Singpass.bizGet a quote
← All guides
implementationsingpassmyinfosme

How to Implement Singpass for Your Business in Singapore (2026)

Most Singapore businesses can have Singpass live on their website in about ten working days. Here is exactly how the integration works, what data you receive, and what it costs.

Published 23 April 20269 min readSingpass.biz team

If you run a business in Singapore and you are considering adding Singpass to your website, signup flow, licence-application process, or KYC pipeline, this guide walks through everything you need to know: what Singpass and MyInfo do, what data you can receive, how the GovTech application works, what the integration looks like in practice, and what it costs.

What Singpass is, and what it isn’t

Singpass is Singapore’s national digital identity service, run by the Government Technology Agency (GovTech). Every Singapore Citizen, PR, and most Work Pass holders have one. When a customer taps “Sign in with Singpass” on your site, they confirm their identity using the Singpass app on their phone — the same app they use to log in to their HDB, IRAS, and CPF accounts.

MyInfo is the companion service. Once a user signs in with Singpass, they can consent to share specific pieces of verified personal data with your business — name, NRIC, residential address, date of birth, CPF contributions, and so on. The government fetches this data directly from its source (ICA, HDB, CPF, IRAS) and hands it to you, already verified.

So Singpass is the login. MyInfo is the data. Most businesses want both.

Why Singapore businesses add Singpass

There are really four reasons:

  1. To cut paperwork at signup. Instead of asking a new customer to type their name, NRIC, date of birth, and address — and upload a photo of their IC — they tap Singpass once and you get the data pre-filled, already verified. Sign-ups that used to take two minutes now take ten seconds.
  2. To verify age or eligibility at the counter or on the site. Alcohol and tobacco retailers, Singapore-only promotions, members-only services, and licensed venues can skip the “check the IC” step entirely — the tap confirms the customer’s date of birth, residency, and citizenship straight from ICA’s records.
  3. To speed up licence applications. Director NRIC data, work-pass verification, beneficial-ownership checks — things SPF, MAS, MOM, and CEA demand before they approve a licence — come straight out of Singpass, cleanly formatted, first time.
  4. To meet the 2027 NRIC deadline. From January 2027, the PDPC ban on using NRIC numbers as authentication kicks in. If your business currently logs customers in with NRIC + date of birth, Singpass is the standard replacement.

What data you can actually receive

You can request a subset of roughly forty MyInfo fields, grouped into:

  • Identity: full name, NRIC or FIN, sex, date of birth, nationality, race, marital status, country of birth.
  • Contact: residential address, mobile number, email address.
  • Employment and income: employer, occupation, CPF contributions, basic salary, notice period (where the individual consents).
  • Housing: HDB ownership status, flat type, address history.
  • Other: vehicle ownership, driving licence, pass expiry, family composition.

You can’t just ask for everything. GovTech requires you to justify each field with a clear business purpose tied to your use case. A licensed moneylender applying for KYC can justify CPF and income; a coffee shop doing age verification cannot. In practice we scope the exact field set with you on a discovery call and handle the justification during the application.

How the integration works — from zero to live

Step 1 — The scoping call (about 20 minutes, free)

You describe what your business does and what problem you’re trying to solve. We confirm which MyInfo fields fit the use case, whether your industry needs any regulator sign-off, and roughly how long it’ll take. For non-regulated use cases — retail age checks, customer onboarding, membership — this is normally all we need before we can quote.

Step 2 — The GovTech application (1 to 3 weeks, handled by us)

GovTech reviews every new Singpass integration. The application includes the purpose of each data field, the retention policy, the technical architecture, and the data-protection measures in place. We write and submit this on your behalf. You don’t read any compliance document.

For most small and medium businesses, GovTech lets us host the integration on our own Singpass credentials — a pattern called a “trusted aggregator”. That removes the need for you to apply individually, and is how we can go from scoping call to live in ten days for simple use cases. If you’re in a regulated industry (payment services, lending, insurance, property, healthcare) we’ll apply in your name and walk you through the extra steps.

Step 3 — Build and test (3 to 5 working days)

We stand up the Singpass connection on our infrastructure, handle the RSA key pair GovTech issues, and build the specific integration shape you need — a REST API endpoint, a webhook into your CRM, or a short “tap to verify” link. We run it on our staging first; you review on a shared URL before go-live.

Step 4 — Choose your delivery method

You have three main options for how the verified data reaches you:

  • REST API: your application calls /verify and we return a JSON payload with the consented fields. Best if you have developers on staff or an existing customer portal to wire into.
  • Webhook into your CRM: when a customer completes the Singpass flow, we POST the data into your CRM (HubSpot, Pipedrive, Zoho, Salesforce, or custom). Best if you don’t have a dev team and want verifications to appear in the CRM your team already uses.
  • Tap-to-verify link: we host a short URL — for example, singpass.biz/v/your-business — that opens the Singpass flow and emails you the verified payload. Best for licence applications and one-off director-verification needs.

Step 5 — Go live

Once you’re happy with the staging flow, we flip the switch. Your customers tap Singpass, we receive the verified data, we deliver it to you, and you pay only for what you use.

How long does it take?

The honest answer depends on your industry:

  • Customer onboarding, retail age verification, membership signups: 5 to 10 working days end-to-end. We host the integration and you don’t need your own Singpass account.
  • HR, recruitment, and licence applications: 10 to 14 working days. A bit more back-and-forth with GovTech over the data scope.
  • Real estate, property, CEA-regulated flows: 2 to 3 weeks. Extra AML checks in the justification.
  • MAS-regulated financial services (payment, lending, fintech): 3 to 4 weeks. You apply to GovTech in your own name (we do the paperwork) and MAS may have its own KYC sign-off on top.

What does it cost?

There’s a one-off setup fee — which covers the scoping, the GovTech application, the integration build, and go-live — and then a small per-verification fee once you’re live. The price depends on your expected monthly volume and on whether your use case is regulated.

We quote after the scoping call, with no obligation. Smaller businesses doing single-digit-thousand verifications a month often land under a thousand dollars a month, all-in.

What about data privacy?

Every MyInfo request is consented to by the customer at the GovTech authentication screen — no data is released without the individual saying yes. On our side, we retain only what your business justifies; audit logs are kept for the minimum required under the PDPA and any sector-specific retention rules (for example, seven years for financial services under MAS). Full details are in our PDPA Notice.

Do you need developer resources on your side?

If you choose the webhook or tap-to-verify delivery modes — no. We handle the integration end-to-end and deliver the data in a format your existing team can pick up. If you choose the REST API, you’ll want a developer to wire the response into your application; we supply working sample code for TypeScript, Python, PHP, and Go.

What about the 2027 NRIC change?

From 1 January 2027, businesses in Singapore can’t use NRIC numbers — in full or partial form — as a means of authenticating a user. If your current login page asks for NRIC + date of birth, you have until the end of 2026 to switch to a compliant alternative. Singpass is the expected replacement. We have a dedicated migration path for businesses still on NRIC-based authentication; we’ll publish a follow-up guide covering this in detail.

The short version

For most Singapore businesses, adding Singpass is about ten days of our time and a few hours of yours. You get verified customer data flowing into the tools you already use, paperwork disappears, and you’re ready for the 2027 authentication changes.

If you want to walk through your specific use case, a free 20-minute call is the fastest way to find out what’s possible. Book one here, or message us on WhatsApp at +65 8040 7913.

Ready to chat?

Get a free scoping call on your use case.

Tell us what your business does. We’ll tell you exactly how Singpass can help, how long it takes, and what it costs — in plain English.

Book My Free Call →