UAE Pass

UAE Pass is the UAE's national digital identity solution, providing secure and seamless access to government and private sector services. It simplifies authentication with a single digital identity, reducing complexity and enhancing security.

This guide explains how to integrate with the UAE Pass API, including endpoints, authentication, error handling, and best practices.

Key Features

  • Unified Identity: Access multiple services with one secure login.

  • Enhanced Security: Advanced encryption and multi-factor authentication.

  • Easy Integration: Streamlined APIs for quick deployment.

  • Future-Ready: Supports the UAE’s smart digital economy vision.

Services

  1. Authentication: Verify user identity.

  2. Digital Signing: Enable legally valid digital document signing.

Usage Flow

  1. Choose a service

  2. Send a corresponding request in the Request Data folder

  3. Send follow up request(s)* to Polling/Poll Data

Integrate UAE Pass to deliver secure and efficient digital experiences.

Authentication

post

Retrieves user identity details following a successful UAE Pass login.

Authorizations
x-client-idstringRequired

API Key authentication using x-client-id and x-client-secret headers.

x-client-secretstringRequired

The client secret used for API key authentication.

Body
redirectstringRequired

Redirect URI after user authorization.

Browser: https URL to your website.

Mobile: Universal link (your-app://) or app scheme.

Example: https://www.yourwebsite.com/callback
scopestringOptional

List of values, separated by spaces, that represent the scope of the authorization that the application wants to obtain. It queries the scopes required for accessing the resources or services in question. Available scopes: sub, fullnameAR, gender, mobile, lastnameEN, fullnameEN, uuid, lastnameAR, idn, nationalityEN, firstnameEN, userType, nationalityAR, firstnameAR, email. (To be shared by UAEPASS Team if its value is other than specified in sample above)

Example: sub fullnameEN email mobile
langstring · enumOptional

UAE Pass display language, case sensitive

Example: enPossible values:
sourcestring · enumRequired

Platform source for the authentication request

Example: PC_BrowserPossible values:
Responses
200

Success

application/json
post
/uaepass/request/auth
POST /uaepass/request/auth HTTP/1.1
Host: sandbox.staging-api.fill-easy.com
x-client-id: YOUR_API_KEY
x-client-secret: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 67

{
  "redirect": "https://google.com",
  "lang": "en",
  "source": "PC_Browser"
}
{
  "token": "text",
  "oAuthUrl": "https://example.com"
}

Poll Data

post

Short poll this endpoint, passing in the token (from endpoints in Request Data folder) to obtain the results.

For authentication, this includes user data. For signing, this provides a link by which the signed document can be obtained.

The response's token is a JWT or JWE depending if there's sensitive personal data. You should handle them like so:

  • JWT verify* token

  • JWE decrypt using the private keys that Fill Easy has previously provided.

Please note that the data result is returned only once and is deleted immediately.

*you can try using online decoder like https://jwt.io/

all responses are JWE unless noted otherwise.

Authorizations
x-client-idstringRequired

API Key authentication using x-client-id and x-client-secret headers.

x-client-secretstringRequired

The client secret used for API key authentication.

Body
tokenstringRequired

JWT token

Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8UPattern: ^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$
Responses
200

Success

application/json
post
/uaepass/poll
POST /uaepass/poll HTTP/1.1
Host: sandbox.staging-api.fill-easy.com
x-client-id: YOUR_API_KEY
x-client-secret: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 120

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U"
}
200

Success

{
  "message": "text",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U"
}

Callback

get

UAE Pass will redirect to this endpoint after user authorization. This endpoint then redirects the user again to the original redirect URI provided in the /uaepass/request/auth request, appending the authorization code and state as query parameters.

Responses
200

Success

No content
get
/uaepass/callback
GET /uaepass/callback HTTP/1.1
Host: sandbox.staging-api.fill-easy.com
Accept: */*
200

Success

No content

UAEPass Logout

post
Authorizations
x-client-idstringRequired

API Key authentication using x-client-id and x-client-secret headers.

x-client-secretstringRequired

The client secret used for API key authentication.

Body
redirectstringRequired

Redirect URI after user authorization.

Browser: https URL to your website.

Mobile: Universal link (your-app://) or app scheme.

Example: https://www.yourwebsite.com/callback
Responses
200

Success

application/json
post
/uaepass/logout
POST /uaepass/logout HTTP/1.1
Host: sandbox.staging-api.fill-easy.com
x-client-id: YOUR_API_KEY
x-client-secret: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 45

{
  "redirect": "https://yourapp.com/logged-out"
}
{
  "logoutUrl": "https://example.com"
}
PreviousCompany Registry ReportNextLand Registry Report

Last updated