Resending Verification Codes during Onboarding

The TAG ID Onboarding API has been updated to allow for resending verification codes, without generating new codes. There are two parts of this API:

1. For clients that access an onboarding Neuron®, the /ID/SendVerificationMessage.ws resource has been updated to allow for resending codes, by providing an Resend property in the request. If set to true, the resource will resend any existing code to the registered components, otherwise an error will be returned.

2. For clients using the Agent API, a new resource is available, permitting the resending of verification codes: /Agent/Account/ResendVerificationCodes.

Onboarding API

The /ID/SendVerificationMessage.ws now accepts payload having the following format:

{
	Nr:Optional(Str(PNr like "\\+[1-9]\\d+")),
	EMail:Optional(Str(PEMail like "[\\w\\d](\\w|\\d|[_\\.-][\\w\\d])*@(\\w|\\d|[\\.-][\\w\\d]+)+")),
	AppName:Optional(Str(PAppName)),
	Language:Optional(Str(PLanguage)),
	Resend:Optional(Bool(PResend))
}

If the Resend property is available, and is true, the method will resend any existing code to the existing number or e-mail address provided. It is not possible to send an existing code to a new number or e-mail address.

Agent API

The Agent API (from build 2025-06-02) now has a new resource: /Agent/Account/ResendVerificationCodes. This resource allows for the resending of verification codes for the account currently being created. In order to access it, the JSON Web Token (JWT) provided in the response when creating the resource must be provided. The caller also needs to provide the phone number and/or e-mail address to which codes should be resent.

Security Notice: It is not possible to resend codes for accounts, numbers or e-mail addresses that have been verified. You can only resend codes for accounts still pending verification. This includes partially verified accounts. If the phone number has been verified, but the e-mail address has not, or vice versa, you can resend the code for the unverified part, but not for the verified part. Attempting to resend codes that have been verified, will be flagged, and repetetive calls to resend codes for verified accounts, numbers or addresses may result in the temporary and then permanent blocking of the endpoint making the call.

#new, #api, #onboarding, #id

IP Location Information during Onboarding

The Onboarding API has been updated to provide some additional IP Location information during onboarding, to help clients prefill fields in ID applications.

When calling the https://id.tagroot.io/ID/CountryCode.ws web service (using POST, and Accept header set to application/json), the following information will now be available in the response:

{
    "RemoteEndPoint": string,
    "CountryCode": string,
    "PhoneCode": string,
    "Country": string,
    "Region": string,
    "City": string,
    "Latitude": double,
    "Longitude": double
}

The IP Location information is provided by IP2Location.

Note: The information provided in the response may be incorrect, so users will need to verify the information provided, before including it in any ID applications.

#new, #api, #onboarding, #id

Configuring alternative onboarding Neuron

As of build 2024-01-16 configuring the Onboarding Neuron® has been refactored. Articles earlier written on the subject (which have now been updated accordingly) include:

• Customizing ID Onboarding process
• Neuro Access onboarding
• Validation of onboarding

Purposes of Onboarding Neuron®

The purposes of hosting an Onboarding Neuron® include:

• Acting as the first contact point for a client application (such as a digital ID), helping the client to find a suitable service provider hosting their own Neuron®.
• Validating e-mail and phone numbers.
• Sending validation messages via e-mail and SMS.

Configuring Onboarding Domain

You now configure the domain name of the Onboarding Neuron® under the Notarius Electronicus menu (previous versions had a Neuro-Access button under the Software menu, which has been removed):

Clicking on this menu item opens a simple dialog where you enter the domain name of the Onboarding Neuron® you want to use:

#onboarding, #neuron, #id, #documentation, #neuro-access

Neuro-Access onboarding

A new service allows for the automated approval of simple Neuro-Access digital identities on Neurons, where the service is installed.

Some more information
Package	TAG.NeuroAccessOnboarding.package
Installation key	eCcfYJJTV4r/SQWsYK2wo/2aHCBp+ZuvrdaUOeTp0Sa2oz5CuCqbteKkUoHX1XXeNSppMqY+49WA17bcceb2e763824b855eb832a996a598
Configuring Service	See Configuring alternative onboarding Neuron /NeuroAccess/Settings.md on the Neuron® on which the service is installed.
More information	https://github.com/Trust-Anchor-Group/NeuroAccessOnboarding

You can also access the service from the Admin menu, by pressing the Neuro-Access button:

Configuration of the Onboarding Neuron®, used by this service, has been moved to the Neuron® itself. See the article Configuring alternative onboarding Neuron for more information.

Onboarding process

During the onboarding process, the user validates its e-mail address and phone number with an onboarding Neuron®, who directs the app to the most suitable host for the Neuro-Access account. If the user chooses to create a simple Neuro-Access digital identity (i.e. only containing the phone number and e-mail address provided) the digital identity can be automatically approved, if the host Neuron® is able to validate the information with the onboarding Neuron. This service performs this task: It registers an Identity Authenticator with the Neuron®, which authenticates such simple Neuro-Access digital identities with the onboarding Neuron®, and approves the applications automatically, if the information matches the information validated during the onboarding process.

Configuration page

The configuration page for the service is very simply. All you need to do is provide the domain name of the onboarding Neuron® used. By default, the TAG ID Onboarding Neuron® will be selected.

Configuration of the Onboarding Neuron®, used by this service, has been moved to the Neuron® itself. See the article Configuring alternative onboarding Neuron for more information.

#new, #features, #neuro-access, #onboarding, #id, #service

Validation of onboarding

The TAG Onboarding API has been updated with a resource for validating the onboarding procedure from a remote Neuron®. A summary of the onboarding procedure has been:

1. The client connects to the onboarding Neuron®, and presents its e-mail address and phone number, to get them validated.

2. Once the information has been validated, the client is presented with a remote Neuron® best suited to host an account for the client.

3. The client connects to the remote Neuron® and creates an account.

4. The client applies for a Legal ID on the remote Neuron®.

This onboarding procedure has now been appended with the following step:

5. The remote Neuron® can now validate with the onboarding Neuron® if the e-mail address and phone number information provided in the Legal ID applications are in-fact the same as provided and validated by the onboarding Neuron®. This is done by calling the new ValidateOnboarding.ws web service.

6. If the client only applies for a simple Neuro-Access identity (i.e. an identity containing an identifier together with only the e-mail address and phone number, and no other personal identifiable information), the remote Neuron® can now automatically approve the application, if the onboarding Neuron® confirms the information provided.

#new, #features, #onboarding, #api