Bearer Token Integration Guide

Upon application registration, you will immediately have access to the application details page which will list the client_id and client_secret needed to configure your OAuth client.

Overview

ID.me White Label Verification uses Bearer Token Authorization to provide authorized access to its API. Requests to retrieve user data require an bearer_token that is used to authorize access to ID.me's REST API. This token is unique to a partner and should be stored securely. Contact partnersupport@id.me to generate a bearer token.

Environments

ID.me provides two separate environments for integration. Both will be set up for you as needed and credentials provided to you.


Enviorment Domain Description
Sandbox https://services.idmelabs.com Sandbox was designed for for development, connectivity and user-acceptance testing. With test credentials you can use this end point to test various scenarios. Please note that test credentials are separate from our production environment and can only be used within Sandbox.
Production https://services.id.me Used for production-level integration. Only real credentials can be used (no test credentials). Credentials separate from sandbox environment.

Authentication

API authentication works using a shared secret key thats generated using a strong cryptographic algorithm. Please make sure this key is kept safe. To successfully authenticate, the shared secret needs to be Base64 encoded and passed as an "Authorization" header, along with the "ID.me" prefix:


Bearer Token Example
Authorization: ID.me MThjYmRhNjgtZjJiNi00ZTU5LTgyYzYtNjY0OWIyOWU1ZDVj\n