The bedrock of India Stack is a set of digital identity products centered around Aadhaar, India’s national identity program. More than 1.31 bn (95%) Indians possess an Aadhaar number, which allows them to perform a number of actions including:
The entire point of the Aadhaar program is to seed the population with secure, versatile digital IDs that can be used to quickly authenticate a user’s identity. There are currently a variety of ways in which a petitioner can prove a user’s identity using Aadhaar:
A petitioner sends a user’s Aadhaar number and name/address/birthday/gender/email/phone number to the UIDAI server, which responds with a yes/no answer indicating whether the given fields were correct
A petitioner collects consent (via biometric of two-factor OTP authentication) from a user and submits their Aadhaar number to the UIDAI system. The system then returns the user’s entire KYC data including all six demographic fields and the user’s photograph.
Each Aadhaar card comes with an accompanying QR code that can be scanned, allowing the scanner to verify the user’s identity from the UIDAI database. Both physical and digital Aadhaar cards (e-Aadhaar) can be scanned in this manner, from UIDAI-built iOS apps, Android apps, or Windows apps.
In this mode of authentication, the user visits the UIDAI website, logs in using his Aadhaar-registered mobile number or email address, and then generates an XML object containing a digital signature from UIDAI. This XML can then be shared with any party, which can easily verify the digital signature and prove the user’s identity.
Users may obtain and share digitally signed PDF copies of their Aadhaar cards downloaded from the UIDAI database. According to Indian law, this PDF document is equally valid as the physical Aadhaar card which gets issued to users.
The utilities offered by Aadhaar can be used to build all kinds of identity workflows. For example, a developer could build a social media platform that only allows women users to sign up. In another case, an app could use e-auth to verify that a user's claimed address, while leaving all other fields anonymous.
The possibilities are manifold, and developers are encouraged to come up with novel ways to use this public digital infrastructure. Having said that, readers should be aware that e-auth and e-KYC services are only available to banks, licensed NBFCs, telecom companies, and government bodies.
Developers belonging to other organizations must use QR code scans, e-Aadhaar, or offline XML in order to prove a customer’s identity using Aadhaar.
Here are some relevant resources about Aadhaar authentication services:The API specification for e-KYC The UIDAI Developer Section
DigiLocker is a public utility provided to Aadhaar holders by the Government of India. The service allows an Aadhaar holder to sign in using a one-time password sent to the mobile number used to enroll on Aadhaar. Once inside, residents of India will find a number of digitally signed, legally valid electronic documents waiting for them.
Currently, there are more than 4.6 billion documents issued directly into Digilocker by authorities. These documents range from driver’s licenses, to educational diplomas, to insurance policies. In total, there are currently 1460 institutions signed up as document issuers on Digilocker, 233 are integrated with DigiLocker as requesters who can verify user documents with consent.Digilocker Statistics Developer Resources
eSign is a digital signature product built atop Aadhaar. It allows any Aadhaar holder to produce legally valid digital signatures on any document, at any time, using any device. Consent for this signature is obtained through a one-time password sent to the signer’s Aadhaar-linked mobile number.
Presently, eSign is used to streamline workflows for multiple fields including financial services, legal services, healthcare, and more.
In order to gain access to certified eSign in their workflows, application developers must enroll as eSign Application Service Providers (ASPs).