|
| 1 | +# Aadhaar Integration - ServiceNow Integration |
| 2 | + |
| 3 | +A **production-ready ServiceNow Script Include** for **Aadhaar verification** and **eKYC**, utilizing a **Connection & Credential Alias** for secure, secret-free integration. |
| 4 | + |
| 5 | +⚠️ **Compliance Warning:** Adherence to **UIDAI regulations**, the **IT Act**, **DPDP**, and your provider's terms is mandatory. Always obtain **explicit user consent** before performing any verification. |
| 6 | + |
| 7 | +--- |
| 8 | + |
| 9 | +## 🎯 Key Features |
| 10 | + |
| 11 | +This script provides a complete flow for secure Aadhaar integration: |
| 12 | + |
| 13 | +| Feature | Methods | Description | |
| 14 | +| :--------------------- | :------------------------- | :------------------------------------------------------------------------------- | |
| 15 | +| **OTP eKYC Flow** | `sendOtp()`, `verifyOtp()` | Multi-step process with built-in session management (expiry, replay protection). | |
| 16 | +| **Demographic Check** | `verifyDemographic()` | Verify identity (Name, DOB, Gender) _without_ OTP. Returns a match score. | |
| 17 | +| **Document Retrieval** | `getDocument()` | Downloads Aadhaar XML/PDF (supports encrypted documents). | |
| 18 | +| **Status Tracking** | `checkStatus()` | Queries the status of any ongoing verification session. | |
| 19 | + |
| 20 | +### 🔒 Security & Compliance Built-in |
| 21 | + |
| 22 | +- **No Hardcoded Secrets:** Uses **Connection & Credential Alias** (`aadhaar_api`). |
| 23 | +- **Data Masking:** Hides Aadhaar/mobile numbers in logs (e.g., `XXXX-XXXX-1234`). |
| 24 | +- **Audit Logging:** Comprehensive logging of purpose, actor, consent, and outcome. |
| 25 | +- **Consent Tracking:** Persistent tracking of the user's consent statement and timestamp. |
| 26 | + |
| 27 | +--- |
| 28 | + |
| 29 | +## 🛠️ Setup & Configuration |
| 30 | + |
| 31 | +1. **Create Connection & Credential Alias:** |
| 32 | + |
| 33 | + - **Name:** `aadhaar_api` (or your chosen alias). |
| 34 | + - **Base URL:** Your provider's base endpoint (`https://api.provider.tld`). |
| 35 | + - **Auth:** Configure credentials (API Key, OAuth, Basic) as per your provider. |
| 36 | + |
| 37 | +2. **Configure Endpoints (In Script):** Map your provider's API paths inside the Script Include: |
| 38 | + ```javascript |
| 39 | + var endpoints = { |
| 40 | + otpSend: "/aadhaar/otp/send", |
| 41 | + otpVerify: "/aadhaar/otp/verify", |
| 42 | + // ... and others |
| 43 | + }; |
| 44 | + ``` |
| 45 | +3. **Set Timeouts & Retries:** Configure `timeoutMs` (default 8000) and `retries` (default 2) to manage reliability. |
| 46 | + |
| 47 | +--- |
| 48 | + |
| 49 | +## 🚀 Usage Examples |
| 50 | + |
| 51 | +Use from a **Background Script** or any server-side logic: |
| 52 | + |
| 53 | +```javascript |
| 54 | +var sa = new SmartAadhaar(); |
| 55 | +
|
| 56 | +// 1. Send OTP & Get Session ID |
| 57 | +var s1 = sa.sendOtp({ |
| 58 | + uid: "123412341234", |
| 59 | + purpose: "eKYC for onboarding", |
| 60 | + consent: true, |
| 61 | +}); |
| 62 | +
|
| 63 | +// 2. Verify OTP (using session_id from s1) |
| 64 | +var s2 = sa.verifyOtp({ |
| 65 | + uid: "123412341234", |
| 66 | + otp: "123456", |
| 67 | + session_id: s1.data.session_id, |
| 68 | +}); |
| 69 | +if (s2.ok) { |
| 70 | + gs.info("eKYC success for: " + s2.data.name); |
| 71 | +} |
| 72 | +``` |
| 73 | + |
| 74 | +## API Reference |
| 75 | + |
| 76 | +All methods return a normalized envelope: |
| 77 | +`{ ok:Boolean, code:Number, message:String, data:Object }` |
| 78 | + |
| 79 | +| Method | Purpose | Required Parameters | |
| 80 | +| :--------------------- | :------------------------ | :----------------------------- | |
| 81 | +| `sendOtp(p)` | Initiate OTP flow | `uid`, `purpose`, `consent` | |
| 82 | +| `verifyOtp(p)` | Verify OTP and fetch eKYC | `uid`, `otp`, `session_id` | |
| 83 | +| `verifyDemographic(p)` | Demographic match w/o OTP | `uid`, `name`, `dob`, `gender` | |
0 commit comments