CAB API

This page contains information for CABs onboarding employees via the CAB API. For general support, please see our SERMI FAQ page.

API specification

CABs can find our full CAB API specification at docs.digidentity.com.

CAB Onboarding

CAB onboarding can begin in Digidentity's pre-production environment as soon as a mutual NDA has been signed between the CAB and Digidentity. Once this is complete, an internal request will be made to our Implementation team to provide the following details:

• OAuth client credentials (client_id, client_secret, API key, and scope)
• A CABUID for the pre-production environment

These will be sent securely via email to the CAB's elected technical contact.

Employee onboarding flow

Below is a diagram of the API requests required to onboard an employee via the SERMI CAB API:

sequenceDiagram
    participant USR as Employee
    participant CFE as CAB<br>frontend
    participant CBO as CAB<br>backoffice
    participant CBE as CAB<br>backend
    participant DBE as Digidentity<br>backend

    loop Once per day
        CBE ->>+ DBE: Request application token (1)
        DBE ->>- CBE: Application token
    end

    CBO -->> CBE: Start entity creation
    CBE ->>+ DBE: Create entity (2)
    DBE ->>- CBE: Entity details
    CBO -->> CBE: Start employee creation
    CBE ->>+ DBE: Create employee (3)
    DBE ->>- CBE: Employee details and<br>certificate creation URL
    CBE -->> CFE: Present URL as QR code
    CBO -->> CBE: Approve/revoke<br>employee authorisation
    CBE ->>+ DBE: Update employee<br>authorisation (4)
    DBE ->>- CBE: Authorisation state
    USR -->> CFE: Scan QR code
    USR -->> USR: Enter PIN in<br>Digidentity app

---

• (1) /oauth2/token.json
• (2) /sermi/io or /sermi/rss
• (3) /sermi/ioe or /sermi/rsse
• (4) /sermi/ioe/authorization or /sermi/rsse/authorization

Certificate reset flow

Below is a diagram of the API requests required to reset an employee's certificate via the SERMI CAB API:

sequenceDiagram
    participant USR as Employee
    participant CFE as CAB<br>frontend
    participant CBO as CAB<br>backoffice
    participant CBE as CAB<br>backend
    participant DBE as Digidentity<br>backend

    loop Once per day
        CBE ->>+ DBE: Request application token (1)
        DBE ->>- CBE: Application token
    end

    CBO -->> CBE: Start certificate reset
    CBE ->>+ DBE: Reset certificate (2)
    DBE ->>- CBE: Employee details and<br>certificate creation URL
    CBE -->> CFE: Present URL as QR code
    USR -->> CFE: Scan QR code
    USR -->> USR: Enter PIN in<br>Digidentity app

---

• (1) /oauth2/token.json
• (2) /sermi/ioe/reset_certificate or /sermi/rsse/reset_certificate