Presentation is loading. Please wait.

Presentation is loading. Please wait.

Application program interface (API)

Published byGerald York Modified over 6 years ago

Similar presentations

Presentation on theme: "Application program interface (API)"— Presentation transcript:

1 Application program interface (API)
Version 1.0

2 Background Search and download functionality often used at Financial Institution (FI) front office level (branch end) before onboarding customer. FIs can search or download KYC details from the CKYC Registry post login using credentials and digital signature. CKYC registry introduced API services (Application programming Interface) to registered financial institutions for search and download functionality. Note: API services are available for reporting entities internal use only, reporting entity should not extend API services in public domain

3 Application Programming Interface
An application program interface (API) is code that allows two software programs to communicate with each other. Your Application Request CKYC Application API Response Internet

4 Application Programming Interface
Branch 1 Branch 2 Branch 3 FI Central Server Internet Encrypted Request file Digitally Signed file Through Registered IP addresses only Request Response CKYC Application RM 1 Branch 4 Optional : Secured VPN Tunnel or P2P leased line Connectivity

5 Pre-requisites API Configuration:
Admin user have access of API configuration page to configure below items: Digital Signature Public Key (.CER format) Public IP* Download CERSAI Public Key *Note: currently CKYC system allows only one IP to configure, will provide option of 5 IPs to be configure shortly

6 Important points FI Digital Signature: CERSAI Digital Signature:
Private Key will use for signing API request file Public Key needs to be upload in CKYC application, system will check authenticity of request file by uploaded public Key of FI CERSAI Digital Signature: Pubic Key is available on the CKYC website, this will be use in the request file encryption process Request and Response Type : Application/XML API Type: Rest Multi threading: Available (TBD)

7 Service URL Search Testbed: Production: Production : Download
Production: Production : Download

8 Encode String (Session Key)
Request file PID Search : ID & Number Download : CKYC number & Date of Birth XML Request file 256 bit session Key CERSAI public Key FI DSC Private Key Step 1: Generate a random 256 bit session key <?xml version="1.0" encoding="UTF-8"?> <REQ_ROOT> <HEADER> <FI_CODE>IN0001</FI_CODE> <REQUEST_ID>02<REQUEST_ID /> <VERSION>1.0</VERSION> </HEADER> <CKYC_INQ> <SESSION_KEY> </REQUEST_ID> <PID> <PID_DATA> <DATE_TIME /> <ID_TYPE /> <ID_NO /> </PID_DATA> </PID> </CKYC_INQ> </REQ_ROOT PID Step 2: Encrypt PID using this session key by AES algorithm Step 3: Encode the encrypted PID to Base64 string Encode String (PID) Encrypted PID Encrypted Step 4: Encrypt the session key using public key provided by CERSAI using RSA algorithm Step 5: Encode the encrypted session key to Base64 string Encode String (Session Key) Encrypted Session Key Step 6: Add this encrypted and encoded session key in request xml Encode String (PID) Step 7: Sign entire request using FI's private key Encode String (PID)

9 Encode String (Session Key)
Response file PID Response from CERSAI XML Response file CERSAI public Key 256 bit session Key FI DSC Private Key <REQ_ROOT> <HEADER> <FI_CODE>IN0001</FI_CODE> <REQUEST_ID>02<REQUEST_ID /> <VERSION>1.0</VERSION> </HEADER> <CKYC_INQ> <SESSION_KEY>BDu4Zi02ct0kxehSJyiblRF7FsjyJc6e6FTzeXPXwmF5nCMypIXMDfxL+zTcopy++6mZmXPCltIrJFM2f9GcP14aohnqDqIHyG7WJhGel6ipgwcKNEivrKbpBvzc5B3CCSDlh9WYUVj6V4</REQUEST_ID> <PID> BDu4Zi02ct0kxehSJyiblRF7FsjyJc6e6FTzeXPXwmF5nCMypIXMDfxL+zTcopy++6mZmXPCltIrJFM2f9GcP14aohnqDqIHyG7WJhGel6ipgwcKNEivrKbpBvzc5B3CCSDlh9WYUVj6V4BDu4Zi02ct0kxehSJyiblRF7FsjyJc6e6FTzeXPXwmF5nCMypIXMDfxL+zTcopy++6mZmXPCltIrJFM2f9GcP14aohnqDqIHyG7WJhGel6ipgwcKNEivrKbpBvzc5B3CCSDlh9WYUVj6V4BDu4Zi02ct0kxehSJyiblRF7FsjyJc6e6FTzeXPXwmF5nCMypIXMDfxL+zTcopy++6mZmXPCltIrJFM2f9GcP14aohnqDqIHyG7WJhGel6ipgwcKNEivrKbpBvzc5B3CCSDlh9WYUVj6V4BDu4Zi02ct0kxehSJyiblRF7FsjyJc6e6FTzeXPXwmF5nCMypIXMDfxL+zTcopy++6mZmXPCltIrJFM2f9GcP14a </PID> <ERROR /> </CKYC_INQ> </REQ_ROOT> <REQ_ROOT> <HEADER> <FI_CODE>IN0001</FI_CODE> <REQUEST_ID>02<REQUEST_ID /> <VERSION>1.0</VERSION> </HEADER> <CKYC_INQ> <SESSION_KEY> </REQUEST_ID> <PID> <PID_DATA> <CKYC_NO /> <NAME /> <FATHERS_NAME /> <AGE /> <PHOTO /> <IMAGE_TYPE /> <KYC_DATE /> <UPDATED_DATE /> </PID_DATA> </PID> <ERROR /> </CKYC_INQ> </REQ_ROOT> Step 1: Verify response file signature using CERSAI’s public key. Step 2: Parse key parameter from request message Encode String (PID) Encode String (Session Key) Encrypted Session Key Step 3: Decode the session key from Base64 string Encrypted Step 4: Decrypt encrypted session key using FI’s private key with RSA algorithm Step 5: Decode the PID from Base64 string Encode String (PID) Encrypted PID Encrypted PID Step 6: Decrypt data using session key with AES algorithm PID

10 Error Messages Scenario Error Message
Digital signature verification failed Digital signature cannot be verified. Please sign document with proper key Incorrect ID type or ID Number Validation failure Request Id size greater than 8 Request Id should not exceed more than 8 digits Request Id is not unique throughout the day for an FI. Request Id is not unique Incorrect FI Code Institution does not exists No records found Time difference between request and response is more than 5 minute Time difference should be less than 5 minutes IP not registered Please configure your IP address. IP does not match with the registered IP The given IP does not match with the institution’s registered IP.

11 Thank you!! For any clarification / support, please on or call on

Download ppt "Application program interface (API)"

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
6 th Annual Focus Users’ Conference Texas Reporting Presented by: Bethany Heslam.

6 th Annual Focus Users’ Conference Texas Reporting Presented by: Bethany Heslam.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.

Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Delight QuickBooks Online Banking Internal Support Training QuickBooks Windows 2009/2010 Online Banking.

Delight QuickBooks Online Banking Internal Support Training QuickBooks Windows 2009/2010 Online Banking.
Easy way to do Activation & Recharge through WEB

Easy way to do Activation & Recharge through WEB
DEMO - 8/14/2007. R2 Feature List ReceiveDocumentBatch Web Service SendPESCAcknowledgment Web Service Validate Acknowledgment Upload Acknowledgment Transcript.

DEMO - 8/14/2007. R2 Feature List ReceiveDocumentBatch Web Service SendPESCAcknowledgment Web Service Validate Acknowledgment Upload Acknowledgment Transcript.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Integrating and Troubleshooting Citrix Access Gateway.

Integrating and Troubleshooting Citrix Access Gateway.
We now will use Advanced Search Builder option. Access to Advanced is from the initial PubMed page or the Search Results page. Advanced Search.

We now will use Advanced Search Builder option. Access to Advanced is from the initial PubMed page or the Search Results page. Advanced Search.

Similar presentations

Ads by Google