Skip to main content
1

Initiate Session

To begin the DigiLocker workflow, your application must first initiate a session using the Initiate Session endpoint.This endpoint initializes the consent process and returns essential details for user authorization.

cURL Request

    curl --request POST \
      --url https://api.sandbox.co.in/kyc/digilocker/sessions/init \
      --header 'Authorization: <authorization>' \
      --header 'Content-Type: application/json' \
      --header 'x-api-key: <x-api-key>' \
      --data '{
      "@entity": "in.co.sandbox.kyc.digilocker.session.request",
      "flow": "signin",
      "doc_types": [
        "aadhaar",
        "pan"
      ],
      "redirect_url": "https://sandbox.co.in"
    }'
When the session is created successfully, you’ll receive:
session_id
string
required
A unique identifier used to track and fetch status for this specific DigiLocker consent session.
authorization_url
string
required
The URL where the user should be redirected to grant consent for sharing their DigiLocker documents.
2

Redirect the User to DigiLocker

Once the session is initiated, redirect the user to the authorization_url.At DigiLocker, the user will:
  • Authenticate using their DigiLocker account
  • Review permissions
  • Grant consent for your application to access their documents
This authorization step is mandatory before any document can be fetched.
3

Handle Session Success and Failure

You can determine whether the user consented by periodically call the
Session Status API using the session_id.

cURL Request

    curl --request GET \
      --url https://api.sandbox.co.in/kyc/digilocker/sessions/{session_id}/status \
      --header 'Authorization: <authorization>' \
      --header 'x-api-key: <x-api-key>'
4

Fetch Documents

Once the session status is succeeded, you may proceed to retrieve the user’s DigiLocker documents using the Fetch Document API.

cURL Request

curl --request GET \
--url https://api.sandbox.co.in/kyc/digilocker/sessions/{session_id}/documents/{doc_type} \
--header 'Authorization: <authorization>' \
--header 'x-api-key: <x-api-key>'