Become a Service Provider

How to Integrate the eID Function

To integrate the eID function into your product or offer, the following steps are necessary:

1. Connection to an eID server

The most important component for a successful integration of the eID function is the technical connection to the eID infrastructure, i.e. the connection to an eID server. There are three options available to you here:

a) You use an identification service: In this variant, an external provider takes over the identification of your customers. Such an identification service provider is already connected to the eID infrastructure, is authorized to read data from the ID card and transmits it to you and your service after the identification process. A suitable identification service provider, both for the eID function and for on-site reading, is for example AusweisIDent. You can find more information about AusweisIDent here.

Advantages

• Fast and easy connection (usually via a web service)
• You do not need to apply for and purchase your own authorization certificate, which enables you to read ID card data, because the certificate is issued to the identification service provider
• No costs for the necessary operating infrastructure
• Usually worthwhile for low transaction numbers

b) You use an eID service: In this case, you use the existing eID server of a service provider. This service provider also supports you with the technical connection and helps you to ensure reliable and secure communication between your integration and the eID server. You can find a list of eID service providers here.

One task that falls to you with this variant is to apply for an authorization certificate from the Federal Office of Administration and to acquire the necessary technical certificates from a trust center. You can find out how to do this here.

Advantages

• Quick and easy integration
• The authorization certificate is issued to your company, making your own brand visible during online identification
• No costs for the necessary operating infrastructure
• Usually pays off with higher transaction numbers

c) You operate your own eID server: Here you can use products available on the market or develop your own server, whereby all hardware and software modules must comply with the specifications of the technical guidelines of BSI. This is therefore an on-premise solution that is only worthwhile for high transaction numbers due to higher investment costs.

A list of eID server providers can be found here. With this option, you also have the task of applying for an authorization certificate at the Federal Office of Administration - including the acquisition costs of the necessary technical certificate, issued by a trust center.

2. Application for an authorization certificate

As mentioned in the section above on connecting to an eID server, in certain cases you will need an authorization certificate for reading ID card data, which must be applied for at the Federal Administration Office. If you decide to use an eID service or operate your own eID server, you can find out how to apply for such a certificate here.

3. Integration of AusweisApp

AusweisApp is a so-called client software and has the task of establishing a secure connection between the ID card and the eID server, so that the server - with permission from the authorization certificate - can read the required data from the ID card.

You can integrate AusweisApp into your offering in two different ways:

1. When integrating the eID function into an online portal or website, AusweisApp is called up via a special link. The app must be installed free of charge on the end user's own device.
2. If your product has its own app, you have the option of integrating the eID function directly into this app using the AusweisApp SDK. You can find more information about our SDK here.

Important note: The integration of AusweisApp will remain unsuccessful if the connection to the eID infrastructure is missing. The most important component for a successful integration of the eID function is the connection to an eID server (see above).

Notes on Integration: On-site Readout

The same requirements must be met for the integration of on-site readout as for the integration of the eID function:

1. Connection to an eID server via an identification service, an eID service or by operating your own eID server.
2. Application for an authorization certificate (if the connection is not made via an identification service)
3. Integration of AusweisApp

Detailed information on these steps can be found at the top of the page.

For you as a service provider, it becomes clear that not only an integration of AusweisApp is necessary, but in particular the connection to an eID server or an identification service. This connection is essential for checking authorization certificates and blacklists.

This is because a technical authorization certificate is required for every electronic service that can be used with the eID, which enables the mutual authentication of user and provider. The blacklist ensures that a blocked eID card technically prevents authentication of the person using it. Both elements are checked by the eID server.