Before you start
AadhaarAPI.com is a platform of Quagga Tech which acts Agreggator Marketplace providing Technology services on Digital KYC component. We provide SDK which are plug n play services of Aadhaar Authentication, eKYC and eSign. We provide a secure link to your website, server or Mobile app to access the Aadhaar services through approved licence holder.
In this article, you will find step-by-step instructions to get on-board AadhaarAPI and find resources that can help you integrate it with your website/product. Remember, we are always just a click away on the support in case you come across a hurdle.
To Start On-boarding with AadhaarAPI.com for Access, please drop an enquiry
Please raise an enquiry to receive service agreement and supporting documentation. After successful submission of the documentation, due diligence and approval, your account will be activated.
SDK’s are accessible only when UNIQUE_API_KEY is sent as a header parameter with every request. The key can be regenerated or deleted from the dashboard.
In the case of SDK’s the API key should be added to the corresponding settings/resource file into your backend.
The authentication data is first encrypted at the client end and sent to our servers as part of a JSON request via provided our SDKs. This JSON request is then formatted at our end to construct the required XML using the request type. The constructed XML is then sent through secure channels (AUA & ASA) to UIDAI. The request is decrypted and validated by the UIDAI. If the user is Authenticated successfully using OTP/Biometric the requested data is returned. The data received at our end is then converted to JSON for easy consumption and sent back to the requester.
As per UIDAI regulations, Via Software development KIT (SDK) the SKEY, HMAC, and the PID XML which contains the biometric/OTP data gets encrypted and encoded on the client end before being sent to us. The PID XML and HMAC are encrypted using a random session key which in turn is then encrypted by the UIDAI public certificate. This data travels through secure SSL channels and cannot be decrypted by anyone other than UIDAI, thus keeping the whole transaction highly secure.
For more details on Aadhaar utilities, encryption and regulations to be followed, please visit UIDAI developer website.
|Error Message||Suggested Action|
|Invalid or missing UNIQUE_API_KEY|
|Agency is not ACTIVE yet||Agency is in an INACTIVE state in case of Pending documents or payment. Contact us!|
|400 Bad Request||In case of 400 error please check error JSON for parameter ‘message’ to get the exact reason.|
|Error Code 500 [IMP]||Note that UIDAI returns 500 error code for various reasons depending on the request type. Hence please check the message text for proper error.|
UIDAI has provided a dedicated page with guidelines for handling API errors within the application.| Go there