Identity Enrollment Package Submission API
This tutorial describes how to use the IdExchange API to send an enrollment package to be used in the identity proofing process necessary to issue a hardware credential. . The {{IdExchangeServer}} placeholder should be replaced with id.cyberarmed.com
Tools:
In this example, the Postman tool can be used to provide an example of how the API calls are structured. However, any code platform capable of making REST calls will work.
Sequence
The enrollment system calls the IDMS GetSponsoredUsers endpoint supplying a Last Name, Organization Code, or External ID to get a list of users that have been sponsored and waiting for enrollment services.
The IDMS responds back with a list of users that are waiting for enrollment services. Importantly, the list of records will include the OrganizationAffiliation value for each user. This value will be used by the enrollment system for step 3.
The enrollment system performs the identity enrollment processes and the submits the enrollment package using the OrganizationAffiliation that was retrieved in step 2.
The IDMS will respond to the enrollment system with the customer ID.
Authentication
The API requires a digital certificate for authentication. When the certificate is verified, the API will return a Java Web Token (JWT) that can be used for subsequent calls.
API Endpoint: https://{{IdExchangeServer}}:444/WebApi/Token
Body: grant_type=password
Response:
User Lookup
Step 1: User Lookup
Before the enrollment takes place, the a request for an identity enrollment will be placed for a given user. To locate the users that are to be enrolled, the enrollment client will executed a search using the following end point.
API Endpoint: https://{{IdExchangeServer}}:444/WebApi/api/2/GetSponsoredUsersi/2/GetSponsoredUsersapi/2/GetSponsoredUsers
The following search parameters can be used to target the search
Parameter | Description |
|---|---|
externalId | The unique ID key information from the originating source used to reference the ID in the originating source. |
lastName | Last name of the user |
firstName | First name of the user |
OrganizationCode | The organization code for the user |
FourDigitYearOfDob | The last four year digit of the applicant’s birthday |
Sample JSON:
{
"LastName": "NextGenIdTester",
"FirstName":"TED",
"FourDigitYearOfDob":"1992",
"OrganizationCode":"4700",
"ExternalId":"1000004213"
}If successful, the call will return with a list of users that meet the criteria. *Important: The organizationAffiliation value is the identifying key for the applicant. When submitting the enrollment package, the organizationAffiliation value will also be submitted to accurately associate the user with the enrollment.
Step 2: Submit the Enrollment Package.
In this step, the user’s biographic and biometric data will be submitted using the EBTS format. .
API Endpoint: https://{{IdExchangeServer}}:444/WebApi/api/2/EnrollmentSubmission
Parameters
Parameter | Description |
|---|---|
externalId | This is the organizationAffiliation value that was retrieved for the user in step one. |
EbtsEnrollmentPackage | The EBTS JSON record that is base64 encoded and zipped. |
transactionType | The type of capture |
userCredentialPolicyKey | The policy key for a given user. |
Sample JSON:
{
"externalId": "91518687268685",
"EbtsEnrollmentPackage": "EBTSRECORD",
"transactionType": "LIVECPT",
"userCredentialPolicyKey": "Obert"
}
Response
A successful response will provide the unique key for the enrollment.
"Credential request successfully created. UserId [1000012543]"