Proxy

Sahamati Proxy serves as an additional layer on top of the AA network, offering extra services and policies. By integrating with Sahamati Proxy, FIUs, FIPs, and AAs can seamlessly connect with all other entities within the proxy. This eliminates the need for multiple integration points, significantly reducing the integration and operational efforts for members.

Pre-requisites

The members to register with Sahamati proxy for accessing the APIs and send requests through the Sahamati proxy below are the prerequisites.

  • Base URL of the API endpoint by member. This will be used by the Sahamati Proxy to forward requests received from other members to the intended target.

  • Certificate (RSA Public Key) should be in JSON Web Token (JWT) format. This will be used by other members to validate the request's signature and ensure it has not been tampered with. This adheres to the current process and is not an additional requirement.

Onboarding Process

Members can be onboarded to the sandbox environment by providing the following details over an email to sandbox@sahamati.org.in.

The Entity (member) information such as

The member details should be supplied in a JSON file following the format below.

{
    "type": "<Entity Type - one of FIU, FIP, AA>",
    "entityinfo": {
      "name": "<Name of the member>",
      "id": "<Identifier of the entity to use with CR>",
      "code": "<Code of the entity to use with CR - Should be same as Identifier.>",
      "entityhandle": "<Handle of the entity - Required for AA",
      "Identifiers": [ // Identifers used by the Entity for customers.
        {
          "category": "STRONG",
          "type": "MOBILE"
        }
      ],
      "baseurl": "<Base URL of the entity to access ReBIT APIs. Only v2 is supported.>",
      "fitypes": [], // FI Type value from the entity.
      "certificate": {}, // Public Certificate JSON from the entity.
      "inboundports": ["<port>"], // Inbound ports from the entity infrastructure.
      "outboundports": ["<port>"],// Outbound ports from the entity infrastructure.
      "ips": ["<IP address>"] // IP address of to whitelist for accepting the request.
    }
  }

The User of the entity information such as

The member (entity) will be onboarded along with a user with admin role for managing the profile, secret rotation of entity etc,.

Once the member entry is added to CR, they can whitelist Sahamati Proxy IP.

Member Credentials

Upon the successful onboarding of the new member, a Client ID and Secret are issued. These credentials are used to generate an access token in the form of a JSON Web Token (JWT). This access token is then included in the Authorization header of all API requests made by the member to ensure authenticity and secure access to the Sahamati Network Proxy.

User Credentials

Each member of the Sahamati Network will be onboarding a user with admin role to manage member's profile and mananging the secret lifecycle.

The user will receive an email with the credentials to generate user access token for accessing the APIs from Sahamati Network services.

Last updated