Singpass Developer Docs
Legacy Myinfo v3/v4
Legacy Myinfo v3/v4
  • Legacy Myinfo v3/v4
  • Data Catalog
  • Key Principles
  • Technical Specifications
    • Myinfo v4
      • Difference between v3 and v4
      • Technical Guidelines
      • Technical Concepts
        • OAuth 2.1 Concepts
        • Proof of Key Code Exchange (PKCE)
        • JSON Web Token (JWT)
        • Client Assertions
        • JSON Web Key Store (JWKS)
        • Demonstration of Proof-of-Possession (DPoP)
      • API Specifications
      • Tutorials
        • Tutorial 1: Myinfo Person sample Data
        • Tutorial 2: End-to-end Integration with Myinfo v4 APIs
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
    • Myinfo v3
      • Technical Guidelines
      • API Specifications
      • Latest X.509 Public Key Certificate
      • Tutorials
        • Tutorial 1: Basic Person API
        • Tutorial 2: Using OAuth2
        • Tutorial 3: Implementing PKI Digital Signature
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
Powered by GitBook
On this page
  • Q1. Can I change the callback URL in the sample app, what should I do?
  • Q2. I encountered an error while developing my digital service integrating with Myinfo APIs, who can I contact?
  • Q3. My Enterprise Architecture design requires whitelisting of Myinfo APIs IP address. What is the IP address that I should whitelist?
  • Q4. How frequent does Myinfo APIs get updated? How do I get notified when there is a new version of Myinfo APIs? Can I continue to use the older API version even if a newer version is released?
  • Q5. Does Myinfo APIs support native mobile application?
  • Q6. Is there any requirement for the X.509 public key? Can we use the same X.509 certificate for our staging and production environments?
  • Q7: What type of digital certificate should I obtain for integrating with Myinfo?
  • Q8: Can I use a Web SSL certificate for integrating with Myinfo?
  • Q9. I am trying to decrypt the JWE response string returned from Myinfo Person API. However, I am getting the following error message:
  • Q10. My architecture design requires trusting of Myinfo web SSL certificate. Where can I retrieve the certificate?
  • Q11. What are the requirements for callback URLs in the app configurations submission?
  • Q12. How may I test that my app is able to support cases where additional security verification with Singpass Face Verification is required?
  • Q13. What are the supports available for me to conduct performance testing?
  • Q14. What is the Myinfo v3 certificate change about?
  • Q15. Who do I contact if I require more details?

Was this helpful?

  1. Technical Specifications
  2. Myinfo v3

FAQ

PreviousError Codes

Last updated 1 month ago

Was this helpful?

Q1. Can I change the callback URL in the sample app, what should I do?

If your digital service has not onboarded with Myinfo, please use while you are prototyping.

If your digital service has onboarded with Myinfo, please use the callback URLs that have been configured for you.


Q2. I encountered an error while developing my digital service integrating with Myinfo APIs, who can I contact?

For troubleshooting, you may refer to the with the possible causes.

Please submit a request at if you encounter error with the implementation.


Q3. My Enterprise Architecture design requires whitelisting of Myinfo APIs IP address. What is the IP address that I should whitelist?

Myinfo APIs does not support IP whitelisting as our API Gateway is using dynamic IPs. Please whitelist the following Fully Qualified Domain Names (FQDN) instead:

  • test.api.myinfo.gov.sg

  • api.myinfo.gov.sg


Q4. How frequent does Myinfo APIs get updated? How do I get notified when there is a new version of Myinfo APIs? Can I continue to use the older API version even if a newer version is released?

The Government plans to make Myinfo more useful for digital transactions by progressively including other frequently-used profile data.

When a new version of APIs is released, there will be a transition period for digital services to migrate to the latest version. The earlier API version is usually deprecated 6 months after the new version is released.

Please ensure that your support emails are registered in your app to receive important announcement such as Myinfo new version or new data items release.


Q5. Does Myinfo APIs support native mobile application?

Myinfo APIs currently only support web-based integration.


Q6. Is there any requirement for the X.509 public key? Can we use the same X.509 certificate for our staging and production environments?

Due to security reasons, please use:

  • Keys that are from a compatible CA (i.e. self-signed keys are not supported)

  • Different keys for staging and production environments

You may use the same X.509 public key for different products/services that integrate with Myinfo, as long as different keys are used for staging and production environments.


Q7: What type of digital certificate should I obtain for integrating with Myinfo?

Integration with Myinfo requires X.509 certificate that can produce RS256 digital signature for the purpose of server to server communication.


Q8: Can I use a Web SSL certificate for integrating with Myinfo?

Web SSL certificate proves the authenticity of a domain. As integration with Myinfo is a server to server, the certificate should be issued to your company and not to a domain.


Q9. I am trying to decrypt the JWE response string returned from Myinfo Person API. However, I am getting the following error message:

*A256M is not valid algorithm*

The library that you are using to decrypt the response string might not support A256GCM algorithm. Please use a library that supports the algorithm.


Q10. My architecture design requires trusting of Myinfo web SSL certificate. Where can I retrieve the certificate?


Q11. What are the requirements for callback URLs in the app configurations submission?

Please note the following requirements for callback URLs submission:

  • Use different callback URLs in staging and production environments.

  • Use static callback URLs (i.e. dynamic callback URLs are not supported)

  • Use Fully Qualified Domain Names (FQDN) for both the staging and production callback URLs (i.e. static IP address or port numbers in callback URLs are not supported)

  • Multiple callback URLs may be submitted for each environment.


Q12. How may I test that my app is able to support cases where additional security verification with Singpass Face Verification is required?

To ensure that SFV works for your Myinfo user journeys, you may verify that camera permissions are enabled through the following methods:

  1. Staging: Test additional Singpass Face Verification through the link provided on the Mockpass page

  2. Production: Test that SFV works for the Myinfo user journey on different modalities (e.g. mobile/computer browser, native mobile app). You can test SFV through the following steps: a. Initiate the Myinfo user journey in your linked up service with the above App IDs b. Log in with your Singpass ID and password instead of the QR code c. Select Singpass Face Verification as the 2FA method instead of SMS OTP


Q13. What are the supports available for me to conduct performance testing?


Q14. What is the Myinfo v3 certificate change about?

The last Myinfo v3 X.509 Public Key Certificate have expired on 7th Nov 2024.

  1. After the new certificate is integrated with your digital service, return to App Details page in Singpass Developer Portal and toggle to switch to the new certificate.

Please take note that Step 2 is to be performed immediately after Step 1 is completed.


Q15. Who do I contact if I require more details?

We recommend that your application trust / pin against the instead, as the web SSL certificates will be renewed from time to time.

Performance Testing in Production environment is strictly not allowed. Please submit a request at if you are planning to conduct performance testing in Test environment.

Please and integrate the new certificate with your digital service.

If you have any other query, please submit a request at .

http://localhost:3001/callback
error codes page
partnersupport.singpass.gov.sg
root certificates
partnersupport.singpass.gov.sg
download the new certificate
partnersupport.singpass.gov.sg