Gradify Labs
GradifyLabs
NeGD · MeitY · DigiLocker

DigiLocker integrationfor Indian universities

How to onboard as a DigiLocker issuer, implement the Pull URI specification, map credentials to the issued-document envelope, and pair DigiLocker with W3C Verifiable Credentials so students carry a wallet-friendly citizen artefact and a globally verifiable cryptographic proof at the same time.

Why every Indian university should be a DigiLocker issuer

30+ crore Indians already have it

DigiLocker is one of the most-installed government apps in India, with more than 30 crore (300 million) registered users. Pushing credentials there means students can present them from a wallet they already trust — no new login, no new app.

Government-recognised by default

DigiLocker entries carry the same legal weight as the original document under the IT Act, 2000. For most domestic employer verification flows, a DigiLocker pull is sufficient evidence.

OAuth-based citizen consent

Every pull is consented by the citizen via DigiLocker's OAuth flow. Universities cannot push to a citizen who has not authenticated and authorised — DPDP-aligned by design.

Pairs naturally with W3C VC

DigiLocker handles the citizen-facing wallet and government recognition. W3C VC adds cryptographic verification, selective disclosure, and international interoperability. Together they cover every verification scenario.

Issuer onboarding · 6 steps

Becoming a DigiLocker issuer, step by step

From application to citizen pull, here's the path. Steps 1–2 are paperwork; 3–6 are engineering.

1

Apply as Issuer Organisation with NeGD

DigiLocker is operated by the National e-Governance Division (NeGD) under MeitY. Universities apply through the issuer onboarding portal at digilocker.gov.in. The application requires UGC recognition documents, registrar identity, and a designated technical point of contact.

2

Receive Issuer ID and sandbox credentials

After approval (typically 4–8 weeks), the institution receives a unique Issuer ID, sandbox API credentials, and the integration kit. Sandbox lets you push test documents and pull them back via a citizen account before going live.

3

Implement the Pull URI specification

DigiLocker's primary model is 'pull on demand' — citizens authenticate via DigiLocker, request a specific document type, and DigiLocker fetches it from the issuer in real time. The university hosts a Pull URI endpoint; DigiLocker calls it with a signed request; the endpoint returns the document XML.

4

Map your credential schema to DigiLocker XML

Each document type (degree certificate, mark-sheet, transcript) maps to a defined XML envelope with namespaced fields. The W3C Verifiable Credential carries the source-of-truth data; the DigiLocker XML is a wrapper rendered for display in the citizen-facing app.

5

Add the W3C VC backlink

Inside the DigiLocker entry, include a 'verify cryptographically' link pointing to the public verifier with the credential ID. This gives citizens the choice: DigiLocker for offline display, the verifier for instant cryptographic check by an employer.

6

Go live with citizen-facing testing

Final UAT involves real student accounts pulling their own documents. Common failures: Aadhaar mismatch in the candidate name field (resolve at registration), namespace errors in XML (resolve in mapping), and slow Pull URI response (resolve with caching).

What a DigiLocker payload looks like

An illustrative envelope — the actual schema namespaces are defined in the DigiLocker integration kit. Notice how NAD ID, ABC ID, and the W3C VC anchor are all carried as Verification references.

<?xml version="1.0" encoding="UTF-8"?>
<!-- DigiLocker issued-document envelope (illustrative) -->
<DigiLockerDoc>
  <Issuer>
    <Id>UNIV-IIITS-2026</Id>
    <Name>IIIT Surat</Name>
  </Issuer>
  <Holder>
    <Name>Priya Sharma</Name>
    <DOB>2003-08-12</DOB>
    <AadhaarLast4>4537</AadhaarLast4>
  </Holder>
  <Document>
    <Type>BachelorDegree</Type>
    <Programme>B.Tech, Computer Science</Programme>
    <IssuanceDate>2026-05-09</IssuanceDate>
    <Result>
      <CGPA>8.94</CGPA>
      <Class>First Class with Distinction</Class>
    </Result>
  </Document>
  <Verification>
    <NADCertificateId>NAD-2026-IIITS-040217</NADCertificateId>
    <ABCId>12-3456-7890-1234</ABCId>
    <VCAnchor>https://gradifytech.com/verifier?cid=cid:abc...</VCAnchor>
  </Verification>
  <IssuerSignature>...</IssuerSignature>
</DigiLockerDoc>

Continue reading

NAD integration guide

NSDL/CDSL push, schema, reconciliation, revocation.

W3C VC in India

Standards layer that wraps DigiLocker and NAD records.

NEP 2020 ABC playbook

Where DigiLocker fits in a 12-week rollout.

DigiLocker integration FAQs

Does DigiLocker replace NAD?+
No. NAD is the regulator-recognised academic register operated for UGC. DigiLocker is the citizen-facing wallet operated by NeGD/MeitY. Most universities push to both: NAD for compliance and government queries, DigiLocker so the student can carry the credential in their phone. Pushing to one does not satisfy the other.
Pull URI vs Push API — which should we implement?+
Pull URI is DigiLocker's primary model and what NeGD recommends — it keeps the issuer as the source of truth and the citizen as the consent gate. Push is used for time-bounded campaigns (e.g., a one-time historical batch upload). For ongoing issuance, implement Pull URI; if you need to seed historical credentials, use Push for the back-load and switch to Pull thereafter.
How long does DigiLocker issuer onboarding take?+
Typical timeline is 4–8 weeks from application to sandbox credentials, plus another 2–4 weeks for sandbox testing and production approval. Plan around 2–3 months in your overall implementation calendar. Gradify Labs handles the technical onboarding paperwork as part of institutional implementation.
Can students share their DigiLocker certificate with a foreign university?+
Indirectly. DigiLocker itself is an India-only system. For international use, the W3C Verifiable Credential is the right artefact — it works in any W3C-compliant wallet globally, including those used by foreign admissions offices. The DigiLocker entry can carry the VC anchor URI as a backlink for cryptographic re-verification.
Does DigiLocker support revocation?+
Yes. The issuer can mark a document as revoked via the DigiLocker issuer dashboard; the citizen-facing entry then displays the revoked status. The same revocation event should also flip the on-chain VC status and the NAD record — Gradify's pipeline propagates all three from a single revocation action.
What if our university is not yet approved as a DigiLocker issuer?+
Issuance can still happen via the W3C VC layer immediately. DigiLocker integration is added later when issuer status is approved. The credential infrastructure is designed so DigiLocker is one delivery channel among several (wallet, email QR, public verifier link) — it is never a blocker for going live.

Ship to DigiLocker, NAD, and a public verifier — same pipeline

Gradify's issuance pipeline pushes every credential to all three destinations from a single transaction. We handle the issuer onboarding paperwork too.

Talk to integrations