BankID - url_generator

Overview

The url_generator_bankid endpoint generates a redirect URL for the hosted BankID verification flow. It validates your subscription, verifies the domain, records a billing event, and returns the BankID authorization URL.

The flow is identical to MitID - redirect the user in, they verify, and return to your domain with a token_age_verified parameter.

GET https://app.verifyid.dk/api/url_generator_bankid/{pluginKey}/{device_id}/{age}?domain={redirect_url}

BankID is a separate verification provider from MitID. Use url_generator_s for MitID and url_generator_bankid for BankID. The auth check step is the same for both.

Parameters

Path Parameters

Parameter	Type	Required	Description
`pluginKey`	`string`	Yes	Your plugin key from the VerifyID Dashboard.
`device_id`	`string`	Yes	The device identifier from `localStorage.getItem('verifyid_device_id')`.
`age`	`integer`	Yes	Minimum age to verify. Must be `16` or `18`.

Query Parameters

Parameter	Type	Required	Description
`domain`	`string`	Yes	Full URL to redirect the user back to after verification. Example: `https://yoursite.com/checkout`

The BankID endpoint validates your domain against your account's verified domains. If the domain is not verified, you'll receive a 403.

Request

redirect-bankid.js

const device_id = localStorage.getItem('verifyid_device_id');
const pluginKey = 'your_plugin_key';
const age = 18;
const domain = encodeURIComponent(
  window.location.origin + window.location.pathname
);

// Redirect to BankID flow
window.location.href =
  `https://app.verifyid.dk/api/url_generator_bankid/${pluginKey}/${device_id}/${age}?domain=${domain}`;

Terminal

curl -X GET \
  "https://app.verifyid.dk/api/url_generator_bankid/PLUGIN_KEY_HERE/DEVICE_ID_HERE/18?domain=https://demo.verifyid.dk/checkout"

Responses

`200` - Success

Returns the BankID authorization URL. Redirect the user to this URL.

200 Response

{
  "url": "https://app.verifyid.dk/verify/bankid?session=abc123..."
}

Action: Redirect the user's browser to url.

`403` - Unauthorized or Domain Not Verified

The user's subscription is inactive, or the provided domain is not registered in your account.

403 Response

{
  "url": "https://yoursite.com/checkout"
}

Action: Check that your domain is verified on the Dashboard and your subscription is active.

`404` - Missing Domain

The domain query parameter was not provided.

404 Response

{
  "url": null
}

Action: Always pass ?domain= with a full URL including protocol and path.

Redirect Callback

After the user completes the BankID flow, they are redirected back:

https://yoursite.com/checkout?token_age_verified=xyz123

Capture the token:

callback.js

const token = new URLSearchParams(window.location.search)
  .get('token_age_verified');

Then validate it with /auth_check.

Complete Example

bankid-flow.js

// Step 1: Read device ID
const device_id = localStorage.getItem('verifyid_device_id');

// Step 2: Build the BankID verification URL
const pluginKey = 'your_plugin_key';
const age = 18;
const domain = window.location.origin + window.location.pathname;

const verifyUrl =
  `https://app.verifyid.dk/api/url_generator_bankid/${pluginKey}/${device_id}/${age}?domain=${encodeURIComponent(domain)}`;

// Step 3: Redirect user into BankID flow
window.location.href = verifyUrl;

// --- User returns to your domain ---

// Step 4: Capture token and validate server-side
const token = new URLSearchParams(window.location.search)
  .get('token_age_verified');

if (token) {
  const response = await fetch(
    `/api/verify?token=${token}&device_id=${device_id}`
  );
  const result = await response.json();

  if (result.age >= 18) {
    console.log('User verified as 18+ via BankID');
  } else {
    console.log('Verification failed or underage');
  }
}

Differences from MitID

	MitID (`url_generator_s`)	BankID (`url_generator_bankid`)
Endpoint	`/api/url_generator_s/...`	`/api/url_generator_bankid/...`
Provider	Signaturgruppen	INGroupe
Domain validation	Strict - domain must be verified on dashboard	Strict - domain must be verified on dashboard
Billing	Per verification	Per verification
Auth check	Same - `/api/auth_check`	Same - `/api/auth_check`
Token format	Same - `token_age_verified`	Same - `token_age_verified`

Notes

The age parameter accepts only 16 or 18.
The returned URL is single-use and expires after a short window.

BankID - url_generator_bankid