Before you start is a platform of Quagga Tech which acts Agreggator Marketplace providing Technology services on Digital KYC component. We provide SDK which are plug n play services of Aadhaar Authentication, eKYC and eSign. We provide a secure link to your website, server or Mobile app to access the Aadhaar services through approved licence holder.

In this article, you will find step-by-step instructions to get on-board AadhaarAPI and find resources that can help you integrate it with your website/product. Remember, we are always just a click away on the support in case you come across a hurdle.

Signing up

To Start On-boarding with for Access, please drop an enquiry


Please raise an enquiry to receive service agreement and supporting documentation. After successful submission of the documentation, due diligence and approval, your account will be activated.


API access is authorized using key i.e. UNIQUE_API_KEY provided to your registered email. Please share this key with trusted entities only.

SDK’s are accessible only when UNIQUE_API_KEY is sent as a header parameter with every request. The key can be regenerated or deleted from the dashboard.

In the case of SDK’s the API key should be added to the corresponding settings/resource file into your backend.

Data Flow

The authentication data is first encrypted at the client end and sent to our servers as part of a JSON request via provided our SDKs. This JSON request is then formatted at our end to construct the required XML using the request type. The constructed XML is then sent through secure channels (AUA & ASA) to UIDAI. The request is decrypted and validated by the UIDAI. If the user is Authenticated successfully using OTP/Biometric the requested data is returned. The data received at our end is then converted to JSON for easy consumption and sent back to the requester.

We do not store any sensitive data of your Customer/Aadhaar Holder in our database/logs. Hence, it is your sole responsibility to store the data at your end. In the case of any data loss during the storage at the client end, a new request must be originated.

Servers handling PID component of the request must be in INDIA. In no case, customer’s authentication data should travel through servers not located in INDIA. Also, the communication of data to servers should only happen through HTTPS

As per UIDAI regulations, Via Software development KIT (SDK) the SKEY, HMAC, and the PID XML which contains the biometric/OTP data gets encrypted and encoded on the client end before being sent to us. The PID XML and HMAC are encrypted using a random session key which in turn is then encrypted by the UIDAI public certificate. This data travels through secure SSL channels and cannot be decrypted by anyone other than UIDAI, thus keeping the whole transaction highly secure.

For more details on Aadhaar utilities, encryption and regulations to be followed, please visit UIDAI developer website.



Error MessageSuggested Action
Invalid or missing UNIQUE_API_KEY
  • Check if the URL and KEY belong to the same Environment
  • Check if any white-space character got introduced during copy
Agency is not ACTIVE yetAgency is in an INACTIVE state in case of Pending documents or payment. Contact us!
400 Bad RequestIn case of 400 error please check error JSON for parameter ‘message’ to get the exact reason.
Error Code 500 [IMP]Note that UIDAI returns 500 error code for various reasons depending on the request type. Hence please check the message text for proper error.


UIDAI has provided a dedicated page with guidelines for handling API errors within the application.

| Go there