Client authenticationΒΆ
Relaying Parties (RP) must authenticate with BankID for server-to-server calls such as the token and introspect endpoints.
Among the standardized authentication methods the following is recommended:
private_key_jwt
in accordance with standards. Read more about this method.
We also support:
client_secret_basic
according to OAuth2 using the HTTP Basic authentication scheme.client_secret_post
according to OAuth2 by including the Client Credentials (client_id
andclient_secret
) in the request body.
Info
In order to use private_key_jwt
the merchant must send a request to BankID support with a public key to verify the signature as a JSON Web Key Set (JWKS).
Read more about the requirements here.