Skip to main content
POST
/
kyc
/
digilocker
/
sessions
/
init
Initiate session
curl --request POST \
  --url https://test-api.sandbox.co.in/kyc/digilocker/sessions/init \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <x-api-key>' \
  --data '
{
  "@entity": "in.co.sandbox.kyc.digilocker.session.request",
  "flow": "signin",
  "redirect_url": "https://developer.sandbox.co.in/",
  "doc_types": [
    "aadhaar"
  ],
  "options": {
    "verification_method": [
      "aadhaar"
    ],
    "pinless": true,
    "usernameless": true,
    "verified_mobile": "9687205427"
  }
}
'
import requests

url = "https://test-api.sandbox.co.in/kyc/digilocker/sessions/init"

payload = {
"@entity": "in.co.sandbox.kyc.digilocker.session.request",
"flow": "signin",
"redirect_url": "https://developer.sandbox.co.in/",
"doc_types": ["aadhaar"],
"options": {
"verification_method": ["aadhaar"],
"pinless": True,
"usernameless": True,
"verified_mobile": "9687205427"
}
}
headers = {
"Authorization": "<authorization>",
"x-api-key": "<x-api-key>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {
Authorization: '<authorization>',
'x-api-key': '<x-api-key>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
'@entity': 'in.co.sandbox.kyc.digilocker.session.request',
flow: 'signin',
redirect_url: 'https://developer.sandbox.co.in/',
doc_types: ['aadhaar'],
options: {
verification_method: ['aadhaar'],
pinless: true,
usernameless: true,
verified_mobile: '9687205427'
}
})
};

fetch('https://test-api.sandbox.co.in/kyc/digilocker/sessions/init', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://test-api.sandbox.co.in/kyc/digilocker/sessions/init",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'@entity' => 'in.co.sandbox.kyc.digilocker.session.request',
'flow' => 'signin',
'redirect_url' => 'https://developer.sandbox.co.in/',
'doc_types' => [
'aadhaar'
],
'options' => [
'verification_method' => [
'aadhaar'
],
'pinless' => true,
'usernameless' => true,
'verified_mobile' => '9687205427'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: <authorization>",
"Content-Type: application/json",
"x-api-key: <x-api-key>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://test-api.sandbox.co.in/kyc/digilocker/sessions/init"

payload := strings.NewReader("{\n \"@entity\": \"in.co.sandbox.kyc.digilocker.session.request\",\n \"flow\": \"signin\",\n \"redirect_url\": \"https://developer.sandbox.co.in/\",\n \"doc_types\": [\n \"aadhaar\"\n ],\n \"options\": {\n \"verification_method\": [\n \"aadhaar\"\n ],\n \"pinless\": true,\n \"usernameless\": true,\n \"verified_mobile\": \"9687205427\"\n }\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("Authorization", "<authorization>")
req.Header.Add("x-api-key", "<x-api-key>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://test-api.sandbox.co.in/kyc/digilocker/sessions/init")
.header("Authorization", "<authorization>")
.header("x-api-key", "<x-api-key>")
.header("Content-Type", "application/json")
.body("{\n \"@entity\": \"in.co.sandbox.kyc.digilocker.session.request\",\n \"flow\": \"signin\",\n \"redirect_url\": \"https://developer.sandbox.co.in/\",\n \"doc_types\": [\n \"aadhaar\"\n ],\n \"options\": {\n \"verification_method\": [\n \"aadhaar\"\n ],\n \"pinless\": true,\n \"usernameless\": true,\n \"verified_mobile\": \"9687205427\"\n }\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://test-api.sandbox.co.in/kyc/digilocker/sessions/init")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = '<authorization>'
request["x-api-key"] = '<x-api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"@entity\": \"in.co.sandbox.kyc.digilocker.session.request\",\n \"flow\": \"signin\",\n \"redirect_url\": \"https://developer.sandbox.co.in/\",\n \"doc_types\": [\n \"aadhaar\"\n ],\n \"options\": {\n \"verification_method\": [\n \"aadhaar\"\n ],\n \"pinless\": true,\n \"usernameless\": true,\n \"verified_mobile\": \"9687205427\"\n }\n}"

response = http.request(request)
puts response.read_body
{
  "code": 200,
  "timestamp": 1751975600361,
  "data": {
    "@entity": "in.co.sandbox.kyc.digilocker.session.response",
    "authorization_url": "https://digilocker.meripehchaan.gov.in/public/oauth2/1/authorize?response_type=code&client_id=IW55C7A3B0&state=e385432b-575c-4b6f-8928-79136dbc0d4f%7Cf1bd0342-cc1d-4051-8301-e8ee17e3a3c3%7Chttps%3A%2F%2Fdeveloper.sandbox.co.in%2F&code_verifier=ADlMHKsr~L8YIwLoIOGgwwRQoouE-m~Z9yu0KWstrsKrdAtUY2IkmOoDWZNn80_G&code_challenge=pnowXsaM5mBqNR3NfSfsaLBC2JYjoy2eRLOwKNVjFY8&code_challenge_method=S256&scope=files.issueddocs&redirect_uri=https%3A%2F%2Fdeveloper.sandbox.co.in%2F&pla=Y&dl_flow=signup&plsignup=Y&amr=driving_license%2Baadhaar%2Bpan%2Bemail%2Busername%2Bmobile%2Bother&verified_mobile=9004813042&req_doctype=PANCR%2CADHAR%2CDRVLC&consent_valid_till=1752061999",
    "session_id": "f1bd0342-cc1d-4051-8301-e8ee17e3a3c3"
  },
  "transaction_id": "a11c4e00-fae1-4092-a55f-b4f0be92ffeb"
}
https://mintcdn.com/sandboxfinancialtechnologiesprivatelimited/gviqebbpT5NUt_6i/static/svg/Postman.svg?fit=max&auto=format&n=gviqebbpT5NUt_6i&q=85&s=da47f2b7e10d87befec951aed9468de3

Run in Postman

Headers

Authorization
string
required

JWT access token. For token-generation steps, refer to the Quickstart Guide.

x-api-key
string
required

API key used to identify and authenticate the client.

x-api-version
string

Specifies the API version for the request.

Content-Type
enum<string>

Media type of the request body.

Available options:
application/json

Body

application/json
@entity
enum<string>
required
Available options:
in.co.sandbox.kyc.digilocker.session.request
flow
enum<string>
required

Authentication flow to initiate on DigiLocker. Use signin for existing users or signup to create a new DigiLocker account.

Available options:
signin,
signup
redirect_url
string<uri>
required

HTTPS URL where the user will be redirected after granting or denying DigiLocker consent. Must be a valid, publicly accessible URL.

Pattern: ^https://
doc_types
enum<string>[]
required

List of DigiLocker document types for which user consent is being requested.

Minimum array length: 1
Available options:
aadhaar,
pan,
driving_license
Minimum string length: 1
options
object

Configuration object controlling the DigiLocker authentication and sign-up user experience.

Unix epoch timestamp (milliseconds) after which the consent request expires. Must be at least 1 hour in the future.

Response

200 - application/json
code
integer
required
timestamp
integer
required
data
object
required
transaction_id
string
required