Getting started
The No-ID API verifies that a real person is who they claim to be using a government-issued electronic ID. The flow is: start an enrollment to get a challenge, have the eID sign it, complete the enrollment (we validate the certificate against the issuing authority's PKI and check revocation), then authenticate the user with a passkey on future visits. All requests use HTTPS and exchange JSON.
The base URL for all examples is https://api.no-id.example/v1.
Authentication
Authenticate every request with your secret API key in the Authorization header. Keep this key on your server — never expose it in client code.
Authorization: Bearer <your_api_key>Start enrollment
Begin enrollment for a citizen, specifying their country and national ID number. The response returns a one-time challenge for the eID to sign, proving possession of the physical card.
POST /v1/enroll
Authorization: Bearer <your_api_key>
Content-Type: application/json
{ "country": "PE", "national_id": "12345678" }
→ 201 Created
{
"enrollment_id": "enr_8a1c...",
"challenge": "b64u_x9..."
}Complete enrollment
Submit the eID's X.509 certificate and the signed challenge. No-ID validates the certificate chain up to the issuing authority, checks OCSP/CRL revocation, and — on success — issues a device credential and a certified result.
POST /v1/enroll/enr_8a1c.../complete
Authorization: Bearer <your_api_key>
{
"eid_certificate": "<base64 X.509>",
"challenge_signature": "<base64 signature>"
}
→ 200 OK
{
"id": "ver_5d7a...",
"status": "completed",
"verified": true,
"is_real_person": true,
"assurance_level": 2,
"credential_id": "cred_3f2c...",
"certificate_id": "noid_cert_7Hk2..."
}Authenticate (Level 1)
On future visits, authenticate the user with a WebAuthn passkey or app-bound key — no eID required. For a Level 2 step-up, run enrollment again to force a fresh eID check.
POST /v1/auth
Authorization: Bearer <your_api_key>
{
"credential_id": "cred_3f2c...",
"assertion": "<webauthn assertion>"
}
→ 200 OK
{
"verified": true,
"assurance_level": 1
}Response fields
| Field | Type | Description |
|---|---|---|
| id | string | Unique identifier for the verification or enrollment. |
| status | string | pending, completed, or expired. |
| verified | boolean | Whether the eID was validated and possession proven. |
| is_real_person | boolean | Whether a genuine cardholder completed the check. |
| assurance_level | number | 1 for a passkey session, 2 for a fresh eID verification. |
| credential_id | string | The passkey / app-bound credential bound to the device. |
| certificate_id | string | Reference to the stored certificate of verification. |
Errors
No-ID uses standard HTTP status codes. Error responses include a JSON body with a machine-readable code and a human-readable message.
| Status | Meaning |
|---|---|
| 401 | Unauthorized — missing or invalid API key. |
| 404 | Not found — the enrollment or credential id does not exist. |
| 409 | Conflict — the enrollment is still pending. |
| 422 | Unprocessable — the eID certificate is invalid, expired, or revoked (per the issuing authority/OCSP). |
| 429 | Too many requests — you have hit a rate limit. |