Singpass Developer Docs
Legacy Myinfo v3/v4
Developer Docs for SingpassCIBALegacy Myinfo v3/v4Verify API (legacy)
Legacy Myinfo v3/v4
Developer Docs for SingpassCIBALegacy Myinfo v3/v4Verify API (legacy)
  • Legacy Myinfo v3/v4
  • Data Catalog
  • Key Principles
  • Technical Specifications
    • Myinfo v4
      • Difference between v3 and v4
      • Technical Guidelines
      • Technical Concepts
        • OAuth 2.1 Concepts
        • Proof of Key Code Exchange (PKCE)
        • JSON Web Token (JWT)
        • Client Assertions
        • JSON Web Key Store (JWKS)
        • Demonstration of Proof-of-Possession (DPoP)
      • API Specifications
      • Tutorials
        • Tutorial 1: Myinfo Person sample Data
        • Tutorial 2: End-to-end Integration with Myinfo v4 APIs
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
    • Myinfo v3
      • Technical Guidelines
      • API Specifications
      • Latest X.509 Public Key Certificate
      • Tutorials
        • Tutorial 1: Basic Person API
        • Tutorial 2: Using OAuth2
        • Tutorial 3: Implementing PKI Digital Signature
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
Powered by GitBook
On this page
  • 1. Authorize API
  • 2. Token API
  • 3. Person API

Was this helpful?

  1. Technical Specifications

Myinfo v4

PreviousKey PrinciplesNextDifference between v3 and v4

Last updated 1 month ago

Was this helpful?

Integrating with Myinfo requires your application to invoke 3 different APIs as part of the OAuth2.1 authorization code flow:

1. Authorize API

This API triggers the Singpass authentication process, followed by presenting a consent page to the user to obtain explicit consent from the user to allow his/her personal details to be released to your application.

Our system will return a short-lived "authorization code(authcode)" at the end of this process.

This API is triggered over the browser via the 302 redirect.

2. Token API

Your application server invokes this API to obtain an access_token, which can be used to call the /person API for the actual data. Your application needs to provide a valid authorization code(authcode) from the /authorize API in exchange for the access_token.

The access_token will be valid for 30 minutes.

This API is a server-to-server call (does not go through the browser)

3. Person API

This API returns a JSON response with the personal data that was requested. Your application must provide a valid access_token from the /token API in exchange for the person data.

Once your application receives the person data, you can use this data to populate the online form on your application.

This API is a server-to-server call (does not go through the browser)

Logical overview of Myinfo v4