Hi All,
We have seen a lot of issues where integrators face unauthorized errors while trying to access HealthID APIs.
Here is a quick guide to ensure that you have smooth integration to HealthID APIs:
- All HealthID APIs are secured by JWT token issued by https://dev.ndhm.gov.in in sandbox. You can generate a new accessToken by calling https://dev.ndhm.gov.in/gateway/v0.5/sessions API.
- Please note that an accessToken has 5 minutes of expiry time (irresptive of usage/idle time).
So ensure that you are using active token OR always generate a token before calling any HealthID APIs. - In order to call healthID APIs, your clientID must be given appropriate role in NDHM gateway.
So as part of on-boarding you need to let team know if you want to call HealthID APIs. if you do not have permission to access healthID APIs then you will get unauthorized error. - Profile APIs in HealthID are secured by additional token named as X-Token which you get by authenticating/registering a User.
Flow for calling Authentication/Registration/Search/Forgot HealthID APIs:
- Generate accessToken by calling session APIs
curl âhttps://dev.ndhm.gov.in/gateway/v0.5/sessionsâ -H âUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:79.0) Gecko/20100101 Firefox/79.0â -H âAccept: application/jsonâ -H âAccept-Language: en-US,en;q=0.5â --compressed -H âReferer: https://dev.ndhm.gov.in/swagger/ndhm-gatewayâ -H âContent-Type: application/jsonâ -H âOrigin: https://dev.ndhm.gov.inâ -H âConnection: keep-aliveâ -H âPragma: no-cacheâ -H âCache-Control: no-cacheâ --data-raw â{âclientIdâ:âSBX_0000000â,âclientSecretâ:â142g733a-2020-4xxx-axx11-222xxxxxxxâ}â
- Call Authentication/Registration/Search/Forgot API on HealthID
Get accessToken from the response recieved in step#1 above.
This accessToken needs to be passed in Authorization header in format of Bearer .
Let us call Authentication intiation API with it:
curl -X POST âhttps://healthidsbx.ndhm.gov.in/api/v1/auth/initâ -H âaccept: /â -H âAccept-Language: en-USâ -H "Authorization: Bearer " -H âContent-Type: application/jsonâ -d â{ âauthMethodâ: âPASSWORDâ, âhealthidâ: âabcd@sbxâ}â
Flow for calling Profile APIs:
- Generate accessToken by calling session APIs
curl âhttps://dev.ndhm.gov.in/gateway/v0.5/sessionsâ -H âUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:79.0) Gecko/20100101 Firefox/79.0â -H âAccept: application/jsonâ -H âAccept-Language: en-US,en;q=0.5â --compressed -H âReferer: https://dev.ndhm.gov.in/swagger/ndhm-gatewayâ -H âContent-Type: application/jsonâ -H âOrigin: https://dev.ndhm.gov.inâ -H âConnection: keep-aliveâ -H âPragma: no-cacheâ -H âCache-Control: no-cacheâ --data-raw â{âclientIdâ:âSBX_0000000â,âclientSecretâ:â142g733a-2020-4xxx-axx11-222xxxxxxxâ}â
- Call Authentication APIs on HealthID to get User Session Token
Get accessToken from the response recieved in step#1 above.
This accessToken needs to be passed in Authorization header in format of Bearer .
Let us call Authentication intiation API with it:
curl -X POST âhttps://healthidsbx.ndhm.gov.in/api/v1/auth/initâ -H âaccept: /â -H âAccept-Language: en-USâ -H "Authorization: Bearer " -H âContent-Type: application/jsonâ -d â{ âauthMethodâ: âPASSWORDâ, âhealthidâ: âabcd@sbxâ}â
This API will respond with txnId which must be used in subsequent authentication calls.
- Call Authentication API (password method)
curl -X POST "https://healthidsbx.ndhm.gov.in/api/v1/auth/confirmWithPassword" -H "accept: */*" -H "Accept-Language: en-US" -H "Authorization: Bearer <accessToken from Step#1>" -H "Content-Type: application/json" -d "{ \"password\": \"myPass\", \"txnId\": \"<txnId recieved in response at Step#2>\"}"
- Call Get QRCode API:
curl -X GET âhttps://healthidsbx.ndhm.gov.in/api/v1/account/qrCodeâ -H âaccept: /â -H âAccept-Language: en-USâ -H âX-Token: Bearer <userSessionToken from step#3>â -H âAuthorization: Bearer <accessToken from Step#1>â
I hope this helps.
Let us improving our experience of integrating ABDM.
Thanks
ABDM HealthID Team