sgID v2

FAQ (Developers)

Frequently asked questions

If you have any questions that aren't answered here, please contact us at this form!

General

Is sgID a government product?

Yes, sgID is run by Open Government Products, a GovTech subsidiary.

How is sgID different from Singpass?

sgID exists as a module in the Singpass mobile app. sgID login uses a different protocol from the usual Singpass login. The sgID protocol is end-to-end encrypted which means that the government cannot see which businesses or government agencies you're communicating with, and what data you're sending to them.

Head here to learn more about the sgID protocol!

What are the data fields that are available via sgID?

You can see a full detailed list of data fields that are currently available via sgID in our Data Catalog.

We are in the process of adding more data fields to sgID, so please let us know if there are any particular data fields that you would like to see in sgID via this contact form!

Where does sgID get its data from?

sgID gets its data from MyInfo, a government-verified data source on Singapore residents.

sgID will also support third-party data sources in the future, so if there is a data source which you would like to access, please let us know via this contact form!

Does sgID support username and password login?

sgID does not support username-password logins.

To login with sgID, you will need:

  1. A Singpass account

  2. The Singpass mobile app installed on your mobile device

Compliance

Is sgID compliant with PDPA (Personal Data Protection Act 2012)?

Yes. The PDPA requires businesses to be compliant with clauses by 1 September 2019, surrounding consent obligation, purpose limitation obligation, and notification obligation, all of which are built into sgID.

Please visit the PDPC site for more information on the legislation, guidelines, exemption, and enforcement of the PDPA.

Privacy & Security

What privacy and security measures do sgID provide?

sgID employs end-to-end encryption, and does not store any of your data that passes through our servers. Even in the case of a data breach, your data will never be compromised because it remains safely on your phone, in your control.

Technical

How can I access user data in plaintext?

The user data that sgID clients receive are encrypted with a block key, which is in turn encrypted with the public key associated with that client.

To access the data in plaintext, clients will need to:

  1. Decrypt the encrypted block key with their own private key to receive the block key

  2. Use the block key to decrypt the encrypted user data

You can learn more about how to do this in the Custom Integration section on decrypting the userinfo payload.

Can I register more than one redirect URI for my client?

Yes, you can register up to 5 redirect URIs for each client.

You can add new redirect URIs at any time in the developer portal.

PreviousData CatalogNextFAQ (Users)

Last updated