09 - External Providers
All 60+ external integrations grouped by category. The backend uses the ProviderChainExecutor<T> pattern with fallback for high-criticality categories (PAN, Bank, Face Match, eSign).
PAN Verification
Interface: IPanProvider · Executor: ProviderChainExecutor<IPanProvider>
| Priority | Provider | File |
|---|---|---|
| 1 | Zintlr phone-to-PAN | ZintlrPhoneToPanProvider.cs |
| 2 | Hyperverge PAN | HypervergePanProvider.cs |
| 3 | NSDL PAN (official) | NsdlPanProvider.cs |
| 4 | UTI PAN | UtiPanProvider.cs |
| 5 | CVL KRA (encrypted) | CvlKraPanProvider.cs |
| 6 | NDML | NdmlPanProvider.cs |
Bank Verification
Interface: IBankVerificationProvider
| Priority | Provider | Notes |
|---|---|---|
| 1 | Hyperverge RPD | Reverse Penny Drop (UPI-based) |
| 2 | Karza | Forward penny drop |
| 3 | SETU Reverse Penny | 90s timeout |
| 4 | YesBank IMPS / SOAP | Uses X.509 client certificate |
| 5 | AINXT Bank OCR | Bank statement OCR |
| 6 | Digitap OCR | Bank statement OCR |
Separate: BankAutoVerifyService calls Decentro mobile-to-bank API at Stage 2 (not through ProviderChainExecutor - it is a dedicated background flow).
Face Match
Interface: IFaceMatchProvider
AinxtFaceMatchProvider(AWS Lambda)HypervergeFaceMatchProviderDigioFaceMatchProvider
Liveness & Signature
AinxtLivenessProvider- passive liveness detection, GET_IMAGE URL patternAinxtSignatureProvider- signature autocrop + validation
eSign
Router: EsignVendorRouter.cs - primary Hyperverge, fallback eMudhra, last resort NSDL
HypervergeEsignProvider(60s timeout)EmudhraEsignProviderNsdlEsignProvider(uses X.509 client cert)
DigiLocker / Aadhaar
AinxtDigilockerProvider- AWS Lambda wrapped DigiLocker API
Communication (SMS + Email)
NetcoreSmsProvider | SMS via Netcore Cloud or internal MOSL SMS gateway. Honors Sms.Mode=FIXED_OTP. |
NetcoreEmailProvider | Email via Netcore Cloud |
TheCheckerEmailProvider | Email via TheChecker |
KarzaEmailProvider | Email via Karza |
SmtpEmailProvider | Direct SMTP relay (default localhost:25) |
EmailNotificationService | Orchestrator that tries providers in order |
Geocoding & Name Match
AinxtGeocodingProvider→OpenCageProvider(fallback)AinxtNameMatchProvider
CRM, Fraud, Aggregator
ZohoCrmProvider- lead sync to Zoho CRMCsafeProvider- AML / fraud screening (MOSL internal)OneMoneyProvider- Account Aggregator consent flow for income proof fetch
Payment Gateways
EpayGatewayProvider | Primary payment gateway |
RazorpayGatewayProvider | Fallback gateway |
FundTransferService at Stage 15 orchestrates these through IPaymentGateway.
Link Shorteners
FirebaseDynamicLinksProvider- for desktop → mobile handoffSaathiShortUrlProvider- MOSL internal URL shortener
Common Provider Infrastructure
| Class | Purpose |
|---|---|
IExternalProvider | Base interface with ProviderName property |
ProviderChainExecutor<T> | Generic fallback executor. Reads provider_configurations table, respects circuit breaker, logs to ApiAuditLog, updates health metrics. |
CircuitBreaker | In-memory circuit breaker (tracks failure count, opens after threshold) |
ApiAuditLogger | Writes every external call to api_audit_log table with request/response/timing/correlation ID |
ProviderHealthTracker | Updates provider_health_metrics per call for WarRoom dashboard |
How Providers are Registered
Each provider is registered in Program.cs under its interface. The ProviderChainExecutor injects IEnumerable<IPanProvider> and picks the right one based on ProviderName.
backend/src/MO.Ekyc.Api/Program.csC#provider registration
builder.Services.AddScoped<IPanProvider, ZintlrPhoneToPanProvider>();
builder.Services.AddScoped<IPanProvider, HypervergePanProvider>();
builder.Services.AddScoped<IPanProvider, NsdlPanProvider>();
builder.Services.AddScoped<IPanProvider, UtiPanProvider>();
builder.Services.AddScoped<IPanProvider, CvlKraPanProvider>();
builder.Services.AddScoped<IPanProvider, NdmlPanProvider>();
builder.Services.AddScoped<ProviderChainExecutor<IPanProvider>>();Mock Mode in Providers
Each provider respects both levels of mock control:
- Service level:
MockMode:GlobalMockEnabled- services skip provider calls entirely and return mock data - Provider level:
provider_configurations.mock_mode- ProviderChainExecutor checks this per provider and returns default when true
See 02 - Mock Mode for details.