Client authenticationΒΆ
Relying Parties (RP) must authenticate with BankID for server-to-server calls such as the token and introspect endpoints.
Among the standardized authentication methods the following is recommended:
private_key_jwtin accordance with standards. Read more about this method.
We also support:
client_secret_basicaccording to OAuth2 using the HTTP Basic authentication scheme.client_secret_postaccording to OAuth2 by including the Client Credentials (client_idandclient_secret) in the request body.
Info
In order to use private_key_jwt the merchant must send a request to BankID support with a public key to verify the signature as a JSON Web Key Set (JWKS).
Read more about the requirements here.