Skip to main content
Version: v2.0 (latest)

Environments and the Discovery Document

OIDC Web is deployed per region. Use the base URL for the environment your iProov contact provisions for you:

EnvironmentBase URL
Production (EU)https://api.eu.iproov.id

Additional regions can be made available on request. If your deployment needs to be hosted outside the EU, contact your iProov representative and we will provision the appropriate regional environment for you.

Always start from discovery. Every OIDC Web deployment publishes an OpenID Provider metadata document at:

$BASE/oidc/v1/.well-known/openid-configuration
curl -s "$BASE/oidc/v1/.well-known/openid-configuration" | jq .

The document lists the exact authorization_endpoint, token_endpoint, userinfo_endpoint, jwks_uri, pushed_authorization_request_endpoint, and backchannel_authentication_endpoint. The document also lists the supported scopes, response types, signing algorithms, and client-authentication methods. Read these values at runtime instead of hardcoding them. Endpoints and capabilities can change between environments. A conformant OIDC library consumes the discovery document for you automatically.

OIDC Web publishes its ID-token signing keys at the jwks_uri (the /oidc/v1/keys endpoint, also aliased as /oidc/v1/jwks). Your OIDC library uses these keys to validate ID-token signatures.