SubAUA Portal Application - Web Based Integration Document V1.1.
SubAUA Portal Application - Web Based Integration Document V1.1.
Version 1.1
Introduction.
1. Pre-requisites.
Signing certificate: share the public key of signing certificate for mapping at Protean
Encryption certificate: share the public key of Encryption certificate for mapping at Protean.
License key and SubAUA code: License key will be provide by Protean to SubAUA and SubAUA code will
be allotted by UIDAI.
Purposes: Protean will share the draft of consent and Sub AUA will be required to define the purpose.
Protean will map the consent against the Sub AUA code
Services: Share the services name required by SubAUA. i.e. Authentication or e-KYC
<?xml version="1.0" encoding="UTF-8"?><SubAUAReq licenseKey =" " pfr=” ” purpose =" " reqType =" "
returnURL =" " subAuaCode =" " ts =" " txnId =" "><Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">Signature</Signature></SubAUAReq>
5. Parameter(s) in Response:
After successfull authentication of SubAUA request xml, user will get redirected on Protean Portal to
perform ekyc and Aadhaar Authentication, as per service opted by SubAUA entity..
Response will be return to SubAUA provided return URL. Below are the parameters from response.
Sr No Attribute Description
1 Status Based Response status with be : “Y” OR “N” OR “E”.
Y – Successful
N – Unsuccessful
E – Invalid ( Rejected by Protean)
2 transID Initial transaction ID will be displayed
3 kycResXml - In case of Ekyc transaction, this is encrypted and
encoded response.
- In case of Aadhaar authentication , this is encoded
response.
SubAUA will be receive the encrypted ekyc xml . This xml is encrypted with the SubAUA encryption
certificate public key.
Below is the Ekyc response xml format.
<Resp status="" ko="" ret="" code="" txn="" ts="" err="">< kycRes>encrypted and base64 encoded KycRes
element</ kycRes> </Resp>
Resp - container for keeping encrypted e-KYC response. Value of the “Resp” element is base64 encoded
version of the encrypted “KycRes” element.
status - Indicates high level status of the API call. It can have values “0” or “-1”. If the status is “0”, it means
that the encrypted data contained within the “Resp” element is valid. If it contains “-1”, it means the data
should not be decrypted and used.
Ret - this is the main KYC API response. It is either “y” or “n”.
code – unique alphanumeric response code for e-KYC API having maximum length 40.
txn – e-KYC API transaction identifier. This is exactly the same value that is sent within the request XML.
KycRes- It contains encrypted and base64 encoded data packet. This tag i.e. < kycRes> is encrypted with a
dynamic Dec key using AES-256 symmetric algorithm (AES/GCM/NoPadding). Dec key, in turn, is encrypted
with 2048-bit public key of entity using asymmetric algorithm (RSA/ECB/PKCS1Padding).
Once decoded and decrypted, “KycRes” has the following structure and it’s in a plain text:
Protean error codes and description is attached with this API document. Error codes will also be passed in the
response XML to the Sub AUA for taking suitable action.
UIDAI defined error code master is attached. Error codes will also be passed in the response XML to the Sub AUA
for taking suitable action