How MOSIP integrates with third party entities to share data?
MOSIP as a platform provides various services to integrate with third-party applications.
For relying parties, MOSIP has the authentication and e-KYC APIs
For print partners, MOSIP has the credentials service that shares data via webhooks
For ABIS and manual adjudication systems, MOSIP has data share URLs with documented API specifications to share information
Authentication and e-KYC APIs
To use the authentication and e-KYC APIs of MOSIP, a relying party should be a MOSIP approved entity having a partner ID, partner-policy API key and a MOSIP issued ISP key apart from just communicating with MOSIP. Hence, a relying party needs to do the following activities to perform authentication using MOSIP APIs,
Register themself using MOSIP’s partner management portal
Upload a CA-signed certificate (from a MOSIP approved CA) in the portal - this will be used to encrypt the e-KYC response
Request for authentication policy and generate API keys for authentication
Partner with a MOSIP registered ISP provider to perform authentication
Partner with a MOSIP registered device vendor for SBI 2.0 devices in case of biometric authentication
Download the MOSIP public certificate for encryption of authentication request
Build an authentication and/or e-KYC application to capture biometrics, encrypt the request and call the authentication APIs as per the specification specified in the below link: https://docs.mosip.io/platform/apis/id-authentication-apis
MOSIP has built a reference authentication application that can be used by the relying parties as a base for their own custom application. The codebase for the same is available here: https://github.com/mosip/mosip-ref-impl/tree/master/authentication-demo-ui
Credential Services
The credentials in MOSIP (ID data of residents) can be provided to MOSIP approved entities or partners. In MOSIP the communication channel between the partner (maybe print partner in this case) is something that can be customized by the implementor. By default, the communication between MOSIP and the print partner is via. webhooks using web sub as the communication channel. Any entity that wants to partner with MOSIP to print ID cards needs to perform the below steps,
Register themself using MOSIP’s partner management portal
Upload a CA-signed certificate (from a MOSIP approved CA) in the portal - this will be used for encryption of the credential data
Request for data share policy and generate API keys for receiving credentials
Build a printing interface to get the hub and topic details from the publisher i.e. MOSIP and subscribe to the hub and topic i.e. the WebSub hub.
MOSIP has built a reference print service application that can be used by the print partners as a base for building their own custom applications. The codebase for the same is available here: https://github.com/mosip/print.
This application connects by default,
Gets the topic details from MOSIP
Subscribes to the MOSIP WebSub Hub topic configured
Receives the credentials from the Hub
Decrypts the credentials and generates a PDF version of the card
Sample Credential Event Object
ABIS and Manual Adjudication - Data Share URLs
ABIS and manual adjudication systems communicate with MOSIP via a queue. The request and response structures for the communication in the queues is documented in the below link.
ABIS API specifications:
Manual Adjudication API specifications:
During the communication, some data share URLs are shared with the ABIS or manual adjudication system, which has encrypted biometric and demographic data. In order to access this data and connect to the queue, the ABIS and manual adjudication system should be a registered partner in MOSIP. To do so, these partners should perform the below steps,
Register themself using MOSIP’s partner management portal
Upload a CA-signed certificate (from a MOSIP approved CA) in the portal - this will be used for encryption of the data
Build queue listeners to access the requests as mentioned in the above API specification documentation.