Overview

Using your development PC to request and collect credentials from the RapID Service

During development you may wish to use your PC to test the request and collect of credentials from the RapID Service without the need for a fully developed Webserver or App. You can do this by using the following steps.

Note: For MacOSX developers see Using cURL on MacOSX

Step 1. Download your service authentication certificate
As this file requires a password to be provided in order to protect it, it needs to be downloaded from the Customer Portal dashboard, under the Server Credentials section of the page.

Step 2. Create a PEM file
Create a .pem file from the .pfx file you have downloaded. For example, using OpenSSL:

openssl pkcs12 -in Rapid_Your_Company_Name_Client.pfx -out MyPfx.pem -nodes

You will be prompted for the password that you gave when you downloaded the service authentication certificate

Step 3. Call RequestCredential.
For example, using cURL:

curl -E MyPfx.pem "https://request.rapidauth.com/rapid/credentials" -d '{"AnonId":"TestCertificateRequestValid1"}

This will output the Identifier as JSON:

{"RequestId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","AnonId":"TestCertificateRequestValid1"}

Step 4. Use CollectRapidCertificate.exe
Extract CollectRapidCertificate.exe from the Rapid Authentication SDK and then use the following command to collect the test certificates

CollectRapidCertificate.exe collect -i -r "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -p "MySecretPassword123" -f "C:\Temp\TestCertificateRequestValid1.pfx" 

Step 5. Use the collected certificate to access your website
If your website is using a challenge method to validate the client certificates, you can use curl to call authenticate to test the certificate login - Example below:

curl -E TestCertificateRequestValid1.pem "https://yourwebsite.com/authenticate/" --data '{"ChallengeCode":"RandomCodeGoesHere"}' -k

Alternativly you can use the RapID Logon tool from the RapID authentication SDK

Test Identifers

The following anonymous identifier values can be used to test calls to the Web API, Server SDKs or calls from the Mobile App as they do not increment license usage.

Anonymous Identifier Description
TestCertificateRequestValid1 A valid anonymous identifier which acts as a live credential would.
TestCertificateRequestValid2 A valid anonymous identifier which acts as a live credential would.
TestCertificateRequestValid3 A valid anonymous identifier which acts as a live credential would.
TestCertificateRequestValid4 A valid anonymous identifier which acts as a live credential would.
TestCertificateRequestValid5 A valid anonymous identifier which acts as a live credential would.
TestCertificateRequestExpired Known anonymous identifier that has a request which is expired.
TestCertificateRequestCollected Known anonymous identifier that has already been collected.
TestGracePeriodRequest A valid anonymous identifier that acts as the ones above, however when collected, the credential has a much shorter lifetime.
TestExpiredCertificateRequest A valid anonymous identifier that acts as the ones above, however when collected, the credential will expire straight away.
TestNoMoreLicenses Will throw an error upon request as this simulates running out of licenses.

Details of their respective behaviours can be found in the following sections: Web API & Server SDKs & Mobile App

Reseeding

The test identifiers are designed in a way that they can be interacted with as you would any other genuine credential. This means that if you were to request a credential with a test anonymous identifier and subsequently collect it, it would be updated as such. If you were then to attempt to collect it again it would fail because the credential has already been collected.

This fits with the RapID design of having a closed loop with as short a window as possible. To cope with this design, a reseed endpoint has been implemented to allow you to reset your testing identifier records to their initial state. This facilitates unit testing by being able to set up concise units of work to be tested with a known start and end point.

To reseed a specific test identifier you need to call the reseed endpoint with the RequestId. The reseed endpoint is described in more detail in the Web API and SDK sections.

Website Development Mode

During development, you may wish to simulate end-users without actually using certificates. The RapID Server SDK supports this with Development Mode which is enabled through a boolean DevelopmentMode property on the RapidSecurity.Rapid class.

There are several overloads for the Rapid.GetUserIdentity method which accept a Func<string> devModeUserId argument. If DevelopmentMode is true and there is no client certificate (either directly in the argument list, or indirectly from the HTTP request) then the GetUserIdentity method will invoke the supplied delegate Func<string> to obtain an anonymous ID. You can use this to test your web server without the need for certificates (if the host allows).

We recommend only setting DevelopmentMode to true on a debug build to ensure that in your release web server certificates are required.

This example C# code shows how to enable DevelopmentMode.