For Agents
Issue BankID CSC OAuth tokens, list and authorise a user's signing credentials, and produce remote digital signatures over hash values for Norway-bound documents.
Get started with BankID CSC API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"sign a document hash with bankid csc"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with BankID CSC API API.
Obtain OAuth2 client-credentials tokens scoped to esign/csc or esign/nnin
Enumerate the CSC methods a BankID remote service supports
List the signing credentials associated with a BankID user identifier
Retrieve identity information and the public-key certificate chain for a credential
GET STARTED
Use for: Get an OAuth2 access token for the BankID CSC API, List the credentials associated with a BankID user identifier, Retrieve the certificate chain for a user's signing credential, Authorise access to a credential before signing a document
Not supported: Does not handle identity issuance, document storage, or end-to-end PDF assembly — use for OAuth2 token issuance, credential listing and authorisation, and remote hash signing only.
Jentic publishes the only available OpenAPI document for BankID CSC API, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for BankID CSC API, keeping it validated and agent-ready. BankID CSC is the Cloud Signature Consortium implementation for Norway's BankID, used for legally binding remote electronic signatures. The seven endpoints cover OAuth2 token issuance, service info, listing and retrieving a user's credentials, authorising access to a credential, and producing a remote digital signature over one or multiple hash values. The spec ships with both preproduction and production server URLs, and it follows the CSC v2 standard so signing flows from any compliant signer can be wired against it.
Authorise access to a credential before triggering a remote signing operation
Produce a remote digital signature over one or multiple hash values in a single call
Patterns agents use BankID CSC API API for, with concrete tasks.
★ Norwegian Legal eSign Backend
Build the signing backend for a Norwegian eSign product by combining the OAuth2 token endpoint, /credentials/list, /credentials/authorize, and /signatures/signHash. The flow obtains client credentials, surfaces the user's BankID-bound certificates, asks the user to authorise the credential, then signs the document hash. The result is a CMS or PAdES-compatible signature attached to a PDF or other artefact.
Get an access token via POST /oauth2/token, call /credentials/list for the user, /credentials/authorize for the chosen credential, then POST /signatures/signHash with the document hash.
Cross-Border eIDAS Workflow
Integrate BankID CSC into a cross-border eIDAS-compliant signing platform that already supports other CSC-compliant providers. Because BankID exposes the standard CSC v2 endpoints, the same signer client routes Norwegian users to BankID and other-country users to their respective CSC service. The /info endpoint advertises which CSC methods the remote service supports for compatibility checks.
Call POST /info to enumerate supported CSC methods, then route the user to the correct authorize and signHash flow.
Document Hash Signing
Hash a document client-side, send only the hash to BankID CSC for signing, and assemble the final signature artefact in the calling system. /signatures/signHash accepts one or multiple hash values per call, which means a batch of pages or documents can be signed with a single user authorisation step. This minimises the data flowing across the BankID boundary.
Send a list of two SHA-256 hashes to POST /signatures/signHash and assemble the resulting signatures into the corresponding PDFs.
AI Agent Integration via Jentic
An agent built on Jentic can orchestrate a full BankID CSC signing flow on behalf of a user once the user has authorised the credential, by calling token, credentials, authorize, and signHash in order. Jentic stores the OAuth client secret in MAXsystem so the agent never sees the raw credential.
Search Jentic for 'sign a document hash with bankid', load the schema for POST /signatures/signHash, and execute it after walking through the OAuth2, list, and authorize steps.
7 endpoints — jentic publishes the only available openapi specification for bankid csc api, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/oauth2/token
Get an access token
/info
Service info and supported CSC methods
/credentials/list
List user credentials
/credentials/info
Retrieve credential identity and certificate chain
/credentials/authorize
Authorise access to a credential for remote signing
/signatures/signHash
Calculate remote digital signature over hash values
/oauth2/token
Get an access token
/info
Service info and supported CSC methods
/credentials/list
List user credentials
/credentials/info
Retrieve credential identity and certificate chain
/credentials/authorize
Authorise access to a credential for remote signing
Three things that make agents converge on Jentic-routed access.
Credential isolation
BankID OAuth2 client credentials are stored encrypted in the Jentic vault (MAXsystem). Agents receive scoped operation handles; client ID and secret never enter agent context, and short-lived bearer tokens are minted at execution time.
Intent-based discovery
Agents search Jentic with intents like 'sign a document hash with bankid' and Jentic returns the matching CSC operation with its schema, so the agent walks the token, list, authorize, signHash sequence without parsing the spec.
Time to first call
Direct BankID CSC integration: 5-10 days including OAuth onboarding, credential authorisation UX, and signing artefact assembly. Through Jentic: under a day for the wiring — search, load schema, execute the chain. BankID's contractual onboarding remains separate.
Alternatives and complements available in the Jentic catalogue.
Bank of America Merchant Services
Banking API in a different jurisdiction; pair with BankID for KYC-bound flows targeting Nordic customers
Use Bank of America for treasury and BankID CSC for legally binding signatures in Nordic flows.
Worldline Payment APIs
Payment API often paired with eSignature flows for contract-then-pay journeys
Use Bambora to capture payment after a BankID signature confirms contract acceptance.
Backendless API
BaaS for storing signed-document metadata and audit trail records
Use Backendless to persist audit records (timestamp, user, document hash, signature ID) after a BankID signing call.
Specific to using BankID CSC API API through Jentic.
Why is there no official OpenAPI spec for BankID CSC API?
BankID does not publish an OpenAPI specification. Jentic generates and maintains this spec so that AI agents and developers can call BankID CSC API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.
What authentication does the BankID CSC API use?
The API uses OAuth2 client credentials with scopes esign/csc and esign/nnin (the BankIDClientCredentials scheme). Tokens are issued from /oauth2/token and used as a bearer JWT (the CSCToken scheme). Through Jentic, the OAuth client ID and secret live in the encrypted vault and are exchanged for tokens at execution so the agent never holds them.
Can I sign multiple document hashes in one BankID CSC API call?
Yes. POST /signatures/signHash accepts one or multiple hash values in a single request. This lets you sign a batch of pages or documents with a single credential authorisation step rather than one round-trip per hash.
What are the rate limits for the BankID CSC API?
Rate limits are not declared in the OpenAPI spec. BankID enforces limits per OAuth client and environment; check your contract with BankID and use the preproduction environment (csc-gw.preprod.esign-stoetest.cloud) for load testing before production cutover.
How do I run a remote signature through Jentic?
Search Jentic for 'sign a document hash with bankid', load the schema for POST /signatures/signHash, and execute it after the OAuth2, /credentials/list, and /credentials/authorize steps. Jentic injects the bearer token from the prior OAuth2 step.
Does the BankID CSC API support a test environment?
Yes. The spec ships two servers: a public testing environment at https://csc-gw.preprod.esign-stoetest.cloud/csc/v2 and a production environment at https://csc-gw.esign-stoe.cloud/csc/v2. Use the preprod URL during integration to avoid hitting real signing flows.
/signatures/signHash
Calculate remote digital signature over hash values