Multi-tenant · Government-verified · Production-ready

Nepal's identity layer
for financial institutions

The Nagarik App SDK connects your bank or organisation to Nepal's official government identity platform — turning a three-function server integration into verified, fraud-proof KYC for every customer.

The problem with traditional KYC

Paper forms, branch visits, and document uploads
are costing you customers

Branch-bound onboarding

Customers must visit a physical branch with original documents. Most drop off before completing. You lose the segment that banks online.

Drop-off >60%

Self-reported identity

Document uploads and selfie-checks are fraud-prone. OCR makes errors. Your compliance team manually reviews exceptions for days.

Manual review cost

Government API complexity

Integrating directly with the Nagarik App government API requires NDA approval, dedicated DevOps, and months of security review.

6+ month timeline
How it works

Four steps.
One redirect.
Verified identity.

Your application makes a single redirect to the SDK. Everything else — QR generation, government API handshake, webhook delivery — is handled for you.

1
Your server generates a unique code

Create a correlation code server-side, store it against the current session, then redirect to public-sdk.yajtech.com/?service_key=…&code=…

2
SDK shows your branded QR page

The customer sees your organisation's name, logo, and colours — the SDK fetches branding automatically. They open the Nagarik App and scan.

3
Government verifies in real time

A SockJS WebSocket session monitors the scan. The Nagarik App (Government of Nepal) verifies the citizen's NID or Citizenship document and returns the result.

4
Webhook delivers verified data to you

The SDK POSTs { code, citizen } to your post_url. Match the code to your user, save their profile, return HTTP 200.

Admin panel

Your operations team gets a full dashboard

Log in, create branches, manage services, and monitor every verification attempt — without touching a line of code.

Real-time event log

Every session — QR displayed, scan completed, webhook delivered — logged with timestamp, IP, and full request/response payload. Filter by branch, date, or status.

Per-client branding

Upload your logo and set your primary colour. The QR scan page the customer sees is automatically branded to your organisation — no SDK changes required.

Service key management

Create one service per branch per platform (Web / Mobile). Each generates a unique secret_key. Rotate or revoke without touching your integration code.

Maker / Checker approval workflow

Verified applications enter a queue. A checker reviews and formally approves before the account is opened — satisfying four-eyes compliance requirements out of the box.

Role-based access control

Create roles — Admin, Operator, Viewer — and assign menus per role. Branch users only see their branch's data. Superadmin sees everything.

Open-account UI themes

Fintech Glass — production-ready,
ships with dark & light mode.

Your logo and colours replace Yaj Tech's after setup. Click to open a live preview.

Integration guide

Your developers go live in three server-side steps

No government API account. No NDA. No DevOps setup. Yaj Tech is the approved middleware — your team writes three functions.

1
Generate a code server-side. Use bin2hex(random_bytes(16)) in PHP, uuid4().hex in Python, or crypto.randomBytes in Node. Store it against the session.
2
Redirect to the SDK. Send the user to public-sdk.yajtech.com/?service_key=…&code=…. The SDK handles QR, WebSocket, and the government handshake.
3
Receive the webhook. The SDK POSTs verified citizen data to your post_url. Match the code to the user, save their data, return HTTP 200.
// 1. Start a verification session public function startVerification(Request $req) { $code = bin2hex(random_bytes(16)); session(['nagarik_code' => $code]); $url = "https://public-sdk.yajtech.com/" . "?service_key=YOUR_KEY&code={$code}"; return redirect($url); } // 2. Receive verified data (your post_url) public function nagarikWebhook(Request $req) { $code = $req->input('code'); $citizen = $req->input('citizen'); // citizen: name, dob, nid_number, gender, // father_name, mother_name, mobile … $session = PendingVerification ::where('code', $code)->firstOrFail(); $session->user->update([ 'citizen_data' => $citizen, 'kyc_status' => 'verified', ]); $session->markUsed(); return response()->json( ['received' => true], 200 ); }
Security

Built to satisfy compliance from day one

Server-side code generation

The correlation code is generated on your server, never in the browser. A malicious actor cannot forge a verification result by supplying their own code.

Single-use codes, no replay

Each code is valid for one verification session. Your server marks it used after the first webhook receipt — replayed requests are rejected.

Government-signed identity data

Citizen data comes from the Nagarik App government API — not OCR, not self-reported. The source of truth is Nepal's official NID registry.

IP allowlist for your post_url

Restrict your post_url to declared SDK server IPs and reject everything else at the firewall layer.

PKCE challenge on every session

The SDK generates a fresh PKCE verifier + SHA-256 challenge per QR session. No authorization code can be replayed from a different session.

The SDK supports three data delivery methods — choose the one that fits your existing architecture.

post_and_redirect Post & redirect

SDK POSTs citizen data to your post_url, then redirects the browser to your redirect_url. Recommended for most server-side integrations.

query_params_uuid UUID query param

SDK redirects with a uuid. Your server fetches citizen data asynchronously by calling back to the SDK's scan-result endpoint.

query_params Inline query params

Citizen data is embedded in the redirect URL as query parameters. Useful for mobile-app deep links where a server webhook isn't practical.

Get started

Your bank can be live in under a week

Yaj Tech registers your organisation, sets up your first service with your logo and brand colour, and hands your development team a secret_key. From there, three server-side functions and you're in production.

Contact Yaj Tech
prajul@yajtech.com View live demo

No commitment — we'll walk you through a demo first.