#API integration
Setu’s API solution can be used to complete a customer’s KYC with offline Aadhaar in real-time—with your own screens on your app or website. With this, you will get a downloadable, locked XML file with Aadhaar information from your customers.
The following APIs are required for enabling this flow—
- Create OKYC request—Create OKYC request for your customer. You will get a unique
id
in the response which can be used to track this particular request. - Initiate OKYC Request—Initialise the OKYC request for your customer with the previously returned request
id
and receive abase64
encodedcaptchaImage
from Setu. Once you have called this API, you can redirect your customer to your OKYC screens, to collect Aadhaar number and captcha from your customer. - Verify OKYC Request—Share the
aadhaarNumber
andcaptchaCode
, collected from your customer, with Setu. Next, redirect your customer to a screen to collect OTP sent to your customer’s Aadhaar linked mobile number. Also request your customer to enter a 4 digit share code—this is the code that will be used to unlock you customer’s fetch Aadhaar XML file. - Complete OKYC Request—Share the collected
otp
andshareCode
to complete verification process. Next, you can call the Get OKYC request status API. Once the OKYC request has been processed successfully you wll get customer details from the Aadhaar and the XML file link in the response. - Get OKYC request status—Get status of customer verification by providing the request
id
and optionally, theshareCode
.
Additionally, here is the information you would need for calling these APIs—
- Sandbox URL—
https://dg-sandbox.setu.co
- Production URL—
https://dg.setu.co
- Headers—Contact Setu for providing the credentials required to successfully call Setu APIs. This contains:
x-client-id
x-client-secret
x-product-instance-id
#Create OKYC request
Call this API to create a unique request to get your customer started on the OKYC journey.
Your request has been processed successfully and a new OKYC request has been created.
Request
POST /api/okyc/
Response
Use the request id
in this response for all subsequent API calls.
{"id": "7097e53a-ba29-48a2-983d-878433b4f33e","validUpto": "Wed, 23 Jun 2021 19:33:55 GMT","status": "incomplete"}
#Initiate OKYC request
Call this API to initiate your customer’s OKYC journey. Pass the previously shared request id
in the API call.
Your request has been processed successfully.
Request
GET /api/okyc/:requestId/initiate/
Response
As part of the response, you will receive a captchaImage
that is base-64
encoded. This image data is passed on to you by Setu, after we receive it from UIDAI. You would need to convert this to an image and display it on subsequent screens to let your customer enter text from the captcha.
{"captchaImage": "base 64 Image data","id": "7097e53a-ba29-48a2-983d-878433b4f33e","captchaRetriesRemaining": 4}
captchaRetriesRemaining
indicates the number of times you can call this API with the same request id
to generate a new captcha.
#Verify OKYC request
Call this API once you have collected the following details from your customer—
aadhaarNumber
—This is not saved/stored by Setu, but is passed on to UIDAI to initiate sending an OTP to your customer’s Aadhaar linked mobile number.captchaCode
—An encoded captcha image is provided to you by Setu, as received from UIDAI, in the Initiate OKYC request API response. You would need to convert this to an image and display it to your customer, wherein they would enter the text associated with the captcha. A correct captcha response is expected to proceed to the next API call.
For testing this API on Sandbox, use 999999990019 as the Aadhaar number for success. Any other value for Aadhaar will be considered invalid. Use 2GAD0 for valid captcha and any other value for invalid.
The request has a valid OKYC request id
and correct captchaCode
. Your customer has successfully received an OTP.
Request
POST /api/okyc/:requestId/verify/{"aadhaarNumber": "aadhaarNumber","captchaCode": "captchaCode"}
Response
{"code": "otp_sent","message": "OTP sent to your registered mobile number."}
#Complete OKYC request
Call this API once you have collected the following details from your customer—
otp
—This should be filled in by the customer, who would have received an OTP from UIDAI, on their Aadhaar linked mobile number.shareCode
is a 4 digit pin set by the customer and serves as the password to unlock the contents of the XML file at a later stage.aadhaarNumber
—This is not saved/stored by Setu, but is passed on to UIDAI to verify OTP.
Before calling the API, you may want to save the shareCode
on your end, as Setu will not store it and will simply pass on the value you provide to UIDAI.
This API returns the unwrapped Aadhaar response, as well as a link to the XML, if the otp
is correct. If otp
is incorrect, the OKYC status
remains incomplete
. To test for different scenarios, use the following otp
values on Sandbox—
- Use 123456 for a valid OTP.
- Use 123457 for OTP to mimic 1st failed attempt.
- Use 123458 for OTP to mimic 2nd failed attempt.
- Use 123459 for OTP to mimic failed attempts limit exceeded.
- Anything aside from these values returns an error description as a generic “error”, if the upstream service returns an error.
You may use any 4 digit value for the shareCode
, when testing on Sandbox.
Note that the error description will always be “Invalid OTP”. We are working on more appropriate descriptions, and will release them soon.
Your request has a valid OKYC request id
and correct otp
as per UIDAI. Additionally, it has the correct shareCode that was previously set by your customer.
In the event that the otp
is incorrect, you would need to redirect your customer to the screen you use to collect OTP. Your customer can retry entering the same OTP up to 3 times.
You may also let your customer receive a new OTP by calling the Verify OKYC request API again. The old OTP will be void after new OTP is generated. Captcha, since already verified, will be honoured still and you needn’t fetch a fresh captcha from Setu to display to your customer.
Request
If you pass the correct value of the shareCode
to Setu, and if the status
of the OKYC request is complete
, Setu will respond with details from your customer’s Aadhaar XML file.
POST /api/okyc/:requestId/complete/{"otp": "132347","shareCode": "1234","aadhaarNumber": "999999990019"}
Response
If the value of the shareCode
is incorrect, the status
associated with this OKYC request id
will remain in incomplete
state. Please retry the API to move the status
to complete
.
If the unmasked phone and email of the user are available from UIDAI, we return it in the userProfile
field of the response. userProfile
contains two fields, unmaskedPhone
and unmaskedEmail
.
Note: userProfile data will be purged after 24 hours.
{"aadhaar": {"address": {"careOf": "S/O: Gurjar Pradeep","country": "India","district": "Bangalore","house": "# 90 1 Cross","landmark": "Near Talkies","locality": "Nagarabhavi","pin": "560072","postOffice": "Nagarbhavi","state": "Karnataka","street": "Nagarbhavi 1st Main Road","subDistrict": "Bangalore North","vtc": "Bangalore North"},"dateOfBirth": "23-05-1990","email": "550fa5fd91eee3f29f6361a8c89aa9713d4d38811d1a5","gender": "M","generatedAt": "20210419145604802","maskedNumber": "xxxx-xxxx-8832","name": "Jignesh Gurjar","phone": "09c91184c1d610282d661dd63d257e3b44446853fb1388c9d5b","photo": "/9j/4AAQSkZJRgABAgAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKD==","userProfile": {"unmaskedEmail": "abc@def.com","unmaskedPhone": "9999999999"},"verified": {"email": false,"phone": false,"signature": true},"xml": {"fileUrl": "https://setus3linkgoeshere.com/","validUntil": "Wed, 23 Jun 2021 19:33:55 GMT","shareCode": "1234"}},"status": "complete","id": "7097e53a-ba29-48a2-983d-878433b4f33e"}
#Get OKYC request status
Call this API to view status of an OKYC journey that you initiated with a customer.
When the status
of the OKYC request id
is complete
, this API returns—
- Aadhaar details in json, if a correct
shareCode
is passed. - An error, if an incorrect
shareCode
is passed. - A link to the zip/xml aadhaar details, if no
shareCode
is passed.
If the request status
is incomplete
, call the Complete OKYC request API with a correct otp
input to mark request status
as complete
.
You can call this API whenever you need to check for the status
associated with a particular request id
.
Possible values for status
, received as part of the response—
- When
complete
, KYC is complete for a customer. If you provide ashareCode
in the API request, you will get all customer details from the Aadhaar XML file. - When
incomplete
, you can check for KYC completion after some time. - In case the request has
expired
, your will get a404
error code.
Your request has a valid OKYC request id
and 4-digit shareCode
.
Request
GET /api/okyc/:requestId/:shareCode/
Response
When status
is complete
, you will get all customer KYC details included in the XML, and the URL for the zip file.
If the unmasked phone and email of the user are available from UIDAI, we return it in the userProfile
field of the response. userProfile
contains two fields, unmaskedPhone
and unmaskedEmail
. If both are not available, userProfile will be an empty dictionary.
Note: userProfile data will be purged after 24 hours.
{"aadhaar": {"address": {"careOf": "S/O: Gurjar Pradeep","country": "India","district": "Bangalore","house": "# 90 1 Cross","landmark": "Near Talkies","locality": "Nagarabhavi","pin": "560072","postOffice": "Nagarbhavi","state": "Karnataka","street": "Nagarbhavi 1st Main Road","subDistrict": "Bangalore North","vtc": "Bangalore North"},"dateOfBirth": "23-05-1990","email": "550fa5fd91eee3f29f6361a8c89aa9713d4d38811d1a5","gender": "M","generatedAt": "20210419145604802","maskedNumber": "xxxx-xxxx-8832","name": "Jignesh Gurjar","phone": "09c91184c1d610282d661dd63d257e3b44446853fb1388c9d5b","photo": "/9j/4AAQSkZJRgABAgAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKD==","userProfile": {"unmaskedEmail": "abc@def.com","unmaskedPhone": "9999999999"},"verified": {"email": false,"phone": false,"signature": true},"xml": {"fileUrl": "https://dg-esign-uat.s3.amazonaws.com/testFolder/sample.zip","shareCode": "1111","validUntil": "Tue, 27 Jul 2021 12:16:27 GMT"}},"status": "complete","id": "7097e53a-ba29-48a2-983d-878433b4f33e"}
Was this page helpful?