top of page

Stir/Shaken APIs

STIR/SHAKEN is a framework of interconnected standards. STIR/SHAKEN are acronyms for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards.


As every CodeB Node contains a gateway connecting the Stir/Shaken world with the CBAN Antifraud system we offer a couple of public Stir/Shaken APIs in our Antifraud Namespace on: http://coin.codeb.io/antifraud.asmx


Test Certificates

Certificates for testing any Stir/Shaken are hard to get and complicated to generate. For that reason we offer two API’s to generate self-signed Stir/Shaken Certificates. Those are


This function returns a JSON Token containing the certificate and the private key.


This function returns a JSON Token containing a PFX/P12 password protected package containing certificate and key.


Generate Stir/Shaken Token

With CreateSelfSignedStirShakenToken you can generate a Stir/Shaken Test Token without having to own a certificate at all. It creates internally a one time certificate to sign the token. The returned Token can be validated with the function ValidateStirShakenToken.


If you own a certificate and private key you can use the function CreateStirShakenToken to generate a Token. Depending on the availability of the public part of the certificate it can be validated with ValidateStirShakenToken.


Validate Stir/Shaken Token

Validation of exiting Tokens might be the most important function for most users. To be able to validate a Token the public certificate of the signer has to be downloaded.


Note: As many Stir/Shaken participants do not have their public certificates downloadable worldwide this function might fail to validate those Tokens!



Important: If a validation returns attestation “A” or “B” AND the Salt and/or Pepper have been defined the anonymous CBAN Hash is being calculated and published in the CBAN System.



Questions? Just contact info@codeb.io


Recent Posts

See All

CLI Spoofing / OBR Fraud

Increasing numbers of mobile operators within the European economic area have introduced origin based rating (OBR) for voice termination....

Blockchain X.509 Certification Authority

Public Key Infrastructure (PKI) is the standard today to enable secure communication over the web, sign document or to encrypt sensitive...

bottom of page