Authentication
Learn how to obtain an authToken to authenticate with IDnow
The IDnow DocIDV API uses JWT-based authentication. You authenticate once per session using your API key and receive an authToken that must be included in all subsequent requests.
Endpoint
POST /api/v1/{customer}/login
Authenticate with your API key to receive a session token.
Path parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
customer | string | Yes | Your company identifier (also called Shortname) |
Request
Request Parameters
{
"apiKey": "<your-api-key>"
}
Response
{
"authToken": "<jwt-token>"
}
Example request
curl -X POST "https://gateway.idnow.de/api/v1/your-company/login" \
-H "Content-Type: application/json" \
-d '{"apiKey": "<your-api-key>"}'
Error Responses
| Status | Cause |
|---|---|
401 Unauthorized | Invalid API key, or wrong Customer/Shortname |
403 Forbidden | Account suspended or insufficient permissions |
A 401 is returned for both an incorrect API key and an incorrect Customer/Shortname. Verify both values if you receive this error.
Make an API request
Include the token in the X-API-LOGIN-TOKEN header for all subsequent API requests:
curl -X GET "https://gateway.idnow.de/api/v1/your-company/identifications/12345" \
-H "X-API-LOGIN-TOKEN: <your-auth-token>"
Token Expiration
The JWT is invalidated server-side if it has not been used for at least 60 minutes. If you call the API with an expired token you will receive a 401 Unauthorized response and must authenticate again.
Your server must call the API — never expose your API key or authToken in client-side code.