> For the complete documentation index, see [llms.txt](https://docs.openg2p.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.openg2p.org/1.3/spar/features/privacy-and-security.md). # Privacy & Security ### Authentication & authorization SPAR APIs are consumed by two categories of clients 1. Beneficiaries logging on to the Self-Service-Portal (through the Self-Service-Client) and consuming the APIs provided by openg2p-self-service-api 2. Partner systems consuming the Mapper APIs provided by openg2p-spar-mapper-api. These partner systems can be Banks, National Clearing, PBMS/MIS Systems - systems in the G2P chain, using the lookup (resolve) API of Mapper.\ \ The openg2p-spar-self-service-api (of point 1) which serves the self-service-ui, in turn has to consume the mapper APIs. In this context, the openg2p-spar-self-service-api will behave like a partner system ### Transport security using a secure tunnel Security of the payload during transmission (in both cases mentioned above) is handled using the https (SSL) implementation, using PKI.

OpenG2P - SSL and TLS

### Authentication #### Case 1 - Authentication of Beneficiaries (Browser Client Application) consuming self-service-apis This is handled by the Self Service API - integration with an OIDC - OAuth2.0 Login Provider. The beneficiary logs in, into the SPAR Self Service portal, using his/her National ID. The Login Provider authorizes the beneficiary and provides the ID and Access tokens. The subsequent browser requests from the user, then carry these tokens to get access to the APIs. There are two API paths, viz. **auth** and **oauth**, in the self-service-api, that fulfil these functionalities. #### Case 2 - Authentication of Partner Systems consuming mapper-apis (the self-service application that consumes mapper-apis - In this case, the self-service application is treated like a partner system consuming mapper apis) ### Partner authorization #### Onboarding a Partner to consume an OpenG2P API

Partner Onboarding for OpenG2P API

#### API call by Partner

OpenG2P API call from Partner Organization / Partner System

#### JWT Schematic

OpenG2P - JWT Schematic

#### Validation of JWT using MOSIP Key Manager

OpenG2P - Validation of JWT in MOSIP Key Manager

--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.openg2p.org/1.3/spar/features/privacy-and-security.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.