Myinfo v3

Logical overview of Myinfo v3

Understanding OAuth 2.0 flow for Myinfo APIs

Integrating with Myinfo requires your application to invoke 3 different APIs as part of the OAuth2.0 authorisation code flow:

1. Authorise

This API triggers the Singpass authentication process, followed by presenting a consent page to the user to obtain explicit consent from the user to allow his/her personal details to be released to your application.

At the end of this process, our system will return to you a short-lived "authorisation code".

This API is triggered over the browser via 302 redirect.

2. Token

This API is invoked by your application server to obtain an "access token", which can be used to call the person API for the actual data. Your application needs to provide a valid "authorisation code" from the authorise API in exchange for the "access token".

The "access token" will be valid for 30 minutes.

This API is a server-to-server call (does not go through browser)

3. Person

This API returns a JSON response with the personal data that was requested. Your application needs to provide a valid "access token" in exchange for the JSON data. Once your application receives this JSON data, you can use this data to populate the online form on your application.

This API is a server-to-server call (does not go through browser)

End-to-end Myinfo sequence diagram

Last updated

Was this helpful?