Nets Passport Reader

​By using the Nets Passport Reader app, you can identify anyone in the world by using a passport (or similar machine-readable ID document) and mobile phone.

Enable Nets Passport Reader in your services

Nets Passport Reader is available as an eID in E-Ident for identification of subject's holding a machine-readable ID document. More specifically, these are ICAO Doc 9303 compliant documents:

  • Passport
  • Driver's license
  • Residence card

To get access to the Passport Reader you need to:

  • Register as a customer and implement against our E-Ident service. See the Get Started pages for more information.
  • Download Passport Reader application on your mobile phone

To register as a customer or add the Passport Reader to your existing configuration, contact Nets support

The app

The Passport Reader app comes in two different versions:

  • one app for customer test environment (pink colour icon)
  • one app production environment (blue colour icon)

The users will get an app activation code each time they try to initiate a login on a site supporting Nets Passport Reader login.

Customer test links

For testing purposes there is no user restriction, anyone can use the following links to download the preprod app (pink colour icon) on his/her phone:

Production links

The production app (blue colour icon) can be downloaded from:

Information about the end user

​Document type



​The ID document type used.

I: Identity card

P: Passport

V: Visa 

​Issuing country​issuing_country​issuingcountry​The country that issued the ID document return using the ICAO three-letter country code.  
​Interpreted issuing countryinterpreted_issuing_countryinterpretedissuingcountry

​An interpreted version of the issuing country. Example: Norway Denmark

​Document number​document_number​documentnumber The document number. For a passport, this is the passport number.
​Surname / family name


Requires scope=profile

​primaryidentifier​This is the primary identifier in the ID document. It can be the family name, surname, maiden name. This may vary dependent on issuing state.
​Given name


Requires scope=profile

​secondaryidentifier​This may be the given name or other name of the identified person. This may vary dependent on issuing state.


Requires scope=profile

​nationality​The subject's nationality given as  the ICAO  three-letter country code.
​Interpreted nationality


Requires scope=profile


​An interpreted version of the nationality. Example:

Sweden Finland

​Date of birth


Requires scope=profile


​The subject's date of birth. Format: DD.MM.YYYY

​Personal number


Requires scope=ssn

​personalnumber​The personal number as it is given in the ID document.


Requires scope=profile


​The subject's gender. Format: [FEMALE | MALE]

​Date of expiry



​The ID document's date of expiry. Format: DD.MM.YYYY



Requires scope=profile

​fullname​The name of the ID document holder as it is given in the ID document.
​Place of birth


Requires scope=profile

​placeofbirth​The subject's place of birth. Returned if it can be read from the NFC chip.
​Face match level



​A face match level given on levels from 0-7. See the face match levels below. 

Face match levels

Face match levels are given from 0-7

  • FaceTec Match Level 7 - 1/500,000 FAR
  • FaceTec Match Level 6 - 1/100,000 FAR
  • FaceTec Match Level 5 - 1/10,000 FAR
  • FaceTec Match Level 4 - 1/1,000 FAR
  • FaceTec Match Level 3 - 1/500 FAR
  • FaceTec Match Level 2 - 1/250 FAR
  • FaceTec Match Level 1 - 1/100 FAR
  • FaceTec Match Level 0 - Non-match

FAR is False Acceptance Ratio.

Nets Passport Reader logo

If needed, the Nets Passport Reader logo can be downloaded here.

Authentication files

After successful authentication with the Passport Reader, a merchant can also retrieve/download authentications files for reference or archive purposes. The downloaded files can either be in PNG (photo images), or PDF (photo and authentication attributes). To retrieve authentication files, you need to request for access to the service.  

How to retrieve files

The samples provided here are curl commands, but the same can be accomplished in any programming language.

$ curl -X POST 
     -H "Content-Type: application/json"
     -H "Authorization: Basic <credentials>" 
     -d @<json-retrieve-pdf.txt>


<credentials> - Basic Auth credentials provided by Nets support
<json-retrieve-pdf.txt> - JSON file with auth file instructions/configuration
<auth-file-url> - authentication file URL returned in the SAML assertion/OIDC claims

While the credentials and the URL are provided by E-Ident, the JSON configuration file is created by the merchant. The following section describes the file structure.

JSON config file

    "params": {
            // Request config parameters

    "addendum": {
            // Custom attributes

    "metadata": {
            // Metadata attributes

Request config parameters

JSON config parameters are used to configure the auth files operation. Known config parameters are:

​type​MIME type of file to download.


One of:

"application/pdf" or "image/png"

 For type = image/png, the following parameters must be provided


​Required when type=image/png.

One of:

document or selfie

 For type = application/pdf, the following parameters may be provided

​pagesize​Content page size (a4, letter)​[a4 | letter]
​locale​Language code for PDF content

​Possible values:

[nb-NO, nn-NO, en-GB, da-DK, sv-SE, fi-FI, sv-FI]

​user-password​PDF file user password
​owner-password​PDF file owner password
​noprint​Allow/disallow printing of the PDF​[true | false]
​noprinthq​Allow/disallow revision 3 printing to high quality output​​[true | false]
​nocopy​Allow/disallow copy/paste of content​[true | false]
​noedit​Allow/disallow editing in Adobe Acrobat​[true | false]
​noannotations​Allow/disallow editing of annotations​[true | false]
​nofillinforms​Allow/disallow revision 3 filling in forms​[true | false]
​noaccesscontent​Allow/disallow revision 3 extraction of text and graphics​​[true | false]
​noassembledoc​Allow/disallow revision 3 assembling of document​​[true | false]
​encrypt-metadata​Whether to encrypt PDF document-level metadata stream​One of: ​true | false
​encryption-length​Enc key size, any multiple of 8 between 40 and 128, or 256. ​Default = 128
​pdf-a-mode​PDF/A profile compliance mode. PDF/A-1a, PDF/A-1b, ...​​[PDF/A-1a | PDF/A-1b]
​generate-pades​Flag for requesting signed PDFs. If a request for signed PDFs cannot be fulfilled, the response will contain the unsigned PDF
and a content-format attribute set to "PDF" instead of "PADES". At the same time,
a content-reason attribute will contain a short explanation of the cause.
​[true | false]

All JSON attributes and values are strings and must be provided with enclosing double quotes. Sample JSON configuration file:

     "params": {
           "type": "application/pdf",
           "pagesize": "A4",
           "locale": "fi-FI",
           "pdf-a-mode": "PDF/A-1b",
           "generate-pades": "true"


Privacy Statement (in-app for the end user)

Nets has developed the Nets Passport Reader app to be used for remote authentication where you in a simple, fast and secure way can prove your identity online. 

Nets is solely acting as a processor on behalf of the organization (e.g. your bank) that is using the Nets Passport Reader app to verify your identity online and Nets only processes your personal data upon instruction from that organization. Nets has implemented technical and organizational security measures, incl. the use of encryption, to secure your personal data against unauthorized or accidental loss, alteration, disclosure and access. 

For more questions regarding the processing of your personal data please contact the organization that is using the Nets Passport Reader app to prove your identity.

YES, I have READ the privacy notice of the specific organization requesting me to use the app for identification purposes, and I ACCEPT the processing of my personal data, incl. my photo solely for facial recognition purposes, in accordance with the privacy notice.