Skip to main content
Version: 2.4.x.x RR

Facets Service

This section describes the FIDO UAF Facets Service. This public HTTP API is concerned with application facets. According to the offical FIDO documentation, the concept of an Application Facet is used to describe the identities of a single logical application across various platforms. For example, the application MyBank may have an Android app, an iOS app, and a Web app accessible from a browser. These three apps are all facets of the MyBank application.

The FIDO client calls the Facets Service to check whether a certain facet is trusted or not. Based on the list of trusted facet IDs in the response, the client evaluates whether to proceed with or abort its operation.

See the FIDO AppID and Facet Specification for details.

Base URL

All URLs referenced in this section have the following base:

HTTP Methods

"GET" is the only supported HTTP method.

Request Headers

No request headers must be set.

Response Headers

The following response headers will be set:

Content-TypeContent type header, fixed to application/fido.trusted-apps+json.

Response Body

The Facets Service returns a TrustedFacets object as described in FIDO AppID and Facet Specification . The TrustedFacets object has the following structure:

trustedFacetsArrayArray of TrustedFacets dictionaries.
trustedFacets[].versionObjectDictionary containing the UAF protocol version.
trustedFacets[].idsArrayAn array of URLs identifying authorized facets for this appID.

The version attribute in the TrustedFacets object refers to the version of the UAF protocol. See the Version dictionary below for more details:

majorNumberMajor UAF protocol version.
minorNumberMinor UAF protocol version.

The currently supported protocol version is:

  • major: "1"
  • minor: "1"

Example Request Using GET

GET /nevisfido/uaf/1.1/facets HTTP/1.1


curl '' -i -X GET

Example Response Using GET

HTTP/1.1 200 OK
Date: Mon, 25 Jul 2022 11:30:12 GMT
Content-Type: application/fido.trusted-apps+json
Transfer-Encoding: chunked
Content-Length: 306

"trustedFacets" : [ {
"version" : {
"major" : 1,
"minor" : 1
"ids" : [ "", "", "", "", "", "android:apk-key-hash:324234234", "ios:bundle-id:my.ios.bundle" ]
} ]

Example Request Using Unsupported Method

POST /nevisfido/uaf/1.1/facets HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1


$ curl '' -i -X POST \
-H 'Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1'

Example Response Using Unsupported Method

HTTP/1.1 405 Method Not Allowed
Allow: GET
Cache-Control: must-revalidate,no-cache,no-store

HTTP Status Codes

The following HTTP status codes are returned by the Facets Service:

HTTP CodeDescription
200OK The server processed the request successfully. Check the response body for UAF specific status information.
405Method Not Allowed The method of the received request was not GET.
406Not Acceptable The provided Accept header forbids application/fido.trusted-apps+json content.