Cashfree’s DigiLocker integration enables businesses to seamlessly retrieve and verify government-issued documents through DigiLocker. This guide walks you through the steps to integrate Cashfree’s DigiLocker APIs into your application. With this integration, you can securely access user-consented documents such as Aadhaar, PAN, driving licence, and other records, improving onboarding speed and ensuring regulatory compliance.
DigiLocker access is strictly based on user consent and is compliant with the Digital Personal Data Protection Act (DPDPA), 2023.

DigiLocker verification flow

Follow the steps below to verify your customers using DigiLocker:

1. Verify DigiLocker account

Use the Verify Account API to check whether the user’s Aadhaar number or mobile number is linked with a DigiLocker account.
  • If an account exists, continue with the sign-in flow.
  • If not, continue with the sign-up flow.
Use the Create URL API to generate a DigiLocker consent URL.
  • Cashfree returns a unique, time-sensitive URL for DigiLocker login and document-consent sharing.
  • The URL is valid for 10 minutes from the time of generation.
  • Redirect the customer to the DigiLocker URL (in browser or WebView).
  • The customer logs in using their Aadhaar number or Aadhaar-linked mobile number and enters the OTP.
  • On successful login, DigiLocker shows a consent screen.
  • The user reviews and approves the document-sharing request.

4. Check verification status

Use the Get Verification Status API with the verification_id or reference_id to retrieve the current status. Possible status values:
  • PENDING: User hasn’t completed the verification process.
  • AUTHENTICATED: User has logged in and given consent.
  • EXPIRED: Link expired before the process was completed.
  • CONSENT_DENIED: When user rejects or denies consent.

5. Retrieve document

Once the user has successfully logged in and provided consent, call the Get Document API to fetch verified documents like Aadhaar, PAN, or driving license.

Aadhaar via DigiLocker flow

The Aadhaar via DigiLocker flow allows businesses to securely retrieve Aadhaar documents by verifying users through their DigiLocker accounts. Follow the below steps to fetch the required details:
  1. The user selects Aadhaar via DigiLocker on the merchant dashboard.
  2. The user enters their Aadhaar number.
  3. The system checks if a DigiLocker account exists using the Verify Account API.
    • If account exists → Sign-in flow.
    • If not → Sign-up flow.
  • Sign-up flow: This is a PIN-based flow where the user must set a DigiLocker PIN. If the DigiLocker account already exists, the user is required to enter their existing PIN.
  • Sign-in flow: Also referred to as the PIN-less flow, where the user can complete the login using only an OTP.

Sign-in flow

The sign-in flow enables users with an existing DigiLocker account to log in using their Aadhaar-linked credentials and provide consent to share documents. Steps are as follows:
  1. Call the Create URL API to generate the login consent link.
  2. User logs in using Aadhaar and OTP.
  3. User provides consent on DigiLocker.
  4. Use Get Verification Status API to confirm.
  5. Retrieve Aadhaar data using the Get Document API.
SI1

SI2

SU4

Sign-up flow

The sign-up flow guides users without an existing DigiLocker account to create one, set a PIN, and provide consent to share their Aadhaar documents. Steps are as follows:
  1. Call the Create URL API to generate sign-up consent link.
  2. User lands on the Digilocker page and enters the OTP.
  3. User sets DigiLocker PIN in case of new account is being created and if account exists, user resets PIN via OTP.
  4. User provides document-sharing consent.
  5. Use Get Verification Status API to confirm.
  6. Retrieve Aadhaar document using the Get Document API.
SU1

SU2

SU3

SU4

Webhook support

You will receive webhooks for every stage of the DigiLocker verification lifecycle, including status updates and completion callbacks.

Summary

Provides a summary of all APIs involved in the flow:
StepAPI usedDescription
1Verify Account APIChecks if Aadhaar is linked with DigiLocker
2Create URL APIGenerates DigiLocker consent URL
3Get Verification Status APIChecks status: PENDING, AUTHENTICATED, EXPIRED, CONSENT_DENIED
4Get Document APIFetches verified user documents

Edge cases

Provides a summary of edge cases involved in the flow:
StepEdge caseScenarioRoot causeResolution
1eaadhaar not available in DigiLockerThe eaadhaar field in the API response returns ‘N’.Indicates that the user’s Aadhaar document isn’t currently available in their DigiLocker account.Instruct the user to log in to DigiLocker and complete their profile by linking their Aadhaar. Once linked, fetch the document using the Get Document API.
2Can be accessed label appears on consent screenThe DigiLocker consent screen displays the label Can be accessed next to a document.Indicates that the document isn’t currently present in the user’s DigiLocker. This status implies that while the document is eligible to be linked, it hasn’t yet been fetched or issued to the account.Instruct the user to log in to DigiLocker and link the issued document manually from the issuing authority. Once linked, retrieve the document using the Get Document API.

Edge case 2