Skip to content

Commit 3a6c6a5

Browse files
committed
docs: improve readability across rest-api-guide pages
- Fix typos (Aynchronous, Calssic) - Use VitePress callout containers (tip/warning/danger/info/details) - Add subheadings and phase groupings to dense sections - Simplify wide tables and extract recommendations into callouts - Break long paragraphs into structured bullet points - Add collapsible sections for error codes and footnotes - Standardize emphasis patterns across all pages
1 parent d2c69c5 commit 3a6c6a5

9 files changed

Lines changed: 167 additions & 220 deletions

.github/copilot-instructions.md

Lines changed: 0 additions & 112 deletions
This file was deleted.

docs/rest-api-guide/app-provider-client-integration.md

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,12 @@ Before using the Swisscom Mobile ID web service, some initial provisioning steps
88

99
1. **The Mobile ID customer (your company) has an agreement with Swisscom:**
1010
- **Connectivity** (Internet or LAN-I) between the **AP** and **Mobile ID** has been established.
11-
- The AP’s public source IP address (or range) must be whitelisted in the **Swisscom Firewall**.
1211
- The customer has delivered the **X.509 client certificate** to Swisscom (see [Create X509 Client Certificates](/rest-api-guide/create-client-certs.md)).
1312

13+
::: warning Firewall Whitelisting
14+
The AP’s public source IP address (or range) must be whitelisted in the **Swisscom Firewall**. Contact Swisscom to request whitelisting.
15+
:::
16+
1417
2. **The Mobile ID customer receives from Swisscom:**
1518
- An **AP_ID** (Application Provider Identifier) value.
1619
- A **DataToBeDisplayed (DTBD) Prefix** value:
@@ -85,8 +88,10 @@ A certificate-based mutual authentication when accessing the Mobile ID web servi
8588
- The Enhanced Key Usage value of client certificates must include Client Authentication (`1.3.6.1.5.5.7.3.2`).
8689
- See **[Create X509 Client Certificates](/rest-api-guide/create-client-certs.md)** for examples of creating self-signed certificates.
8790

88-
- All requests to the Mobile ID service must originate only from servers that you control.
89-
- Never send requests directly from client-side code such as mobile apps or JavaScript, as this may compromise your credentials.
91+
::: danger
92+
All requests to the Mobile ID service must originate only from servers that you control.
93+
Never send requests directly from client-side code such as mobile apps or JavaScript, as this may compromise your credentials.
94+
:::
9095

9196
- To validate the chain of trust for the Mobile ID server certificate:
9297
- Add the SwissSign Gold CA – G2 root certificate to your client TrustStore.

docs/rest-api-guide/auto-activation.md

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,25 @@
11
# Auto Activation
22
## Introduction
3-
Auto Activation is an optional feature for APs, which can greatly improve the user experience for Mobile ID SIM authentications. It is applicable for SIM authentication only and this Auto Activation feature is not relevant for Mobile ID App authentications.
43

5-
Usually, a brand new Mobile ID SIM card must be activated just once on the MyMobileID Portal. With this Mobile ID activation process, the user can set their personal Mobile ID PIN (Set & Confirm PIN) and it will create the required signing key on the SIM card. After that, the SIM card is ready to be used for Mobile ID authentications.
4+
Auto Activation is an optional feature for Application Providers (APs) that can greatly improve the user experience for Mobile ID SIM authentications.
65

7-
Auto Activation is an optional feature that is disabled by default but can be enabled per Application Provider. If enabled, a Signature Request to a user with an inactive Mobile ID SIM (which means the user did not yet set their personal Mobile ID PIN) will invoke an implicit activation process during the ongoing signature transaction.
6+
- **Applicable to**: SIM authentication only (not relevant for Mobile ID App authentications).
7+
- **Default state**: Disabled by default, but can be enabled per Application Provider.
88

9-
So, the Auto Activation will achieve both a successful Mobile ID activation and a successful authentication (Signature Response) at the same time! From now on, that user will be Mobile ID active.
9+
### How it works
1010

11-
From AP perspective, the user will just have a successful authentication and there is no difference whether the user was auto-activated (during the authentication transaction) or not.
11+
Usually, a brand new Mobile ID SIM card must be activated once on the MyMobileID Portal. During this activation, the user sets their personal Mobile ID PIN and a signing key is created on the SIM card.
1212

13+
With Auto Activation enabled, a Signature Request to a user with an **inactive** Mobile ID SIM will invoke an implicit activation process during the ongoing signature transaction. This achieves:
14+
15+
- A successful Mobile ID activation **and**
16+
- A successful authentication (Signature Response) at the same time
17+
18+
From the AP perspective, the user simply has a successful authentication -- there is no difference whether the user was auto-activated during the transaction or not.
19+
20+
::: tip
1321
Auto Activation feature can successfully prevent a fault sub-code 404 (this fault code means that the user did not yet activate their Mobile ID SIM card) which can happen when an AP attempts to do a Mobile ID authentication with a user that has an inactive Mobile ID SIM card.
22+
:::
1423

1524
## How to implement this feature
1625
To enable the Auto Activation feature for an Application Provider (AP), the AP must ensure that the user has accepted the Mobile ID specific terms & conditions prior to proceeding with the auto activation steps.
@@ -25,13 +34,13 @@ From a user perspective, the steps displayed on the mobile device look very simi
2534

2635
![auto-activation-user-perspective](/img/auto-activation-user-perspective.png)
2736

28-
Note that in case of a successful auto activation, the Mobile ID server sends a Text SMS to the user, to remind the user to create a Mobile ID recovery code [<sup id="a24">24</sup>](#24).
29-
30-
**References**
31-
32-
**Footnotes**
37+
::: info
38+
In case of a successful auto activation, the Mobile ID server sends a Text SMS to the user, to remind the user to create a Mobile ID recovery code [<sup id="a24">24</sup>](#24).
39+
:::
3340

41+
::: details References and Footnotes
3442
24. <span id="24"></span> Each time a user completes the Mobile ID activation process, they will receive a code that enables them to recover Mobile ID and maintain their existing pairings to service providers, if you lose your phone, change SIM cards or switch to an e-SIM card. See https://mobileid.ch/recovery [](#a17)
43+
:::
3544

3645

3746

docs/rest-api-guide/best-practices.md

Lines changed: 9 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -45,19 +45,12 @@ When constructing an MSS Signature request, the following best-practice guidelin
4545
**Example DTBD:**
4646
> `Bank ACME: Proceed with the login? (TXN-3D5K)`
4747
48-
---
49-
50-
**Footnotes**
51-
48+
::: details Footnotes
5249
17. <span id="17"></span> Type of the AP_TransID is xsd:NCName, refer to http://www.datypic.com/sc/xsd/t-xsd_NCName.html [](#a17)
53-
5450
18. <span id="17"></span> http://www.w3.org/TR/xmlschema-2/#dateTime [](#a17)
55-
5651
19. <span id="17"></span> http://en.wikipedia.org/wiki/UTF-8 [](#a17)
57-
5852
20. <span id="17"></span> In mobile telephony GSM 03.38 is the standard character set used in short message service. [](#a17)
59-
60-
---
53+
:::
6154

6255
### Signature Response
6356

@@ -85,11 +78,10 @@ The key validation aspects are as follows:
8578
5. **Implement Proper Fault and Status Handling**
8679
- Handle all status and fault codes using structured exception handling logic to ensure stable, predictable behavior of the client application.
8780

88-
---
89-
90-
**Important Note:**
81+
::: warning Important
9182
Certificate revocation checks are not recommended.
9283
Mobile ID user certificates are never revoked individually — the Mobile ID service backend manages account validity and state directly.
84+
:::
9385

9486

9587
### Signature Concurrency Control
@@ -134,10 +126,13 @@ cn=midcheptod58qe59:pn,serialnumber=midcheptod58qe59,pseudonym=midcheptod58qe59
134126

135127
For highest level of assurance and a truly strong two-factor-authentication process, an AP should store this value at the first signature and then verify every subsequent signature response if that serial number value still matches.
136128

129+
::: warning
137130
If the value does not match anymore, it means that the user re-activated their account without a valid recovery option. In such case (serial number mismatch) the 2nd factor (knowledge/inherence) is not assured.
131+
:::
138132

139133
## Timeout Value
140134

135+
::: info Recommended Timeout Values
141136
Use the reference values below to set an appropriate transaction timeout:
142137

143138
| MSS Operation | Transaction Timeout | Client Connection Timeout |
@@ -148,6 +143,8 @@ Use the reference values below to set an appropriate transaction timeout:
148143
| MSS Receipt | - | 90 seconds |
149144
| MSS Profile Query | - | 10 seconds |
150145

146+
:::
147+
151148
## Mobile ID FAQ
152149

153150
Please visit [https://mobileid.ch/en/faq](https://mobileid.ch/en/faq) for a list of frequently asked questions about Mobile ID

docs/rest-api-guide/create-client-certs.md

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,16 @@
22

33
Below are examples how to create a self-signed certificate with OpenSSL and Java Keytool.
44

5-
Remarks:
5+
::: info Remarks
66
- Use any meaningful value for the distinguished name (CN/O/C values).
77
- Use SHA-256 as shown below.
88
- Validity can be set to 3 or 5 years. However, the validity is never checked by Mobile ID.
99
- The examples create a self-signed certificate (easy to make, no cost).
1010
- The client certificate's Enhanced Key Usage must include Client Authentication (OID 1.3.6.1.5.5.7.3.2).
11-
- Provide the resulting `mycert.crt` file to Swisscom and keep your private key / keystore files (`*.jks`, `*.p12`, `*.jks`) securely stored.
11+
:::
12+
::: warning
13+
Provide the resulting `mycert.crt` file to Swisscom and keep your private key / keystore files (`*.jks`, `*.p12`, `*.key`) securely stored. Never share your private key.
14+
:::
1215

1316
## OpenSSL
1417

@@ -57,5 +60,7 @@ $ keytool -genkey -alias <alias-name> -keyalg RSA -keysize 4096 -validity 1825 \
5760

5861
$ keytool -export -alias <alias-name> -keystore mycert.jks -file mycert.crt
5962
```
60-
Tip: If your JDK supports it, add an Extended Key Usage for client auth during key generation (syntax depends on JDK version), e.g. -ext "ExtendedKeyUsage=clientAuth". Otherwise, you can generate a CSR with keytool and self-sign it with OpenSSL using the ext.cnf shown above.
63+
::: tip
64+
If your JDK supports it, add an Extended Key Usage for client auth during key generation (syntax depends on JDK version), e.g. `-ext "ExtendedKeyUsage=clientAuth"`. Otherwise, you can generate a CSR with keytool and self-sign it with OpenSSL using the ext.cnf shown above.
65+
:::
6166

docs/rest-api-guide/health-status.md

Lines changed: 9 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,18 @@
11
# Health Status Service
22

3-
The Mobile ID Health Status Service is a microservice where you can retrieve health state details about the MobileID authentication service. The health state is based on real end-to-end authentication tests that are checked every few minutes. It's free of charge!
3+
The Mobile ID Health Status Service is a microservice for retrieving health state details about the MobileID authentication service.
44

5-
For more information, please visit https://digital.swisscom.com/products/mobile-id
6-
7-
## Active Probing
8-
9-
Retrieve a detailed health state about the Mobile ID authentication service. The scope of the health status service includes different telecommunications providers, IP+ and LAN-i endpoints and the geofencing service.
10-
11-
The health status service is free of charge!
5+
- **Based on**: Real end-to-end authentication tests, checked every few minutes
6+
- **Scope**: Different telecommunications providers, IP+ and LAN-i endpoints, and the geofencing service
7+
- **Cost**: Free of charge
128

13-
## Real End-To-End Testing
14-
15-
Our health status is based on real end-to-end Mobile ID tests that are responded by special robotic equipment at different physical locations.
16-
17-
## MobileID Telecommunications Providers
18-
19-
Checks include Mobile ID SIM cards from Swisscom, Sunrise, Salt.
9+
For more information, please visit https://digital.swisscom.com/products/mobile-id
2010

21-
## MobileID App
11+
## What is Monitored
2212

23-
Checks include the Mobile ID mobile application.
13+
- **Telecommunications Providers**: Mobile ID SIM cards from Swisscom, Sunrise, Salt
14+
- **Mobile ID App**: The Mobile ID mobile application
15+
- **End-to-end tests**: Real Mobile ID tests responded by special robotic equipment at different physical locations
2416

2517
## Health Status Levels
2618

0 commit comments

Comments
 (0)