1. Introduction
Veri5Digital Offline KYC Solution offers Web SDK that can be seamlessly integrated with clients business application to get the KYC info of a user from UIDAI in offline mode.
This document explains technical specification and steps to integrate OfflineKyc Web SDK with clients application. Sample code snippets are available for reference.
2. Steps to Integrate OfflineKYC Web SDK
Clients should follow the below steps for integrating OfflineKYC Web SDK to client application. 1. Client should get on boarded or registered with Veri5Digital Platform and get client credentials and other parameters required for integration.
Health Status Check API - Clients can integrate health status check API to check whether UIDAI Website is up or down.
Clients Web Application should integrate OfflineKyc Web SDK
Integrate _fetch API to retrieve the processed KYC Info Veri5Digital Platform provides Sandbox Environment for Integration and Production Environment for actual production purposes.
Note :
We recommend to integrate the app in sandbox environment first and then move to production post testing and certification in Sandbox Environment.
It is recommended that clients invoke Health Status Check API to check the availability status before invoking SDK.
2.1 Client Registration
For a client to get access to SDK and do integration, client registration is mandatory.
As part of registration , Client has to obtain values for following params for Sandbox and Production Environments each.
Client Code (client_code) , that uniquely identify the client that is onboarded to Khosla Labs Platform.
API-Key (api_key ) , will be provided during onboarding and is used for managing subscription.
Salt ( salt), salt is for calculating hash of request payload and will be shared during onboarding. Each api_key will have its own salt.
SandBox URL
Production URL
Note :
Clients should get these details from Veri5Digital Onboarding Team.
It is recommended that client should first get on boarded in Sandbox environment to do technical integration and testing before moving to production.
2.2 Health Status Check API
Client application can invoke this API before initiating SDK to check the status of service availability.This is applicable for WeDo only.
Client application should handle the scenario in case , UIDAI Service is down.
API details are given below.
API Name : isUidaiUp
Method : POST
SandBox URL : https://sandbox.veri5digital.com/assisted/isUidaiUp
Production URL : https://prod.veri5digital.com/assisted/isUidaiUp
Request :
There is no specific request body as it is a Status Check API.
Response :
Based on the status of UIDAI availability, following are the response scenarios.
- Success Scenario
{
"code": "000”,
"status": "SUCCESS",
"message": "UIDAI website is up"
}
- Failure Scenario
{
"code": "390008",
"status": "FAILED",
"message": "UIDAI website is down"
}
2.3 How to integrate SDK in Client’s Web Application
Client should have received the credential information mentioned in Section 2.1 before start integration.
Clients web application should invoke OfflineKYC Web SDK using the _init API whose details are given below.
API Name : _init
Method : POST
SandBox URL : https://sandbox.veri5digital.com/video-id-kyc/_init
Production URL : https://prod.veri5digital.com/video-id-kyc/_init
Given below are the details of the Request Payload of _init request. Sample request follows the same.
2.3.1 _init API Request Details
Headers
Content-Type: application/x-www-form-urlencoded
Body Parameters
| Field name | Type | Comments | Example |
|---|---|---|---|
| client_code | String, Mandatory | Your client code received during onboarding | a1b2c3 |
| request_id | String, Mandatory | Unique transaction identifier Client app has to generate the same.For each request it should be unique.This is used for uniquely identifying the transaction. | 12345678910111 |
| api_key | String, Mandatory | Pre-shared api key controls the access to various Api’s. Api Key will be shared during onboarding.There will be separate api_key for SandBox and Production Environment. | 1A3b5c7D910111 |
| redirect_url | String, Mandatory | This should be a valid callback url exposed by the calling app. SDK will redirect the response on this URL with the status of the transaction, once SDK completes its execution. | https://mydomain.com/status.html |
| hash | String, Mandatory | This should be a SHA-256 value of Hash Sequence defined for _init request. Purpose of this is to ensure the integrity of the request. Refer Appendix B for hash generation logic. | 9780cd0d2ce77eef 8f64942f54e0281a 0e220ff6bbcce0a0 3df27a2b15575f58 |
| stan | String, Mandatory | System Trace Number. This number is used to uniquely identify an api call initiated from the client.Stan is also generated by client. | 98765432100000 |
| otp_required | String, Mandatory Possible Values ( “Y'' or “N”) | Specifies whether OTP authentication is required or not. Possible values are “Y” or “N”. If otp_required value is “Y”, mobile number to which OTP has to be delivered should be specified as value to parameter ‘mobile’ and user will be taken to OTP Enter Page. If value is ‘N’ user will proceed directly to KYC options screen. | Y |
| mobile | String, Mandatory | If otp_required field is set to ‘Y’, pass mobile number in this field. If otp_required field is set to ‘N’ pass empty string ( “”) in this field. | 8812345678 or " " |
Sample Html Code for SDK Initiation
Below given code snippet demonstrates how to invoke the Veri5Digital OfflineKYC SDK from a form in clients application.
<form method="post" action="<<SandBox URL>>">
<input type="text" name="client_code" value="<<Your Client Code>>" >
<input type="text" name="api_key" value="<<Your API Key>>" >
<input type="text" name="redirect_url" value="<<Callback Url>>" >
<input type="text" name="request_id" value="<<Unique Request Id>>" >
<input type="text" name="stan" value="<<Unique Stan>>" >
<input type="text" name="hash" value="<<sha256 hash value>>" >
<input type="text" name="mobile" value="<<registered mobile number value>>">
<input type="text" name="otp_required" value="<”Y” | ”N”>" >
<button type="submit">Proceed </button>
</form >
Points to Note ; - Action URL should be changed based on the environment whether its SandBox or Production.
Please ensure correct api_key, client_code,redirect url to be passed.
Ensure that no Spaces before or after the parameter values.
Https protocol is recommended.
2.3.2 _init API Response Details
On completion of OfflineKYC SDK processing, SDK response will be sent to the callback URL passed in _init request as a redirection.
As a result of SDK execution a “uuid”, which is a unique identifier will be generated. ‘uuid’ will be required for fetching the processed KYC info of the user later.
- On Successful completion of the SDK, client application will get redirected to callback URL.
https://<callbackUrl>?requestId=<requestId>&uuid=<uuid>&hash=<hash>&status=<SUCCESS>
where in :
callbackUrl : Client specific URL passed in _init request
requestId : Unique request id passed by calling application in _init request.
uuid : Unique Identifier generated by the SDK which is required later for fetching processed KYC Info.
hash : Hash of Init API Response. Refer Appendix B to see how to calculate the hash.
status : SUCCESS
Eg:
- In case SDK execution is failed, client application will get redirected to:
https://<callbackUrl>?requestId=<requestId>&uuid=<uuid>&hash=<hash>&errCode=<error-code>&status=<FAIL>
where in
callbackUrl : Client specific URL passed in _init request
requestId : Unique request id passed by calling application in _init request.
uuid : Unique Identifier generated by the SDK which is required later for fetching processed KYC Info.
hash : Hash of Init API Response. Refer Appendix B to see for the hash logic.
status : FAIL
Eg:
Refer to Appendix A for Error Codes & Description
Points to Note :
Uuid that is passed in response is required to fetch KYC Data (See next section).
Callback URL should handle the URL parameters correctly.
Https protocol is recommended.
Post successful execution of SDK, client should invoke fetchKyc Api to retrieve the processed Kyc info.
2.4 Fetch KYC Request
After successful completion of SDK and redirection to callback url is performed, client application should call _fetch to retrieve the processed KYC Information.
API Name : _fetch
Method : POST
Preprod URL : https://sandbox.veri5digital.com/video-id-kyc/_fetch
Prod URL : https://prod.veri5digital.com/video-id-kyc/_fetch
2.4.1 _fetch API Request Details
_fetch API Request payload is given below.
{
"client_code" : "<<Your Client Code>>",
"uuid" : "<<You got this in response of kyc request initiation>>",
"hash" : "<<sha256 of hash sequence defined for _fetch request>>",
"api_key" : “<<Your api key>>”
}
Refer Appendix B for Hash generation logic.
Refer Appendix D for sample Code Snippet in AngularJS
2.4.2 _fetch API Response Details
_fetch API response contains processed ‘response_data’.
Response Payload
Response Payload holds the following :
{
“response_status”:{
“status” : ”<<status of API Execution>>”,
“code” : ”<<status code of API Execution>>”,
“message” :”<<message based on the status and code>>”
},
“response_data”:{
“is_encrypted” :”<<NO>>”,
“kyc_info” :”<<base64 encoded KYC info>>”
},
“uuid” : <<Unique User Id generated by the SDK processing>>
“hash” : <<sha256 of hash sequence defined for fetch response>>
}
response_data block is a base64 encoded string comprised of :
- Processed KYC Info (kyc_info)
- encrypted flag ( is_encrypted ) value will be “NO”.
Response Payload Example :
Below given is an example for a successful response.
{
"uuid": "1568782657402",
"hash": "5eea1888a2920b6fddf25f6c12ec2aba5e7ce2bff6d9391c18fd1b2749a4ba47",
"response_status": {
"status": "SUCCESS",
"code": "000",
"message": "Kyc data fetched successfully"
},
"response_data": {
"is_encrypted": "NO",
"kyc_info": "Base64 Encoded kyc_info block"
}
}
Refer Appendix D for sample Code Snippet in AngularJS demonstrating invocation of _fetch API and response processing.
Detailed Structure of kyc_info block
Structure of kyc_info block post decoding of Base64 encoded data is given below. Please refer the Json and table given below for more field level details.
Points to Note: - Please note that below structure contains the exhaustive list of data elements that SDK can provide.
Depending on the flow that is chosen few of the fields might not be present.
High level structure of the response remains the same.
Client application should handle the data elements they are interested in.
| Name | Comments |
|---|---|
| name | Name of the user extracted from Aadhaar XML. |
| document_id | Aadhaar Number with first Eight Digits are masked. |
| name_status | Possible values are : VERIFIED and NOT_VERIFIED VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML is successfully verified by SDK. NOT_VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML could not be successfully verified by SDK. |
| name_description | Value will be “Obtained from UIDAI XML” |
| dob | Date of birth of the user extracted from document |
| dob_status | Possible values are : VERIFIED and NOT_VERIFIED VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML is successfully verified by SDK. NOT_VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML could not be successfully verified by SDK. |
| dob_description | Value will be “Obtained from UIDAI XML” |
| mobile | Mobile number user input in client application. It’s an optional field. If no mobile number is given as input, value will be an empty string |
| mobile_status | This is applicable in case Input Mobile is present. Possible values are : MATCHED,NOT_MATCHED,NOT_VERIFIED In case UIDAI Digital Signature in Offline Aadhaar XML is successfully verified by SDK then : MATCHED : Means Hash of Input Mobile matches with the mobile hash obtained from XML. NOT_MATCHED : Means Hash of Input Mobile does not match with the mobile hash obtained from XML. NOT_VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML could not be successfully verified by SDK. |
| mobile_description | Value will be “Obtained from UIDAI XML” |
| address | Address of the user extracted from document. |
| address_status | Possible values are : VERIFIED and NOT_VERIFIED VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML is successfully verified by SDK. NOT_VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML could not be successfully verified by SDK. |
| address_description | Obtained from UIDAI XML |
| gender | Gender of user extracted from document ( M |
| gender_status | Possible values are : VERIFIED and NOT_VERIFIED VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML is successfully verified by SDK. NOT_VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML could not be successfully verified by SDK. |
| gender_description | Obtained from UIDAI XML |
| photo | Base64 encoded face image in case XML has photo. Its noticed that latest XMLs does not have photo. If photo is not present value will be blank. |
| photo_status | Possible values are : VERIFIED and NOT_VERIFIED VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML is successfully verified by SDK. NOT_VERIFIED : UIDAI Digital Signature in Offline Aadhaar XML could not be successfully verified by SDK. |
| photo_description | Obtained from UIDAI XML |
| country | Country field that is extracted from Address in Aadhaar XML. |
| dist | District field extracted from Address in Aadhaar XML. |
| house | House Name field extracted from Address in Aadhaar XML. |
| loc | Locality field extracted from Aadhaar XML. |
| pc | Pincode field extracted from Address in Aadhaar XML. |
| po | Post Office field extracted from Address in Aadhaar XML. |
| state | State field extracted from Address in Aadhaar XML. |
| street | Street field extracted from Address in Aadhaar XML. |
| subdist | Sub District field extracted from Address in Aadhaar XML. |
| vtc | Village/Town/City field extracted from Address in Aadhaar XML. |
{
"name": "actual name",
"document_id": "********0031",
"name_status": "VERIFIED",
"name_description": "Obtained from uidai xml",
"email_status": "NOT_VERIFIED",
"email_description": "Obtained from uidai xml",
"dob": "15/01/1984",
"dob_status": "VERIFIED",
"dob_description": "Obtained from uidai xml",
"mobile": "9999999999",
"mobile_status": "NOT_MATCHED",
"mobile_description": "Obtained from uidai xml",
"address": "comma separated address fields",
"address_status": "VERIFIED",
"address_description": "Obtained from uidai xml",
"gender": "F",
"gender_status": "VERIFIED",
"gender_description": "Obtained from uidai xml",
"photo": "Base64 Encoded Photo Image",
"photo_status": "VERIFIED",
"photo_description": "Obtained from uidai xml",
"country": "India",
"dist": "bengaluru",
"house": "house name",
"loc": "locality",
"pc": "560066",
"po": "whitefield",
"state": "karnataka",
"street": "street name",
"subdist": "",
"vtc": "thubarahalli"
}
Appendix A: Error Codes
| Code | Scenario/API | Message |
|---|---|---|
| 380118 | _init | Mandatory data is missing |
| 360022 | _init | None/More entry exists for a client |
| 360025 | _init | Token does not exist for client |
| 380114 | _init | Session does not exist |
| 380048 | _init | Client doesn’t exist |
| 380116 | _init | Transaction does not exist |
| 380117 | _init | Invalid status |
| 380091 | _init | Invalid hash |
| 360004 | _init | Duplicate Request-id found |
| 360015 | _init | Invalid Value for OTP required field |
| 380115 | _init | Failed to find SDK ClientConfig ID |
| 360005 | _init | Unable to create SDK Session Info entity |
| 380039 | _init | Failed to create User Info |
| 240006 | _init | Subscription Info not found |
| 360007 | _fetch | Mandatory Data Missing |
| 360009 | _fetch | No such KYC transaction found. |
| 380048 | _fetch | Invalid api_key or client code |
| 000 | _fetch | KYC data fetched successfully |
| 380091 | _fetch | Hash mismatch |
| 360031 | _fetch | No such userInfo found. |
Appendix B: Hash Generation
It is essential that there is a definitive protocol to verify the integrity of all the communication between Khosla Labs and Client.Hence for every request coming to KL Platform, client have to supply a hash which we will use as the first step of verification.
In return, all responses will also contain hash supplied by KL. You should not entertain any request at your callbackUrl if the hash does not match.
- Hash should be calculated using the below method : hash=SHA256(Hash-Sequence)
Hash Sequence is specified as follows(no space, no commas, no single/double quotes). Hash sequence is defined for each request and response.
Init Api Request ( _init Request):
client_code|request_id|api_key|saltInit Api Response ( _init Response):
client_code|request_id|uuid|status|api_key|saltKYC Fetch Request ( _fetch Request):
client_code|uuid|api_key|saltKYC Fetch Response ( _fetch Response ):
client_code|uuid|kyc_info|status|api_key|salt
Example(for _init request), If your
client_code=a1b2c3,
api_key=123,
requestId=1234567890101112,
salt=e1d2c3b4a,
then
Hash-Sequence=a1b2c3|1234567890101112|123|e1d2c3b4a
hash =SHA-256(Hash-Sequence)
Receiving end should calculate hash based on request parameters and match it against the received hash.
If receivedHash=calculatedHash, then only you should proceed with your application logic.
api_key and salt are the key parameters here. It is known only to the client and Khosla Labs.
One api_key is mapped to one salt. This allows us to have multiple salts active at a time.
api_key and hash need to be passed in each API call. Salt is never transmitted in any API call.
Appendix C: Customization Options
Following are the customization capabilities provided by the SDK.
User Details Page
SDK provide option to clients to configure whether they want to show User Details page ( Page where extracted Kyc data will be displayed ) as Last Page or not. You can inform the same to the Tech Support Team at the time of on-boarding, and flow will be configured for you accordingly.
Option Flow Customization
By default there are two options for the user :
UIDAI_XML Do it for me
UIDAI_XML I’ll do it myself
SDK provides the capability to customize the flow in such a way that user can enable either one of the options or both the option. By default both options will be enabled.
During onboarding and integration Client should inform Tech Support team the client's preference.
User Interface
The SDK provides capability to customize themes and styles pertaining to client requirements.Client has to give the following properties at the time of on-boarding for the customization requirements in the format as defined in the below JSON Text.
Web SDK also allows clients to configure color themes and styles as per below -
- Adding your Company Logo on Top
- Dynamic Font Size and Color Theme on app
- Background
- NAV Bar
- Resend Timer Color
- Button
- Input Box
- Card Heading (KYC Option) Text
- Primary Text
- Secondary Text
- Tertiary Text
- Note Text
You need to share JSON Structure with values for each parameter. In case Json is not provided following default Json will be applicable.
Default Json
{
"--background": "white",
"--nav-color": "white",
"--nav-font-size": "24px",
"--nav-background": "#D52736",
"--resend-timer-color": "#3169ea",
"--btn-background": "#d52736",
"--btn-text-color": "#fab60f",
"--btn-font-size": "14px",
"--input-box-text-color": "#DE140305",
"--input-error-code-color": "#ff5833",
"--input-error-text": "14px",
"--card-heading-text-color": "#d52736",
"--card-heading-text-font-size": "24px",
"--card-text": "#777777",
"--card-font-size": "16px",
"--upload-bg-color" : "#dddddd",
"--upload-text-color" : "#000000",
"--upload-text-size" : "20px",
"--primary-text": "#777777",
"--primary-font-size-normal": "24px",
"--primary-font-size-heading": "32px",
"--secondary-text": "#d52736",
"--secondary-font-size": "32px",
"--tertiary-text": "#000000",
"--tertiary-font-size": "16px",
"--note-text": "red",
"--note-font-size": "16px",
"--verify-image-background": "white",
"--verify-font-size": "18px",
"--verify-font-color": "white",
}
Refer Customization Guide ( Customization_Offlinekyc.pdf ) for more details. Link for Customisation Guide:
https://drive.google.com/file/d/1QfGlv8UEOnWFi0LtU8rvrd00HAulQMUO/view?ts=5dc930a0
Appendix D: Code Snippet for _fetch Request
Below code snippet demonstrates the AngularJS Code Snippet to invoke _fetch API and handle the
response.
angular.module("myApp").controller('FetchController', function($scope, $http,$rootScope,$location){
$scope.init=function(){
$scope.uuid=$location.search().uuid;
$scope.status=$location.search().status;
$scope.receivedHash=$location.search().hash;
$scope.clientCode="dummy-code";
$scope.apiKey="api-key1";
$scope.salt="BYPASS";
$scope.requestId= "1568289136618";
$scope.calculateHash=function(){
$scope.hash=Sha256.hash( $scope.clientCode+ "|"+ $scope.uuid+ "|"+ $scope.apiKey+"|"+$scope.salt);
}
$scope.message="Welcome to AadhaarBridge Offline eKYC Demo";
$scope.fetchKYC = function() {
$scope.calculateHash();
var request ={
"client_code" : $scope.clientCode,
"uuid": $scope.uuid,
"hash": $scope.hash,
"api_key": $scope.apiKey
};
$http({
method: "POST",
url: "https://hostname/video-id-kyc/_fetch",
data: request
})
.success(svcSuccessHandler)
.error(svcErrorHandler);
}
/**
Success Response Handler - Code that handles success response of _fetch Request
*/
var svcSuccessHandler = function(data, status, headers, config) {
var kycData=JSON.parse(atob(data["response_data"]["kyc_info"])); // Base64 Decoding
$scope.kycInfo=atob(data["response_data"]["kyc_info"]);
$scope.name=kycData["name"];
$scope.nameStatus=kycData["name_status"];
$scope.nameDescription=kycData["name_description"];
$scope.email=kycData["email"];
$scope.emailStatus=kycData["email_status"];
$scope.emailDescription=kycData["email_description"];
$scope.dob=kycData["dob"];
$scope.dobStatus=kycData["dob_status"];
$scope.dobDescription=kycData["dob_description"];
$scope.mobile=kycData["mobile"];
$scope.mobileStatus=kycData["mobile_status"];
$scope.mobileDescription=kycData["mobile_description"];
$scope.gender=kycData["gender"];
$scope.genderStatus=kycData["gender_status"];
$scope.genderDescription=kycData["gender_description"];
$scope.address=kycData["address"];
$scope.addressStatus=kycData["address_status"];
$scope.addressDescription=kycData["address_description"];
$scope.photo=kycData["photo"];
$scope.photoStatus=kycData["photo_status"];
$scope.photoDescription=kycData["photo_description"];
$scope.documentId=kycData["document_id"];
}
/**
Success Response Handler - Code that handles success response of _fetch Request
*/
var svcErrorHandler = function(data, status, headers, config) {
// Clients Functionality
}
}
})
Appendix E : GitHub Link For Sample Integration
Below is the github repository link of codebase of sample App integrated to our SDK and implementation of API.
https://github.com/dev-kl/Offline-kyc-web-integration
Techincal Specification Extension
1. Introduction
This document is an extension of the Technical Specification document. This contains following add-on functionalities that are being offered as part of OfflineKyc solution.
- executeAadhaarXMLService
This API offers following functionality:
Download aadhaar xml/zip file obtained from UIDAI as a part of OfflineKyc.
Explicitly delete aadhaar xml/zip file obtained from UIDAI as a part of OfflineKyc
2. executeAadhaarXMLService API
Post processing of VideoIdKyc SDK processing,this api can be used to download or delete aadhaar xml/zip.
Note :
This Api is relevant only in case the user had chosen Offline Aadhaar XML Option for completing the Kyc processing.
2.1 API Request Details
API Name : executeAadhaarXMLService
Method : POST
Sandbox URL :
https://sandbox.veri5digital.com/video-id-kyc/api/1.0/executeAadhaarXMLService
Production URL :
https://prod.veri5digital.com/video-id-kyc/api/1.0/executeAadhaarXMLService
2.1.1 executeAadhaarXMLService API Request Details
Calling application should form the Request Payload in the following Json format.This should be passed as http Request Body.
{
"headers": {
"client_code": "<<your client_code>>",
"sub_client_code": "<<your sub client code>>",
"actor_type": "NA",
"channel_code": "<<Your Channel>>",
"stan": "<<System Trace Number>>",
"user_handle_type": "",
"user_handle_value": "",
"location": "",
"transmission_datetime": "<<System Time In MilliSeconds">>,
"run_mode": "REAL",
"client_ip": "<<Your IP Address>>",
"operation_mode": "SELF",
"channel_version": "",
"function_code": "<<can be DOWNLOAD or NO_ACTION>>",
"function_sub_code": "<<can be DELETE or NO_ACTION>>"
},
"request": {
"api_key": "<api-key>",
"request_id": "<<Unique Request Id Passed by client>>",
"user_id": "",
"hash": "<<Generated Hash>>"
}
}
Note:
Please refer below table for details of Request Field information.
All fields which are non mandatory, you can pass an empty string (“”).
Table : executeAadhaarXMLService API Request Body Parameters
Every APIs Request Payload has a custom “header” field, whose details are given below. Fields marked ( * ) are mandatory.
| Field Name | Type | Comments | Example |
|---|---|---|---|
| client_code | String,Mandatory | Unique code assigned to a client.This will be assigned to the client during onboarding. | client123 |
| sub_client_code | String,Not Mandatory | Its useful in case calling client needs any customization w.r.to different departments. | subclient123 |
| actor_type | String,Not Mandatory | Type of user who is making the request from the application. | CUSTOMER/AGENT |
| channel_code | String,Not Mandatory | Channel code used by the client to initiate the request. | ANDROID_SDK or WEB_SDK or MSITE etc. |
| stan | String,Mandatory | A unique number generated per request by the client. It is used to uniquely identify a request from a client and can be used for troubleshooting.Max length can be 64 characters long. | 98321892319 |
| user_handle_type | String,Not Mandatory | Indicates the type of the user identifier, who has initiated the request. Eg: UUID, MSISDN, EMAIL. If not relevant, "DEFAULT" can also be used. | |
| user_handle_value | String,Not Mandatory | Value of user_handle_type.If not relevant, "DEFAULT" can also be used. | a@b.com |
| location | String,Not Mandatory | Location of the device that initiated the request. Can be empty | |
| transmission_datetime | String,Not Mandatory | Time in System Milli Seconds at which the request was initiated by the client. | 155325508029 |
| run_mode | String,Not Mandatory | Execution Mode in which transaction is being done.Possible values are REAL or TRIAL. | REAL |
| client_ip | String, Not Mandatory | IP Address of the client device. | |
| operation_mode | String,Not Mandatory | The way in which the transaction is executed.Example values can be “SELF”,”ASSISTED”,”SYSTEM” etc. | SELF |
| channel_version | String,Not Mandatory | It can be your SDK Version | 3.1.7 |
| function_code | String,Mandatory | Possible values are DOWNLOAD or NO_ACTION DOWNLOAD: Aadhaar XML Zip file will be returned as part of the response. NO_ACTION : No data will be downloaded and action specified by function_sub_code will be performed. Refer Section 2.1.1.1 for more details. | DOWNLOAD |
| function_sub_code | String,Mandatory | Possible values are DELETE or NO_ACTION DELETE: Indicates that the data has to be deleted permanently. doc_content and password will be deleted from the system. NO_ACTION: No action will be performed on data. Refer Section 2.1.1.1 for more details. | DEFAULT |
| user_id | String,Not Mandatory | You can pass an empty ( “”) string. | "" |
| request_id | String,Mandatory | Client generated Id for referencing the transaction that is passed while invoking SDK.. | requestid123 |
| hash | String,Mandatory | Hash to be calculated by the client to verify the integrity of the request. Please refer APPENDIX A to see how to generate the hash. | |
| api_key* | String,Mandatory | api_key shared with the client during onboarding. |
2.1.1.1 Function Code & Function Sub Code Map
Table : Action Matrix Based on function_code and function_sub_code
| function_code | function_sub_code | Action |
|---|---|---|
| DOWNLOAD | NO_ACTION | Aadhaar XML Zip File for the requested user_id will be downloaded |
| DOWNLOAD | DELETE | Aadhaar XML Zip File for the requested user_id will be downloaded and deleted from server. |
| NO_ACTION | DELETE | Aadhaar XML Zip File for the requested user_id will be deleted from server. |
2.1.2 executeAadhaarXMLService API Response Details
Response data contains processed KYC information in “response_data” tag.Response Data is comprised of doc_format, doc_content and password.
doc_format can be XML/ZIP
doc_content contains base64 encoded string which should be decoded and saved as a file for further processing based on doc_format field.
password field contains the password to open the file ZIP file if it is password protected.
{
“response_status”:{
“status” : "<<status of API Execution>>",
“code” : "<<status code of API Execution>>”,
“message” :"<<message based on the status and code>>"
},
“response_data”:{
“doc_format”:”<<ZIP or XML>>”,
“doc_content”:”<<base64 encoded document>>”
“password”:”<<password to open zip file>>”
},
}
Note:
Refer Appendix B for possible code and messages in response_status.
If you delete the data before the download, than doc_content and password fields will have value “DELETED”.
Appendix A : Hash Generation
It is essential that there is a definitive protocol to verify the integrity of all the communication between Khosla Labs and Client.
Hence for every request coming to KL Platform, client have to supply a hash which we will use as the first step of verification.
In return, all responses will also contain hash supplied by KL. You should not entertain any request at your callbackUrl if the hash does not match.
Hash should be calculated using the below method : hash=SHA256(Hash-Sequence)
Hash Sequence is specified as follows(no space, no commas, no single/double quotes)
--> executeAadhaarXMLService :
client_code|request_id|user_id|api_key|salt|function_code|function_sub_code
If your
client_code=”a1b2c3”,
api_key=”123”,
request_id=”1234567890101112”,
user_id =””,
salt=”e1d2c3b4a”,
function_code=”DOWNLOAD”,
function_sub_code=”DELETE”,
then
Hash-Sequence=
a1b2c3|1234567890101112||123|e1d2c3b4a|DOWNLOAD|DELETE
hash =SHA-256(Hash-Sequence)
For Validation :
Receiving end should calculate hash based on request parameters and match it against the received hash.
If receivedHash=calculatedHash, then only you should proceed with your application logic.
api_key and salt are the key parameters here. It is known only to the client and Khosla Labs.
One api_key is mapped to one salt. This allows us to have multiple salts active at a time.
api_key and hash need to be passed in each API call. Salt is never transmitted in any API call.
Sample Code Snippet for Hash Calculation
private String calculateHash(String clientCode, String requestId, String userId,String apiKey, String salt,String functionCode,String functionSubCode) throws NoSuchAlgorithmException {
MessageDigest digest;
digest = MessageDigest.getInstance("SHA-256");
if (digest != null) {
byte[] hash = digest.digest((clientCode + "|" + requestId + "|" + userId + "|"+ apiKey + "|" + salt + "|" + functionCode + "|" + functionSubCode ).getBytes());
return bytesToHex(hash);
}
return null;
}
private final static char[] hexArray = "0123456789ABCDEF".toCharArray();
public static String bytesToHex(byte[] bytes) {
char[] hexChars = new char[bytes.length * 2];
for (int j = 0; j < bytes.length; j++) {
int v = bytes[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);}
Appendix B : Error Codes
| Code | Message |
|---|---|
| 000 | Success |
| 380145 | please provide either request_id or user_id |
| 380146 | hash is mandatory |
| 380147 | api_key is mandatory |
| 380114 | Session does not exist |
| 380148 | function_code is mandatory |
| 380149 | function_sub_code is mandatory |
| 380150 | Invalid function_code |
| 380151 | Invalid function_sub_code |
| 380152 | user_id doesn't exist |
| 380153 | Required details not found |
| 380154 | Required details not available |
| 380155 | request_id doesn't exist |
| 380048 | Invalid api_key |
| 380049 | Invalid client_code |
| 380091 | Hash validation failed. |
Appendix C: Sample Postman Request Response
Method : POST
Sandbox URL :
https://sandbox.veri5digital.com/video-id-kyc/api/1.0/executeAadhaarXMLService
- Production URL :
https://prod.veri5digital.com/video-id-kyc/api/1.0/executeAadhaarXMLService
- HTTP Request Header:
Content-Type : application/json
- HTTP Request Body:
{
"headers":{
"client_code":"your-code",
"sub_client_code":"your-code",
"actor_type":"NA",
"channel_code":"WEB_SDK",
"stan":"stanwedfsdfqaaaawerqwer",
"user_handle_type":"EMAIL",
"user_handle_value":"abc@gmail.com",
"location":"",
"transmission_datetime":"1533123525716",
"run_mode":"REAL",
"client_ip":"",
"operation_mode":"SELF",
"channel_version":"",
"function_code":"DOWNLOAD",
"function_sub_code":"DELETE"
},
"request":{
"request_id":"dummy-codea-1564137837052",
"api_key":"your-api-key1",
"hash":"dd02c40fe612066bbdff72a0e93200a08866380e726dc31dd15806898cf541de",
"user_id":""
}
}
- Response Payload :
{
"response_status": {
"status ": "SUCCESS ",
"code": "000",
"message": "document details fetched successfully"
},
"response_data": {
"doc_format ": "ZIP ",
"doc_content": "...encoded document string.... >> ",
"password": "3962"
}
}
Customisations to Offline KYC
https://drive.google.com/file/d/1QfGlv8UEOnWFi0LtU8rvrd00HAulQMUO/view?ts=5dc930a0