You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: improve readability across rest-api-guide pages
- Fix typos (Aynchronous, Calssic)
- Use VitePress callout containers (tip/warning/danger/info/details)
- Add subheadings and phase groupings to dense sections
- Simplify wide tables and extract recommendations into callouts
- Break long paragraphs into structured bullet points
- Add collapsible sections for error codes and footnotes
- Standardize emphasis patterns across all pages
Copy file name to clipboardExpand all lines: docs/rest-api-guide/app-provider-client-integration.md
+8-3Lines changed: 8 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,9 +8,12 @@ Before using the Swisscom Mobile ID web service, some initial provisioning steps
8
8
9
9
1.**The Mobile ID customer (your company) has an agreement with Swisscom:**
10
10
-**Connectivity** (Internet or LAN-I) between the **AP** and **Mobile ID** has been established.
11
-
- The AP’s public source IP address (or range) must be whitelisted in the **Swisscom Firewall**.
12
11
- The customer has delivered the **X.509 client certificate** to Swisscom (see [Create X509 Client Certificates](/rest-api-guide/create-client-certs.md)).
13
12
13
+
::: warning Firewall Whitelisting
14
+
The AP’s public source IP address (or range) must be whitelisted in the **Swisscom Firewall**. Contact Swisscom to request whitelisting.
15
+
:::
16
+
14
17
2.**The Mobile ID customer receives from Swisscom:**
15
18
- An **AP_ID** (Application Provider Identifier) value.
16
19
- A **DataToBeDisplayed (DTBD) Prefix** value:
@@ -85,8 +88,10 @@ A certificate-based mutual authentication when accessing the Mobile ID web servi
85
88
- The Enhanced Key Usage value of client certificates must include Client Authentication (`1.3.6.1.5.5.7.3.2`).
86
89
- See **[Create X509 Client Certificates](/rest-api-guide/create-client-certs.md)** for examples of creating self-signed certificates.
87
90
88
-
- All requests to the Mobile ID service must originate only from servers that you control.
89
-
- Never send requests directly from client-side code such as mobile apps or JavaScript, as this may compromise your credentials.
91
+
::: danger
92
+
All requests to the Mobile ID service must originate only from servers that you control.
93
+
Never send requests directly from client-side code such as mobile apps or JavaScript, as this may compromise your credentials.
94
+
:::
90
95
91
96
- To validate the chain of trust for the Mobile ID server certificate:
92
97
- Add the SwissSign Gold CA – G2 root certificate to your client TrustStore.
Copy file name to clipboardExpand all lines: docs/rest-api-guide/auto-activation.md
+19-10Lines changed: 19 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,16 +1,25 @@
1
1
# Auto Activation
2
2
## Introduction
3
-
Auto Activation is an optional feature for APs, which can greatly improve the user experience for Mobile ID SIM authentications. It is applicable for SIM authentication only and this Auto Activation feature is not relevant for Mobile ID App authentications.
4
3
5
-
Usually, a brand new Mobile ID SIM card must be activated just once on the MyMobileID Portal. With this Mobile ID activation process, the user can set their personal Mobile ID PIN (Set & Confirm PIN) and it will create the required signing key on the SIM card. After that, the SIM card is ready to be used for Mobile ID authentications.
4
+
Auto Activation is an optional feature for Application Providers (APs) that can greatly improve the user experience for Mobile ID SIM authentications.
6
5
7
-
Auto Activation is an optional feature that is disabled by default but can be enabled per Application Provider. If enabled, a Signature Request to a user with an inactive Mobile ID SIM (which means the user did not yet set their personal Mobile ID PIN) will invoke an implicit activation process during the ongoing signature transaction.
6
+
-**Applicable to**: SIM authentication only (not relevant for Mobile ID App authentications).
7
+
-**Default state**: Disabled by default, but can be enabled per Application Provider.
8
8
9
-
So, the Auto Activation will achieve both a successful Mobile ID activation and a successful authentication (Signature Response) at the same time! From now on, that user will be Mobile ID active.
9
+
### How it works
10
10
11
-
From AP perspective, the user will just have a successful authentication and there is no difference whether the user was auto-activated (during the authentication transaction) or not.
11
+
Usually, a brand new Mobile ID SIM card must be activated once on the MyMobileID Portal. During this activation, the user sets their personal Mobile ID PIN and a signing key is created on the SIM card.
12
12
13
+
With Auto Activation enabled, a Signature Request to a user with an **inactive** Mobile ID SIM will invoke an implicit activation process during the ongoing signature transaction. This achieves:
14
+
15
+
- A successful Mobile ID activation **and**
16
+
- A successful authentication (Signature Response) at the same time
17
+
18
+
From the AP perspective, the user simply has a successful authentication -- there is no difference whether the user was auto-activated during the transaction or not.
19
+
20
+
::: tip
13
21
Auto Activation feature can successfully prevent a fault sub-code 404 (this fault code means that the user did not yet activate their Mobile ID SIM card) which can happen when an AP attempts to do a Mobile ID authentication with a user that has an inactive Mobile ID SIM card.
22
+
:::
14
23
15
24
## How to implement this feature
16
25
To enable the Auto Activation feature for an Application Provider (AP), the AP must ensure that the user has accepted the Mobile ID specific terms & conditions prior to proceeding with the auto activation steps.
@@ -25,13 +34,13 @@ From a user perspective, the steps displayed on the mobile device look very simi
Note that in case of a successful auto activation, the Mobile ID server sends a Text SMS to the user, to remind the user to create a Mobile ID recovery code [<supid="a24">24</sup>](#24).
29
-
30
-
**References**
31
-
32
-
**Footnotes**
37
+
::: info
38
+
In case of a successful auto activation, the Mobile ID server sends a Text SMS to the user, to remind the user to create a Mobile ID recovery code [<supid="a24">24</sup>](#24).
39
+
:::
33
40
41
+
::: details References and Footnotes
34
42
24. <spanid="24"></span> Each time a user completes the Mobile ID activation process, they will receive a code that enables them to recover Mobile ID and maintain their existing pairings to service providers, if you lose your phone, change SIM cards or switch to an e-SIM card. See https://mobileid.ch/recovery[↩](#a17)
For highest level of assurance and a truly strong two-factor-authentication process, an AP should store this value at the first signature and then verify every subsequent signature response if that serial number value still matches.
136
128
129
+
::: warning
137
130
If the value does not match anymore, it means that the user re-activated their account without a valid recovery option. In such case (serial number mismatch) the 2nd factor (knowledge/inherence) is not assured.
131
+
:::
138
132
139
133
## Timeout Value
140
134
135
+
::: info Recommended Timeout Values
141
136
Use the reference values below to set an appropriate transaction timeout:
Copy file name to clipboardExpand all lines: docs/rest-api-guide/create-client-certs.md
+8-3Lines changed: 8 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,13 +2,16 @@
2
2
3
3
Below are examples how to create a self-signed certificate with OpenSSL and Java Keytool.
4
4
5
-
Remarks:
5
+
::: info Remarks
6
6
- Use any meaningful value for the distinguished name (CN/O/C values).
7
7
- Use SHA-256 as shown below.
8
8
- Validity can be set to 3 or 5 years. However, the validity is never checked by Mobile ID.
9
9
- The examples create a self-signed certificate (easy to make, no cost).
10
10
- The client certificate's Enhanced Key Usage must include Client Authentication (OID 1.3.6.1.5.5.7.3.2).
11
-
- Provide the resulting `mycert.crt` file to Swisscom and keep your private key / keystore files (`*.jks`, `*.p12`, `*.jks`) securely stored.
11
+
:::
12
+
::: warning
13
+
Provide the resulting `mycert.crt` file to Swisscom and keep your private key / keystore files (`*.jks`, `*.p12`, `*.key`) securely stored. Never share your private key.
Tip: If your JDK supports it, add an Extended Key Usage for client auth during key generation (syntax depends on JDK version), e.g. -ext "ExtendedKeyUsage=clientAuth". Otherwise, you can generate a CSR with keytool and self-sign it with OpenSSL using the ext.cnf shown above.
63
+
::: tip
64
+
If your JDK supports it, add an Extended Key Usage for client auth during key generation (syntax depends on JDK version), e.g. `-ext "ExtendedKeyUsage=clientAuth"`. Otherwise, you can generate a CSR with keytool and self-sign it with OpenSSL using the ext.cnf shown above.
Copy file name to clipboardExpand all lines: docs/rest-api-guide/health-status.md
+9-17Lines changed: 9 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,26 +1,18 @@
1
1
# Health Status Service
2
2
3
-
The Mobile ID Health Status Service is a microservice where you can retrieve health state details about the MobileID authentication service. The health state is based on real end-to-end authentication tests that are checked every few minutes. It's free of charge!
3
+
The Mobile ID Health Status Service is a microservice for retrieving health state details about the MobileID authentication service.
4
4
5
-
For more information, please visit https://digital.swisscom.com/products/mobile-id
6
-
7
-
## Active Probing
8
-
9
-
Retrieve a detailed health state about the Mobile ID authentication service. The scope of the health status service includes different telecommunications providers, IP+ and LAN-i endpoints and the geofencing service.
10
-
11
-
The health status service is free of charge!
5
+
-**Based on**: Real end-to-end authentication tests, checked every few minutes
6
+
-**Scope**: Different telecommunications providers, IP+ and LAN-i endpoints, and the geofencing service
7
+
-**Cost**: Free of charge
12
8
13
-
## Real End-To-End Testing
14
-
15
-
Our health status is based on real end-to-end Mobile ID tests that are responded by special robotic equipment at different physical locations.
16
-
17
-
## MobileID Telecommunications Providers
18
-
19
-
Checks include Mobile ID SIM cards from Swisscom, Sunrise, Salt.
9
+
For more information, please visit https://digital.swisscom.com/products/mobile-id
20
10
21
-
## MobileID App
11
+
## What is Monitored
22
12
23
-
Checks include the Mobile ID mobile application.
13
+
-**Telecommunications Providers**: Mobile ID SIM cards from Swisscom, Sunrise, Salt
14
+
-**Mobile ID App**: The Mobile ID mobile application
15
+
-**End-to-end tests**: Real Mobile ID tests responded by special robotic equipment at different physical locations
0 commit comments