURL>/bankid/mobile/counter/transactionstoday/

CheckMobile

This service lets a user check whether a given mobile number/mobile phone can be used with Mobile BankID.

Access URL

Function

URL

Check mobile

<baseURL>/bankid/checkmobile

Parameters are given in the query part of the URL.

Parameters

Parameter

Required

Description

msisdn

Yes

Mobile number to check

Example

Checking a number
Check if number 99889988 can be used:

https://services.bankid.no/bankid/checkmobile?msisdn=99889988

Results

The service returns the status code from the MNO. The following codes are defined:

Status code

Description

OK

Mobile phone and subscription are enabled for Mobile BankID

NOT_ACTIVE

Subscription is not known to Mobile Network Operator (MNO)

INVALID_SIM

Subscriber Identidy Module (SIM) card must be replaced by MNO in order to get Mobile BankID.

INVALID_SUBSCRIPTION

The mobile subscription does not support Mobile BankID.

ERROR_IN_SUBSCRIPTION

There may be an error in the MNO subscription system. This may be solved within 24 hours. If the problem persists, contact MNO support.

INVALID_PHONE

Phone is not enabled for Mobile BankID.

MNO_DOES_NOT_SUPPORT_BANKID_MOBILE

The MNO of the Mobile Station International Subscriber Directory Number (MSISDN) does not support Mobile BankID.

MSISDN_DOES_NOT_EXIST

MSISDN does not exist in the National Resources DataBase (NRDB).

SIM_MISSING_PKI_SUPPORT

The end user's SIM card does not support Public Key Infrastructure (PKI)/BankID. An automatic update is issued by the MNO, this involves a restart of the user's mobile phone. The end user has to be informed in the net bank web page.

SIM_REACHED_MAX_ACTIVATIONS

The end user's SIM card cannot be activated again, the user must get a new SIM card from the MNO. For Telenor, this occurs at the 85th activation.

ASYNC_PROCESSING

The request is processed asynchronously.

ERROR

An unspecified error occurred in the infrastructure. This code is returned if the request could not be processed.

BankID Counter

This service gives the number of active certificates or unique users. Note that the values are cached for a certain (configurable) time, so new certificates are not immediately visible.

Access URLs

Function

URL

Netcentric PersonBankIDs

<baseURL>/bankid/netcentric/counter/certificates/person

Netcentric EmployeeBankIDs

<baseURL>/bankid/netcentric/counter/certificates/employee

Mobile BankIDs

<baseURL>/bankid/mobile/counter/certificates

Number of unique users

<baseURL>/bankid/counter/unique

Unique users with netcentric certificates

<baseURL>/bankid/netcentric/counter/unique

Unique users with mobile certificates

<baseURL>/bankid/mobile/counter/unique

Feature detection and UA detection script

verifyBrowser

The entry point of the API is the method called verifyBrowser. The simplest possible use of this method could look like this:

bidBrowserTest.verifyBrowser({
	onNoSupport: function () {
		console.log("Your browser does NOT support the BankID Web-client! :C ");
	}
});

This call invokes the asynchronous feature detection process, which has three possible outcomes, each of which is associated with a callback:

Callback

Explanation

onFullSupport

All features are supported, and the BankID Web-client will function.

onNoSupport

One or more required features are not supported, and the BankID Web-client will not function.  Example: Cross-origin resource sharing (CORS) is not supported.

onLimitedSupport

The BankID Web-client will function, but one or more recommended features are not supported.  Example: Cookies are disabled. Example: Content security policy (CSP) is not honoured/understood by the browser.

result-object

Each callback gets sent a result-object as argument. This may optionally be used to retrieve further details about what went wrong if needed.
result may look like this:

var result = {
	code: 41,
	message: "Cookies are disabled",
	action: "Enable cookies",
	details: […]
};

result is the conclusion as to what went wrong, or possibly that everything is ok and that the BankID Web-client will function properly in the user's browser. Each result is tied to a static (error) code which in turn may be used by the merchant to show customised texts and graphics instead of the default texts provided in the message- and action-fields. The language used in these texts is Norwegian bokmål unless otherwise specified through the use of withLocale.
The result-object:

Field

Type

Explanation

Example

code

number (JS:number)

Static (error) code in order to show custom texts.  An overview of the (error) codes and their meaning can be found further down on this page.

41 (cookies are disabled)
0 (everything is ok)

message

text (JS:string)

Contains a default text that describes the test result.

"Cookies are enabled"
"Browser does not support recommended features"

action

text (JS:string)

Contains a default text that recommends an action the user could take. This field is absent in case the test is "green" or otherwise no recommendation exists, such as if everything went ok.

"Enable cookies"
"Upgrade your browser"

details

list (JS:object[])

An array of detailed test results, one for each feature being tested. See below for further explanation of the details-field.

[ { … }, { … } ]

result also contains the field details, a list of detailed test results, one for each feature that was tested. The data structure for each such element in the list is similar to that of result (without the details-field), but contains an additional field supportLevel that defines to which degree the browser supports the feature. The field is an enumeration over the values "noSupport", "limitedSupport", and "fullSupport".
details can look like this:

result.details = [
	{
		code: 10,
		message: "CORS is supported",
		supportLevel: "fullSupport"
	},
	{
		code: 21,
		message: "XDM is not supported",
		action: "Upgrade your browser",
		supportLevel: "noSupport"
	},
	{
		code: 41,
		message: "Cookies are disabled",
		action: "Enable cookies",
		supportLevel: "limitedSupport"
	}
];

Note that, based on severity, a test result with a supportLevel different from "fullSupport" becomes the conclusion and top result passed to the callback.
The details-object:

Field

Type

Explanation

Example

code, message, and action are the same as above.

supportLevel

enumeration (JS:string)

Defines to which degree a particular feature is supported by the browser. 

Example: If CORS is supported, then supportLevel becomes "fullSupport". 

Example: If XDM is not supported, then supportLevel becomes "noSupport". 

Example: If cookies are disabled, then supportLevel becomes "limitedSupport". [1] 

[1] Recommended features such as cookies and CSP will never have a test result with a supportLevel of "noSupport", only "limitedSupport".

One of: 

"fullSupport"
"limitedSupport"
"noSupport"

Extended example of the use of result and details:

bidBrowserTest.verifyBrowser({
	onFullSupport: function () {
		console.log("Your browser fully supports the BankID Web-client!");
	},
	onNoSupport: function(result) {
		console.error("Your browser does NOT support the BankID Web-client!");
		console.error("Error code: " + result.code);
		console.error("What went wrong: " + result.message);
		console.error("What you can do: " + result.action);
		
		console.error("The following features were tested:");
		
		result.details.forEach(function (detail) {
			console.error(" Feature:");
			console.error(" Result code: " + detail.code);
			console.error(" Message: " + detail.message);
			console.error(" Action: " + detail.action);
			console.error(" Level of support: " + detail.supportLevel);
		});
	}
});

The result-object sent to onFullSupport, onLimitedSupport, and onNoSupport are identical, so creating a common method that handles all three callbacks may be advantageous, such as to present the results to the user.

Example:

bidBrowserTest.verifyBrowser({
	onFullSupport: showResult,
	onLimitedSupport: showResult,
	onNoSupport: showResult
});

function showResult(result) {
	// Show the test result and/or list detailed test results contained in result.details.
}


There is also a callback onError that may be specified to handle unexpected errors that occur during testing. Should onError not be defined the exception will be raised from within the asynchronous process and will only become visible in the console. Note that once verifyBrowser has been called it immediately returns after having started the asynchronous process, which also means that no errors will be thrown from it. Use the callback instead.

Example:

bidBrowserTest.verifyBrowser({
	onError: function (e) {
		console.error("Error while running tests: " + e);
	}
});

(Note that during testing, nothing could be found that would cause such an unexpected exception to be raised. It is however recommended to handle onError in case an error occurs in the future.)

Result codes

The following table comprises the complete list of result codes and by that also the complete list of features tested for.

code

Meaning

supportLevel

Message  (localised)

Action (localised)

0

Everything ok. The browser fully supports the BankID Web-client.

fullSupport

Your browser will work properly

Your browser will work properly

100

All required features are supported.

  • Cross-origin resource sharing (CORS)
  • Cross-document messaging (XDM)
  • Scalable vector graphics (SVG)
  • Object.keys
  • Selectors API
  • JSON
  • Element.outerHTML

To show a more technical classification of the result set, set friendly to false in the call to verifyBrowser.

fullSupport

Required features are supported by your browser

None

101

Required features are not supported. One or more features in the list above are not supported. 

To show a more technical classification of the result set, set friendly to false in the call to verifyBrowser.

noSupport

Required features are not supported by your browser

You must upgrade your browser for it to work properly.

102

Required features are only partially supported. Cross-origin resource sharing (CORS) is only partially supported through XDomainRequest (IE 8/9). 

To show a more technical classification of the result set, set friendly tofalse in the call to verifyBrowser.

limitedSupport

Required features are only partially supported by your browser

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

110

Cross-origin resource sharing (CORS) is supported.

fullSupport

CORS is supported

None

111

Cross-origin resource sharing (CORS) is not supported.

noSupport

CORS is not supported

You must upgrade your browser for it to work properly.

112

Cross-origin resource sharing (CORS) is only partially supported through XDomainRequest (IE 8/9).

limitedSupport

CORS is only partially supported

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

120

Cross-document messaging (XDM) is supported.

fullSupport

XDM is supported

None

121

Cross-document messaging (XDM) is not supported.

noSupport

XDM is not supported

You must upgrade your browser for it to work properly.

130

The browser is not blacklisted.

fullSupport

Browser is accepted

None

131

The browser is blacklisted and blocked. 

For details regarding which UA-strings are being actively blacklisted, contact BankID.

noSupport

Browser is blocked

You must upgrade your browser for it to work properly.

200

All recommended features are supported.

  • Content security policy (CSP) [1]
  • Canvas
  • Web Cryptography API [1]
  • Web Storage API
  • Geolocation API
  • Web Graphics Library (WebGL) [1]
  • Web Real-Time Communication API (WebRTC) [1]
  • ShadowDOM [1]
  • MutationObserver

To show a more technical classification of the result set, set friendly tofalse in the call to verifyBrowser. 

[1] Note that unless extended is set to true in the call to verifyBrowser, no feature detection is run against these features. See section 3.5.4 for more information.

fullSupport

Recommended features are supported by your browser

None

201

Recommended features are not supported. One or more features in the list above are not supported. 

To show a more technical classification of the result set, set friendly to false in the call to verifyBrowser.

limitedSupport

Recommended features are not supported by your browser

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

210

Cookies are enabled and available.

fullSupport

Cookies are enabled

None

211

Cookies are disabled or otherwise unavailable.

limitedSupport

Cookies are disabled

Your browser will work, but not optimally. We recommend enabling cookies.

220

Content security policy (CSP) is supported.

fullSupport

CSP is supported

None

221

Content security policy (CSP) is not supported. 

Warning! If you are using the JavaScript API to invoke verifyBrowser with extended  See section 3.5.4 for more information on use of the extended flag.set to true, it is vital that CSP has been activated by you, the merchant, by setting the Content-Security-Policy-header in the http-response for the page that loads bid-browser-test.js. This must be done for any page that uses the JavaScript API. Remember to send the corresponding header for the given browser as the particular name of the CSP header varies from browser to browser. 

Example: Content-Security-Policy: script-src

https://services.bankid.no/test/precheck/bid-browser-test.js

It is important not to work around inline code evaluation by specifying inline-eval in the source list for default-src or script-src since this is what is being used for feature detection of CSP. If these precautions are not taken, the test will simply report false positives that CSP is not supported. 

Example (don't do this!): Content-Security-Policy: script-src … inline-eval 

Also note that no version of Internet Explorer currently (IE 11) supports CSP in compliance with the W3C-specification.

limitedSupport

CSP is not supported

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

230

Canvas is supported.

fullSupport

HTML5 Canvas is supported

None

231

Canvas is not supported.

limitedSupport

HTML5 Canvas is not supported

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

240

Scalable vector graphics (SVG) is supported.

fullSupport

HTML5 SVG is supported

None

241

Scalable vector graphics (SVG) is not supported.

noSupport

HTML5 SVG is not supported

You must upgrade your browser for it to work properly.

250

Object.keys is supported.

fullSupport

Object.keys is supported

None

251

Object.keys is not supported.

noSupport

Object.keys is not supported

You must upgrade your browser for it to work properly.

260

Selectors API is supported.

fullSupport

Query selectors are supported

None

261

Selectors API is not supported.

noSupport

Query selectors are not supported

You must upgrade your browser for it to work properly.

270

JSON is supported.

fullSupport

JSON is supported

None

271

JSON is not supported.

noSupport

JSON is not supported

You must upgrade your browser for it to work properly.

280

Element.outerHTML is supported.

fullSupport

Element.outerHTML is supported

None

281

Element.outerHTML is not supported.

noSupport

Element.outerHTML is not supported

You must upgrade your browser for it to work properly.

290

Web Cryptography API1

fullSupport

Web Cryptography is supported

None

291

Web Cryptography API1

limitedSupport

Web Cryptography is not supported

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

310

Web Storage API is supported.

fullSupport

Web Storage is supported

None

311

Web Storage API is not supported.

limitedSupport

Web Storage is not supported

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

320

Geolocation API is supported.

fullSupport

Geolocation is supported

None

321

Geolocation API is not supported.

limitedSupport

Geolocation is not supported

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

330

Web Graphics Library (WebGL)1 is supported.

fullSupport

WebGL is supported

None

331

Web Graphics Library (WebGL)1 is not supported.

limitedSupport

WebGL is not supported

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

340

Web Real-Time Communication API (WebRTC)1 is supported.

fullSupport

WebRTC is supported

None

341

Web Real-Time Communication API (WebRTC)1  is not supported.

WebRTC is not supported

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

350

ShadowDOM API1 is supported.

fullSupport

ShadowDOM is supported.

None

351

ShadowDOM API1 is not supported.

limitedSupport

ShadowDOM is not supported.

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

360

MuationObserver API is supported.

fullSupport

MuationObserver is supported.

None

361

MutationObserver API is not supported.

limitedSupport

MutationObserver is not supported.

Your browser will work, but not optimally. We recommend upgrading your browser for a better user experience.

1 See section 3.5.4 for more information on use of the extended flag. is supported.

Extended and friendly results

The verifyBrowser-method provides the ability to hide technical details in the result set and to run an extended feature detection by setting the friendly and extended flags, respectively. The flags may be specified in the attributes map sent to verifyBrowser in the same manner as the callbacks. Defaults are true for friendly, and false for extended.

Example:

bidBrowserTest.verifyBrowser({
	friendly: false, // Show me everything.
	extended: true, // Run all tests, including CSP.
	onFullSupport: function () {
		:
	}
});

Note that the following recommended features are not yet widely supported and because of this they are disabled by default in the test. Testing for these features is enabled by setting the extended-parameter true, as shown in the example above.

  • Content Security Policy (CSP)
  • Web Cryptography API
  • Web Graphics Library (WebGL)
  • Web Real-Time Communication API (WebRTC)
  • ShadowDOM

Since no version of Internet Explorer currently (IE 11) supports CSP it is cautioned against running extended tests due to the fact that this will result in a negative result for all users of IE. This is way the CSP-test is disabled by default.

Localization

withLocale lets you specify the desired language to be used in the test results coming from verifyBrowser, particularly result.message and result.action. The method returns the framework itself, so that it may be used with chaining.

Example:

bidBrowserTest.withLocale("en").verifyBrowser();

Currently, only Norwegian bokmål (nb) and English (en) are supported.

Test your browser

It is possible to test your browser by running the Feature- and UA detection script using services-test. The link to the test can be found in the table below.

The test site loads the script in two ways. The first way loads the script using <script src=".."> in the html document, and the second way loads the script using requirejs. By setting extended and friendly to true or false, different sets of tests are run.

Function

URL

Test your browser

<baseURL>/test/precheck/test-browser


BaseURL is defined in section 3.

Security Data

As described in section 2. See the document [ISDS] (restricted) for more information.