ID.me White Label Verification uses
Bearer Token Authorization
to provide authorized access to its API.
Requests to retrieve user data require an
that is used to authorize access to ID.me's REST API. This token is unique to a partner and should be stored securely. Contact firstname.lastname@example.org to generate a bearer token.
ID.me provides two separate environments for integration. Both will be set up for you as needed and credentials provided to you.
|Sandbox||https://services.idmelabs.com||Sandbox was designed for for development, connectivity and user-acceptance testing. With test credentials you can use this end point to test various scenarios. Please note that test credentials are separate from our production environment and can only be used within Sandbox.|
|Production||https://services.id.me||Used for production-level integration. Only real credentials can be used (no test credentials). Credentials separate from sandbox environment.|
API authentication works using a shared secret key thats generated using a strong cryptographic algorithm. Please make sure this key is kept safe. To successfully authenticate, the shared secret needs to be Base64 encoded and passed as an "Authorization" header, along with the "ID.me" prefix:
|Bearer Token Example|
|Authorization: ID.me MThjYmRhNjgtZjJiNi00ZTU5LTgyYzYtNjY0OWIyOWU1ZDVj\n|
|First Responders||Responder ID|
The typical flow begins at one of our partner websites, where an end user may see an ID.me verification button during registration or in the checkout flow.