Hi All,
We have seen a lot of issues where integrators face unauthorized errors while trying to access HealthID APIs.
Here is a quick guide to ensure that you have smooth integration to HealthID APIs:
- All HealthID APIs are secured by JWT token issued by https://dev.ndhm.gov.in in sandbox. You can generate a new accessToken by calling https://dev.ndhm.gov.in/gateway/v0.5/sessions API.
- Please note that an accessToken has 5 minutes of expiry time (irresptive of usage/idle time).
So ensure that you are using active token OR always generate a token before calling any HealthID APIs. - In order to call healthID APIs, your clientID must be given appropriate role in NDHM gateway.
So as part of on-boarding you need to let team know if you want to call HealthID APIs. if you do not have permission to access healthID APIs then you will get unauthorized error. - Profile APIs in HealthID are secured by additional token named as X-Token which you get by authenticating/registering a User.
Flow for calling Authentication/Registration/Search/Forgot HealthID APIs:
- Generate accessToken by calling session APIs
curl ‘https://dev.ndhm.gov.in/gateway/v0.5/sessions’ -H ‘User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:79.0) Gecko/20100101 Firefox/79.0’ -H ‘Accept: application/json’ -H ‘Accept-Language: en-US,en;q=0.5’ --compressed -H ‘Referer: https://dev.ndhm.gov.in/swagger/ndhm-gateway’ -H ‘Content-Type: application/json’ -H ‘Origin: https://dev.ndhm.gov.in’ -H ‘Connection: keep-alive’ -H ‘Pragma: no-cache’ -H ‘Cache-Control: no-cache’ --data-raw ‘{“clientId”:“SBX_0000000”,“clientSecret”:“142g733a-2020-4xxx-axx11-222xxxxxxx”}’
- Call Authentication/Registration/Search/Forgot API on HealthID
Get accessToken from the response recieved in step#1 above.
This accessToken needs to be passed in Authorization header in format of Bearer .
Let us call Authentication intiation API with it:
curl -X POST “https://healthidsbx.ndhm.gov.in/api/v1/auth/init” -H “accept: /” -H “Accept-Language: en-US” -H "Authorization: Bearer " -H “Content-Type: application/json” -d “{ “authMethod”: “PASSWORD”, “healthid”: “abcd@sbx”}”
Flow for calling Profile APIs:
- Generate accessToken by calling session APIs
curl ‘https://dev.ndhm.gov.in/gateway/v0.5/sessions’ -H ‘User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:79.0) Gecko/20100101 Firefox/79.0’ -H ‘Accept: application/json’ -H ‘Accept-Language: en-US,en;q=0.5’ --compressed -H ‘Referer: https://dev.ndhm.gov.in/swagger/ndhm-gateway’ -H ‘Content-Type: application/json’ -H ‘Origin: https://dev.ndhm.gov.in’ -H ‘Connection: keep-alive’ -H ‘Pragma: no-cache’ -H ‘Cache-Control: no-cache’ --data-raw ‘{“clientId”:“SBX_0000000”,“clientSecret”:“142g733a-2020-4xxx-axx11-222xxxxxxx”}’
- Call Authentication APIs on HealthID to get User Session Token
Get accessToken from the response recieved in step#1 above.
This accessToken needs to be passed in Authorization header in format of Bearer .
Let us call Authentication intiation API with it:
curl -X POST “https://healthidsbx.ndhm.gov.in/api/v1/auth/init” -H “accept: /” -H “Accept-Language: en-US” -H "Authorization: Bearer " -H “Content-Type: application/json” -d “{ “authMethod”: “PASSWORD”, “healthid”: “abcd@sbx”}”
This API will respond with txnId which must be used in subsequent authentication calls.
- Call Authentication API (password method)
curl -X POST "https://healthidsbx.ndhm.gov.in/api/v1/auth/confirmWithPassword" -H "accept: */*" -H "Accept-Language: en-US" -H "Authorization: Bearer <accessToken from Step#1>" -H "Content-Type: application/json" -d "{ \"password\": \"myPass\", \"txnId\": \"<txnId recieved in response at Step#2>\"}"
- Call Get QRCode API:
curl -X GET “https://healthidsbx.ndhm.gov.in/api/v1/account/qrCode” -H “accept: /” -H “Accept-Language: en-US” -H “X-Token: Bearer <userSessionToken from step#3>” -H “Authorization: Bearer <accessToken from Step#1>”
I hope this helps.
Let us improving our experience of integrating ABDM.
Thanks
ABDM HealthID Team