Launching in production | ID.me Developer

Learn how to make a smooth transition from development to production. Whether you’re launching a new integration or updating an existing one, this section covers everything you need to prepare for a successful deployment.

Migrating from sandbox

This section will cover the ID.me sandbox environment and the key variables that must be tested prior to switching to production.

Sandbox environments

ID.me offers sandbox environments that allow developers to test integrations before going live. These environments simulate production behaviour and help ensure your application is functioning as expected.

Sandbox for credential validation

When you create and ID.me developer account, it automatically defaults to the credential validation sandbox environment. This allows you to test:

OAuth 2.0
OpenID Connect
SAML-based credential validation flows

For integration details, see the OAuth 2.0 guide

Test credentials

By defualt, you will be able to verify using the test user assigned during your account creation. If you need additional test credentials for a specific group, contact your ID.me solution consultant or email partnersupport@id.me.

Sandbox for identity verification

This is an additional environment for testing identity verification workflows such as:

Knowledge-based authentication (KBA) replacement
Fortified identity
eRx / EPCS

Test credentials

Work with your ID.me solution consultant or email partnersupport@id.me to request access. Once granted, you can test user accounts that allow you to walk through the entire verification process. You may:

Use any fake or real email to create an account
Upload any image file between 40 KB and 16 MB (real identification documents are not required)

Testing your sandbox integration

Before requesting production access, please complete the following to ensure your integration is fully functional:

The user can verify through the authorization endpoint (like the “Verify with ID.me” button)
The authorization code is successfully captured by the client
The authorization code is exchanged for an access token
The access token is captured and stored by your backend
The access token is exchanged for user attributes via the attribute endpoint
The JSON payload is stored properly (such as in your CRM or database)
The user is redirected to a confirmation page with success messaging
The integration follows ID.me’s brand guidelines

This checklist reflects the OAuth 2.0 authorization code (explicit) flow. If you are using OpenID Connect, an OAuth implicit flow, or an ID.me-hosted landing page, the checklist may vary. Please reach out to your ID.me solution consultant for more information.

Enabling production mode

Once your QA screen share session is complete and approved, your ID.me solution consultant will enable production access. you will receive an email confirmation once your environment is live and ready to process credential validations.

Credential validation

If you are integrating with ID.me for credential validation, you can begin validating users in production immediately after receiving confirmation. No additional setup is required beyond what was testing in your sandbox.

Identity verification

For identity verification, you will need to update your configuration after receiving production access to the following values:

OAuth 2.0 integrations

Authorization endpoint
Token endpoint
Attribute endpoint

OpenID Connect integrations

Authorization endpoint
Token endpoint
Attributes endpoint
Well-known endpoint

Also ensure you updated your:

Client ID
Client Secret

Important

These credentials MUST match those assigned to your production application in the ID.me developer dashboard