VerifyID

MitID - url_generator_s

Generate a verification URL for the MitID age verification flow.

Overview

The url_generator_s endpoint generates a redirect URL that takes the user into the hosted MitID verification flow. After the user completes (or fails) verification, they are redirected back to your specified domain with a token_age_verified query parameter.

GET https://app.verifyid.dk/api/url_generator_s/{pluginKey}/{device_id}/{age}?domain={redirect_url}

Parameters

Path Parameters

ParameterTypeRequiredDescription
pluginKeystringYesYour plugin key from the VerifyID Dashboard.
device_idstringYesThe device identifier generated by device_id.js, read from localStorage.getItem('verifyid_device_id').
ageintegerYesMinimum age to verify. Must be 16 or 18.

Query Parameters

ParameterTypeRequiredDescription
domainstringYesFull URL to redirect the user back to after verification. Example: https://yoursite.com/checkout

If domain is missing, the API returns a 404 with { "url": null }. Always include the full URL including protocol.

Request

redirect-mitid.js
const device_id = localStorage.getItem('verifyid_device_id');
const pluginKey = 'verifyid_test';
const age = 18;
const domain = encodeURIComponent(
  window.location.origin + window.location.pathname
);

// Option A: Redirect the browser directly
window.location.href =
  `https://app.verifyid.dk/api/url_generator_s/${pluginKey}/${device_id}/${age}?domain=${domain}`;

// Option B: Fetch the URL first, then redirect
const res = await fetch(
  `https://app.verifyid.dk/api/url_generator_s/${pluginKey}/${device_id}/${age}?domain=${domain}`
);
const data = await res.json();

if (data.url) {
  window.location.href = data.url;
}
Terminal
curl -X GET \
  "https://app.verifyid.dk/api/url_generator_s/PLUGIN_KEY_HERE/DEVICE_ID_HERE/18?domain=https://demo.verifyid.dk/checkout"

Responses

200 - Success

The user needs to verify. Redirect them to the returned URL.

200 Response
{
  "url": "https://app.verifyid.dk/verify/mitid?session=abc123..."
}

Action: Redirect the user's browser to url.

403 - Already Verified or Unauthorized

The user's current status does not require verification, or their subscription doesn't allow it. The response redirects back to your domain.

403 Response
{
  "url": "https://yoursite.com/checkout"
}

Action: Redirect back to your domain. The user may already be verified - call /auth_check to confirm.

404 - Missing Domain

The domain query parameter was not provided.

404 Response
{
  "url": null
}

Action: Ensure you are passing ?domain= with a full URL.

Redirect Callback

After the user completes the MitID flow, they are redirected to your domain with the verification token appended:

https://yoursite.com/checkout?token_age_verified=xyz123

Capture this token on your callback page:

callback.js
const token = new URLSearchParams(window.location.search)
  .get('token_age_verified');

The token_age_verified is always present on redirect - even if the user failed verification. You must call /auth_check to determine the actual verified age.

Complete Example

mitid-flow.js
// Step 1: Read device ID (script must be loaded)
const device_id = localStorage.getItem('verifyid_device_id');

// Step 2: Build the verification URL
const pluginKey = 'your_plugin_key';
const age = 18;
const domain = window.location.origin + window.location.pathname;

const verifyUrl =
  `https://app.verifyid.dk/api/url_generator_s/${pluginKey}/${device_id}/${age}?domain=${encodeURIComponent(domain)}`;

// Step 3: Redirect user into MitID flow
window.location.href = verifyUrl;

// --- User returns to your domain ---

// Step 4: Capture token and validate server-side
const token = new URLSearchParams(window.location.search)
  .get('token_age_verified');

if (token) {
  // Send to your backend → call /api/auth_check/{token}/{device_id}
  const response = await fetch(
    `/api/verify?token=${token}&device_id=${device_id}`
  );
  const result = await response.json();

  if (result.age >= 18) {
    console.log('User verified as 18+');
  } else {
    console.log('Verification failed or underage');
  }
}

Notes

  • The age parameter accepts only 16 or 18. Other values will be rejected.
  • Always use the full URL for domain, including https:// and the path.
  • The verification URL is single-use and expires after a short window.
  • Never Store verification code more than 30 mins or one session as its against the Law

Quick Start

Get started with VerifyID - install the script, generate a device ID, and verify users in four steps.

BankID - url_generator_bankid

Generate a verification URL for the BankID age verification flow.

On this page

OverviewParametersPath ParametersQuery ParametersRequestResponses200 - Success403 - Already Verified or Unauthorized404 - Missing DomainRedirect CallbackComplete ExampleNotes