Bank iD Support

Version: 1.0 modified on 28.11.2022

The goal of this document is to help Service Providers with getting support from Bank iD. In order to solve problems with Bank iD services as quickly and smoothly as possible, we need the right information to identify the problem. The speed of processing and the quality of help is directly dependent on the data provided by the ticket submitter. You can find support in the Helpdesk tab after logging into Bank iD Developer Portal.

To enter the ticket correctly, you need to fill out the form with the following items:

  • Associated app - if you have more than one application, you need to specify which application is affected by the problem
  • Associated Organization - it may help us track down the problem faster if we know
  • Ticket title - e.g. "user cannot authenticate" or "endpoint /profile does not respond to IdP XYZ"
  • Ticket description - here you need to describe the problem in detail, it is important to supply identifiers that come from responses from Bank iD, not from your internal systems. We recommend identifiers such as traceId, txn, sub.
  • TraceID - Bank iD inserts a traceId into each http header, we recommend logging this parameter, it will help us to identify a specific API call as quickly as possible. If you have a traceId longer than 128 bits (16 characters), it does not come from Bank iD and it's useless to us.
  • Request - if you have an incorrect request, state it here
  • Response - if you have an incorrect response, state it here
  • The date the problem occured
  • Exact time
  • Attachments - for example, if you have any additional files, e.g. uploaded *.har file, additional logs, etc.. you can put them in the ticket, just please use 7zip or zip

Example of response http header when calling /auth endpoint with traceId included:

HTTP/1.1 200
Date: Mon, 28 Nov 2022 16:01:36 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Access-Control-Expose-Headers: traceId
traceId: 4819cea128c50a8c

If the same error occurs in several cases of the same issue or problem, do not make duplicate requests, but rather write the data for individual cases in the body of the ticket, or insert it as an attachment

User sub - clearly identifies the user - we are unable to trace the user based on personal data, e.g. first and last name.

Bank iD tries to return a meaningful callback for most errors and it is up to the Service Provider to ensure adequate error handling on its side. List of the most common error codes from the /auth endpoint:

  • access_denied - the user either did not authenticate (e.g. forgot password, nickname, etc.) or did not confirm the transfer of personal data (changed his mind at the last moment)
  • eid_doesnt_exist - the bank identity service for the given bank and the given end user is not active, it can be for several reasons: it does not meet the conditions for issuing a means of electronic identification, it has deliberately turned off the service or it has not gone to a branch to physically identified
  • insufficient_scope - the user does not meet the conditions for the provision of the service, e.g. he is unauthorized or lacks essential data in the IdP for the provision of the service
  • server_error - an error occurred on the server side, either on the IdP or Bank iD side

If you do not receive a callback, it is an error in the bank's mobile app or internet banking, or a wrong setting on the user's side, so attach a screenshot of the application or the mobile app, verification may fail, for example, due to the lack of security method settings on the part of the user (two-factor authentication turned off in the internet banking settings).

Recommended scope of data for audit records

For audit records, we recommend logging the complete payload from the response endpoints /userinfo and /profile, where there are personal data and other parameters on the basis of which it is possible to uniquely identify the transaction, e.g. sub and txn. As mentioned above, the traceId from the header is also suitable for auditing.