Stir/Shaken APIs

STIR/SHAKEN is a framework of interconnected standards. STIR/SHAKEN are acronyms for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards.


As every CodeB Node contains a gateway connecting the Stir/Shaken world with the CBAN Antifraud system we offer a couple of public Stir/Shaken APIs in our Antifraud Namespace on: http://coin.codeb.io/antifraud.asmx


Test Certificates

Certificates for testing any Stir/Shaken are hard to get and complicated to generate. For that reason we offer two API’s to generate self-signed Stir/Shaken Certificates. Those are


TestCertStirShakenB64 on http://coin.codeb.io/antifraud.asmx?op=TestCertStirShakenB64

This function returns a JSON Token containing the certificate and the private key.


TestCertStirShakenP12 on http://coin.codeb.io/antifraud.asmx?op=TestCertStirShakenP12

This function returns a JSON Token containing a PFX/P12 password protected package containing certificate and key.


Generate Stir/Shaken Token

With CreateSelfSignedStirShakenToken you can generate a Stir/Shaken Test Token without having to own a certificate at all. It creates internally a one time certificate to sign the token. The returned Token can be validated with the function ValidateStirShakenToken.


If you own a certificate and private key you can use the function CreateStirShakenToken to generate a Token. Depending on the availability of the public part of the certificate it can be validated with ValidateStirShakenToken.


Validate Stir/Shaken Token

Validation of exiting Tokens might be the most important function for most users. To be able to validate a Token the public certificate of the signer has to be downloaded.


Note: As many Stir/Shaken participants do not have their public certificates downloadable worldwide this function might fail to validate those Tokens!


The validation function ValidateStirShakenToken is available at http://coin.codeb.io/antifraud.asmx?op=ValidateStirShakenToken


Important: If a validation returns attestation “A” or “B” AND the Salt and/or Pepper have been defined the anonymous CBAN Hash is being calculated and published in the CBAN System.



Questions? Just contact info@codeb.io


Source: https://blog.codeb.io/stir-shaken-apis/

Recent Posts

See All

Increasing numbers of mobile operators within the European economic area have introduced origin based rating (OBR) for voice termination....

Public Key Infrastructure (PKI) is the standard today to enable secure communication over the web, sign document or to encrypt sensitive...