Manage your keys
The Business Portal lets you create new API access keys and edit the details of your API access - some of these features may not be enabled for all customers.
Creating a new product
Create a new product by clicking the Add Product button on the right side of the screen.
Give your product a name, then click the button to save your changes. You'll be returned to the Manage tab with your new product details shown.
When shown to a miiCard member, your product name will be suffixed by your business' name if they differ. For example:
- A business called 'My Business' with a product called 'My Business' will show to the miiCard member as 'My Business'
- A business called 'My Business' with a product called 'My Product' will show to the miiCard member as 'My Product (My Business)'
View and configure your API key
Expand the API Details section by clicking on it. Here you'll find functional details of your API access.
|Internal notes||Notes purely for your own use that describe the API key configuration or how it's used in your application.|
|Consumer key and secret||These are you API access credentials that you will use to configure one of our API wrapper libraries and make authorised calls to the miiCard API.|
|Short code||A four-character prefix to any affiliate code that we assign to you. This is used only for customers with affiliate agreements in place, and can be changed up until the first affiliate code is assigned to your application.|
|2-Step Verification||Controls whether the miiCard member will be forced to perform a 2-step verification before they can share their identity with your application. See the notes below for more information.|
|Allow Skip Claims Picker||If checked, miiCard members will be logged straight into your application rather than needing to re-confirm their shared data so long as they have an existing relationship with you. See the Authorisation Workflow page for more information.|
|Transactional||If checked, your API is configured for transactional use and the paid-for transactional features of the miiCard API are enabled. See the notes below for more information.|
|Transactional Approved||If checked, miiCard has signed off your transactional use of the API and it is now live and operating within the terms of your commercial agreement.|
When you are finished configuring your API key, click the Save API Details button.
Configuring 2-step verification
When enabled, the miiCard member will be forced to perform a 2-step verification process each time they share their identity with your application via the Authorisation Workflow.
Even if the box is not ticked, the miiCard member will be made to perform 2-step verification if:
- Your product is marked as transactional
- The miiCard member has to make a change to their profile to share data with your application; for example, if they do not yet meet identity assurance requirements, or you've requested information that is not verified as part of their profile
- This is the first time the miiCard member has shared their identity with your application, or your product configuration has changed since the last time they shared their identity
- The miiCard member has configured their security settings to require a 2-step verification on every share of their identity, or on every login
When the Transactional box is ticked, your product will be configured to take audited snapshots of a miiCard member's shared identity data each time they go through the Authorisation Workflow. Until miiCard signs off your application for transactional use, which involves signing a commercial agreement, only users marked as testers will be able to proceed through the Authorisation Workflow for your application.
When your account has been signed off for transactional support, details of your commercial agreement will also appear under the Transactional checkboxes.
|Free identity recheck period||This is the period of time after a chargeable snapshot is made of a miiCard member's identity that you can send them back through the Authorisation Workflow without being charged again|
|API access period||This is the period of time after a chargeable snapshot is made of a miiCard member's identity that you can access non-transactional, live identity data for the miiCard member via the non-transactional API methods|
Configuring data to be requested from a member
On the Manage tab, expand the Claims section to see the set of information that will be requested from a miiCard member as part of the Authorisation Workflow.
New products are given a default set of information to be requested - you can change this as required.
- Click Add Claim to create a new row so that you can request additional information from a member
- Choose the data to be shared from the drop-downs in the Attribute column
- Delete rows using the Delete button
- Mark data that absolutely must be shared as mandatory - see the notes below
A miiCard member's full name is always shared and cannot be removed from the set of required data attributes.
When you are finished configuring your set of identity data, click the Save Claims button.
miiCard recommends that you request only data that your application actually needs to function - smaller sets of requested data make it more likely a miiCard member will complete the Authorisation Workflow and go on to share their identity with your site.
Marking attributes as mandatory
If a miiCard member does not have verified data for an attribute marked as mandatory as part of their profile, and cannot add that information as part of the Authorisation Workflow, they will be unable to proceed through the Authorisation Workflow for your application.
The following attributes can be added during the Authorisation Workflow:
- Phone number
- Email address
- Postal address
- Date of birth
In addition, seeing lots of mandatory data to be shared may put miiCard members off sharing that information with your application if it isn't obvious why you would require it. Be sparing when specifying mandatory attributes.