The Nagarik App SDK connects your bank or organisation to Nepal's official government identity platform — turning a three-function server integration into verified, fraud-proof KYC for every customer.
Customers must visit a physical branch with original documents. Most drop off before completing. You lose the segment that banks online.
Drop-off >60%Document uploads and selfie-checks are fraud-prone. OCR makes errors. Your compliance team manually reviews exceptions for days.
Manual review costIntegrating directly with the Nagarik App government API requires NDA approval, dedicated DevOps, and months of security review.
6+ month timelineYour application makes a single redirect to the SDK. Everything else — QR generation, government API handshake, webhook delivery — is handled for you.
Create a correlation code server-side, store it against the current session, then redirect to public-sdk.yajtech.com/?service_key=…&code=…
The customer sees your organisation's name, logo, and colours — the SDK fetches branding automatically. They open the Nagarik App and scan.
A SockJS WebSocket session monitors the scan. The Nagarik App (Government of Nepal) verifies the citizen's NID or Citizenship document and returns the result.
The SDK POSTs { code, citizen } to your post_url. Match the code to your user, save their profile, return HTTP 200.
Log in, create branches, manage services, and monitor every verification attempt — without touching a line of code.
Every session — QR displayed, scan completed, webhook delivered — logged with timestamp, IP, and full request/response payload. Filter by branch, date, or status.
Upload your logo and set your primary colour. The QR scan page the customer sees is automatically branded to your organisation — no SDK changes required.
Create one service per branch per platform (Web / Mobile). Each generates a unique secret_key. Rotate or revoke without touching your integration code.
Verified applications enter a queue. A checker reviews and formally approves before the account is opened — satisfying four-eyes compliance requirements out of the box.
Create roles — Admin, Operator, Viewer — and assign menus per role. Branch users only see their branch's data. Superadmin sees everything.
No government API account. No NDA. No DevOps setup. Yaj Tech is the approved middleware — your team writes three functions.
bin2hex(random_bytes(16)) in PHP, uuid4().hex in Python, or crypto.randomBytes in Node. Store it against the session.public-sdk.yajtech.com/?service_key=…&code=…. The SDK handles QR, WebSocket, and the government handshake.post_url. Match the code to the user, save their data, return HTTP 200.The correlation code is generated on your server, never in the browser. A malicious actor cannot forge a verification result by supplying their own code.
Each code is valid for one verification session. Your server marks it used after the first webhook receipt — replayed requests are rejected.
Citizen data comes from the Nagarik App government API — not OCR, not self-reported. The source of truth is Nepal's official NID registry.
Restrict your post_url to declared SDK server IPs and reject everything else at the firewall layer.
The SDK generates a fresh PKCE verifier + SHA-256 challenge per QR session. No authorization code can be replayed from a different session.
The SDK supports three data delivery methods — choose the one that fits your existing architecture.
SDK POSTs citizen data to your post_url, then redirects the browser to your redirect_url. Recommended for most server-side integrations.
SDK redirects with a uuid. Your server fetches citizen data asynchronously by calling back to the SDK's scan-result endpoint.
Citizen data is embedded in the redirect URL as query parameters. Useful for mobile-app deep links where a server webhook isn't practical.
Yaj Tech registers your organisation, sets up your first service with your logo and brand colour,
and hands your development team a secret_key.
From there, three server-side functions and you're in production.
No commitment — we'll walk you through a demo first.