Hello All,
I was playing around with ABHA health APIs and I came across, with /v2/auth/cert API, which is required to be called before performing the login
Can someone explain to me the purpose of this API? and where will be the output of this API used?
Hi @ankit-brijwasi,
/v2/auth/cert API is actually used to get the public certificate for encryption. You will get the public key in the response of this API which you can use to encrypt any sensitive information like OTP, Adhaar number etc. in subsequent calls.
Hello @arpit, Thank you for your answer
can you share some of the APIs where the output of this is used?
Also, Is the output of this API used in Abha’s login/authentication APIs as well?
Hi @ankit-brijwasi,
APIs like “v2/registration/aadhaar/generateOtp”, “/v2/registration/aadhaar/verifyOTP” etc. where u have to pass sensitive info like Aadhaar number or mobile otp need these values to be RSA encrypted.
The public key from the response of “/v2/auth/cert” can be used for RSA encryption of these sensitive values.
Hello @arpit
When I was playing around with these APIs in staging mode, sending the data without encryption was working fine.
So I am a bit confused. Is the encryption required for production?