Screen 3: DigiLocker Consent
The customer has entered their PAN (Permanent Account Number) and DOB (Date of Birth), and tapped submit. Now the app redirects them to DigiLocker (Government of India’s digital document platform) — a government portal where they will authenticate with their Aadhaar number and a fresh OTP (One-Time Password). From the customer’s perspective, they are simply granting consent to share their documents. From the system’s perspective, this is the single most productive step in the entire journey: zero fields typed by the customer, yet approximately 25 identity fields harvested in one shot. Meanwhile, the four API calls fired on Screen 2 are completing in the background.
Purpose: Consent-based fetch of Aadhaar XML + PAN document.
This is the only screen where the customer leaves your app. They are redirected to the DigiLocker portal, where they enter their Aadhaar number and verify with an OTP sent to their Aadhaar-linked mobile. Once they grant consent, DigiLocker returns them to your app with a rich payload of identity data.
User Input
Section titled “User Input”0 fields — the user enters their Aadhaar number + OTP on the DigiLocker portal (not our app). A fresh Aadhaar OTP is sent here.
The table below shows exactly what comes back from DigiLocker. Every one of these fields arrives pre-verified by the government, which means you do not need to run separate verification on them.
Data Harvested (~25 fields with zero effort)
Section titled “Data Harvested (~25 fields with zero effort)”| Field | Source |
|---|---|
| Name (first / middle / last / full) | Aadhaar XML |
| Date of Birth | Aadhaar XML |
| Gender | Aadhaar XML |
| Photo | Aadhaar XML |
| Father’s Name | Aadhaar XML |
| Full Address (8 fields) | Aadhaar XML |
| POI auto-set (Aadhaar) | Derived |
| POA auto-set (Aadhaar) | Derived |
The placement of this screen is not arbitrary. It is one of the most deliberate architectural decisions in the entire system.
Timing is Deliberate
Section titled “Timing is Deliberate”This 60-second buffer (redirect + consent + return) is exactly the time needed for all 4 async API calls from Screen 2 to complete. By the time the user returns from DigiLocker, PAN verification, KRA (KYC Registration Agency) lookup, CKYC (Central KYC) search, and AML (Anti-Money Laundering) screening results are all available.
Now let us look at the vendor options for DigiLocker integration. The choice here also affects your eSign and Video KYC capabilities, since several vendors bundle these together.
Vendor Comparison: Aadhaar / DigiLocker
Section titled “Vendor Comparison: Aadhaar / DigiLocker”Aadhaar / DigiLocker
| Vendor | Product | Key Differentiator |
|---|---|---|
| Digio Recommended | DigiKYC + DigiLocker | Full-stack KYC orchestration. One SDK for DigiLocker + eSign + Video KYC + KRA + CKYC. MeitY-approved partner. |
| Decentro Alternate | DigiLocker Suite + SSO | Unified API across PAN + bank + DigiLocker + CKYC. Single vendor for multiple use cases. |
| Setu New | KYC Data Bundle + OKYC | Aadhaar Redundancy API: auto-failover between supply partners for higher success rates. AA market leader. |
| NPCI e-KYC Setu New | e-KYC Setu System | No AUA/KUA license needed. Privacy-first: broker gets masked Aadhaar + demographics only. SEBI allowed Jun 2025. |
Full spec: DigiLocker Integration