Scribd
Upload
60 views16 pages

ZLD Makes Fool

The document describes the OTP Request API and e-KYC API. It provides details on the required parameters, headers, request and response formats for both APIs. Key elements include mandatory fields like Aadhaar number, authentication type, timestamp, digital signatures for requests. Responses contain encrypted resident data.

Uploaded by

JoySinha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
60 views16 pages

ZLD Makes Fool

The document describes the OTP Request API and e-KYC API. It provides details on the required parameters, headers, request and response formats for both APIs. Key elements include mandatory fields like Aadhaar number, authentication type, timestamp, digital signatures for requests. Responses contain encrypted resident data.

Uploaded by

JoySinha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 16

OTP Request API

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Otp uid= tid= ac= sa= ver=
lk=>
<Opts ch=/>
<Signature>Digital signature of AUA</Signature> </Otp>

https://<host>/otp/<ver>/<ac>/<uid[0]>/<uid[1]>/<asalk>

uid (mandatory) Aadhaar Number of the resident


tid (mandatory) For Registered devices, send its unique Terminal ID. For
Public devices, value should be passed as public.
ac (mandatory) A unique code for the AUA which is assigned by UIDAI during
AUA registration process. This is an alpha-numeric string having maximum
length 10. (A Default value public is available only for testing.)
sa (mandatory) A unique Sub-AUA code. AUAs are expected to manage these codes
their system and ensure uniqueness within their system. This allows auditing and busines
intelligence to be provided at SA level. If AUA and SA are same agency, use value of ac
attribute. This is an alpha-numeric
string having maximum length 10.
ver (mandatory) version of the OTP API. Currently only valid value is 1.5.
txn (optional) AUA specific transaction identifier. AUA can choose to pass this
as part of input. This is returned as part of response as is. This is very useful for linking
transactions full round trip across systems. This is an alpha-numeric string of maximum le
Only supported characters are A-Z, a-z, 0-9, period, comma, hyphen, backward & forward
left & right parenthesis, and colon. No other characters are supported. It is highly recomm
that AUAs use this attribute for correlating requests with responses for auditing and verific
lk (mandatory) A valid License Key assigned to the AUA. Administration portal of UID
provide a mechanism for AUA administrator to generate license keys. This is an alpha-num
string of length up to 64 characters.
Signature (mandatory)
The request XML should be digitally signed for message integrity and nonrepudiation purposes.
Digital signing should always be performed by the entity that creates the final
request XML

host Aadhaar OTP server address. Actual production server address will be provided to A
Note that production servers can only be accessed through secure leased lines. For develo
and testing purposes, public URL auth.uidai.gov.in can be used. ASA server should ensur
actual URL is configurable.
Next part of the URL otp indicates that this is a OTP Request API call instead of regular
authentication API call. Ensure that this is provided.
ver OTP API version (optional). If not provided, URL points to current version. UIDAI may
multiple versions for supporting gradual migration. As of this specification, only valid versi
production use is 1.5.
ac A unique code for the AUA which is assigned by UIDAI. This is an alpha-numeric string
maximum length 10. (A default value public is available for testing.)
uid[0] and uid[1] First 2 digits of Aadhaar Number. Used for load-balancing.
asalk A valid ASA license key. ASAs must send one of their valid license keys at the end o
URL. It is important that license keys are maintained safely. When adding license key to th
ensure it is URL encoded to handle special characters.

Are we allowing the user to choose sms/email or both?

e-KYC API

https://<host>/kyc/<ver>/<ac>/<uid[0]>/<uid[1]>/<asalk>

<Kyc ver= ts= ra= rc= mec= lr= de=>


<Rad>base64 encoded fully valid Auth XML for resident</Rad>
</Kyc>

host Aadhaar e-KYC API server address. Actual production server address will be provided
through secure leased lines. KSA server should ensure that actual URL is configurable.
Next part of the URL kyc indicates that this is a e-KYC API call. Ensure that this is provide
ver e-KYC API version (optional). If not provided, URL points to current version. UIDAI may
this specification, default production version is 1.0.
ac A unique code for the AUA (KUA and AUA codes are same since KUA is an AUA having
This is an alpha- numeric string having maximum length 10.
uid[0] and uid[1] First 2 digits of Aadhaar Number. Used for load-balancing.
For security reason PID data collected for Aadhaar e-KYC must NOT be stored on any de
records for all the authentication request metadata along with the response and protect th
UIDAI, 2011-2014 http://uidai.gov.in/ Page 8 of 16
Version 1.0 Aadhaar e-KYC API
asalk A valid ASA license key. ASAs must send one of their valid license keys at the end o
safely. When adding license key to the URL, ensure it is URL encoded to handle special c

ver (mandatory) version of the KYC API. Currently only valid value is 1.0.
ts (mandatory) Timestamp at the time of capture of authentication input. This
value must match ts attribute of PID block of the resident authentication packet under
o If this value is not matching with PID ts, then, an error will be generated.
o Front-end application on the device must send the PID ts value to KUA server to ensur
to ensure authentication input cannot be independently used for e- KYC later.

ra (mandatory) Resident authentication type. Valid values are F, I, O, FO, IO, F


resident authentication PID block, should determine value of this attribute based on what
fingerprints, then this should be F, if both fingerprint and OTP are used this should be F
authentication factors within PID block do not match, an error is returned.

rc (mandatory) Represents residents explicit consent for accessing the residents identit
Y. If resident does not provide this explicit consent, application SHOULD NOT access resi
mec (optional) Represents residents explicit consent for accessing the mobile numbe
values are Y and N. Default value is N (by default, this API does not return mobile an
lr - (optional) Flag indicating if AUA application require local language data in addition to
default, this API does not return local Indian language data).
de (optional) Flag indicating if KUA is delegating decryption to KSA. If this flag is set to
XML instead of KUA key provided KSA is allowed to do so.
o This is OPTIONAL attribute and hence should be used ONLY when KUA requires to change
if KSA is approved to do decryption.
o By default, KUA public key is always used to encrypt e-KYC response.
o If KUA key is NOT available in CIDR, KSA key will be used to encrypt
provided KSA is authorized to do so.
o A dynamic option of setting de attribute to Y allows KUA to make this
choice at transaction level based on the KSA they use for e-KYC service.
Rad (mandatory)
This element contains base64 encoded Auth XML for resident. Authentication in
Authentication API specification.

Any valid Authentication API version and features can be used while invoking e-KYC. Only
authentication input XML (authentication namespace) must start with UKC:.
IOMPORTANT NOTE: Digital Signature at eKYC XML level is optional
The e-KYC request XML may be digitally signed for message integrity and nonrepudiation purposes.

Resident data as part of the response based on successful authentication (thus


resident authorizing UDIAI to share his/her data with the KUA/KSA) is fully
encrypted using KUA public key (or KSA public key if KUA delegates it to KSA).

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy