How it works
From a national eID to a certified result
No-ID verifies a person with their government-issued electronic ID and the issuing authority's PKI, proves they hold the real card, then issues a credential so future sign-ins are a tap away.
- 1
eID enrollment
The user taps or scans their government-issued electronic ID. No-ID reads the X.509 certificates stored on the card's secure chip.
- 2
Verify the issuing authority's certificate chain
No-ID validates the credential's certificate chain up to the issuing authority's trusted root and checks revocation in real time via OCSP/CRL — confirming the document is genuine and active.
- 3
Proof of possession
The card signs a one-time challenge with the private key on its chip. Only the real holder, with the physical eID, can produce a valid signature.
- 4
Create an app / device credential
On success, No-ID binds a credential to the user's app or device — a WebAuthn passkey or an app-bound private key.
- 5
Frictionless future auth
From then on, the user authenticates with that passkey or app-bound key. The eID is only needed again for a Level 2 step-up.
What goes into a verification
Independent, government-backed checks combine into a single certified verdict.
Authority certificate chain
The eID's certificates are validated up to the issuing authority's trusted root, confirming a genuine, government-issued document.
Real-time revocation
OCSP/CRL checks confirm the certificate hasn't been revoked or expired at the moment of verification.
Proof of possession
A card-signed challenge proves the user physically holds the genuine eID — not just its data.
Two levels of assurance
Verify once, then choose how much assurance each action needs.
Level 1
Device session
After enrollment, the user signs in with a passkey or app-bound private key stored on their device. Fast, and no eID needed — ideal for routine access.
Level 2
eID re-verification
For sensitive actions, No-ID forces a fresh eID check with a new proof-of-possession challenge — the highest assurance that the real person is present.
Integration
Enrollment over REST, sign-in over WebAuthn
Enroll users with their national eID through our REST API, then authenticate them with standard WebAuthn passkeys or an app-bound private key.
- REST API for enrollment, standard WebAuthn for sign-in
- API-key authentication over HTTPS
- Webhooks for enrollment and step-up results
# 1. Start enrollment — get a challenge for the eID to sign
POST /v1/enroll
{ "country": "PE", "national_id": "12345678" }
→ { "enrollment_id": "enr_8a1c...", "challenge": "b64u_x9..." }
# 2. Complete — submit the eID certificate + signed challenge
POST /v1/enroll/enr_8a1c.../complete
{ "eid_certificate": "<x509>", "challenge_signature": "<sig>" }
→ {
"verified": true,
"assurance_level": 2,
"credential_id": "cred_3f2c..."
}
# 3. Future sign-in (Level 1) — WebAuthn / passkey assertion
POST /v1/auth
{ "credential_id": "cred_3f2c...", "assertion": "<webauthn>" }
→ { "verified": true, "assurance_level": 1 }See it in your own stack.
Get an API key and run your first eID enrollment in minutes.