To integrate the eID function into your product or offer, the following steps are necessary:
1. Connection to an eID server
The most important component for a successful integration of the eID function is the technical connection to the eID infrastructure, i.e. the connection to an eID server. There are three options available to you here:
a) You use an identification service: In this variant, an external provider takes over the identification of your customers. Such an identification service provider is already connected to the eID infrastructure, is authorized to read data from the ID card and transmits it to you and your service after the identification process. A suitable identification service provider, both for the eID function and for on-site reading, is for example AusweisIDent. You can find more information about AusweisIDent here.
- Fast and easy connection (usually via a web service)
- You do not need to apply for and purchase your own authorization certificate, which enables you to read ID card data, because the certificate is issued to the identification service provider
- No costs for the necessary operating infrastructure
- Usually worthwhile for low transaction numbers
b) You use an eID service: In this case, you use the existing eID server of a service provider. This service provider also supports you with the technical connection and helps you to ensure reliable and secure communication between your integration and the eID server. You can find a list of eID service providers here.
One task that falls to you with this variant is to apply for an authorization certificate from the Federal Office of Administration and to acquire the necessary technical certificates from a trust center. You can find out how to do this here.
c) You operate your own eID server: Here you can use products available on the market or develop your own server, whereby all hardware and software modules must comply with the specifications of the technical guidelines of BSI. This is therefore an on-premise solution that is only worthwhile for high transaction numbers due to higher investment costs.
A list of eID server providers can be found here. With this option, you also have the task of applying for an authorization certificate at the Federal Office of Administration - including the acquisition costs of the necessary technical certificate, issued by a trust center.
2. Application for an authorization certificate
As mentioned in the section above on connecting to an eID server, in certain cases you will need an authorization certificate for reading ID card data, which must be applied for at the Federal Administration Office. If you decide to use an eID service or operate your own eID server, you can find out how to apply for such a certificate here.
3. Integration of AusweisApp2
AusweisApp2 is a so-called client software and has the task of establishing a secure connection between the ID card and the eID server, so that the server - with permission from the authorization certificate - can read the required data from the ID card.
You can integrate AusweisApp2 into your offering in two different ways:
- When integrating the eID function into an online portal or website, AusweisApp2 is called up via a special link. The app must be installed free of charge on the end user's own device.
- If your product has its own app, you have the option of integrating the eID function directly into this app using the AusweisApp2 SDK. You can find more information about our SDK here.
Important note: The integration of AusweisApp2 will remain unsuccessful if the connection to the eID infrastructure is missing. The most important component for a successful integration of the eID function is the connection to an eID server (see above).
The same requirements must be met for the integration of on-site readout as for the integration of the eID function:
- Connection to an eID server via an identification service, an eID service or by operating your own eID server.
- Application for an authorization certificate (if the connection is not made via an identification service)
- Integration of AusweisApp2
Detailed information on these steps can be found at the top of the page.
For you as a service provider, it becomes clear that not only an integration of AusweisApp2 is necessary, but in particular the connection to an eID server or an identification service. This connection is essential for checking authorization certificates and blacklists.
This is because a technical authorization certificate is required for every electronic service that can be used with the eID, which enables the mutual authentication of user and provider. The blacklist ensures that a blocked eID card technically prevents authentication of the person using it. Both elements are checked by the eID server.
The eID service is a software-as-a-service (SaaS) offering and you use the existing eID server of a service provider. This service provider also supports you with the technical connection of your services, enables quick and easy integration and takes care of system updates as well as the necessary measures for the operating environment and hardware procurements.
Operating your own eID server is an on-premise solution that is only worthwhile for high transaction numbers due to higher investment costs. If you decide to have your own eID server, you can use products available on the market or develop your own server, whereby the latter involves considerable effort and know-how.