Changelog - Criipto Documentation

Introducing Personalausweis and batch signatories

Thursday, February 20, 2025

German Personalausweis

Authentication via Criipto Verify now supports the German national identity card Personalausweis. This means that you can now electronically authenticate users in Germany quickly and easily.

You can read more about the Personalausweis on the German government Personalausweis portal. If you are interested in testing it out for yourself, read our documentation on Personalausweis to get started.

Batch signatories for signatures

As a step towards enabling interacting with large batches of signature orders, we have introduced a feature for batching signatories across one of more signature orders. A batch signatory can then be used to invoke a single action and have it performed automatically across every signatory.

As batch signatories can be used to sign multiple, different signature orders at once, some requirements exist. A more detailed explanation, and interactive tour, can be found at the batch signatory guide page.

Signatory UI settings and webhook signing

Saturday, January 25, 2025

Signatory UI settings

Historically signature UI settings for users have been configured globally on the signature order.

This had some drawbacks, as users might reside in different countries and prefer different languages.

It is now possible to also define UI settings on a per signatory basis, See example

Webhook signing

Until now, there was no way to validate the authenticity of a signature webhook at the time of the request.

We relied on the fact that webhooks contained no actual data, but only identifiers, allowing clients to query our API based on the data in the webhook. This ensured that only authenticated clients could access signature data.

However, it was brought to our attention that an attacker could use the webhook to increase the number of requests a well-behaving client would have to make to our API, potentially triggering rate limits.

To address this, we introduced the option to configure a webhook secret, which adds an HMAC-SHA256 signature to each signature webhook invocation.

You can read more about configuring and validating webhook secrets and also try it out in our webhook tester.

MitID Controlled Transfer

Friday, October 4, 2024

Authentication via Criipto Verify now supports starting a session for MitID Controlled Transfer.

MitID Controlled Transfer lets you perform cross-broker SSO, that is, transfering an authenticated MitID user from one service provider to another, without requiring the other service provider to reauthenticate the user.

This is useful for cases where shared data services may require a valid MitID authentication to serve data for the user, but you do not wish to trigger authentication twice for the user.

Read the guide on how to implement Controlled Transfer