Stir/Shaken APIs

STIR/SHAKEN is a framework of interconnected standards. STIR/SHAKEN are acronyms for the Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) standards.

As every CodeB Node contains a gateway connecting the Stir/Shaken world with the CBAN Antifraud system we offer a couple of public Stir/Shaken APIs in our Antifraud Namespace on:

Test Certificates

Certificates for testing any Stir/Shaken are hard to get and complicated to generate. For that reason we offer two API’s to generate self-signed Stir/Shaken Certificates. Those are

TestCertStirShakenB64 on

This function returns a JSON Token containing the certificate and the private key.

TestCertStirShakenP12 on

This function returns a JSON Token containing a PFX/P12 password protected package containing certificate and key.

Generate Stir/Shaken Token

With CreateSelfSignedStirShakenToken you can generate a Stir/Shaken Test Token without having to own a certificate at all. It creates internally a one time certificate to sign the token. The returned Token can be validated with the function ValidateStirShakenToken.

If you own a certificate and private key you can use the function CreateStirShakenToken to generate a Token. Depending on the availability of the public part of the certificate it can be validated with ValidateStirShakenToken.

Validate Stir/Shaken Token

Validation of exiting Tokens might be the most important function for most users. To be able to validate a Token the public certificate of the signer has to be downloaded.

Note: As many Stir/Shaken participants do not have their public certificates downloadable worldwide this function might fail to validate those Tokens!

The validation function ValidateStirShakenToken is available at

Important: If a validation returns attestation “A” or “B” AND the Salt and/or Pepper have been defined the anonymous CBAN Hash is being calculated and published in the CBAN System.

Questions? Just contact