URL Management and authentication
Is there a rate limit?
You are only allowed to call authentication once per minute (from the same IP). The limit for the requests are set for two requests per second.
For your implementation, please consider:
Cache JWT token
Don’t run test scripts against our API
Don’t poll our endpoints to check for state changes
Is it possible to generate a new URL for the same process?
Yes, a new call with the same extId resets the process and generates a new URL.
Can the URL of the identity process only be retrieved via this POST interface?
Yes
Can the GET functions redisplay the URL?
No
Do you provide a long living accessToken?
For security reasons, we don’t provide a long living accessToken, but a long living one time token (14 days). And as soon as the process is started by the customer, he gets an accessToken (valid four hours) to complete the process. As soon as the user clicks on the link three times, he is redirected to the errorUrl on the fourth call.
What is the expected renewal process for the authentication token?
Automated renewal process based on the expiry time.
Is there a way to retrieve the data after data retention?
No
Last updated