SahamatiNet
  • Background
  • SahamatiNet POC
    • Applications
    • Observability
    • Integration Steps
      • Sandbox Onboarding
      • IAM APIs
      • CR APIs
      • Integration with Router
        • Router APIs Specifications
          • FIU API Specification
          • AA API Specification
          • FIP API Specification
      • ReBIT Workflows using Router
        • Account Discovery & Linking
        • Consent Workflow
        • FI Request Workflow
    • Integration with Simulators
      • AA Simulator
      • FIP Simulator
      • FIU Simulator
    • Validation of Integration
  • Release Calendar
    • Deprecation of V1 API Endpoint URLs
    • Client Secret Rotation
    • Deactivation of Deprecated V1 APIs
  • Glossary
  • Guidelines
  • Frequently Asked Questions
  • How To Guides
    • How To Onboard to Sandbox ?
    • How To Decide on an Entity ID ?
    • How To Generate a Certificate ?
    • How To Generate Tokens ?
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. No Longer Relevent
  2. Technical Specifications

Identity & Access Management

Members are onboarded to SahamatiNet by creating a entity profile, with at least one user designated to manage the member or entity profile and secret.

Here are the steps for a member to onboard.

  • Member & User Registration

  • Account Activation

    • User

    • Member

User Account Activation:

During onboarding, the designated user will receive an email with a link to verify their email address. Once verified, the user will be prompted to set up a password, finalizing the account activation process. Here are the main steps for activating a user account:

Member (Entity) Activation:

To fully activate a member on SahamatiNet, at least one associated user must be activated. This user will then begin the process of generating a secret, which is crucial for future API interactions. The key steps for member activation are as follows:

Once the member onboarded on SahamatiNet, the below APIs can be used by the associated user to manage the secret.

Scenario: Member Secret Management

  1. Generate User Access Token: Use the User Token Generate API by providing email and password to get the access token. The access token should be used as the Authorization token for the steps below.

  2. Reset Member Secret: Use the Secret Reset API by providing the entityId and Authorization token.

  3. Read Member Secret: Use the Secret Read API by providing the entityId and Authorization token to fetch the latest secret to use.

Below are the Base URL of each environment to use IAM APIs.

Environment
Base URL

Production

https://api.sahamati.org.in/iam

UAT

https://api.uat.sahamati.org.in/iam

Sandbox

https://api.sandbox.sahamati.org.in/iam

Token Generation APIs:

API Postman Collection:

We recommend you to use below postman collection to try out our Token-Service[IAM] APIs

Below is the Sandbox Environment file for SahamatiNet Services

Member Secret Management APIs

Last updated 4 months ago

Was this helpful?

4KB
Token-Service[IAM].postman_collection.json
893B
Sandbox - SahamatiNet.postman_environment.json

Generate User Access Token API

post

To generate a User Access Token, the user must provide their username (email) and the password configured during the account activation process. This access token is necessary for interacting with the member's secret management APIs. The access token has an expiry of 180 days. Below is the API specification.

Body
usernamestringrequired

User email.

passwordstringrequired

The password associated with the user.

Responses
application/json
application/json
application/json
Curl
curl -L \
  -X POST \
  'https://api.sandbox.sahamati.org.in/iam/v1/user/token/generate' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'username=<email>&password=<password>
200
400
401
{
  "ver": "1.0.0",
  "timestamp": "2024-07-16T11:33:34.509Z",
  "txnId": "f35761ac-4a18-11e8-96ff-0277a9fbfedc",
  "accessToken": "",
  "expiresIn": 86400,
  "tokenType": "Bearer"
}

Successful response

Generate Entity Access Token API

post

To generate a Member (Entity) Access Token, the client ID and Secret are required. The API generates the token with a warning if the secret is within the grace period, but it will fail once the grace period has ended. This token is used for interactions with other members and has a validity of 24 hours. The API specification is detailed below.

Body
idstringrequired

The entity ID.

secretstringrequired

The secret associated with the entity.

Responses
application/json
application/json
application/json
Curl
curl -L \
  -X POST \
  'https://api.sandbox.sahamati.org.in/iam/v1/entity/token/generate' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'id=<id>&secret=<secret>
200
400
401
Basic token response
Token response with message field
{
  "ver": "1.0.0",
  "timestamp": "2024-07-16T11:33:34.509Z",
  "txnId": "f35761ac-4a18-11e8-96ff-0277a9fbfedc",
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 86400,
  "tokenType": "Bearer"
}

Successful response

  • User Account Activation:
  • Member (Entity) Activation:
  • Scenario: Member Secret Management
  • Token Generation APIs:
  • POSTGenerate User Access Token API
  • POSTGenerate Entity Access Token API
  • Member Secret Management APIs
  • POSTReset Secret API
  • POSTRead Secret API

Reset Secret API

post

The Reset Secret API is designed to allow an admin to reset a member's secret. To perform this action, an access token with administrative privileges for the specified member is required. Once reset, the newly generated secret will have a validity period of 180 days by default, after which it will need to be renewed or reset again.

With the latest enhancements, members can now select their desired validity period for secrets, up to a defined maximum limit (default: 180 days). The specified validity period is compared with the admin access token expiry, and the minimum value is applied to ensure authentication and security. Additionally, a grace period of 5 days is provided to facilitate a seamless transition between old and new secrets.

Below is the API specification.

Header parameters
Authorizationstringrequired

User Bearer token for authorization

Body
verstringrequired
Example: 1.0.0
timestampstring · date-timerequired
Example: 2024-07-16T11:33:34.509Z
txnIdstringrequired
Example: f35761ac-4a18-11e8-96ff-0277a9fbfedc
entityIdstringrequired
Example: aa-1
secretExpiryDaysintegeroptional

Specifies the number of days before the secret expires. This field is optional; if not provided, a default value will be used.

Example: 100
Responses
application/json
application/json
application/json
cURL
JavaScript
Python
HTTP
curl -L \
  --request POST \
  --url 'https://api.sandbox.sahamati.org.in/iam/v1/entity/secret/reset' \
  --header 'Authorization: text' \
  --header 'Content-Type: application/json' \
  --data '{
    "ver": "1.0.0",
    "timestamp": "2024-07-16T11:33:34.509Z",
    "txnId": "f35761ac-4a18-11e8-96ff-0277a9fbfedc",
    "entityId": "aa-1",
    "secretExpiryDays": 100
  }'
200
400
401
Basic response
Response with message
{
  "ver": "1.0.0",
  "timestamp": "2024-07-16T11:33:34.509Z",
  "txnId": "f35761ac-4a18-11e8-96ff-0277a9fbfedc",
  "entityId": "aa-1",
  "secret": "xxxxxxxxxxxxxxxxxxxxx",
  "expiresOn": 1725010763,
  "expirationDate": "2024-12-17T07:10:52.929"
}

Successful response

Read Secret API

post

The Read Secret API enables admin to retrieve the current secret for a specific member. To access this information, an user access token with administrative rights must be provided. Below is the API specification.

Header parameters
Authorizationstringrequired

User Bearer token for authorization

Body
verstringrequired
Example: 1.0.0
timestampstring · date-timerequired
Example: 2024-07-16T11:33:34.509Z
txnIdstringrequired
Example: f35761ac-4a18-11e8-96ff-0277a9fbfedc
entityIdstringrequired
Example: aa-1
secretExpiryDaysintegeroptional

Specifies the number of days before the secret expires. This field is optional; if not provided, a default value will be used.

Example: 100
Responses
application/json
application/json
application/json
cURL
JavaScript
Python
HTTP
curl -L \
  --request POST \
  --url 'https://api.sandbox.sahamati.org.in/iam/v1/entity/secret/read' \
  --header 'Authorization: text' \
  --header 'Content-Type: application/json' \
  --data '{
    "ver": "1.0.0",
    "timestamp": "2024-07-16T11:33:34.509Z",
    "txnId": "f35761ac-4a18-11e8-96ff-0277a9fbfedc",
    "entityId": "aa-1",
    "secretExpiryDays": 100
  }'
200
400
401
{
  "ver": "1.0.0",
  "timestamp": "2024-07-16T11:33:34.509Z",
  "txnId": "f35761ac-4a18-11e8-96ff-0277a9fbfedc",
  "entityId": "aa-1",
  "secret": "xxxxxxxxxxxxxxxxxxxxx",
  "expiresOn": 1725010763,
  "expirationDate": "2024-12-17T07:10:52.929"
}

Successful response