OTP encryption is not getting accepted in PHR Service APIs

abhishek1.kamla · May 3, 2022, 7:31am

https://dev.abdm.gov.in/cm/v1/apps/phrAddress/auth-confirm API is not accepting the OTP(encrypted), throwing 400 response as you can see in attached screenshot. What are the guidelines to encrypt the sensitive parameters for PHR Service APIs
(We are getting the public certificate from https://healthidsbx.abdm.gov.in/api/v1/auth/cert and using this certificate to encrypt the OTP and the providing that encrypted OTP in /auth-confirm API but it’s not working. Same encryption is working in HealthId Service APIs)

shubham.nakawe · May 23, 2022, 1:59pm

@Shubhanshu_Shukla @neha.parnami
We are also facing the same issue.

abhishek1.kamla · May 24, 2022, 5:38am

Hey, looks like we have to use this API to fetch token for PHR service’s APIs encryption, below is working for me @shubham.nakawe -
https://phrsbx.abdm.gov.in/api/v1/phr/public/certificate

Hari · May 24, 2022, 11:51am

Where is this documented? How were you able to find this?

abhishek1.kamla · May 24, 2022, 12:15pm

Agreed, very poor documentation. I was able to figure this out by observing abdm PHR App flow.

shubham.nakawe · May 25, 2022, 2:13am

Thank you for helping @abhishek1.kamla

Manan · May 27, 2022, 9:53am

Can you please link the flow you are referring to
TIA