MySejahtera-PHP-Web
Retrieve MySejahtera App's data from MySejahtera API and show to users via web browser. Written in PHP.
Booster Dose Appointment feature is now launched (17/11/2021)
Disclaimer
- This web app isn't affiliated with MySejahtera !
- This web app won't record user's MySejahtera username and password as this web app will just simply pass the username / password to the API and retrieve the
x-auth-token. When requestingsemak-vaksin.phpandpdf-digital-cert.php,x-auth-tokenretrieved from login will be POST to it and they will use thex-auth-tokenthat receieved to retrieve the data. - I will not be responsible not be liable for any problem that will produce losses or inconveniences incurred as a result of such changes or differences.
- MySejahtera's API on this web app was grabbed via ProxyMan on iPadOS and iOS version of MySejahtera (User Agent used in this PHP Web App when making request to MySejahtera :
MySejahtera/1.0.36 (iPhone; iOS 14.4.2; Scale/2.00)) - Chinese Introduction
Firewall
MySejahtera have started to block some region including US / Germany to access their website.
About this project
Inspired by nakvaksin.com.
I created a website to check vaccination record via JKJAV's API.
But their API keep returning 500 error for some reason (Seems like rate limit error , no workaround currently).
So I decided to create a web app / website that can retrieve MySejahtera API and return the data to users via broswer instead of their original app.
Parts of MySejahtera's API directly grab from nakvaksin.com , including Login , Personal Details , Vaccination Process Flow.
A big thanks to nakvaksin.com's teams here!
What can I do with this PHP Web App?
You can :
- Retrieve your personal risk status , vaccination status and your NRIC number / Passport Number.
- Retrieve your Vaccination Process , including 1st Dose Appointment and 2nd Dose Appointment and Booster Dose Appointment. Note : Booster Dose Appointment will only show the information below : "Digital Certificate Issued & Booster Dose Appointment" as MySejahtera's API only return these data.
- Retrieve your PDF version of Vaccine Digital Certificate , a new feature launched by MySejahtera.
- Check and track the COVID-19 Case(s).
Note : You must key in your Date of Birth first into MySejahtera Personal Details before you can generate your PDF version of Vaccine Digital Certificate.
How to retrieve data via MySejahtera's API
- Login
Do a POST request to here https://mysejahtera.malaysia.gov.my/epms/login with form and header below :
Header :
User-Agent: MySejahtera/1.0.36 (iPhone; iOS 14.4.2; Scale/2.00)
Host: mysejahtera.malaysia.gov.my
Content-Type: multipart/form-data;boundary=31
Form :
username=60XXXXXXXX
password=XXXXXXX
200 if success , 401 if username or password did not match the record in MySejahtera. Notice the x-auth-token response headers if you get 200 , the token is MySejahtera API's login credentials.
- Retrieve personal details
Do a GET request to here https://mysejahtera.malaysia.gov.my/epms/v1/mobileApp/vaccinationEmployeeInfo with header below :
Header :
User-Agent: MySejahtera/1.0.36 (iPhone; iOS 14.4.2; Scale/2.00)
Host: mysejahtera.malaysia.gov.my
x-auth-token: <X-AUTH-TOKEN you get at Step 1>
200 if success , 500 if x-auth-token invalid.
- Retrieve vaccination process
Do a GET request to here https://mysejahtera.malaysia.gov.my/epms/v1/mobileApp/vaccination/processFlow with header below :
Header :
User-Agent: MySejahtera/1.0.36 (iPhone; iOS 14.4.2; Scale/2.00)
Host: mysejahtera.malaysia.gov.my
x-auth-token: <X-AUTH-TOKEN you get at Step 1>
200 if success , 500 if x-auth-token invalid.
- Generate PDF version of Vaccine Digital Certificate
Do a GET request to here https://mysejahtera.malaysia.gov.my/epms/v1/mobileApp/vaccination/certificate/generate with header below :
Header :
User-Agent: MySejahtera/1.0.36 (iPhone; iOS 14.4.2; Scale/2.00)
Host: mysejahtera.malaysia.gov.my
x-auth-token: <X-AUTH-TOKEN you get at Step 1>
200 if success , 500 / 401 if x-auth-token invalid.
- Download PDF version of Vaccine Digital Certificate
Do a GET request to here https://mysejahtera.malaysia.gov.my/epms/v1/mobileApp/vaccination/certificate/download with header below :
Header :
User-Agent: MySejahtera/1.0.36 (iPhone; iOS 14.4.2; Scale/2.00)
Host: mysejahtera.malaysia.gov.my
x-auth-token: <X-AUTH-TOKEN you get at Step 1>
200 if success , 500 / 401 if x-auth-token invalid.
- Request COVID-19 Case(s) and zone risk around the location
Do a POST request to here
https://mysejahtera.malaysia.gov.my/register/api/nearby/hotspots?type=locateme
Header :
'Authorization: Basic '. base64_encode("$mysj_id:$mysj_pword"),
"User-Agent: MySejahtera/1.0.36 (iPhone; iOS 14.4.2; Scale/2.00)",
"Host: mysejahtera.malaysia.gov.my",
"Content-Type: application/json",
Form :
[{"lat":"xx","lng":"xx","classification":"LOW_RISK_NS"}]
Note : for Step 4 and 5 , you must key in your Date of Birth first into MySejahtera Personal Details before you can generate and download your PDF version of Vaccine Digital Certificate or else you will get stucked on Step 4.
Requirements to deploy this PHP Web App
- PHP installed , 7.0 + is recommended
- Web server that configured properly to work with PHP
- Internet access
- reCaptcha site key (Replace the sitekey to ur own one in
index.html)
Error code
- 401 / 403 on details.php
Your username or password did not match the record in MySejahtera. Please check your username and password.
or
Your request is being blocked by MySejahtera due to firewall rules.
- 403 on semak_vaksin.php / pdf-digital-cert.php
You did not provide token to check your vaccine details. Please try to login again.
or
Your request is being blocked by MySejahtera due to firewall rules.
- 401 on semak_vaksin.php / pdf-digital-cert.php
The x-auth-token is expired. You need to relogin at the main page.
or
Your request is being blocked by MySejahtera due to firewall rules.
Location API
I used Nominatim's API to retrieve the coordinates.
I created a small proxy via my Nginx web server so all traffic for this API location request that returning 200 HTTP will be cached for 1 week.
Screenshots
Booster Dose Appointment
Booster Dose Appointment feature is now updated (17/11/2021) , do note that MySejahtera's API only returning data below :
[{
"timestamp": "XXXXX",
"headerText": {
"ms_MY": "Sijil digital dikeluarkan",
"en_US": "Digital certificate issued"
},
"state": "COMPLETED",
"data": [],
"action": [{
"text": {
"ms_MY": "Tekan di sini untuk melihat sijil digital vaksinasi COVID-19",
"en_US": "Click here to view your COVID-19 vaccination digital certificate"
},
"value": "PROFILE_LINK"
}]
}, {
"timestamp": "XXXXX",
"headerText": {
"ms_MY": "Temu janji dos penggalak",
"en_US": "Booster dose appointment"
},
"state": "ACTIVE",
"data": [{
"text": {
"ms_MY": "Fasiliti Kesihatan:",
"en_US": "Health Facility:"
},
"value": "XXXXXX"
}, {
"text": {
"ms_MY": "Lokasi Vaksinasi:",
"en_US": "Vaccination Location:"
},
"value": "XXXX"
}, {
"text": {
"ms_MY": "Tarikh:",
"en_US": "Date:"
},
"value": "XXX"
}, {
"text": {
"ms_MY": "Masa:",
"en_US": "Time:"
},
"value": "XXX"
}, {
"text": {
"ms_MY": "Persetujuan Digital:",
"en_US": "Digital Consent:"
},
"value": "-"
}],
"action": [{
"text": {
"ms_MY": "Tekan di sini untuk imbas kod QR lokasi vaksinasi apabila anda tiba",
"en_US": "Click here to scan vaccination location QR when you arrive"
},
"value": "USER_CHECK_IN"
}, {
"text": {
"ms_MY": "Klik di sini untuk membatalkan janji temu anda",
"en_US": "Click here to cancel your appointment"
},
"value": "BOOSTER_DOSE_CANCELLATION_ASSESSMENT"
}]
}, {
"timestamp": null,
"headerText": {
"ms_MY": "Dos penggalak selesai",
"en_US": "Booster Dose completed"
},
"state": "PENDING",
"data": [],
"action": []
}]
Hence , the 1st dose appointment & 2nd dose appointment data won't show out.