Submit Activation

curl -X POST \
  -H "Authorization: Bearer sk_workspace_test_..." \
  -H "Content-Type: application/json" \
  -d '{
    "providers": {
      "mitid": {
        "legalCompanyName": "Acme Corp",
        "registrationNumber": "12345678",
        "serviceDescription": "Customer identity verification for KYC onboarding.",
        "displayName": "Acme",
        "contactEmail": "compliance@acme.com"
      },
      "passport": {},
      "ftn":      {}
    }
  }' \
  "https://sandbox.api.hopae.com/connect/v1/apps/HqTRDIYH/activation"

{
  "mitid": {
    "id": "act_01HXYZ2KQ8M0E3J1N9V0P5T8YR",
    "status": "activation_requested",
    "updatedAt": "2026-05-27T10:00:00.000Z"
  },
  "passport": {
    "id": "act_01HXYZ2KQ8M0E3J1N9V0P5T8YS",
    "status": "activated",
    "updatedAt": "2026-05-27T10:00:00.000Z"
  },
  "ftn": {
    "error": "contract_activation_required",
    "message": "ftn activation requires off-API contract onboarding. Please email support@hopae.com to begin activation.",
    "contact": "support@hopae.com"
  }
}

POST

apps

{client_id}

activation

curl -X POST \
  -H "Authorization: Bearer sk_workspace_test_..." \
  -H "Content-Type: application/json" \
  -d '{
    "providers": {
      "mitid": {
        "legalCompanyName": "Acme Corp",
        "registrationNumber": "12345678",
        "serviceDescription": "Customer identity verification for KYC onboarding.",
        "displayName": "Acme",
        "contactEmail": "compliance@acme.com"
      },
      "passport": {},
      "ftn":      {}
    }
  }' \
  "https://sandbox.api.hopae.com/connect/v1/apps/HqTRDIYH/activation"

{
  "mitid": {
    "id": "act_01HXYZ2KQ8M0E3J1N9V0P5T8YR",
    "status": "activation_requested",
    "updatedAt": "2026-05-27T10:00:00.000Z"
  },
  "passport": {
    "id": "act_01HXYZ2KQ8M0E3J1N9V0P5T8YS",
    "status": "activated",
    "updatedAt": "2026-05-27T10:00:00.000Z"
  },
  "ftn": {
    "error": "contract_activation_required",
    "message": "ftn activation requires off-API contract onboarding. Please email support@hopae.com to begin activation.",
    "contact": "support@hopae.com"
  }
}

Submits activation inputs for one or more providers on the app. Direct providers activate immediately, registration providers are queued for Hopae operator review, and contract providers return a contract_activation_required error directing the customer to the support contact. The response carries a per-provider result keyed by providerId — partial success is normal.

Request

Authorization

string

required

Bearer <API_KEY> from Console > Developers > Workspace API Keys.

Content-Type

string

application/json

Idempotency-Key

string

Optional. When provided, the request is idempotent across retries within the standard idempotency window.

Path parameters

client_id

string

required

Client identifier of the app.

Body

providers

object

required

Map of providerId to the field values for that provider. The value is a { fieldId: value } map; each value is a string or boolean. For direct providers, pass an empty object {}. For contract providers, the request body for that provider is ignored — the response is always contract_activation_required.

{
  "providers": {
    "mitid":    { "legalCompanyName": "Acme", "registrationNumber": "12345678", "...": "..." },
    "passport": {}
  }
}

The set of required fields for a registration provider is whatever requirements returns from Get Providers with ?include=activation. Common field IDs include legalCompanyName, displayName, logo, registrationNumber, registeredAddress, vatNumber, serviceDescription, websiteUrl, contactEmail, contactPhone, privacyPolicyUrl, termsOfServiceUrl, and provider-specific fields (e.g., userDataLevel for SPID, bankName / useSsn / gdprArticle for BankID Norway, legalRepName for iDIN).

persist

boolean

default:"true"

When true (default), common fields are mirrored into the app’s companyInfo so subsequent activations for the same app prefill them. Set to false to skip the companyInfo write — the activation ticket itself is still written.

Field validation

Field values are checked against the provider’s registration spec:

Missing required fields — fall back to the value cached in companyInfo (if any). If still empty, the provider’s ticket is recorded with status: 'rejected' and rejection.reason: 'missing_required_fields'. Other providers in the same call are unaffected.
Empty strings, whitespace-only values, and null are treated as missing.
Field type (text, email, url, checkbox, select) and option lists are advisory — server-side validation is currently scope-of-fields only. Provide well-formed values.

Response

200 OK with a JSON object keyed by providerId. Each value is one of three shapes:

Success / queued / rejected

{ "id": "act_01HXYZ...", "status": "<ActivationStatus>", "updatedAt": "<ISO-8601>" }

status is the resulting ticket status — typically:

activated for direct providers
activation_requested for successful registration submissions
rejected for registration submissions that failed field validation (the activation.rejection block on Get Providers carries the missing field IDs)

In sandbox, id is the literal string "sandbox" and status is either activation_processing (registration providers with the demo policy enabled) or activated.

Contract provider

{
  "error": "contract_activation_required",
  "message": "ftn activation requires off-API contract onboarding. Please email support@hopae.com to begin activation.",
  "contact": "support@hopae.com"
}

No ticket is written. The customer should email the contact to start the off-API onboarding flow.

Errors

These conditions abort the whole request — none of the requested providers are submitted.

Status	Body	When
`400`	`VALIDATION_INVALID_PARAMETER`	A requested provider is not available in the current `DEPLOYMENT_ENV` (e.g., a production-only provider submitted from sandbox).
`401`	`INVALID_API_KEY`	Missing or malformed `Authorization` header.
`403`	`RESOURCE_FORBIDDEN`	The API key’s organization does not own `client_id`.
`404`	`RESOURCE_NOT_FOUND`	No app matches `client_id`, or the requested provider id does not exist.
`409`	`RESOURCE_CONFLICT`	A previous submission for the same provider is currently `activation_processing` and cannot be overwritten, or a concurrent submit lost the optimistic-concurrency race. Retry.

Concurrent submissions

The activation pointer on the app document is updated with optimistic concurrency. A losing writer is retried automatically once; if the second attempt also loses, the request fails with 409 RESOURCE_CONFLICT. Submit the same provider again to retry — the previous submission’s data is overwritten unless the prior ticket was already activation_processing (which holds the slot until the operator finishes review).

curl -X POST \
  -H "Authorization: Bearer sk_workspace_test_..." \
  -H "Content-Type: application/json" \
  -d '{
    "providers": {
      "mitid": {
        "legalCompanyName": "Acme Corp",
        "registrationNumber": "12345678",
        "serviceDescription": "Customer identity verification for KYC onboarding.",
        "displayName": "Acme",
        "contactEmail": "compliance@acme.com"
      },
      "passport": {},
      "ftn":      {}
    }
  }' \
  "https://sandbox.api.hopae.com/connect/v1/apps/HqTRDIYH/activation"

{
  "mitid": {
    "id": "act_01HXYZ2KQ8M0E3J1N9V0P5T8YR",
    "status": "activation_requested",
    "updatedAt": "2026-05-27T10:00:00.000Z"
  },
  "passport": {
    "id": "act_01HXYZ2KQ8M0E3J1N9V0P5T8YS",
    "status": "activated",
    "updatedAt": "2026-05-27T10:00:00.000Z"
  },
  "ftn": {
    "error": "contract_activation_required",
    "message": "ftn activation requires off-API contract onboarding. Please email support@hopae.com to begin activation.",
    "contact": "support@hopae.com"
  }
}

Get Providers Get Redirect URIs

​Request

​Path parameters

​Body

​Field validation

​Response

​Success / queued / rejected

​Contract provider

​Errors

​Concurrent submissions

Request

Path parameters

Body

Field validation

Response

Success / queued / rejected

Contract provider

Errors

Concurrent submissions