URL Management and Authentication
Is there a rate limit?
You are only allowed to call authentication once per minute (from the same IP). The limit for the requests are set for 2 requests per second.
For your implementation, please consider:
Cache JWT token
Don’t run test scripts against our API
Don’t poll our endpoints to check for state changes
Is it possible to generate a new URL for the same process?
Yes, a new call with the same extId resets the process and generates a new URL.
Can the URL of the identity process only be retrieved via this POST interface?
Yes
Can the URL be redisplayed with the GET functions?
No
Do you provide a long living accessToken?
for security reasons we don’t provide a long living accessToken, but a long living one time token (14 days) and as soon as the process is started by the customer, he gets an accessToken (valid 4 hours) to complete the process. As soon as the user clicks on the link 3 times, he is redirected to the errorUrl on the 4th call
What is the expected renewal process for the authentication token?
Automated renewal process based on the expiry time.
Is there a way to retrieve the data after data retention?
There is no possibility.
Last updated