UAE Pass

UAE Pass is the UAE's national digital identity solution, providing secure and seamless access to government and private sector services. It simplifies authentication with a single digital identity, reducing complexity and enhancing security.

This guide explains how to integrate with the UAE Pass API, including endpoints, authentication, error handling, and best practices.

Key Features

Unified Identity: Access multiple services with one secure login.
Enhanced Security: Advanced encryption and multi-factor authentication.
Easy Integration: Streamlined APIs for quick deployment.
Future-Ready: Supports the UAE’s smart digital economy vision.

Services

Authentication: Verify user identity.
Digital Signing: Enable legally valid digital document signing.

Usage Flow

Choose a service
Send a corresponding request in the Request Data folder
Send follow up request(s)* to Polling/Poll Data

Integrate UAE Pass to deliver secure and efficient digital experiences.

Authentication

post

Retrieves user identity details following a successful UAE Pass login.

Authorizations

x-client-idstringRequired

Client ID in x-client-id header.

x-client-secretstringRequired

Client Secret in x-client-secret header.

Body

redirectstringRequired

Redirect URI after user authorization.

Browser: https URL to your website.

Mobile: Universal link (your-app://) or app scheme.

Example: https://www.yourwebsite.com/callback

scopestringOptional

List of values, separated by spaces, that represent the scope of the authorization that the application wants to obtain. It queries the scopes required for accessing the resources or services in question. Available scopes: sub, fullnameAR, gender, mobile, lastnameEN, fullnameEN, uuid, lastnameAR, idn, nationalityEN, firstnameEN, userType, nationalityAR, firstnameAR, email. (To be shared by UAEPASS Team if its value is other than specified in sample above)

Example: sub fullnameEN email mobile

langstring · enumOptional

UAE Pass display language, case sensitive

Example: enPossible values:

sourcestring · enumRequired

Platform source for the authentication request

Example: PC_BrowserPossible values:

Responses

200

Success

application/json

tokenstringRequired

JWT token for polling authentication status

oAuthUrlstring · uriRequired

UAE Pass authorization URL to redirect user to

400

Bad Request - Invalid input parameters

application/json

500

Internal Server Error

application/json

post

/uaepass/request/auth

POST /uaepass/request/auth HTTP/1.1
Host: sandbox.staging-api.fill-easy.com
x-client-id: YOUR_API_KEY
x-client-secret: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 67

{
  "redirect": "https://google.com",
  "lang": "en",
  "source": "PC_Browser"
}

{
  "token": "text",
  "oAuthUrl": "https://example.com"
}

Poll Data

post

Short poll this endpoint, passing in the token (from endpoints in Request Data folder) to obtain the results.

For authentication, this includes user data. For signing, this provides a link by which the signed document can be obtained.

The response's token is a JWT or JWE depending if there's sensitive personal data. You should handle them like so:

JWT verify* token
JWE decrypt using the private keys that Fill Easy has previously provided.

Please note that the data result is returned only once and is deleted immediately.

*you can try using online decoder like https://jwt.io/

all responses are JWE unless noted otherwise.

Authorizations

x-client-idstringRequired

Client ID in x-client-id header.

x-client-secretstringRequired

Client Secret in x-client-secret header.

Body

tokenstringRequired

JWT token

Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8UPattern: ^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$

Responses

200

Success

application/json

messagestringOptional

dataanyOptional

Response data from UAE Pass

202

Pending - Authentication not yet complete

application/json

400

Bad Request

application/json

post

/uaepass/poll

POST /uaepass/poll HTTP/1.1
Host: sandbox.staging-api.fill-easy.com
x-client-id: YOUR_API_KEY
x-client-secret: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 120

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U"
}

{
  "message": "text",
  "data": null
}

Callback

get

UAE Pass will redirect to this endpoint after user authorization. This endpoint then redirects the user again to the original redirect URI provided in the /uaepass/request/auth request, appending the authorization code and state as query parameters.

Responses

302

Redirect to client application

400

Bad Request

application/json

get

/uaepass/callback

GET /uaepass/callback HTTP/1.1
Host: sandbox.staging-api.fill-easy.com
Accept: */*

No content

UAEPass Logout

post

Authorizations

x-client-idstringRequired

Client ID in x-client-id header.

x-client-secretstringRequired

Client Secret in x-client-secret header.

Body

redirectstringRequired

Redirect URI after user authorization.

Browser: https URL to your website.

Mobile: Universal link (your-app://) or app scheme.

Example: https://www.yourwebsite.com/callback

Responses

200

Success

application/json

logoutUrlstring · uriRequired

UAE Pass logout URL to redirect user to

400

Bad Request - Invalid input parameters

application/json

500

Internal Server Error

application/json

post

/uaepass/logout

POST /uaepass/logout HTTP/1.1
Host: sandbox.staging-api.fill-easy.com
x-client-id: YOUR_API_KEY
x-client-secret: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 45

{
  "redirect": "https://yourapp.com/logged-out"
}

{
  "logoutUrl": "https://example.com"
}

Last updated 1 day ago

Good morning

hashtagKey Features

hashtagServices

hashtagUsage Flow

hashtagAuthentication

hashtagPoll Data

hashtagCallback

hashtagUAEPass Logout

Key Features

Services

Usage Flow

Authentication

Poll Data

Callback

UAEPass Logout