Singpass Developer Docs
Legacy Myinfo v3/v4
Legacy Myinfo v3/v4
  • Legacy Myinfo v3/v4
  • Data Catalog
  • Key Principles
  • Technical Specifications
    • Myinfo v4
      • Difference between v3 and v4
      • Technical Guidelines
      • Technical Concepts
        • OAuth 2.1 Concepts
        • Proof of Key Code Exchange (PKCE)
        • JSON Web Token (JWT)
        • Client Assertions
        • JSON Web Key Store (JWKS)
        • Demonstration of Proof-of-Possession (DPoP)
      • API Specifications
      • Tutorials
        • Tutorial 1: Myinfo Person sample Data
        • Tutorial 2: End-to-end Integration with Myinfo v4 APIs
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
    • Myinfo v3
      • Technical Guidelines
      • API Specifications
      • Latest X.509 Public Key Certificate
      • Tutorials
        • Tutorial 1: Basic Person API
        • Tutorial 2: Using OAuth2
        • Tutorial 3: Implementing PKI Digital Signature
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
Powered by GitBook
On this page

Was this helpful?

  1. Technical Specifications
  2. Myinfo v4

Difference between v3 and v4

PreviousMyinfo v4NextTechnical Guidelines

Last updated 2 months ago

Was this helpful?

The diagram below highlights the end to end flow of v4 APIs with key changes:

Myinfo v4 APIs bring about improved security posture, standards and features.

For the comprehensive list of changes, refer to our .

v3
v4
Justification

-

Proof of Key Code Exchange (PKCE) (Reference : )

Improve security posture between /authorize and /token by protecting against authcode injection

X.509 Certificate public keys

JSON Web Key Store (JWKS) (Reference : )

Enable minimal disruption on key rotations

PKI Base string signing

Client Assertions (Reference : )

Alignment to international standards

-

Demonstration of Proof-of-Possesion (DPoP) (Reference : )

Improve security posture between /token and /person by proving legitimacy of possession for access token before data can be released

API Specs Release notes
PKCE
JWKS
Client Assertions
DPoP