DigiLocker Overview

DigiLocker is a government-backed platform that enables users to securely store and share official documents. By integrating DigiLocker with Cashfree, you can offer a consent-based KYC process that supports documents such as Aadhaar, PAN, and Driving License. This solution helps you comply with the latest UIDAI guidelines and the Digital Personal Data Protection (DPDP) Act. You can implement it using a simple API flow with minimal code changes.

Use cases

Use DigiLocker integration across industries to ensure compliance and streamline customer onboarding:

Sector	Use case
Banking and NBFCs	Verify Aadhaar and PAN during account opening and loan processing.
Micro-lending platforms	Confirm user identity using Aadhaar and PAN before loan disbursement.
Insurance providers	Perform identity verification during policy applications and claims.
Payments and fintech services	Validate Aadhaar and PAN for user registration and wallet onboarding.
Trading and investment platforms	Complete full KYC with Aadhaar and PAN verification for user onboarding.
E-commerce marketplaces	Verify seller identities for compliance and fraud prevention.
Digital lending platforms	Authenticate borrowers with government-verified documents.

Key benefits

Cashfree’s DigiLocker integration provides these key advantages:

UIDAI and DPDP compliant: Fully legal and compliant for all merchants.
Consent-based verification: Users log in to DigiLocker and explicitly approve the sharing of their Aadhaar document.
User control and privacy: Aadhaar data isn’t exposed to merchants without user action. Data is retrieved securely via the government infrastructure.
Multiple document types supported: Retrieve Aadhaar, PAN, Driving License, and more.
Familiar and trusted interface: Users are redirected to the DigiLocker portal, increasing trust.
Streamlined integration: Simple API integration for document verification.

Verification process

You can verify documents through DigiLocker using two primary methods:

Merchant dashboard: Generate DigiLocker consent links for manual document verification
REST API: Integrate verification directly into your applications

Dashboard verification
API verification

Use the merchant dashboard for quick manual DigiLocker verification:

Log in to the Merchant Dashboard.
Navigate to Secure ID > Aadhaar/PAN > DigiLocker–Aadhaar.
Select Verify Document and choose the verification type (Aadhaar, PAN, or Driving License).
Select Verify Now to generate the DigiLocker link and share it with the customer.

Customer flow:

Customer opens the DigiLocker link.
Enters Aadhaar-linked mobile number and OTP for authentication.
Reviews consent screen and approves document sharing.
Cashfree retrieves verified document details from DigiLocker.

All verified documents appear in your dashboard with comprehensive details including document type, verification status, and customer information.

Integrate DigiLocker verification programmatically using the REST API flow:Step 1: Check if the user has a DigiLocker account using the Verify Account API.Endpoint: POST /verification/digilocker/verify-accountCheck if the user’s mobile number or Aadhaar is registered with DigiLocker.

Request format

{
  "verification_id": "ABC00123",
  "mobile_number": "9988777666",
  "aadhaar_number": "655675523712"
}

Response format

{
  "verification_id": "ABC00123",
  "reference_id": 12345,
  "mobile_number": "1234567899",
  "aadhaar_number": "XXXXXXXX3712",
  "status": "ACCOUNT_EXISTS",
  "digilocker_id": "8aa626bf-34aa-5ffc-a123-f69207e129a7"
}

Step 2: Create a consent URL for document access using the Create URL API.Endpoint: POST /verification/digilocker

Request format

{
  "verification_id": "ABC00123",
  "document_requested": [
    "AADHAAR",
    "PAN",
    "DRIVING_LICENSE"
  ],
  "redirect_url": "https://www.cashfree.com",
  "user_flow": "signup"
}

Response format

{
  "verification_id": "ABC00123",
  "reference_id": 12345,
  "url": "https://verification-test.cashfree.com/dgl/h7562ci7us0",
  "status": "PENDING",
  "user_flow": "signup",
  "document_requested": [
    "AADHAAR",
    "PAN",
    "DRIVING_LICENSE"
  ],
  "redirect_url": "https://www.cashfree.com"
}

Step 3: Monitor user consent and authentication using the Get Status API.Endpoint: GET /digilocker?verification_id={verification_id}Status values:

PENDING: User hasn’t completed the flow
AUTHENTICATED: User logged in and consented successfully
EXPIRED: Link expired before completion
CONSENT_DENIED: User rejected consent

Step 4: Fetch verified documents from DigiLocker using the Get Document API.Endpoint: GET /digilocker/document/{document_type}?verification_id={verification_id}Available document types: AADHAAR, PAN, DRIVING_LICENSE

Response format for Aadhaar

{
  "care_of": "John Snow",
  "dob": "02-02-1995",
  "gender": "M",
  "name": "John Doe",
  "year_of_birth": 1995,
  "address": {
    "house": "123",
    "street": "Main Street",
    "landmark": "Near Park",
    "locality": "Central Area",
    "city": "Mumbai",
    "district": "Mumbai",
    "state": "Maharashtra",
    "pincode": "400001",
    "post_office": "Mumbai GPO"
  },
  "aadhaar_number": "XXXX-XXXX-1234"
}

Error responses

{
  "type": "invalid_request_error",
  "code": "verification_failed",
  "message": "Document retrieval failed",
  "details": [
    {
      "field": "document_type",
      "issue": "Document not available"
    }
  ]
}

Rate limits: Check your plan limits for DigiLocker API calls

Use the DigiLocker Integration API for programmatic integration into your applications.

Understanding document types

DigiLocker supports verification of multiple government-issued documents through secure, consent-based authentication:

Supported Documents
Data Security

Primary Identity Documents:

Document type	Use case	Key information retrieved
Aadhaar	Universal identity verification	Name, DOB, address, Aadhaar number
PAN	Tax identification and financial KYC	Name, PAN number, date of issue
Driving License	Identity and address verification	Name, license number, address, validity
Voter ID	Age and address verification	Name, voter ID, address, DOB
Passport	International identity verification	Name, passport number, validity

Best practices

Follow these recommendations to optimise your DigiLocker integration and ensure reliable document verification:

User experience: Provide clear instructions about the DigiLocker process to reduce abandonment rates and improve completion.
Link management: Monitor link expiry times and implement retry mechanisms for expired verification attempts.
Consent handling: Respect user consent decisions and provide alternative verification methods if DigiLocker consent is denied.
Data compliance: Implement proper data retention policies following DPDP Act guidelines for document verification records.
Error recovery: Build robust error handling for network issues, government service downtime, and authentication failures.
Security measures: Store API credentials securely and use HTTPS for all webhook endpoints and redirect URLs.
Status monitoring: Implement real-time status checking to provide users with verification progress updates.
Fallback options: Offer alternative verification methods when DigiLocker is unavailable or users can’t complete the flow.
Document validation: Cross-verify retrieved document data with your existing user information for additional security.
Performance optimisation: Cache verification results appropriately while respecting data privacy regulations.

Secure ID

Documentation Index

​Use cases

​Key benefits

​Verification process

​Understanding document types

​Best practices

Use cases

Key benefits

Verification process

Understanding document types

Best practices