PhenixID DocumentationPhenixID Authentication ServicesSolutionsDeveloper integration guidesUsing PhenixID HTTP API for session verification (get userID and authentication method)

Using PhenixID HTTP API for session verification (get userID and authentication method)


To use the API, one method is called. It will return:

- HTTP Status code 200 if session is still valid. Authentication method (auth_method) and user ID (userid) will be returned.

- HTTP Status code 403 if session is not valid.  


- PhenixID Authentication Services HTTP API configured

Verify session - data to be fetched before api call

The api client must fetch this value:

- access_token

 How this parameter is fetched may differ depending on the use case:

- Query string parameter

- Cookie value

- Previous api method response value

Verify session - api call


Method: HTTP PUT

Endpoint: /api/authentication/verifyUser


Name Value
Mandatory Comment
Content-Type application/json Yes
tenant t1 Yes .Value must be given to you by PhenixID Authentication Services admin, it might differ depending on the environment.
Authorization <basic_auth_value> No If applicable, username and password must be given to you by PhenixID Signing Service admin.


The body must contains a json structure.


Json structure properties:

Name Value Mandatory Comment
access_token <access_token> Yes Access token passed by PhenixID Authentication Services in previous flow (not described here)

Example request (Please note that authorization data is not included in this example).


PUT /api/authentication/verifyUser HTTP/1.1
Content-Type: application/json
tenant: t1
Cache-Control: no-cache
{ "access_token":"bcad1335-96b8-445b-826f-51a63622c741" }



The HTTP Response status code may have one of these values:

1. 200. Session is valid. Body will contain user data.

2. 403. Session is not valid - user must re-authenticate.


The response body JSON structure properties: 

Name Possible values Comment
auth_method bankid

The authentication method the user authenticated with.
As of today, auth_method will contain either telia or bankid.

The userid of the user. As of today this will contain the personal number of the user.

Example response:

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 390010
    "auth_method": "bankid",
    "userid": "bclarke"