Client authentication

Relaying Parties (RP) must authenticate with BankID for server-to-server calls such as the token and introspect endpoints.

Among the standardized authentication methods the following is recommended:

• private_key_jwt in accordance with standards. Read more about this method.

We also support:

• client_secret_basic according to OAuth2 using the HTTP Basic authentication scheme.
• client_secret_post according to OAuth2 by including the Client Credentials (client_id and client_secret) in the request body.

Info

In order to use private_key_jwt the merchant must send a request to BankID support with a public key to verify the signature as a JSON Web Key Set (JWKS).

Read more about the requirements here.