Singpass Developer Docs
Legacy Myinfo v3/v4
Legacy Myinfo v3/v4
  • Legacy Myinfo v3/v4
  • Data Catalog
  • Key Principles
  • Technical Specifications
    • Myinfo v4
      • Difference between v3 and v4
      • Technical Guidelines
      • Technical Concepts
        • OAuth 2.1 Concepts
        • Proof of Key Code Exchange (PKCE)
        • JSON Web Token (JWT)
        • Client Assertions
        • JSON Web Key Store (JWKS)
        • Demonstration of Proof-of-Possession (DPoP)
      • API Specifications
      • Tutorials
        • Tutorial 1: Myinfo Person sample Data
        • Tutorial 2: End-to-end Integration with Myinfo v4 APIs
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
    • Myinfo v3
      • Technical Guidelines
      • API Specifications
      • Latest X.509 Public Key Certificate
      • Tutorials
        • Tutorial 1: Basic Person API
        • Tutorial 2: Using OAuth2
        • Tutorial 3: Implementing PKI Digital Signature
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
Powered by GitBook
On this page
  • Understanding OAuth 2.0 flow for Myinfo APIs
  • 1. Authorise
  • 2. Token
  • 3. Person

Was this helpful?

  1. Technical Specifications

Myinfo v3

PreviousFAQNextTechnical Guidelines

Last updated 2 months ago

Was this helpful?

Understanding OAuth 2.0 flow for Myinfo APIs

Integrating with Myinfo requires your application to invoke 3 different APIs as part of the OAuth2.0 authorisation code flow:

1. Authorise

This API triggers the Singpass authentication process, followed by presenting a consent page to the user to obtain explicit consent from the user to allow his/her personal details to be released to your application.

At the end of this process, our system will return to you a short-lived "authorisation code".

This API is triggered over the browser via 302 redirect.

2. Token

This API is invoked by your application server to obtain an "access token", which can be used to call the person API for the actual data. Your application needs to provide a valid "authorisation code" from the authorise API in exchange for the "access token".

The "access token" will be valid for 30 minutes.

This API is a server-to-server call (does not go through browser)

3. Person

This API returns a JSON response with the personal data that was requested. Your application needs to provide a valid "access token" in exchange for the JSON data. Once your application receives this JSON data, you can use this data to populate the online form on your application.

This API is a server-to-server call (does not go through browser)

Logical overview of Myinfo v3
End-to-end Myinfo sequence diagram