Skip to content

API Versions

BankID provide API versioning. This allows us to introduce new features and improvements without breaking existing implementations.

The version is an integer that is returned in all tokens as api_ver claim (from version 2).

Current version

Today, the default version of the BankID APIs is 1.

Minimum version will be 4

From 28th of October 2025, API version 1, 2, 3 and 4 will be active by default. Only clients compatible with API version 4 will continue working. See announcement.

Available versions

New API Versions contains all changes from older versions. E.g. v4 includes changes from v1->v3.

API Version 4 (enforced from 28th of October 2025)

This version adds many changes related to BankID Server end-of-life and recommendations from the OIDC specification and FAPI 2.0.

All changes from Version 1 to 3 are included, in addition to:

API Version 3

  • All Tokens are signed using ES256 signature algorithm. Make sure your system can handle validation of these signatures.
  • acr_values parameter of the authorize endpoint now supports multiple ACR values (space-separated) for compliance with OIDC specification.
  • token_type value has been capitalized to Bearer in token response. (Note: OAuth2 specification states this to be case-insensitive).

API Version 2

API Version 1

  • Initial version of the BankID APIs. No backwards incompatible changes.

How to enable a new version

To set which API Version to use, include the version in the authorize request using:

api_version=[version]

Example:

GET [authorize_url]?client_id=myclient-bankid-prod&scope=openid&api_version=3

Tip

You can also make a request to support to set the minimum version for your OIDC Client, without the need to include it in the authorize request.