Mimoto

Mimoto is a BFF(Backend for Frontend) for Inji Mobile. It's being used to get default configuration, download verifiable credentials (VC) and activate VC. It provides all necessary APIs to the Inji Mobile and acts as a proxy for resident services. Mimoto gets the request from Inji Mobile, performs all the validations and forwards it to respective services. Additionally, it subscribes to the web-sub event to be able to download the VC once it's ready.

Detailed API documentation of Mimoto is available here.

Support for downloading VC from multiple Issuers

To get a list of issuers, this API is called. For retrieving the credential types and display properties, .well-known location is referred for every issuer from the mimoto-issuers-config.json

Download via eSignet

Inji Mobile allows the users to download VC by redirecting the user to eSignet UI. Multiple APIs are being called to complete the process in the backend.

Inji Mobile initiates authenticate API by redirecting users to eSignet UI. On eSignet UI, user is given option to enter the unique ID, the user is asked to enter an OTP on the next screen. In the backend, token API is called to get a token. Refer here for more details.
After getting a token response, Inji Mobile initiates a download request. Refer here

Activate credentials

Credentials have to be activated in order to use them for online login. When a user selects Activate option, an OTP is sent to the user and credentials are activated.

To send an OTP to a user, the below API is called.

Wallet Binding - Generate Otp

This api is used to generate otp for wallet binding. This api is used as a proxy to call Identity Provider - Send Binding OTP Endpoint api internally.

POSThttps://api.collab.mosip.net/residentmobileapp/binding-otp

Body

requestTimestring

requestobject

Response

Body

idstring

versionstring

responsetimestring

metadataobject

responseobject

Request

const response = await fetch('https://api.collab.mosip.net/residentmobileapp/binding-otp', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "requestTime": "{{$isoTimestamp}}",
      "request": {
        "individualId": "3816083254",
        "otpChannels": [
          "EMAIL"
        ]
      }
    }),
});
const data = await response.json();

Response

{
  "id": "text",
  "version": "text",
  "responsetime": "text",
  "response": {
    "maskedEmail": "text",
    "maskedMobile": "text"
  }
}

After successful OTP validation, a keypair is generated in the phone and the public key is synced with server. The mimoto receives a certificate and create thumbprint which it stores in the keystore securely. This is called as the activation process.

Wallet Binding - Bind Credential with wallet

This api is used to bind the credential with wallet. This api is used as a proxy to call Identity Provider - Wallet binding Endpoint api internally.

POSThttps://api.collab.mosip.net/residentmobileapp/wallet-binding

Body

requestTimestring

The request time

requestobject

Response

Body

versionnullable string

idnullable string

responsetimenullable string

metadatanullable string

responseobject

errorsarray of object

Request

const response = await fetch('https://api.collab.mosip.net/residentmobileapp/wallet-binding', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "requestTime": "2023-01-17T05:38:41.869Z",
      "request": {
        "authFactorType": "WLA",
        "format": "jwt",
        "individualId": "3816083254",
        "publicKey": "-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAxo8hdrLl6nXyPSeSJu8xgmBBwVutacZS57rmIlHeKJfjYhKLT51v\n0k2IQqN2v6A3HOZqzKXh41p3RrxdSndkqqHwS0BLEVPNpKqYoEbe0tUICDpDSFaa\n7w87Z/OSGrw8bKpxmUT0xZ70+DGPhnWlMvPV5xenG1bVtf/vEq7cwQei1iNbNQRb\nqw/57e9LgmXdmbh/v5XOllT7rlUFmVFm4V4J3u6NH9iOPGlIKTplBlYyxlx6ayaR\n09Z6z4RJICG1MIipCv5qJwuzzXXpBja6gEG4xsN5K4W6b5GLt3IuzMMaQmReseRR\n46s53vBp7aqq1wrjs/CZ1SZqZ5ZG/nUchjTv+Nir0vPR9acvPB5j5qDgfdVz2sT/\nYL1HoeFPOIgcY1ydz+tUBm9F4AMCMZa7GbEmtAIWvxlQp6emo50/opdb51B3Teh3\neVQ+JqYYhOpuTEv0uHfhonXEsNfpGyttjR0FSAH2c6mI6UULi/PfLgcvKuqkhE+7\nlB0SFd852C993GqsY7qfxW1GvJpXYRvo6oRoFO8sj+St36MkmzJbm56AQn/9KWd5\nRLh13xrIUVRnW48y/Blchw/C68Ez1bmCyDeVe1WBPwel0zPl62jCtKawzCQiZcTL\n/ejmlKFHKQd980MwWN18OVakKU52CkO0NT+9ovgi0TRfLKvG6PQ1qGECAwEAAQ==\n-----END RSA PUBLIC KEY-----\n",
        "challengeList": [
          {
            "authFactorType": "OTP",
            "challenge": "111111",
            "format": "alpha-numeric"
          }
        ]
      }
    }),
});
const data = await response.json();

Response

{
  "version": "text",
  "id": "text",
  "responsetime": "text",
  "metadata": "text",
  "response": {
    "certificate": "text",
    "encryptedWalletBindingId": "text",
    "expireDateTime": "text",
    "thumbprint": "text",
    "keyId": "text"
  },
  "errors": []
}

Configuration

The configurable properties for mimoto can be found at mimoto-default.properties. This property file is maintained as one for each deployment environment. On this repository, each environment configuration is placed in a corresponding branch specific to that environment.

Refer to mimoto-default.properties of Collab environment.

The implementers can choose to use the existing configurations or add new configurations to them.

Issuers Listing

The user is currently on the + button on the Home screen, which will open Add new card screen, where all the issuers are displayed Below issuers list API gives out all the issuers list

This API provides data with search capability to populate the list of supported issuers in Inji Web, which is then displayed under the List of Issuers

GEThttps://api.collab.mosip.net/residentmobileapp/issuers

Query parameters

Response

Body

issuersany

Request

const response = await fetch('https://api.collab.mosip.net/residentmobileapp/issuers', {
    method: 'GET',
    headers: {},
});
const data = await response.json();

Response

{}

To get complete configuration of the specific issuer, below api is called.

This API provides the complete configuration details for the specific issuers passed in the path variable

GEThttps://api.collab.mosip.net/residentmobileapp/issuers/{issuer-id}

Path parameters

issuer-id*string

Response

Body

issuersany

Request

const response = await fetch('https://api.collab.mosip.net/residentmobileapp/issuers/{issuer-id}', {
    method: 'GET',
    headers: {},
});
const data = await response.json();

Response

{}

Last updated 1 month ago