API Versions¶

The BankID APIs are versioned. This means that we can introduce new features and improvements without breaking existing implementations.

The BankID APIs are versioned using a simple integer. The version used is included in all tokens as api_ver from version 2.

We are continuously improving our APIs and adding new features. Please ensure that you are using the latest and most secure version of our APIs.

Default version¶

The default version of the BankID APIs is 1.

We recommend that you always use the latest version of the BankID APIs which is currently 3.

All versions contain all the changes from previous versions.

Version	Changes
1	Initial version of the BankID APIs. No backwards incompatible changes.
2	- Added custom `api_ver` claim to tokens.
	- Changed `amr` claim from a String to an array of Strings. E.g. from "BID" to `["bid"]` for compliance with OIDC specification.
3	- Uses an ECDSA signing key with a full certificate chain to sign all tokens. Make sure your system can handle validation of these signatures and certificates.
	- `acr_values` parameter of the authorize endpoint supports multiple ACR values (space-separated) for compliance with OIDC specification.
	- `token_type` value has been capitalized to `Bearer` in token response. (Note: OAuth2 specification states this to be case-insensitive).
4 (Work In Progress)	- Breaking `response_type` is required as a query parameter in the authorize request when using request objects for compliance with OIDC specification.
	- Breaking Specifying nnin in an unencrypted query param login_hint is deprecated. Use encrypted response object instead.

Tip

You can also make a request to support to set the default version for your OIDC Client, without the need to include it in the authorize request.

To enable a new version you need to include the version in the authorize request using:

api_version=[version]

Example:

GET [authorize_url]?client_id=myclient-bankid-prod&scope=openid&api_version=2