Each national eID card, USB crypto token or other physical qualified signature creation device QSCD is using a bit different method to talk and interface with the token.

You can expect to have 2 different calls to the ID card.

  1. Get public certificate
  2. Create signature for the digest

To make it as easy as possible we have hidden all of this complexity to one iFrame that gives you always one API over PostMessage API and hides the technical implementation where browser is talking with the card.

iFrame can be loaded using https://id.eideasy.com/signatures/integration/id-card?country=FI

Read the public certificate from the eID card or USB crypto token

Use the following code

openedIframe.postMessage({
  operation: 'getCertificate'
}, 'https://id.eideasy.com')

window.addEventListener('message', async (e) => {
   if (e.origin !== target_origin) {
       return;
   }
   
   if (e.data.operation === "getCertificate") {
       // Proceed to preparation of files and calculate digest to sign
       // {{url}}/api/signatures/start-signing
   }
}, false);

Create signature on the eID card or USB crypto token

openedIframe.postMessage({
  operation: 'getSignature',
  hexDigest: 'hexDigest received from start-signing API call'
}, 'https://id.eideasy.com')

window.addEventListener('message', async (e) => {
   if (e.origin !== target_origin) {
       return;
   }
   
   if (e.data.operation === "getSignature") {
       // use e.data.signature_value
       // Continue to the finalizing the document, adding timestamp and OCSP responses
       // {{url}}/api/signatures/{{method}}/complete
   }
}, false);