Architecture
A Layered Core Built to Be Mixed and Matched
Every customer-facing journey is composed from the same set of underlying layers. Pick the layers you need. Skip the ones you don't. Re-order them when the regulator moves the goalpost.
Document Intelligence
OCR with confidence scoring, MRZ validation, hologram and chip detection, tamper-evidence checks — the layer that turns a photo of a document into structured, trustworthy data.
Biometrics
In-house face match and liveness models. Tuned on diverse demographics, optimised for low-light capture, benchmarked against ISO 30107-3 PAD criteria. No third-party biometric SDK in the data path.
API Gateway
One contract over every check. Auth schemes range from API keys to signed JWTs and mTLS. Rate limits, idempotency keys, structured error codes, sandbox parity — the layer engineers actually integrate against.
Governance
Maker-checker workflows with configurable approver counts, automatic / manual / hybrid modes. Send-back, drop-off and resume, role-based queues, threshold-driven escalation — built in, not a bolt-on.
Audit & Compliance
Every action timestamped, every artefact retained per policy, every record export-ready for regulator submission. Compliance posture is a property of the platform, not an aftermarket integration.
PKI Trust Fabric
Every credential, signature, and audit artefact backed by eMudhra's PKI heritage. Issued by a licensed CA, anchored in an HSM, verifiable in court. The layer that turns a database entry into trust.
Philosophy
Modularity is the Architecture, Not a Feature
Pick the blocks you need. Skip the ones you don't. Change the order. Change the journey. That is the platform's job — not a roadmap item, not a paid add-on, not a custom build.
- Per-journey configurability
A loan onboarding journey can require BAV + video KYC; the savings account journey skips both. Toggled per product line, per segment, per risk band — not hard-coded.
- Composable, not monolithic
Each module is independently consumable as an API. Use one block in isolation, or compose them into a multi-step flow with policy logic between calls.
- Regulatory change without rewrites
When a regulator adds a new mandate — CKYC, video CIP, periodic re-KYC — you add a module, not re-architect the application.
Security Posture
Built by a CA — You Can Tell
eMudhra's day job is digital trust. That shows up in how IDBroker handles keys, secrets, and biometric data.
Encryption Everywhere
Data encrypted in transit (TLS 1.2+) and at rest (AES-256). Sensitive biometric and document payloads are sealed with envelope encryption keyed off HSMs.
In-House AI
Face match, liveness, and document anomaly models are owned and operated by eMudhra. No third-party biometric SDKs in the verification path. No vendor lock-in on the model that decides whether your customer is real.
mTLS Webhooks
Outbound callbacks (verification result, governance decision, audit event) can be delivered over mutually authenticated TLS so the consumer can verify the sender end-to-end.
HSM-Backed Keys
Signing keys for credentials, audit artefacts, and tokenisation live in FIPS-validated hardware. Key ceremonies, rotation policies, and recovery follow CA-grade operational discipline.
Data Residency
Customer data stays in the region you choose. Country-level deployments support DPDP (India), GDPR (EU), PDPL (Saudi), POPIA (South Africa), and similar regimes out of the box.
Audit by Default
Every API call, every governance decision, every credential issuance is logged with cryptographic timestamps. Logs are queryable, exportable, and ready for regulator inspection.
Why eMudhra Built This
15+ Years of Identity Trust Behind Every Call
eMudhra has been issuing legally valid digital certificates since 2008. We run a licensed Certifying Authority in India, hold CA licenses in multiple jurisdictions, and operate identity infrastructure that has signed billions of transactions.
IDBroker is what happens when that heritage gets exposed as an API. Built in India for the most regulated, highest-volume identity environment on earth — and architected to extend cleanly to any country with a serious identity programme.
15+
Years in identity
400M+
Certificates issued
30+
Countries served
