This page will help you get started with CSC 2QR (two QR code based flow) API.

Integration checklist

  1. API credentials are required:
  • client_id
  • client_secret
  • account_id (for generating account_token)
  1. Base ZealiD (“Hermes”) backend URL is required:
  1. Separate ZealiD Android and iOS apps are to be used (they link to different environments and may have other environment-particular changes).

Summary of endpoints

Example of full testing URL (1st CSC endpoint) - no authorization needed: https://hermes-dev.zealid.com/api/csc/v1/v2.0/info

Example of oauth2/authorize endpoint (note, parameters will need to be passed for URL to work): https://hermes-dev.zealid.com/api/csc/v1/v2.0/oauth2/authorize

Possible full flow call sequence:

  1. API call: POST info
  2. Browser call: GET authorize with scope=service (in user's browser)
  3. API call: POST oauth2/token (to get access token)
  4. API call: POST credentials/list
  5. API call: POST credentials/info
  6. Browser call: GET authorize with scope=credential (in user's browser)
  7. API call: POST oauth2/token (to get SAD - second token, for signHash)
  8. API call: POST signHash
  9. API call: POST oauth2/revoke