# Performance Report ## Overview The eSignet Performance Report provides a comprehensive analysis of the system’s responsiveness, reliability, and scalability under various operational conditions. It captures key performance metrics such as throughput, resource utilization and memory consumption. This report is designed to help stakeholders understand how eSignet performs in real-world scenarios, identify potential bottlenecks, and guide future optimizations to ensure a seamless and secure digital identity experience. Read more about eSignet: [eSignet Documentation
](https://docs.esignet.io)Further reading for eSignet integration with MOSIP: [MOSIP eSignet | MOSIP Docs 1.2.0](https://docs.mosip.io/1.2.0/interoperability/integrations/e-signet) ## Scope This performance report focuses specifically on benchmarking and evaluating eSignet v1.4.1 under controlled test conditions using a mock Identity Authentication (IDA) system. The key areas covered within the scope of this report include: 1. Performance testing is limited to eSignet v1.4.1 and does not extend to earlier or future versions. 2. Only OTP-based authentication flows were included in the performance assessment. Other factors such as biometrics or password-based flows were excluded because the performance was conducted with mock ID system, so the change in the auth factor does not impact the response times of user authentication and userinfo exchange. 3. The system was tested to achieve and maintain a constant throughput of 100 requests per second (RPS), which in turn translates to [15 transactions per second (TPS)](#user-content-fn-1)[^1] based on the 7 endpoints required to complete 1 transaction. 4. System was able to maintain the throughput of 100 RPS both with and without intentional delays introduced in the mock IDA system. The goal was to ensure consistent performance while remaining within the predefined Service Level Agreements (SLAs) for response times. 5. All performance bottlenecks, failures, or irregularities encountered during testing were documented. Where applicable, fixes and optimizations were implemented and validated to ensure compliance with performance targets. ## Approach To perform the test run, **Apache - JMeter** was used as the load testing tool to simulate **106 users**, maintaining a consistent **throughput of 100 requests per second (RPS)** for a duration of **30 minutes**. 1. **100,000 sample user data was** prepared for the run, if the total number of user samples exceeds **100,000** then the first **100,000** sample user data will be unique, and the **100,001st** sample data will be a repeat of the **1st** sample data from the entry list. 2. To mimic a real-world scenario, an **additional delay of 1000ms** was introduced for the **send-OTP**, **auth**, and **token** endpoints in the mock identity system. Consequently, the **SLA was updated to 1.5 seconds.** ## Tools Used 1. Jmeter to simulate the user load. 2. Jprofiler to profile JVM and the application code. ## Summary 1. Focus: OTP-based authentication flows only 2. Scenarios tested: 1. With 1-second induced delay in mock Identity Authentication (IDA) system 2. Without induced delay 3. Load conditions: 1. Sustained 100 **requests per second** (RPS) 2. 30-minute duration 4. Test environment configuration: 1. eSignet: 2 pods (1500m CPU, 2250Mi memory each) 2. Mock ID system: 2 pods (300m CPU, 2250Mi memory each) 5. Results: 1. Target throughput achieved 2. All Service Level Agreements (SLAs) consistently met 3. Excellent performance and stability under high load and delayed response conditions ### **Test Results Summary** | API Endpoint | Response time (no delay) | Response time (with delay) | SLA | | ------------------------------ | ------------------------ | -------------------------- | -------- | | /authorization/send-otp | 58 ms | 1260 ms | ≤1500 ms | | /authorization/v3/authenticate | 79 ms | 1258 ms | ≤1500 ms | | /oauth/v2/token | 76 ms | 1267 ms | ≤1500 ms | ### **Scenarios Considered** The performance run is carried out with below assumptions and considerations: 1. Performance of eSignet APIs is checked against MOCK ID plugin. 2. We have considered the OTP auth factor for the performance run. ### **SLA:** We are considering that the integrated ID system will take 1.5 secs for below integration points to return back the response: 1. **Send OTP (**/authorization/send-otp**)** 2. **KYC Auth (**/authorization/v3/authenticate**)** 3. **KYC Exchange (**/oauth/v2/token**)**
Module NameScenario to be testedAPI EndpointAccepted Response TimeWeightage

eSignet

Pre-requisite:

  1. Client ID is generated using eSignet API(/v1/esignet/client-mgmt/oidc-client).
  2. eSignet API requires PMS auth Token
User authentication with OTP
  1. /csrf/token → GET
  2. /authorization/v2/oauth-details → POST
  3. /authorization/send-otp → POST
  4. /authorization/v3/authenticate → POST
  5. /authorization/auth-code → POST
  6. /oauth/v2/token → POST
  7. /oidc/userinfo → GET
  1. <=100ms
  2. <=100ms
  3. <=1.5s
  4. <=1.5s
  5. <=100ms
  6. <=1.5s
  7. <=100ms
100%
## Test Environment ### Deviation from the default deployment
1. Migration from the softhsm to PK12.\ \ As part of the performance evaluation, a key deviation from the default deployment was the **migration from SoftHSM to PKCS#12 (PK12)** for key storage. This change enhanced compatibility and operational efficiency such that eSignet met its SLA targets under both normal and stress conditions. ### Software (Under Test) Following ‘Images’ were under the scope of ‘Performance Testing’: #### Modules Segregation | Image ID | Tag Name | Comments | | ------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------- | | mosipid/esignet:1.4.1 | [release-1.4.1](https://github.com/mosip/esignet/tree/v1.4.1) | | | mosipid/mock-identity-system:release-0.11.0 | [release-0.11.0](https://github.com/mosip/esignet-mock-services/tree/v0.11.0/mock-identity-system) | The changes are tested with mosipqa image and are available in release-0.11.x | | mosipid/mock-relying-party-ui:0.9.2 | [release-0.9.2](https://github.com/mosip/esignet-mock-services/tree/v0.9.2/mock-relying-party-ui) | | | mosipid/mock-relying-party-service:0.9.2 | [release-0.9.2](https://github.com/mosip/esignet-mock-services/tree/v0.9.2/mock-relying-party-service) | | | mosipid/oidc-ui:1.4.1 | [release-1.4.1](https://github.com/mosip/esignet/tree/v1.4.1/oidc-ui) | | #### Test Data Performance data load has been populated before the run to ensure realistic results. | DB | Table Name | Number Of Records/Sample Data | | ------------- | ----------- | ----------------------------- | | mock identity | uin | 100000 | | | fullName | 100000 | | | emailId | 100000 | | | phoneNumber | 100000 | ### Test Design * **Test Duration**: 30 mins * **Test Type**: Load * **Ramp Up**: 3 mins #### **User distribution among the scenarios**
Scenario NameModule NameAPI EndpointHTTP MethodSLA(ms) <=Weightage/Load DistributionThroughput (RPS)
User with OTP authenticationeSignet-service/csrf/tokenGET100100100
/authorization/v2/oauth-detailsPOST100
/authorization/send-otpPOST1500
/authorization/v3/authenticatePOST1500
/authorization/auth-codePOST100
/oauth/v2/tokenPOST1500
/oidc/userinfoGET100
### Resource level configuration | Container name | 100RPS | | | -------------------- | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | **Number of pods** | **Resource configuration** | | eSignet | 2 |

resources:

limits:

cpu: 1500m

memory: 2250Mi

requests:

cpu: 1500m

memory: 2250Mi

value: '-Xms2250M -Xmx2250M'

| | mock-identity-system | 2 |

resources:

limits:

cpu: '300m'

memory: 2250Mi

requests:

cpu: 300m

memory: 2250Mi

value: '-Xms1500M -Xmx1500M'

| ## Test Result #### Performance test execution results | **Application Name** | eSignet | | -------------------- | -------------------- | | **Test Duration** | 13/03/2025 (30 mins) | | **Status** | Pass | ### Test Report 1. Test results for 100 RPS for a 30-minute run, simulating the real-time ID system by adding a fixed 1-second processing time for each endpoint (send-OTP, auth, and token). | **Scenario Name** | **Transaction Name** | **API Endpoint** | **HTTP Method** | **100 RPS** | | | | | | | ---------------------------- | ---------------------- | ------------------------------- | --------------- | --------------------------------------------- | --------------- | ----------- | ------------ | ------- | ----------- | | | | | | **Date : 09/06/2025 (half an hour duration)** | | | | | | | | | | | **# Samples** | **Min** | **Average** | **90% Line** | **Max** | **Error %** | | User with OTP authentication | S01 T01 GetCsrf | /csrf/token | GET | 25969 | 7 | 12 | 17 | 358 | 0.00% | | | S01 T02 OAuthdetails | /authorization/v2/oauth-details | POST | 25968 | 6 | 12 | 17 | 391 | 0.00% | | | S01 T03 Send OTP | /authorization/send-otp | POST | 25968 | 1017 | 1095 | 1260 | 1719 | 0.00% | | | S01 T04 Authentication | /authorization/v3/authenticate | POST | 25952 | 1025 | 1101 | 1258 | 1754 | 0.03% | | | S01 T05 Autorization | /authorization/auth-code | POST | 25934 | 7 | 14 | 19 | 1026 | 0.00% | | | S01 T06 Token | /oauth/v2/token | POST | 25934 |

1030

| 1106 | 1267 | 1964 | 0.00% | | | S01 T07 Userinfo | **/oidc/userinfo** | GET | 25918 | 6 | 12 | 17 | 437 | 0.00% | ### Metrics **Table of eSignet endpoint metrics**
**Time chart of 90th percentile response time for eSignet services**
#### Dependent services metrics **Table of mock identity system endpoint metrics and time-chart of 90th percentile response time**
#### CPU Utilisation
#### Memory Utilisation
## Resource Calculator Please refer the details [resource calculator published here](https://github.com/mosip/esignet/tree/develop/performance-test) for sizing guidelines. ## Performance Analysis ### KPI Comparison The key performance metrics from the overall run focused on the **response times** of the endpoints: **send-OTP**, **KYC-Auth**, and **KYC-Exchange** from the integrated identity system to achieve 100/sec through put is shown below. | End points | Expected response time (ms) | Actual Response time (ms) | | ---------------- | --------------------------- | ------------------------- | | **send-OTP** | 1500 | 1260 | | **KYC-Auth** | 1500 | 1258 | | **KYC-Exchange** | 1500 | 1267 | ### Bottlenecks Based on the scope of the performance run, **no bottlenecks or issues were observed**. ### Recommendation The performance of the system was evaluated based on the defined scope and approach, achieving a consistent **throughput of 100 requests per second (RPS)** during a **30-minute run**. It is recommended to use a **Resource Calculator** for estimating requirements and scaling for the desired number of users and transactions. ## Annexure: * References: * [Little's law](https://en.wikipedia.org/wiki/Little's_law) * [Little’s Law in Performance Testing](https://www.perfmatrix.com/littles-law-in-performance-testing/) [^1]: 100 RPS are the individual requests that are hit for each endpoint. For the performance run there are 7 individual endpoints that are required to be hit sequentially to complete 1 transaction. Hence 100/7 = 15 (approx) becomes the TPS for the performance run. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.esignet.io/roadmap-and-releases/versions/v1.4.1/performance-report.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.