|Purpose||To clarify the purpose of the Central Registry Service|
|Description||To enable seamless technical interoperability between AA participants, automated discovery of each other’s “addresses” on the network is a must.
The Central Registry is a list of the public IPs published by each network participant, stored securely, in a highly-available environment. It offers an API to other enlisted AA participants (only), for them to pull the public IPs (and other metadata) of participants they have to connect to.
In addition to public IPs of each participant, the Central Registry also stores and provides the public key (used for validating digital signatures) and other metadata (e.g. Customer Identifier types, Financial information types – supported by FIPs) that are necessary for AAs/FIUs/FIPs to have access to.
The Central Registry is a Digital Common, i.e. it is not proprietary to any entity in the network nor to Sahamati. Sahamati however takes responsibility for hosting the registry in a secure, highly-available environment.
|Purpose||To clarify the purpose of the Token Issuance Feature|
|Description||An adjunct to the Central Registry Service is a Token Issuance Feature.
The open API specifications published by ReBIT mandate that API call authorization is done on the basis of callers being authenticated via API tokens presented by them.
Such API tokens ought to be issued and validated using a standard protocol to ensure authentication and authorization mechanisms are uniformly applied amongst all participants in the AA network.
The AA community has therefore devised the following mechanisms:
The Token Issuance feature, as the name suggests, only issues short-lived API tokens to API callers. It does not validate tokens and as such, is not used by API providers for authorising API calls.
|Purpose||To clarify if the Central Registry is a “Switch” that mediates every transaction in the AA network or not|
|Description||The Central Registry is NOT a switch.
AA participants call the Central Registry API on a periodic basis – typically, once a day – to cache the information of the registry locally.
No API call in the network goes via the Central Registry.
Likewise, the Token Issuance Feature (API) is called by AA participants, once in 24 hours. The short-lived, 24 hour token is then used by AA participants as part of their API headers.
API calls between AA participants are exchanged without an interaction with the Token Issuance service.
|Purpose||To clarify the prerequisites for participants to be listed in the Central Registry and for them to use the APIs|
|Description||The Central Registry (and Token Service) offers two environments:
A UAT environment – which is open to all participants (and technology service providers) looking to test their systems before going-live in the AA network
For an entity to be listed in the Central Registry, it needs to furnish a copy of the Certificate of Registration (CoR) issued to it, by any of the four financial sector regulators (RBI, SEBI, IRDAI, PFRDA).
In addition, a checklist of implementation best practices (technical, legal) devised by the community are verified to ensure adherence to the same, to prevent grievances by citizens or disputes within participants post go-live.
Non-compliances with the checklist are recommended to be resolved before an entity participates at scale in the ecosystem.