(Express) Iframe and Norwegian BankID


Hi guys,

noticed weird behavior during my tries to integrate bankid window with iframe.

Steps to reproduce:

1 call

curl --request POST
–url https://api.signicat.io/identification/v2/sessions
–header ‘Authorization: Bearer xyz’
–header ‘Content-Type: application/json’
–data ‘{
“flow”: " iframe ",
“allowedProviders”: [
" no_bankid_netcentric "
“iframeSettings” : {
“parentDomains” : [“localhost:4900”],
“postMessageTargetOrigin” : “localhost:4900”
“include”: [

2 put URL from the response into iframe

Expected behavior :

The following window will be displayed

Actual behavior :

Error shown.


Seems like this is not supported on Norwegian BankID’s side or am I doing simply something wrong?


For security reasons, the site needs to run on TLS when integrating our authentication services and BankID. This means that you need to set up localhost with TLS in order for the frame to load correctly. Hope this resolves the issue, but do let us know if you have any further questions.

This post has been migrated from the previous community