URL Management and authentication

Is there a rate limit?

You are only allowed to call authentication once per minute (from the same IP).

The rate limit for all other endpoints is set to two requests per minute.

For your implementation, please consider:

Cache JWT token
Don’t run test scripts against our API
Don’t poll our endpoints to check for state changes

We want to IP-Allowlist fidentity Callbacks: Which IPs does fidentity use for Stage and Prod environment?

Stage

ch-bgs-brn-1    194.88.197.87        # until Summer 2026
ch-bgs-brn-1    194.88.197.44        # since January 2026

Production

ch-bgs-brn-1    194.88.197.87
ch-bgs-brn-1    193.5.124.32        # from 01.06.2026
ch-exo-gva-2   185.19.31.125       # from 01.06.2026
ch-exo-dk-2    159.100.248.56      # from 01.06.2026

Is it possible to generate a new URL for the same process?

Yes, a new call with the same extId resets the process and generates a new URL.

Can the URL of the identity process only be retrieved via this POST interface?

Yes

Can the GET functions redisplay the URL?

Do you provide a long living accessToken?

For security reasons, we don’t provide a long living accessToken, but a long living one time token (14 days). And as soon as the process is started by the customer, he gets an accessToken (valid four hours) to complete the process. As soon as the user clicks on the link three times, he is redirected to the errorUrl on the fourth call.

What is the expected renewal process for the authentication token?

Automated renewal process based on the expiry time.

Is there a way to retrieve the data after data retention?

Last updated 1 month ago