https://betaapi.digitallocker.gov.in/public/oauth2/1/authorizeCall to this API starts authorization flow using OAuth 2.0 protocol. This isn't an API call—it's a DigiLocker web page that lets the user sign in to DigiLocker and authorize your application to access user’s data. After the user decides whether or not to authorize your app, they will be redirected to the redirect link provided by your application.
Provide the client id that was created during the application registration process on Partners Portal.
Provide the grant type requested, either token or code.
The URI to redirect the user after authorization has completed.
This is your application specific data that will be passed back to your application through redirect_uri.
A unique random string called code verifier (code_verifier) is created by the client application for every authorization request. The code_challenge sent as this parameter is the Base64URL (with no padding) encoded SHA256 hash of the code verifier. Code block: ``` string base64_url_encode_without_padding(string arg) { string s = base64encode(arg); //Regular base64encoder with padding s = s.replace(’=’,’’); //Remove any trailing ’=’ s = s.replace(’+’, ’-’); //Replace ’+’ with ’-’ s = s.replace(’/’, ’_’); //Replace ’/’ with ’_’ return s; } ```
Specifies what method was used to encode a code_verifier to generate code_challenge parameter above. This parameter must be used with the code_challenge parameter. The only supported values for this parameter is S256.
If this parameter is provided its value will always be signup. This parameter indicates that the user does not have a DigiLocker account and will be directed to the signup flow directly. After the account is created, the user will be directed to the authorization flow. If this parameter is not sent, the user will be redirected to the sign in flow.
Verified mobile number of the user. If this parameter is passed, DigiLocker will skip the mobile OTP verification step during sign up. DigiLocker will treat the mobile number passed in this parameter as a verified mobile number by the trusted client application. This parameter will be used only if dl_flow parameter mentioned above is set to signup and will be ignored otherwise.
{
"success": true,
"data": {
"id": "abc123",
"created_at": "2025-01-01T00:00:00Z"
}
}{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid request parameters"
}
}1curl --request GET \2 --url 'https://betaapi.digitallocker.gov.in/public/oauth2/1/authorize' \3 --header 'accept: application/json' \4 --header 'content-type: application/json'1{2 "success": true,3 "data": {4 "id": "abc123",5 "created_at": "2025-01-01T00:00:00Z"6 }7}https://betaapi.digitallocker.gov.in/public/oauth2/1/authorizeCall to this API starts authorization flow using OAuth 2.0 protocol. This isn't an API call—it's a DigiLocker web page that lets the user sign in to DigiLocker and authorize your application to access user’s data. After the user decides whether or not to authorize your app, they will be redirected to the redirect link provided by your application.
Provide the client id that was created during the application registration process on Partners Portal.
Provide the grant type requested, either token or code.
The URI to redirect the user after authorization has completed.
This is your application specific data that will be passed back to your application through redirect_uri.
A unique random string called code verifier (code_verifier) is created by the client application for every authorization request. The code_challenge sent as this parameter is the Base64URL (with no padding) encoded SHA256 hash of the code verifier. Code block: ``` string base64_url_encode_without_padding(string arg) { string s = base64encode(arg); //Regular base64encoder with padding s = s.replace(’=’,’’); //Remove any trailing ’=’ s = s.replace(’+’, ’-’); //Replace ’+’ with ’-’ s = s.replace(’/’, ’_’); //Replace ’/’ with ’_’ return s; } ```
Specifies what method was used to encode a code_verifier to generate code_challenge parameter above. This parameter must be used with the code_challenge parameter. The only supported values for this parameter is S256.
If this parameter is provided its value will always be signup. This parameter indicates that the user does not have a DigiLocker account and will be directed to the signup flow directly. After the account is created, the user will be directed to the authorization flow. If this parameter is not sent, the user will be redirected to the sign in flow.
Verified mobile number of the user. If this parameter is passed, DigiLocker will skip the mobile OTP verification step during sign up. DigiLocker will treat the mobile number passed in this parameter as a verified mobile number by the trusted client application. This parameter will be used only if dl_flow parameter mentioned above is set to signup and will be ignored otherwise.
{
"success": true,
"data": {
"id": "abc123",
"created_at": "2025-01-01T00:00:00Z"
}
}{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid request parameters"
}
}1curl --request GET \2 --url 'https://betaapi.digitallocker.gov.in/public/oauth2/1/authorize' \3 --header 'accept: application/json' \4 --header 'content-type: application/json'1{2 "success": true,3 "data": {4 "id": "abc123",5 "created_at": "2025-01-01T00:00:00Z"6 }7}