Skip to main content
Skip table of contents

Getting Started - Best Practices for Timeouts and Retries

Timeouts and Retries for API Calls

The recommended timeout for API calls is 10 seconds (both POST and GET).

API GET Calls

GET calls are waiting/blocking for a final check status at a maximum of 5 seconds. If a final status is not available within this time, a status IN_PROGRESS will be returned as part of the response object.

The calling party shall retry the GET call in this case.

For GET calls, the recommended number of at least 3 retries.

When to give the User the Option to Retry the Check

Humans are prone to errors; the user may enter faulty data during the identity check process, like

  • misspelt names, addresses, ZIP codes,

  • wrong banking credentials,

  • invalid second-factor code,

  • use a login to a bank, where he has no checking account.

As a consequence, either the bank login may fail, or one of the SCHUFA services may return a result, that is not acceptable.

Failures in the bank login process are indicated to the user by the finAPI web form, potential issues have a wide variety, thus GiroIdent does not return error codes, but only an error string for debugging purposes - not intended to be shown to the user, as he is informed via web form GUI.

After successful login, the name validation will be performed, additionally, the result of the SCHUFA services will be gathered. GiroIdent does not disclose personal information, therefore details or hints related to which information is not accepted will not be provided on the API / to the user.

We recommend that your application allow the user (at least) one more attempt. It should be the user’s choice to retry, as he received human-readable information either on the finAPI web form or on his bank's login page in case of a redirect. There are no reasonably suitable or meaningful criteria to conditionally allow such an attempt.

Understanding Error Messages

As mentioned above, the error message returned by the GiroIdent API is only debugging information, no application logic shall be implemented based on it, and it shall not be printed on the UI.

Some typical error messages are:

  • if the user has not finished the web form, the message may contain error codes like INTERRUPTED, EXPIRED, or ABORTED,

  • if the user has entered the wrong credentials or a wrong TAN, the code BANK_SERVER_REJECTION,

  • other errors (and codes) are technical errors, related to the wrong configuration (typically during integration) or temporary issues of a web service at finAPI, SCHUFA or the bank side.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.