Developer Documentation

MID API Documentation

Everything you need to integrate passwordless authentication and digital identity verification into your applications.

99.99%

Uptime SLA

<50ms

Avg Latency

18M+

Users

500+

Enterprise Clients

Base URL & Authentication

All API requests should be made to the following base URL:

Base URL

https://api.mobid.io/v1

Authenticate using your API key in the X-Mobid-Key header:

Authenticated Request

curl -X GET 'https://api.mobid.io/v1/health' \
  -H 'X-Mobid-Key: qk_your_api_key_here'

⚠

Keep your keys secure

Never expose API keys in client-side code or public repositories. Use environment variables and server-side proxying.

Quick Start Guide

Get up and running in minutes:

Create an Account

Get API Keys

Navigate to the API Keys section and generate your credentials.

Make Your First API Call

Test your connection

curl -X GET 'https://api.mobid.io/v1/health' \
  -H 'X-Mobid-Key: qk_your_api_key'

Build Your Integration

Follow our detailed guides for authentication, consent management, and digital mandates.

API Reference

Explore the complete API across these categories:

Consent Sessions

Core

Create and manage user consent flows

View docs

FIDO / WebAuthn

Auth

Passwordless authentication with FIDO2

View docs

Identity Verification

Identity

Document and biometric verification

View docs

Digital Signatures

Signing

Electronic document signing

View docs

Authentication

Auth

API keys, tokens, and auth flows

View docs

Billing & Usage

Billing

Track usage and manage invoices

View docs

SDK Examples

JavaScript — Create consent session

const response = await fetch('https://api.mobid.io/v1/service/consents/search', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Mobid-Key': process.env.MID_API_KEY
  },
  body: JSON.stringify({
    recipient: '+1234567890',
    purpose: 'identity_verification',
    scope: ['name', 'email', 'phone']
  })
});

const session = await response.json();
console.log('Consent session:', session.data);

Webhook Events

Configure webhook endpoints in your dashboard to receive real-time notifications:

Event	Description
consent.created	A new consent session was created
consent.approved	User approved the consent request
consent.rejected	User rejected the consent request
consent.expired	Consent session expired without response
auth.login	User authenticated successfully
auth.failed	Authentication attempt failed
identity.verified	Identity verification completed
mandate.signed	Digital mandate was signed

Rate Limits

Plan	Requests/min	Requests/day	Burst
Free	60	1,000	10 req/sec
Basic	300	50,000	50 req/sec
Growth	1,000	500,000	100 req/sec
Enterprise	Custom	Unlimited	Custom

ℹ

Rate limit headers

Every response includes X-RateLimit-Remaining and X-RateLimit-Reset headers. Implement exponential backoff when you receive a 429 response.

Error Handling

MID uses conventional HTTP response codes. Codes in the 2xx range indicate success. 4xx indicate client errors. 5xx indicate server errors (rare).

Status	Meaning
200	OK — Everything worked as expected
400	Bad Request — Missing required parameter
401	Unauthorized — Invalid API key
403	Forbidden — Insufficient permissions
404	Not Found — Resource doesn't exist
429	Too Many Requests — Rate limit exceeded
500	Server Error — Something went wrong on our end

Error response format

{
  "code": "invalid_parameter",
  "message": "The 'recipient' field is required",
  "data": null
}

Security Best Practices

Use HTTPS Only

All API communication must use TLS 1.2 or higher.

Rotate Keys Regularly

Regenerate API keys periodically and revoke unused keys.

Validate Webhooks

Verify webhook signatures using your webhook secret.

Least Privilege

Use scoped API keys with minimal required permissions.

Monitor Usage

Set up alerts for unusual API usage patterns.

Server-Side Only

Never expose API keys in client-side JavaScript.