CAB API
This page contains information for CABs onboarding employees via the CAB API. For general support, please see our SERMI FAQ page.
API specification¶
CABs can find our full CAB API specification at docs.digidentity.com.
CAB Onboarding¶
CAB onboarding can begin in Digidentity's pre-production environment as soon as a mutual NDA has been signed between the CAB and Digidentity. Once this is complete, an internal request will be made to our Implementation team to provide the following details:
- OAuth client credentials (client_id, client_secret, API key, and scope)
- A CABUID for the pre-production environment
These will be sent securely via email to the CAB's elected technical contact.
Employee onboarding flow¶
Below is a diagram of the API requests required to onboard an employee via the SERMI CAB API:
sequenceDiagram
participant USR as Employee
participant CFE as CAB<br>frontend
participant CBO as CAB<br>backoffice
participant CBE as CAB<br>backend
participant DBE as Digidentity<br>backend
loop Once per day
CBE ->>+ DBE: Request application token (1)
DBE ->>- CBE: Application token
end
CBO -->> CBE: Start entity creation
CBE ->>+ DBE: Create entity (2)
DBE ->>- CBE: Entity details
CBO -->> CBE: Start employee creation
CBE ->>+ DBE: Create employee (3)
DBE ->>- CBE: Employee details and<br>certificate creation URL
CBE -->> CFE: Present URL as QR code
CBO -->> CBE: Approve/revoke<br>employee authorisation
CBE ->>+ DBE: Update employee<br>authorisation (4)
DBE ->>- CBE: Authorisation state
USR -->> CFE: Scan QR code
USR -->> USR: Enter PIN in<br>Digidentity app
- (1) /oauth2/token.json
- (2) /sermi/io or /sermi/rss
- (3) /sermi/ioe or /sermi/rsse
- (4) /sermi/ioe/authorization or /sermi/rsse/authorization
Certificate reset flow¶
Below is a diagram of the API requests required to reset an employee's certificate via the SERMI CAB API:
sequenceDiagram
participant USR as Employee
participant CFE as CAB<br>frontend
participant CBO as CAB<br>backoffice
participant CBE as CAB<br>backend
participant DBE as Digidentity<br>backend
loop Once per day
CBE ->>+ DBE: Request application token (1)
DBE ->>- CBE: Application token
end
CBO -->> CBE: Start certificate reset
CBE ->>+ DBE: Reset certificate (2)
DBE ->>- CBE: Employee details and<br>certificate creation URL
CBE -->> CFE: Present URL as QR code
USR -->> CFE: Scan QR code
USR -->> USR: Enter PIN in<br>Digidentity app