search

FAQ (Developers)

Frequently asked questions

If you have any questions that aren't answered here, please contact us at this formarrow-up-right!

hashtag
General

chevron-rightIs sgID a government product?hashtag

Yes, sgID is run by Open Government Productsarrow-up-right, a GovTech subsidiary.

chevron-rightHow is sgID different from Singpass?hashtag

sgID exists as a module in the Singpass mobile app. sgID login uses a different protocol from the usual Singpass login. The sgID protocol is end-to-end encrypted which means that the government cannot see which businesses or government agencies you're communicating with, and what data you're sending to them.

Head here to learn more about the sgID protocol!

chevron-rightWhat are the data fields that are available via sgID?hashtag

You can see a full detailed list of data fields that are currently available via sgID in our Data Catalog.

We are in the process of adding more data fields to sgID, so please let us know if there are any particular data fields that you would like to see in sgID via this contact formarrow-up-right!

chevron-rightWhere does sgID get its data from?hashtag

sgID gets its data from MyInfoarrow-up-right, a government-verified data source on Singapore residents.

sgID will also support third-party data sources in the future, so if there is a data source which you would like to access, please let us know via this contact formarrow-up-right!

chevron-rightDoes sgID support username and password login?hashtag

sgID does not support username-password logins.

To login with sgID, you will need:

  1. A Singpass account

  2. The Singpass mobile app installed on your mobile device

hashtag
Compliance

chevron-rightIs sgID compliant with PDPA (Personal Data Protection Act 2012)?hashtag

Yes. The PDPA requires businesses to be compliant with clauses by 1 September 2019, surrounding consent obligation, purpose limitation obligation, and notification obligation, all of which are built into sgID.

Please visit the PDPC sitearrow-up-right for more information on the legislation, guidelines, exemption, and enforcement of the PDPA.

hashtag
Privacy & Security

chevron-rightWhat privacy and security measures do sgID provide?hashtag

sgID employs end-to-end encryption, and does not store any of your data that passes through our servers. Even in the case of a data breach, your data will never be compromised because it remains safely on your phone, in your control.

hashtag
Technical

chevron-rightHow can I access user data in plaintext?hashtag

The user data that sgID clients receive are encrypted with a block key, which is in turn encrypted with the public key associated with that client.

To access the data in plaintext, clients will need to:

  1. Decrypt the encrypted block key with their own private key to receive the block key

  2. Use the block key to decrypt the encrypted user data

You can learn more about how to do this in the Custom Integration section on decrypting the userinfo payload.

chevron-rightCan I register more than one redirect URI for my client?hashtag

Yes, you can register up to 5 redirect URIs for each client.

You can add new redirect URIs at any time in the developer portal.

PreviousData CatalogNextFAQ (Users)

Last updated

Was this helpful?