No-ID

How it works

From a national eID to a certified result

No-ID verifies a person with their government-issued electronic ID and the issuing authority's PKI, proves they hold the real card, then issues a credential so future sign-ins are a tap away.

  1. 1

    eID enrollment

    The user taps or scans their government-issued electronic ID. No-ID reads the X.509 certificates stored on the card's secure chip.

  2. 2

    Verify the issuing authority's certificate chain

    No-ID validates the credential's certificate chain up to the issuing authority's trusted root and checks revocation in real time via OCSP/CRL — confirming the document is genuine and active.

  3. 3

    Proof of possession

    The card signs a one-time challenge with the private key on its chip. Only the real holder, with the physical eID, can produce a valid signature.

  4. 4

    Create an app / device credential

    On success, No-ID binds a credential to the user's app or device — a WebAuthn passkey or an app-bound private key.

  5. 5

    Frictionless future auth

    From then on, the user authenticates with that passkey or app-bound key. The eID is only needed again for a Level 2 step-up.

What goes into a verification

Independent, government-backed checks combine into a single certified verdict.

Authority certificate chain

The eID's certificates are validated up to the issuing authority's trusted root, confirming a genuine, government-issued document.

Real-time revocation

OCSP/CRL checks confirm the certificate hasn't been revoked or expired at the moment of verification.

Proof of possession

A card-signed challenge proves the user physically holds the genuine eID — not just its data.

Two levels of assurance

Verify once, then choose how much assurance each action needs.

Level 1

Device session

After enrollment, the user signs in with a passkey or app-bound private key stored on their device. Fast, and no eID needed — ideal for routine access.

Level 2

eID re-verification

For sensitive actions, No-ID forces a fresh eID check with a new proof-of-possession challenge — the highest assurance that the real person is present.

Integration

Enrollment over REST, sign-in over WebAuthn

Enroll users with their national eID through our REST API, then authenticate them with standard WebAuthn passkeys or an app-bound private key.

  • REST API for enrollment, standard WebAuthn for sign-in
  • API-key authentication over HTTPS
  • Webhooks for enrollment and step-up results
# 1. Start enrollment — get a challenge for the eID to sign
POST /v1/enroll
{ "country": "PE", "national_id": "12345678" }
→ { "enrollment_id": "enr_8a1c...", "challenge": "b64u_x9..." }

# 2. Complete — submit the eID certificate + signed challenge
POST /v1/enroll/enr_8a1c.../complete
{ "eid_certificate": "<x509>", "challenge_signature": "<sig>" }
→ {
  "verified": true,
  "assurance_level": 2,
  "credential_id": "cred_3f2c..."
}

# 3. Future sign-in (Level 1) — WebAuthn / passkey assertion
POST /v1/auth
{ "credential_id": "cred_3f2c...", "assertion": "<webauthn>" }
→ { "verified": true, "assurance_level": 1 }

See it in your own stack.

Get an API key and run your first eID enrollment in minutes.