Skip to main content

Authentication

Learn how to obtain an authToken to authenticate with IDnow

The IDnow DocIDV API uses JWT-based authentication. You authenticate once per session using your API key and receive an authToken that must be included in all subsequent requests.

Endpoint

POST /api/v1/{customer}/login

Authenticate with your API key to receive a session token.

Path parameters

ParameterTypeRequiredDescription
customerstringYesYour company identifier (also called Shortname)

Request

Request Parameters

{
"apiKey": "<your-api-key>"
}

Response

{
"authToken": "<jwt-token>"
}

Example request

curl -X POST "https://gateway.idnow.de/api/v1/your-company/login" \
-H "Content-Type: application/json" \
-d '{"apiKey": "<your-api-key>"}'

Error Responses

StatusCause
401 UnauthorizedInvalid API key, or wrong Customer/Shortname
403 ForbiddenAccount suspended or insufficient permissions
tip

A 401 is returned for both an incorrect API key and an incorrect Customer/Shortname. Verify both values if you receive this error.


Make an API request

Include the token in the X-API-LOGIN-TOKEN header for all subsequent API requests:

curl -X GET "https://gateway.idnow.de/api/v1/your-company/identifications/12345" \
-H "X-API-LOGIN-TOKEN: <your-auth-token>"

Token Expiration

The JWT is invalidated server-side if it has not been used for at least 60 minutes. If you call the API with an expired token you will receive a 401 Unauthorized response and must authenticate again.

caution

Your server must call the API — never expose your API key or authToken in client-side code.