Sandbox

We also offer a sandbox environment where you can test all our endpoints with all the responses that may occur while using any of our Mobile Identity services.

The URL for the sandbox environment is https://api.cm.com/mobile-identity-sandbox/v1 followed by the service's endpoint. The authentication is the same as the regular services, for more information see Authentication.

To get started using the sandbox environment, request credentials through your account manager or support ([email protected]).

Identity Match

Below is the data that you can test matching a request to. For more information regarding Identity Match, and its endpoint, see Identity Match.

By combining the phone number, identity data, and a service type (match or score), you can either get true or false for service type match; or 100 or 0 for service type score depending on the data below.

phoneNumber	firstName	lastName	address	postalCode	dateOfBirth
`+31610000001`	Joris	Verhoeven	123	1234 AB	1963-12-31
`+31610000002`	Anna	Jansen	456	5678 CD	2019-03-01
`+31610000003`	Lars	De Vries	789	9012 EF	1995-07-15
`+4915100000001`	Hans	Mueller	123	12345	2018-12-31
`+4915100000002`	Greta	Schmidt	456	67890	1968-03-22
`+4915100000003`	Felix	Wagner	789	54321	1987-11-09
`+447710000001`	James	Smith	123	AB12 3CD	1980-09-28
`+447710000002`	Emma	Brown	456	EF45 6GH	2016-12-31
`+447710000003`	Oliver	Taylor	789	IJ78 9KL	1992-05-17
`+33610000001`	Pierre	Dubois	123	12345	1988-04-12
`+33610000002`	Sophie	Martin	456	67890	2020-12-31
`+33610000003`	Antoine	Leroy	789	54321	2001-09-0

Example

Request URL

POST https://api.cm.com/mobile-identity-sandbox/v1/identity-match

Request headers

Content-Type: application/json
Authorization: Bearer GENERATED_TOKEN_HERE

Request body

{
  "phoneNumber": "+31610000001",
  "serviceType": "match",
  "firstName": "John",
  "lastName": "Verhoeven",
  "address": "123",
  "postalCode": "1234 AB",
  "dateOfBirth": "1963-12-31"
}

Response

{
  "firstNameMatch": false,
  "lastNameMatch": true,
  "nameMatch": false,
  "addressMatch": true,
  "postalCodeMatch": true,
  "dateOfBirthMatch": true
}

Takeover Protection (SIM Swap)

Depending on the phone number and service type you use from the options in the table below, you can get one of the responses below.

For more information regarding Takeover Protection, and its endpoint, see Takeover Protection (SIM Swap).

phoneNumber	serviceType	Response
`+31610000001`, `+33610000001`, `+447710000001`, `+4915100000001`	`timestamp`	`2010-03-08T09:17:36+00:00`
`+31610000001`, `+33610000001`, `+447710000001`, `+4915100000001`	`24h`	`false`
`+31610000001`, `+33610000001`, `+447710000001`, `+4915100000001`	`range`	`{"gt": 1209600, "lt": -1}`
`+31610000002`, `+33610000002`, `+447710000002`, `+4915100000002`	`timestamp`	`YYYY-MM-DDT00:00:00+00:00` (Today's date at 00:00:00)
`+31610000002`, `+33610000002`, `+447710000002`, `+4915100000002`	`24h`	`true`
`+31610000002`, `+33610000002`, `+447710000002`, `+4915100000002`	`range`	`{"gt": 1, "lt": 604800}`
`+31610000003`, `+33610000003`, `+447710000003`, `+4915100000003`	`timestamp`	`2015-07-19T18:42:53+00:00`
`+31610000003`, `+33610000003`, `+447710000003`, `+4915100000003`	`24h`	`false`
`+31610000003`, `+33610000003`, `+447710000003`, `+4915100000003`	`range`	`{"gt": 1209600, "lt": -1}`

Example

Request URL

POST https://api.cm.com/mobile-identity-sandbox/v1/sim-swap

Request headers

Content-Type: application/json
Authorization: Bearer GENERATED_TOKEN_HERE

Request body

{
  "phoneNumber": "+31610000001",
  "serviceType": "timestamp"
}

Response

{
  "timestamp": "2010-03-08T09:17:36+00:00"
}

Number Verify

You can test the expected number verify flow with the phone numbers in the table below.

Contrary to the regular Number Verify flow, the returned sessionUrl does not need to be opened on a mobile phone using mobile data.

For more information regarding Number Verify, and its endpoint, see Number Verify.

phoneNumber	Returned Match	Returned State
`+31610000001`, `+33610000001`, `+447710000001`, `+4915100000001`	`true`	`completed`
`+31610000002`, `+33610000002`, `+447710000002`, `+4915100000002`	`false`	`completed`
`+31610000003`, `+33610000003`, `+447710000003`, `+4915100000003`	`null`	`unavailable`

Example request

Request URL

POST https://api.cm.com/mobile-identity-sandbox/v1/number-verify

Request headers

Content-Type: application/json
Authorization: Bearer GENERATED_TOKEN_HERE

Request body

{
  "phoneNumber": "+31610000001",
  "callbackUrl": "https://mycallbackurl"
}

Response

{
  "id": "52d66faa-3d14-4941-9155-41d981e7a620",
  "state": "pending",
  "match": null,
  "sessionUrl": "https://api.cm.com/mobile-identity-sandbox/v1/number-verify/52d66faa-3d14-4941-9155-41d981e7a620/sandbox-session?match=true"
}

Example callback

After opening the sessionUrl, a callback event will be dispatched to the provided callbackUrl with the following header and body:

Request headers

Authorization: HMAC 296ptE2trRxX0fFtdMB/vHt8UOb1BvZTv70UxAjspKQ=
Content-Type: application/json

Request body

{
  "id": "e0d3232b-47fc-4619-b91b-e71a5cf50561",
  "type": "numberVerify.state",
  "created": "2024-08-29T09:22:58+00:00",
  "numberVerify": {
    "id": "52d66faa-3d14-4941-9155-41d981e7a620",
    "state": "completed",
    "match": true
  }
}

See Events for more information regarding the callback event.

Example status

Then a GET request can be made to retrieve the completed number verify transaction:

Request URL

GET https://api.cm.com/mobile-identity-sandbox/v1/number-verify/6f8d0a9d-b85c-4c3f-9e69-5699f1e00f49

Request headers

Content-Type: application/json
Authorization: Bearer GENERATED_TOKEN_HERE

Response

{
  "id": "52d66faa-3d14-4941-9155-41d981e7a620",
  "state": "completed",
  "match": true
}

Simulate Errors

Using the Mobile Identity Services involves using a phone number and its connection to its operator. As such, there are a few errors that may occur.

In the table below are some phone numbers that, regardless of the service used (Takeover Protection, Number Verify, Identity Match), will result in one of these errors.

More information regarding the error codes can be found here.

phoneNumber	Returned Status Code	Returned Error Message	Returned Error Code
`+31620000001`, `+33620000001`, `+447720000001`, `+4915200000001`	`500`	Supplier error.	`1002`
`+31620000002`, `+33620000002`, `+447720000002`, `+4915200000002`	`422`	Phone number is not active.	`3001`
`+31620000003`, `+33620000003`, `+447720000003`, `+4915200000003`	`422`	Service not supported by operator.	`3000`
`+31620000004`, `+33620000004`, `+447720000004`, `+4915200000004`	`500`	Transaction could not be started.	`1002`

Example

Request URL

POST https://api.cm.com/mobile-identity-sandbox/v1/sim-swap

Request headers

Content-Type: application/json
Authorization: Bearer GENERATED_TOKEN_HERE

Request body

{
  "phoneNumber": "+31620000003",
  "serviceType": "timestamp"
}

Response

{
  "status": 422,
  "message": "Service not supported by operator.",
  "code": 3000
}