Knogin
[Developers]

DoC Traveler Domain

Before a government employee departs for a high-risk assignment, her duty of care coordinator needs to record her emergency contacts, medical conditions relevant to emergency care, and consent to location sharing during

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsreal-time

Overview#

Before a government employee departs for a high-risk assignment, her duty of care coordinator needs to record her emergency contacts, medical conditions relevant to emergency care, and consent to location sharing during the assignment period. All of that information needs to be encrypted at rest, accessible to authorised responders if an incident occurs, and cleared when the assignment ends. The DoC Traveler domain manages that entire profile lifecycle, from onboarding to offboarding, with the privacy and security controls that sensitive personal and medical data requires.

Key Features#

  • Traveler profile management with encrypted PII storage.
  • Emergency contact information management.
  • Medical information tracking for emergency response.
  • Location sharing settings and consent management.
  • Dual authentication mode support (traveler token, platform JWT).
  • Row-level security with tenant isolation.
  • Traveler onboarding and offboarding workflows.
  • Profile update history and audit trail.

Use Cases#

Corporate travel security teams manage traveler profiles with encrypted personal and medical information for every employee on a duty of care programme, ensuring that first responders have the data they need in an emergency.

Government agencies protecting deployed personnel configure location sharing and monitoring preferences per traveler, with consent management ensuring that tracking is legally compliant and appropriately scoped to the deployment period.

Emergency response coordinators access emergency contact information and medical data during incidents, with authorised access controls ensuring that only responders with a legitimate need can retrieve sensitive profile details.

Programme administrators manage traveler onboarding and offboarding workflows systematically, ensuring that every new traveler is enrolled before departure and that profiles are properly archived when assignments conclude.

Integration#

Integrates with location tracking, incident management, and notification systems for comprehensive traveler safety management.

Open Standards#

  • GraphQL (June 2018 specification): All traveller profile queries, mutations, and real-time event subscriptions are defined and served over a GraphQL API, enabling strongly typed, introspectable access to profile data for both travellers and platform operators.
  • JSON Web Token (RFC 7519): Dual authentication mode is enforced via JWTs; travellers present a doc_traveler_token and platform operators present an argus_access_token, with claims validated including audience, expiry, and key-version on every request.
  • AES-256-GCM (NIST SP 800-38D): All personally identifiable information, names, phone numbers, emergency contacts, and medical data, is encrypted at rest using AES-256-GCM with per-row authenticated additional data (AAD) that binds each ciphertext to its database row, preventing ciphertext transplant attacks.
  • HMAC-SHA-256 (FIPS 198-1 / FIPS 180-4): Searchable blind indexes on the encrypted phone field are computed as HMAC-SHA-256 digests keyed with a separate index key, allowing deterministic lookup without exposing plaintext to the database layer.
  • RFC 4122 (UUID): All entity identifiers, traveller profile IDs, tenant IDs, and user IDs, are version-4 universally unique identifiers, used consistently across REST routes, GraphQL types, and row-level tenant isolation predicates.
  • ISO 8601: All datetime fields (created_at, updated_at, subscription event timestamps) are serialised as ISO 8601 timezone-aware strings in API responses, ensuring unambiguous interchange with client applications.
  • WebSocket (RFC 6455): Real-time GraphQL subscriptions for incident updates, location events, and SOS alerts are delivered over WebSocket connections with tenant-scoped authorisation guards enforced at subscription setup time.
  • OAuth 2.0 (RFC 6749): The WWW-Authenticate: Bearer challenge scheme is used on unauthenticated requests, and scope-bearing JWT claims govern access to DSAR and privileged platform endpoints within the same authentication pipeline.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.