Skip to main content
POST
/
kyc
/
entitylocker
/
sessions
/
init
Initiate session
curl --request POST \
  --url https://test-api.sandbox.co.in/kyc/entitylocker/sessions/init \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <x-api-key>' \
  --data '
{
  "@entity": "in.co.sandbox.kyc.entitylocker.session.request",
  "flow": "signin",
  "redirect_url": "https://sandbox.co.in/",
  "consent_expiry": 1765887697411
}
'
{
  "code": 200,
  "timestamp": 1765534184274,
  "data": {
    "@entity": "in.co.sandbox.kyc.entitylocker.session.response",
    "authorization_url": "https://entity.digilocker.gov.in/public/oauth2/1/authorize?response_type=code&client_id=VRF23C1E3B&redirect_uri=https%3A%2F%2Fdev-api.sandbox.co.in%2Fcallbacks%2Fkyc%2Fentitylocker%2Foauth&state=ZDgyMDM0NzItMTFiMC00ZGRhLWFlOWItY2U0YzI0OTRmMWRkfGQzZjg4OTdlLWYxZmYtNDQ0OS05NzA0LTcwNzNmNjkzMDI5NnxodHRwczovL3NhbmRib3guY28uaW4v&code_challenge=yxAtiqiBw2FrXmavMHn7bVnq7nW-sWRNI50JTMuYtAE&code_challenge_method=S256&consent_valid_till=1767205777",
    "session_id": "d3f8897e-f1ff-4449-9704-7073f6930296"
  },
  "transaction_id": "02683ff9-2abc-42ab-a050-945f21068bce"
}
https://mintcdn.com/sandboxfinancialtechnologiesprivatelimited/gviqebbpT5NUt_6i/static/svg/Postman.svg?fit=max&auto=format&n=gviqebbpT5NUt_6i&q=85&s=da47f2b7e10d87befec951aed9468de3

Run in Postman

Headers

Authorization
string
required

JWT access token. For token-generation steps, refer to the Quickstart Guide.

x-api-key
string
required

API key used to identify and authenticate the client.

x-api-version
string

Specifies the API version for the request.

Content-Type
enum<string>

Media type of the request body.

Available options:
application/json

Body

application/json
@entity
enum<string>
required
Available options:
in.co.sandbox.kyc.entitylocker.session.request
flow
enum<string>
required

EntityLocker user journey to initiate for this session. Use signin for existing users or signup to create a new EntityLocker account.

Available options:
signin,
signup
redirect_url
string<uri>
required

HTTPS URL where the user will be redirected after completing the EntityLocker consent flow.

Pattern: ^https://
consent_expiry
integer

Unix timestamp in milliseconds after which the consent request becomes invalid. Must be at least 1 hour later than the current server time.

Required range: x >= 0

Response

200 - application/json
code
integer
required

HTTP status code.

timestamp
integer
required

Unix timestamp (in milliseconds) indicating when the server generated the response.

data
object
required

Response payload containing the requested data or error details.

transaction_id
string
required

Unique identifier for tracking the request across systems.