Menu
Close
EmailContact
LoginLogin

Profile Gateway Encrypted Data Flow

Create Profile – Sync [POST]:

IDfy has a separate sync endpoint for encrypted profile creation. 

IDfy will share a key_id and CEK (Content Encryption Key) pair with you for encrypting/decrypting payloads

You will encrypt the “data\” and \”payload\” [data and payload here refers to the ‘data’, \’payload\’ object in IDfy APIs request body schema at – https://api-docs.kyc.idfy.com/ ] according to the JSON Web Encryption (JWE) standards (RFC7516)  using the key_id as “kid” in JOSE header, Direct Algorithm (dir) for “alg”, A256GCM for “enc” and CEK to generate encrypted_data.

In Create Profile – Sync POST request to IDfy, the you will use the below spec :-

Header Parameters :

Parameter

Value

account-id

xxxxxxxxxx

api-key

xxxxxxxxxx

Sample Request body :

{

  \”reference_id\”: \”4fdf39fa-7c38-4336-9362-fd052f09b7ed\”,

  \”group_id\”: \”\”,

  \”config\”: {

    \”id\”: \”8e16424a-58fc-4ba4-ab20-5bc8e7c3c41e\”, // package_id shared by IDfy

    \”overrides\”: {},

    \”reference_profile_id\”: \”\”

  },

  \”encrypted_data\”: \”eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwia2lkIjoiYjJiOGMxY2UtNjkzMC00MzIwLWFhNzEtZWY0ZGMwMDZhYjYwIn0..4kG-BBqxXWpdKV1Y.yMXLPyx5O5j0gj3qzX4mrYXlZuadkhkWcpBzC30an2LX5b29mMlgK6ZK0_UYmRf1qm5q.oHGJZpxSAwMoTCGvV25v2w\”,

  \”encrypted_payload\”: \”0ZGMwMDZhYjYwIn0..4kG-BBqxXWpdKV1Y.yMXLPyx5O5j0gj3qzX4mrYXlZuadkhkWcpBzC30an2\”

}

You will receive a mapping of reference_id with profile_id and the capture_link details.

Response:

{

“profile_id”:”5adf39fa-9d38-4337-9362-fd052f09b7fe”

\”capture_link\”:\”https://capture.idfy.com?t=test123\”,

\”capture_expires_at\”: \”2019-09-06T08:22:33.000Z\”

}

GET – Fetch Profile Details (using profile_id):

Sample Response:

{

  \”profile_id\”: \”string\”,

  \”reference_id\”: \”string\”,

  \”group_id\”: \”string\”,

  \”config\”: {

    \”id\”: \”8e16424a-58fc-4ba4-ab20-5bc8e7c3c41e\”,

    \”overrides\”: {},

    \”reference_profile_id\”: \”5adf39fa-9d38-4337-9362-fd052f09b7fe\”

  },

  \”status\”: \”pending\”,

  \”status_detail\”: \”string\”,

  \”encrypted_profile_data\”: \”string\”,

  \”encrypted_resources\”: \”string\”,

  \”encrypted_tasks\”: \”string\”,

  \”relay_data\”: \”string\”

}

To Decrypt this response:

  1. You will decrypt the encrypted_result according to the JSON Web Encryption (JWE) standards (RFC7516)  using the key_id as “kid” in JOSE header, Direct Algorithm (dir) for “alg”, A256GCM for “enc” and CEK to generate result body.

  2. This decrypted result body will be in the same format as API response mentioned at https://api-docs.kyc.idfy.com/#tag/Profiles/paths/~1profiles~1{profile_id}/get

Overall Flow

\"C:14d40861111792cd62b4681687df6f1d\"

Error responses-

The standard IDfy KYC GW error codes. You can find them here-
https://api-docs.kyc.idfy.com

  1. Invalid_key_id –

  {

        \”error\”: \”INVALID_KEY_ID\”,

        \”message\”: \”Key ID specified in the request is invalid\”,

    }

2. Decryption_failed-

   {

            \”error\”: \”DECRYPTION_FAILED\”,

            \”message\”: \”Cannot decrypt the payload\”,

    }

References:

  1. RFC7516 JSON Web Encryption (JWE) : https://tools.ietf.org/html/rfc7516

  2. JSON Web Token libraries : https://jwt.io/

 

Main Sections