Skip to main content
Skip table of contents

Hermod architecture

This article describes the architecture of Hermod component of Smart ID Messaging and how it interacts with an application server (AS), for example Smart ID Identity Manager. The database must be configured before you start installing Hermod. TLS should be configured in the Hermod configuration file.

  1. The application server connects to Hermod with the API key for the specific client, clientId: myclient, and initiates a command.
  2. The command is then processed by a device and a response is sent back to the publicUrl as configured in Hermod. The device uses the plugout message/command protocol to communicate with Hermod. All clients use API keys to identify themselves with Hermod. You must have a database configured to enable Hermod deployment.  
  3. When the command has been processed by the device or when it has expired, the returned response is validated by Hermod and a callback is sent to the configured callbackURL for the originating clientId.

For parameter examples, see the Hermod configuration example below. 

Hermod configuration 

The configuration file example below refers to application.yml and shows how to configure clientId, public URL and TLS. For more information, see Install Hermod (docker) or Install Hermod (WAR file).

Example: Hermod configuration

# When you enable security below you must put a real certificate in the certificates directory
enabled: false
key-store: /path/to/certificates/hermod-host-bundle.p12
key-store-password: "PASSWORD"
key-store-type: PKCS12


- clientId: myclient
  key: 59c2a0a1999d42dbbe7f16ef1072736a031c5f4739c04025a641ae1751849857
  callbackUrl: https://my-application-server/https/api/rest/v3.0/personalmessaging

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.