Unable to retrieve ABHA Profile

#1

HI @IntegrationSupport,

I am trying to retrieve a user profile using V3 APIs, however the

https://abhasbx.abdm.gov.in/abha/api/v3/profile/account

URL initially gives 403 Forbidden, and after a few tries it gives X-Token expired.

I am attaching screenshots of the same.

403 Forbidden
403 Forbidden1255×422 20 KB

X-Token Forbidden
X-Token Forbidden1370×405 22.6 KB

Please advise

#2

Hi @satyadeep
Here you to add both authorization token and also X-token in headers

#3

HI @ayadav33,

I am already doing that
> GET /abha/api/v3/profile/account HTTP/1.1

Host: abhasbx.abdm.gov.in
User-Agent: insomnia/2023.5.8
REQUEST-ID: dd3c457a-5a03-4bd2-b296-0d2a84dd0b0e
TIMESTAMP: 2024-01-17T03:37:34.614Z
X-token: Bearer eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiI5NzExNDc1MTU2IiwiY2xpZW50SWQiOiJhYmhhLXByb2ZpbGUtYXBwLWFwaSIsInN5c3RlbSI6IkFCSEEtTiIsIm1vYmlsZSI6Ijk3MTE0NzUxNTYiLCJ0eXAiOiJUcmFuc2ZlciIsImV4cCI6MTcwNTQ2MjYzNSwiaWF0IjoxNzA1NDYyMzM1fQ.FfzUT7yUQxrROJ4cdjk1u1DGygKmydaA4pMfMFzsW0MuakVfg3AJtI9jDiNk4XnfTY18SgNvz5CoGBLDJOdzKMaiqts0ciVUxwZTwO7GmgaY58Mh5PGZGcSXihY1nQ_nWYMu6XH9IUz0v1vh7n5ubvX-ubFWe0dru3TvxKU3v4VyqnRKXn0xOLbdl5oa1f-K4jpC3ShdMcxrViThEe8kQRtCymtDQ7gUV9TY_8mKdwGJoB0JyUUSbX8C2T-XqaP3_IthfvFuKUV7fBrqGD6ZtvboATnAYZJQxwPYK7z72YBxyBYbbsxPYKh1F5h8uUGayz_Nz7OI_zUO5h1l-KpM35TGAtFzddrvtyDPMTXtT2UwSmy8r7Upw3gLea2lgp-4xoX7y2SLEc2s9_k4ZVyIc-_IrFxaHLTcTx8_LuPo8Svr25kbjP0vJtKTDfYZzdNPezZ0ldxvaRHvB1xKuz24e8zsp0raGeXc6RLI6HXmZrLO6ydUvZlAFMRBwdxpWvo_h7-rTy1ynicPkUTBjfkOb-uRXmPlCZ24QQFs7UuycXvL6bUE3dJs2SnYwgkIuCETI7QuX5Fyw2l0MGT7Xy67boYgaMsWvbZijWv9AhwB0_xnODxjGlGfdqJ9yazDAZMjBC4X03AqovAg_G49oMFHkAE87t5GkF7hdmAb9O6Meww
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBbFJiNVdDbThUbTlFSl9JZk85ejA2ajlvQ3Y1MXBLS0ZrbkdiX1RCdkswIn0.eyJleHAiOjE3MDU0NjI5MDEsImlhdCI6MTcwNTQ2MTcwMSwianRpIjoiMDlkNWZiNzUtMTU5MS00OWU5LWE4NmUtYzI4MzMyZTIwZDhjIiwiaXNzIjoiaHR0cHM6Ly9kZXYubmRobS5nb3YuaW4vYXV0aC9yZWFsbXMvY2VudHJhbC1yZWdpc3RyeSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI5NDE1YmQ0Mi0yZTIxLTQ3NzQtYWFjNS1kODQ5OGNkNDE0YTAiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJTQlhfMDAxODU0Iiwic2Vzc2lvbl9zdGF0ZSI6IjIxNTE1NDhhLWM1NTQtNGU0Zi1iNzU5LWViYzM1ZjdkYjU1ZCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo5MDA3Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJoaXUiLCJvZmZsaW5lX2FjY2VzcyIsImhlYWx0aElkIiwiT0lEQyIsImhpcCIsImhwX2lkIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiU0JYXzAwMTg1NCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsImNsaWVudElkIjoiU0JYXzAwMTg1NCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiY2xpZW50SG9zdCI6IjEwLjIzMy42Ny4xNDIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtc2J4XzAwMTg1NCIsImNsaWVudEFkZHJlc3MiOiIxMC4yMzMuNjcuMTQyIn0.SQ9u7B3SxgI6Hs2e4gw3y5QMxLz_sJDIT8LQ32HZK9i8_agOfW7QiZHk3pr2vXs2SCgOZCc187AyV5Ny0n5vLh4mzRSmTGksZTh3N62_MrEctHPDeoZIFDulnv5DQspbFiwBwM8gigH0yHDxG8FeqDvQlVex-vsHhTFO_4LzuvyDoyT4zLHbfDGSj0jo3QGDXtirYabzmc-xCafHLrotCqYmUBY3Z8wYxNrcduY97kEXneLGqQpfoSqEK3l0G_wUKtCY5QLsuTSKuKhjOaZ0ixuiy6Lc-BdJkYtKFy2kk6MBTj11f2b3VsYu4FLwhbwAbckD0Pu60v-RadNNgfuSBg
Accept: /

  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • Mark bundle as not supporting multiuse

< HTTP/1.1 401 Unauthorized
< expires: 0
< x-envoy-upstream-service-time: 50
< access-control-allow-origin:
< vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
< access-control-allow-methods: GET
< x-frame-options: DENY
< permissions-policy: geolocation=(self)
< access-control-allow-headers: authorization,Content-Type,SOAPAction,apikey,Internal-Key,TIMESTAMP,REQUEST-ID,TRANSACTION_ID,Authorization
< pragma: no-cache
< strict-transport-security: max-age=31536000 ; includeSubDomains
< activityid: bcc2e153-6ae2-4255-adaa-a772aae2043a
< access-control-expose-headers:
< content-security-policy: form-action ‘self’
< x-content-type-options: nosniff
< x-xss-protection: 1 ; mode=block
< referrer-policy: no-referrer
< content-type: application/json
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< date: Wed, 17 Jan 2024 03:37:35 GMT
< Transfer-Encoding: chunked
Still 403/401 . ANy idea what am I missing

#4

Hi @satyadeep
Token which you are using is wrong.
May I know which token you are using. Token must have information about abha address, number and mobile also

#5

My API sequence is :
https://dev.abdm.gov.in/gateway/v0.5/sessions – Authorization
https://healthidsbx.abdm.gov.in/api/v1/auth/cert
https://abhasbx.abdm.gov.in/abha/api/v3/profile/login/request/otp
https://abhasbx.abdm.gov.in/abha/api/v3/profile/login/verify – X-Token
https://abhasbx.abdm.gov.in/abha/api/v3/profile/account

Please correct me if I am missing anything

#6

Hi @satyadeep
Use the token received from creation of abha number
Received from this API - api/v3/enrollment/enrol/byAadhaar

#7

HI @ayadav33,

YOu mean X-Token = token from enrol/byAadhaar?

#8

@satyadeep
Exactly. Use that token as X-token

#9

But the doc says:
X-token JWT Access token which was issued by ABDM login APIs

#10

When I tried token from login api, even I got token expired error. So I tried with this Token. It was working fine

1 Like
#11

@IntegrationSupport can you please confirm on this?

#12

Dear @IntegrationSupport we are stuck here . Can you please help?

#13

@IntegrationSupport have been waiting for your input for last 2 days, can you please clarify on this?

#14

@satyadeep

Please use unique request id and current ISO timestamp, We will reqiest you to test it on postman and use the variables {{$isoTimestamp}} for time stamp and {{$randomUUID}} or {{$guid}} for request ID.

@IntegrationSupport

#15

Hi @Sachin/ @IntegrationSupport,

I am still getting the same :

My request is :

image
image968×447 16.7 KB

GET /abha/api/v3/profile/account HTTP/1.1
Host: abhasbx.abdm.gov.in
User-Agent: insomnia/2023.5.8
REQUEST-ID: f5eb5689-4485-474b-b661-60c9d3edbaf7
TIMESTAMP: 2024-01-22T04:33:33.989Z
X-token: Bearer eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiI5NzExNDc1MTU2IiwiY2xpZW50SWQiOiJhYmhhLXByb2ZpbGUtYXBwLWFwaSIsInN5c3RlbSI6IkFCSEEtTiIsIm1vYmlsZSI6Ijk3MTE0NzUxNTYiLCJ0eXAiOiJUcmFuc2ZlciIsImV4cCI6MTcwNTg5ODIxNywiaWF0IjoxNzA1ODk3OTE3fQ.JOv-FYBGKXVTXeOLmFw5q-1UxJJp9rTO0nUiYkAlU_sgbrW6_hA9_TZZRK8dTA4hMSJldouLjjKJDsompDw4Fg2TU5ZyhGIZPsSc4G2wre7UlmMG4FoDsMase89BSCy7N5UOV3btFP-DVLt0WbPueBSfg33Re6BMLRY-2bFqkHbMADZf5H3L64kGQjC4Qh7asPUVCOh-75lv6FO2siGxYiGT8SPJdzpDN0BbyMdXZasByKXm9QpuCE-NPjSmK9fac3Q2oojl9M-U29UWjbhwqL3gOsHBsQVuUdfPVr4AWNSFV2N4dCcV3zQ5AHcA6qGrK1SxePpg8xS9HSyyWxpx6M7ayZ4kvh-ydX38DUorONtS7qGaqy_Zt-y5Ys_oIkBLbbgtdpi1f-9Aq0nElLg6qggRA_-ErR0l4mD_EVn3l_HlXNc88OATuPflVGrvVWNV3y9GOZpJJ6UmrD2JQrXj2B1Upm0MHo-BIFVR202HKzggPLJ2QEcLnttfLb8Kn4fW5uUHqARL1MgZqJbP_ZSzi2-pefpOAt2oj981xIOBCn-pwElCq_SVEljEKvcy0vkk9TVkmI-A_5alqCpy4QMlvcLtg87yyiete5gy5SUWvzRoonsF_V4QXYbDYTlir7USukEG1x2K_mQLo1zbo6jNugUldU3uuN73z1Yy87D1T5Y
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBbFJiNVdDbThUbTlFSl9JZk85ejA2ajlvQ3Y1MXBLS0ZrbkdiX1RCdkswIn0.eyJleHAiOjE3MDU0NjI5MDEsImlhdCI6MTcwNTQ2MTcwMSwianRpIjoiMDlkNWZiNzUtMTU5MS00OWU5LWE4NmUtYzI4MzMyZTIwZDhjIiwiaXNzIjoiaHR0cHM6Ly9kZXYubmRobS5nb3YuaW4vYXV0aC9yZWFsbXMvY2VudHJhbC1yZWdpc3RyeSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI5NDE1YmQ0Mi0yZTIxLTQ3NzQtYWFjNS1kODQ5OGNkNDE0YTAiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJTQlhfMDAxODU0Iiwic2Vzc2lvbl9zdGF0ZSI6IjIxNTE1NDhhLWM1NTQtNGU0Zi1iNzU5LWViYzM1ZjdkYjU1ZCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo5MDA3Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJoaXUiLCJvZmZsaW5lX2FjY2VzcyIsImhlYWx0aElkIiwiT0lEQyIsImhpcCIsImhwX2lkIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiU0JYXzAwMTg1NCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsImNsaWVudElkIjoiU0JYXzAwMTg1NCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiY2xpZW50SG9zdCI6IjEwLjIzMy42Ny4xNDIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtc2J4XzAwMTg1NCIsImNsaWVudEFkZHJlc3MiOiIxMC4yMzMuNjcuMTQyIn0.SQ9u7B3SxgI6Hs2e4gw3y5QMxLz_sJDIT8LQ32HZK9i8_agOfW7QiZHk3pr2vXs2SCgOZCc187AyV5Ny0n5vLh4mzRSmTGksZTh3N62_MrEctHPDeoZIFDulnv5DQspbFiwBwM8gigH0yHDxG8FeqDvQlVex-vsHhTFO_4LzuvyDoyT4zLHbfDGSj0jo3QGDXtirYabzmc-xCafHLrotCqYmUBY3Z8wYxNrcduY97kEXneLGqQpfoSqEK3l0G_wUKtCY5QLsuTSKuKhjOaZ0ixuiy6Lc-BdJkYtKFy2kk6MBTj11f2b3VsYu4FLwhbwAbckD0Pu60v-RadNNgfuSBg
Accept: /

  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • Mark bundle as not supporting multiuse

< HTTP/1.1 401 Unauthorized
< x-request-id: 1beabb49-ee0c-4c45-b123-8e2a0bee2582
< x-forwarded-proto: http
< access-control-allow-origin:
< access-control-allow-methods: GET
< www-authenticate: null Bearer realm=“WSO2 API Manager” null, error=“invalid_token”, error_description=“The provided token is invalid”

Here X-Token is what I am getting out of login/verify

image
image1536×767 66.5 KB

Can you please help me on this!

Thanks

#16

@satyadeep

Please drop a mail to me on abdm.pc20@nha.gov.in for further debug and resolve this issue, Please add this devforum link in the mail.

@IntegrationSupport

#17

HI @Sachin,

I have fixed the issue , as the API call sequence was missing the call to https://abhasbx.abdm.gov.in/abha/api/v3/profile/login/verify/user
which is required when verifying a user login by Mobile OTP but is not required when verifying a user login by Aadhaar OTP.
Thanks