Skip to content

BankID Proof

No longer supported

The legacy BankID Proof is no longer supported by BankID from October 2025. Read more below.

With the announcement that the legacy BankID Server is reaching end-of-life, we are making some changes to the API in the OIDC platform.

  • Removal of BankID Server claims in ID and Access tokens.
  • Removal of BankID Proof scope and payload in token response.

What is now required to prove a BankID transaction?

The ID token contains information about the authentication of an end-user, such as:

  • when the end-user was authenticated (iat)
  • who the end-user is (e.g. bankid_altsub (PID), nnin, name, birthdate)
  • which merchant the authentication was for (azp) and for which transaction (nonce, sid)
  • and what authentication method was used (amr).

This token is also signed by a key with a certificate issued by BankID CA.

In summary, the ID token is the proof that a user has been successfully authenticated by BankID.

For proof's issued for a specific context or action, see also Permissions Grants.