curl --request POST \
--url https://test-api.sandbox.co.in/kyc/digilocker/sessions/init \
--header 'Authorization: <authorization>' \
--header 'Content-Type: application/json' \
--header 'x-api-key: <x-api-key>' \
--data '
{
"@entity": "in.co.sandbox.kyc.digilocker.session.request",
"flow": "signin",
"redirect_url": "https://developer.sandbox.co.in/",
"doc_types": [
"aadhaar"
],
"options": {
"verification_method": [
"aadhaar"
],
"pinless": true,
"usernameless": true,
"verified_mobile": "9687205427"
}
}
'import requests
url = "https://test-api.sandbox.co.in/kyc/digilocker/sessions/init"
payload = {
"@entity": "in.co.sandbox.kyc.digilocker.session.request",
"flow": "signin",
"redirect_url": "https://developer.sandbox.co.in/",
"doc_types": ["aadhaar"],
"options": {
"verification_method": ["aadhaar"],
"pinless": True,
"usernameless": True,
"verified_mobile": "9687205427"
}
}
headers = {
"Authorization": "<authorization>",
"x-api-key": "<x-api-key>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {
Authorization: '<authorization>',
'x-api-key': '<x-api-key>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
'@entity': 'in.co.sandbox.kyc.digilocker.session.request',
flow: 'signin',
redirect_url: 'https://developer.sandbox.co.in/',
doc_types: ['aadhaar'],
options: {
verification_method: ['aadhaar'],
pinless: true,
usernameless: true,
verified_mobile: '9687205427'
}
})
};
fetch('https://test-api.sandbox.co.in/kyc/digilocker/sessions/init', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://test-api.sandbox.co.in/kyc/digilocker/sessions/init",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'@entity' => 'in.co.sandbox.kyc.digilocker.session.request',
'flow' => 'signin',
'redirect_url' => 'https://developer.sandbox.co.in/',
'doc_types' => [
'aadhaar'
],
'options' => [
'verification_method' => [
'aadhaar'
],
'pinless' => true,
'usernameless' => true,
'verified_mobile' => '9687205427'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: <authorization>",
"Content-Type: application/json",
"x-api-key: <x-api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://test-api.sandbox.co.in/kyc/digilocker/sessions/init"
payload := strings.NewReader("{\n \"@entity\": \"in.co.sandbox.kyc.digilocker.session.request\",\n \"flow\": \"signin\",\n \"redirect_url\": \"https://developer.sandbox.co.in/\",\n \"doc_types\": [\n \"aadhaar\"\n ],\n \"options\": {\n \"verification_method\": [\n \"aadhaar\"\n ],\n \"pinless\": true,\n \"usernameless\": true,\n \"verified_mobile\": \"9687205427\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "<authorization>")
req.Header.Add("x-api-key", "<x-api-key>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://test-api.sandbox.co.in/kyc/digilocker/sessions/init")
.header("Authorization", "<authorization>")
.header("x-api-key", "<x-api-key>")
.header("Content-Type", "application/json")
.body("{\n \"@entity\": \"in.co.sandbox.kyc.digilocker.session.request\",\n \"flow\": \"signin\",\n \"redirect_url\": \"https://developer.sandbox.co.in/\",\n \"doc_types\": [\n \"aadhaar\"\n ],\n \"options\": {\n \"verification_method\": [\n \"aadhaar\"\n ],\n \"pinless\": true,\n \"usernameless\": true,\n \"verified_mobile\": \"9687205427\"\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://test-api.sandbox.co.in/kyc/digilocker/sessions/init")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = '<authorization>'
request["x-api-key"] = '<x-api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"@entity\": \"in.co.sandbox.kyc.digilocker.session.request\",\n \"flow\": \"signin\",\n \"redirect_url\": \"https://developer.sandbox.co.in/\",\n \"doc_types\": [\n \"aadhaar\"\n ],\n \"options\": {\n \"verification_method\": [\n \"aadhaar\"\n ],\n \"pinless\": true,\n \"usernameless\": true,\n \"verified_mobile\": \"9687205427\"\n }\n}"
response = http.request(request)
puts response.read_body{
"code": 200,
"timestamp": 1751975600361,
"data": {
"@entity": "in.co.sandbox.kyc.digilocker.session.response",
"authorization_url": "https://digilocker.meripehchaan.gov.in/public/oauth2/1/authorize?response_type=code&client_id=IW55C7A3B0&state=e385432b-575c-4b6f-8928-79136dbc0d4f%7Cf1bd0342-cc1d-4051-8301-e8ee17e3a3c3%7Chttps%3A%2F%2Fdeveloper.sandbox.co.in%2F&code_verifier=ADlMHKsr~L8YIwLoIOGgwwRQoouE-m~Z9yu0KWstrsKrdAtUY2IkmOoDWZNn80_G&code_challenge=pnowXsaM5mBqNR3NfSfsaLBC2JYjoy2eRLOwKNVjFY8&code_challenge_method=S256&scope=files.issueddocs&redirect_uri=https%3A%2F%2Fdeveloper.sandbox.co.in%2F&pla=Y&dl_flow=signup&plsignup=Y&amr=driving_license%2Baadhaar%2Bpan%2Bemail%2Busername%2Bmobile%2Bother&verified_mobile=9004813042&req_doctype=PANCR%2CADHAR%2CDRVLC&consent_valid_till=1752061999",
"session_id": "f1bd0342-cc1d-4051-8301-e8ee17e3a3c3"
},
"transaction_id": "a11c4e00-fae1-4092-a55f-b4f0be92ffeb"
}Initiate Session
The Initiate Session API returns a DigiLocker link that the user is redirected to, where they can provide consent for the requested documents.
curl --request POST \
--url https://test-api.sandbox.co.in/kyc/digilocker/sessions/init \
--header 'Authorization: <authorization>' \
--header 'Content-Type: application/json' \
--header 'x-api-key: <x-api-key>' \
--data '
{
"@entity": "in.co.sandbox.kyc.digilocker.session.request",
"flow": "signin",
"redirect_url": "https://developer.sandbox.co.in/",
"doc_types": [
"aadhaar"
],
"options": {
"verification_method": [
"aadhaar"
],
"pinless": true,
"usernameless": true,
"verified_mobile": "9687205427"
}
}
'import requests
url = "https://test-api.sandbox.co.in/kyc/digilocker/sessions/init"
payload = {
"@entity": "in.co.sandbox.kyc.digilocker.session.request",
"flow": "signin",
"redirect_url": "https://developer.sandbox.co.in/",
"doc_types": ["aadhaar"],
"options": {
"verification_method": ["aadhaar"],
"pinless": True,
"usernameless": True,
"verified_mobile": "9687205427"
}
}
headers = {
"Authorization": "<authorization>",
"x-api-key": "<x-api-key>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {
Authorization: '<authorization>',
'x-api-key': '<x-api-key>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
'@entity': 'in.co.sandbox.kyc.digilocker.session.request',
flow: 'signin',
redirect_url: 'https://developer.sandbox.co.in/',
doc_types: ['aadhaar'],
options: {
verification_method: ['aadhaar'],
pinless: true,
usernameless: true,
verified_mobile: '9687205427'
}
})
};
fetch('https://test-api.sandbox.co.in/kyc/digilocker/sessions/init', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://test-api.sandbox.co.in/kyc/digilocker/sessions/init",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'@entity' => 'in.co.sandbox.kyc.digilocker.session.request',
'flow' => 'signin',
'redirect_url' => 'https://developer.sandbox.co.in/',
'doc_types' => [
'aadhaar'
],
'options' => [
'verification_method' => [
'aadhaar'
],
'pinless' => true,
'usernameless' => true,
'verified_mobile' => '9687205427'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: <authorization>",
"Content-Type: application/json",
"x-api-key: <x-api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://test-api.sandbox.co.in/kyc/digilocker/sessions/init"
payload := strings.NewReader("{\n \"@entity\": \"in.co.sandbox.kyc.digilocker.session.request\",\n \"flow\": \"signin\",\n \"redirect_url\": \"https://developer.sandbox.co.in/\",\n \"doc_types\": [\n \"aadhaar\"\n ],\n \"options\": {\n \"verification_method\": [\n \"aadhaar\"\n ],\n \"pinless\": true,\n \"usernameless\": true,\n \"verified_mobile\": \"9687205427\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "<authorization>")
req.Header.Add("x-api-key", "<x-api-key>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://test-api.sandbox.co.in/kyc/digilocker/sessions/init")
.header("Authorization", "<authorization>")
.header("x-api-key", "<x-api-key>")
.header("Content-Type", "application/json")
.body("{\n \"@entity\": \"in.co.sandbox.kyc.digilocker.session.request\",\n \"flow\": \"signin\",\n \"redirect_url\": \"https://developer.sandbox.co.in/\",\n \"doc_types\": [\n \"aadhaar\"\n ],\n \"options\": {\n \"verification_method\": [\n \"aadhaar\"\n ],\n \"pinless\": true,\n \"usernameless\": true,\n \"verified_mobile\": \"9687205427\"\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://test-api.sandbox.co.in/kyc/digilocker/sessions/init")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = '<authorization>'
request["x-api-key"] = '<x-api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"@entity\": \"in.co.sandbox.kyc.digilocker.session.request\",\n \"flow\": \"signin\",\n \"redirect_url\": \"https://developer.sandbox.co.in/\",\n \"doc_types\": [\n \"aadhaar\"\n ],\n \"options\": {\n \"verification_method\": [\n \"aadhaar\"\n ],\n \"pinless\": true,\n \"usernameless\": true,\n \"verified_mobile\": \"9687205427\"\n }\n}"
response = http.request(request)
puts response.read_body{
"code": 200,
"timestamp": 1751975600361,
"data": {
"@entity": "in.co.sandbox.kyc.digilocker.session.response",
"authorization_url": "https://digilocker.meripehchaan.gov.in/public/oauth2/1/authorize?response_type=code&client_id=IW55C7A3B0&state=e385432b-575c-4b6f-8928-79136dbc0d4f%7Cf1bd0342-cc1d-4051-8301-e8ee17e3a3c3%7Chttps%3A%2F%2Fdeveloper.sandbox.co.in%2F&code_verifier=ADlMHKsr~L8YIwLoIOGgwwRQoouE-m~Z9yu0KWstrsKrdAtUY2IkmOoDWZNn80_G&code_challenge=pnowXsaM5mBqNR3NfSfsaLBC2JYjoy2eRLOwKNVjFY8&code_challenge_method=S256&scope=files.issueddocs&redirect_uri=https%3A%2F%2Fdeveloper.sandbox.co.in%2F&pla=Y&dl_flow=signup&plsignup=Y&amr=driving_license%2Baadhaar%2Bpan%2Bemail%2Busername%2Bmobile%2Bother&verified_mobile=9004813042&req_doctype=PANCR%2CADHAR%2CDRVLC&consent_valid_till=1752061999",
"session_id": "f1bd0342-cc1d-4051-8301-e8ee17e3a3c3"
},
"transaction_id": "a11c4e00-fae1-4092-a55f-b4f0be92ffeb"
}Run in Postman
Headers
JWT access token. For token-generation steps, refer to the Quickstart Guide.
API key used to identify and authenticate the client.
Specifies the API version for the request.
Media type of the request body.
application/json Body
in.co.sandbox.kyc.digilocker.session.request Authentication flow to initiate on DigiLocker. Use signin for existing users or signup to create a new DigiLocker account.
signin, signup HTTPS URL where the user will be redirected after granting or denying DigiLocker consent. Must be a valid, publicly accessible URL.
^https://List of DigiLocker document types for which user consent is being requested.
1aadhaar, pan, driving_license 1Configuration object controlling the DigiLocker authentication and sign-up user experience.
Show child attributes
Show child attributes
Unix epoch timestamp (milliseconds) after which the consent request expires. Must be at least 1 hour in the future.
Was this page helpful?