Quick Start

Introduction

“iAM Smart” provides Application Program Interfaces (APIs) regarding authentication, form filling and digital signing functions for public and private sectors to adopt "iAM Smart" in their online services. In this guide, we will provide step-by-step instructions on how to adopt “iAM Smart” APIs according to different business scenarios:

• Identity Verification : When you need to verify your clients’ identity in your business operation, you may adopt the “iAM Smart” in your identity verification flow with Form Filling API.
• Remote Account Onboarding : Customers can complete the account opening process online by using the verified personal information provided by “iAM Smart” with Form Filling API.
• Service Login : After creating linkage between "iAM Smart" account and your online service, customers can login with "iAM Smart" without password.
• Digital signing after service login using "iAM Smart" : After logged in to the online serviceusing "iAM Smart", customers with "iAM Smart+" account can sign their digital documents remotely, conveniently and securely with Signing API.
• Digital signing without service login : Sometimes, service login is not required to perform business operation, in this case, your online service can ask the user to sign the digital documents with “iAM Smart+” account Anonymous Signing API.

Prerequisites

To conduct testing with “iAM Smart” APIs in the testing environment (i.e. ITE environment), your online service must enter Phase 2 Design (link to Design under Start adoption). In order to prepare the ITE setup environment and start your development, you need the following prerequisites:

• Online Service Server
• Online Service Credentials (Client ID and Client Secret)
• Creator and Approver Accounts of Self Service Portal
• "iAM Smart" Testing App and Testing Accounts issued by support team
• Encipherment Certificate
• Public Facing IP with domain name and Server Certificate (TLS 1.2 or above)

This will be provided to the contact point specified in ITE application form. Client ID and Secret can be accessed on the self-service portal.

Content Encryption

In addition to enabling SSL/TLS encryption for all HTTPS communications between “iAM Smart” and your online service, an additional layer of data encryption is applied to all API POST requests (except the one that online service request for getting the symmetric encryption key) in communicate with “iAM Smart” for better protection the data in transit. This symmetric encryption key generated by “iAM Smart” System is the Content Encryption Key (CEK), which is valid for a specific period of time. Online service has to request the latest CEK after expired or exception occurred. The CEK is encrypted by the Key Encryption Key(KEK) of your online service, which KEK is the public key of the encipherment certificate. Therefore, you are required to upload the KEK to self-service portal.

Self-Service Portal Setup

The self-service portal is for the online service to the configuration related to API communication with “iAM Smart” System including checking the Client ID and secret, management of KEK and configuration of callback.

Self-Service Portal Administrator Setup and Account Management

The online service provider has to assign an administrator for each online service to manage the access to self-service portal. The administrator is responsible for account management. The administrator needs to create the user account for Online Service Creator and Approver.

• Detailed steps can be referred to (How to create Online Service Creator and Approver Account?) in Getting Start Guide.

Self-Service Portal Configuration of Callback URLs

To get the business parameters received from the response of "iAM Smart" server, the Online Service Creator needs to setup the required callback URLs.

• Detailed steps can be referred to (How to setup callback URLs?) in Getting Start Guide.

Self-Service Portal Configuration of Encipherment Certificate (KEK Certificate)

Each online service is required to upload the public key of an encipherment certificate for additional secure message transmissions with "iAM Smart" System. Only the certificates issued by Recognized Certification Authorities ("RCA") in Hong Kong are accepted in "iAM Smart" System.

• Detailed steps can be referred to the Getting Start Guide (How to upload KEK Certificate?)

Tesing App Installation and Setup

Only authorized user can download the testing app. To apply, please update the ITE application form

• For iOS user, an invitation email with a redeem code to TestFlight.
• For Android user, please go to App Store to download the app.
• Detailed steps can be referred to the Getting Start Guide (How to setup?)

Appendix

How to setup

Android Testing App

• Search by keywrd "iAM Smart" (Testing App) OGCIO".
• Click on "Install" button to download the Testing App.
• Click "Open" button to start the "iAM Smart" Testing App.
• Click on the Menu button at the top right corner in the dashboard.
• Select "e-ME" profile button to open "e-ME" setup page.
• Click on the "Edit" button to setup / updte personal information.

iOS Tesing App

• Open the invitation email and click the "View in TestFligh" button to proceed.
• Click on the link "Get TestFlight from the App Store".
• It will redirect you to the AppStore, click the "GET" button to install the TestFlight.
• Complete the basic setting of the TestFlight.
• If TestFlight has been installed previously, we should open the TestFlight App and click the "Redeem" button to proceed.
• Copy the Redeen Code from invitation email and click on "Redeem" button to proceed.
• Click on the "OK" button and "Allow" button to proceed.
• Click on "Start Testing" button to start the "iAM Smart" Testing App.