MOSIP Token Seeder
Last updated
Was this helpful?
Last updated
Was this helpful?
MOSIP Token Seeder (MTS) is a standalone service that outputs for a given input list of UIN/VIDs after performing authentication with . The service is a convenience module that makes it easy for to perform bulk authentication to onboard users to their systems. Refer section for details on the usage of MTS.
Bulk upload
Support for multiple and (see diagram below). For instance, a CSV file may be uploaded, and the downloaded file will contain a column with tokens populated.
Support for multiple
REST interface
PII at rest is encrypted. Further, the PII is erased after processing
Works in asynchronous mode - queues all the requests
:
Processes multiple records per request
Processes multiple requests simultaneously
Enables :
Output formatting of fields
Setting up fields as mandatory/optional
Defining data clean-up policy
One of the intended use cases of MTS is to seed existing beneficiary registries for deduplication.
Google Sheets (TBD)
Form.IO Sheets (TBD)
Verifiable Credentials (VC) (TBD)
CSV
JSON
Download
Synchronous response
WebSub (TBD)
SFTP (TBD)
Process multiple records per request
Process multiple requests simultaneously
Output formatting of fields
Setting up fields as mandatory/optional
Defining data clean-up policy
Token seeder is a batch processing module which initiates the token authentication process. Once a new request is enqueued into the token seeder, it fetches the same and sends the request on a record level to the authenticator module. Token seeder is also responsible for updating the success and failure status to the database. There is also a expiry program for clearing off the request already processed from the system based on the expiry settings configured.
based
MTS is capable of processing millions of records per request. There is no specific limitation to the number of records it can handle per request. Refer for details.
MTS processes multiple requests in a simultaneous manner, rather than a sequential pattern. Refer for details.
When MTS receives an authentication and tokenization request, it processes the request and sends out the output, in the requested format. Additionally, whilst formulating the output response, MTS is capable of sending the response back, based on the preferred field mapping. e.g. A request received may carry fields First name and Last name. However, the requesting party may need the response to carry fields as per the mapped naming convention: First name to FN and Last name to LN. MTS enables this requirement, through configuration of the output format template which provides the flexibility to define the field mapping as preferred. Refer for details.
Every request that MTS receives comprises of a set of fields. However, MTS provides the flexibility of defining which field is mandatory/optional as part of the request. This is a one time activity that will have to be carried out at the time of initial installation setup of MTS. Based on this definition, MTS validates each request for the presence of mandatory fields. If this config file is not setup distinctly, then the default IDA setup will be considered. Refer for details. Refer <installation guide> for setup related information.
For each request received and processed, the data is held in MTS. Whilst the data is held in-memory, MTS provides a feature to clean-up the data held and also define the timeframe based on which the data clean-up job may be run. This will help control the volume of data stored and also limit the availability of data for potential security threats. The process of defining the policy is a one time activity that will have to be carried out at the time of initial installation setup of MTS. Refer for details. Refer <installation guide> for setup related information.
Authtoken API is a RESTful interface to accept various auth request input for the Token Seeder system. The API works in a complete asynchronous mode. is returned a request identifier when they make successful authtoken request. Status check API can be used to poll the status of the request placed. In case the status returns a processed state, the output can be accessed, as configured in the primary request for. Eg. If the request was for a file download, the file download API can be called to return the output file. Refer for a detailed API documentation.
Authenticator process takes in a valid authentication request and performs the demographic authentication with the server. Each auth request is well formed, encrypted and signed before its sent to the . It passes on the response received to the caller regardless of the status received. Authenticator module can also be used as a individual library outside of MOSIP token seeder for any use case it applies to.
Refer
Refer
Refer
Refer