Request Url:
UAT: https://uat.pay10.com/pgws/upi/validatevpa
PROD: https://secure.pay10.com/pgws/upi/validatevpa
Request Format
Please refer the table below for details of the required and optional parameters that need to be included in request. Request is in JSON format.
Field | Description | Required |
|---|---|---|
PAY_ID | Pay ID is provided by Pay10 | Y |
ORDER_ID | Generate Dynamic Id | Y |
CURRENCY_CODE | Currency Code (356 for INR) | Y |
TXNTYPE | SALE | Y |
MOP_TYPE | UP | Y |
PAYMENT_TYPE | UP | Y |
CUST_EMAIL | User email id | Y |
CUST_PHONE | User phone number | Y |
PAYER_ADDRESS | User UPI address Applicable and mandatory only for collect flow | Y |
Method of generating hash
To generate a hash you need to make a request of all the required parameters
For example, if you have to pass the following name value pairs in your Request:
Array ( [PAY_ID][PAY_ID] => 1023920310232327 [ORDER_ID][ORDER_ID] => BHARTID0907221107 [CURRENCY_CODE][CURRENCY_CODE] => 356 [TXNTYPE] => SALE [MOP_TYPE][MOP_TYPE] => UP [PAYMENT_TYPE][PAYMENT_TYPE] => UP [CUST_EMAIL][CUST_EMAIL] => cust [email protected] [CUST_PHONE][CUST_PHONE] => 9876543211 [PAYER_ADDRESS][PAYER_ADDRESS] => work@yesb )
Then you need to sort all the parameters in ascending order and add “Tilde” symbol as separator
CURRENCY_CODE=356~CUST_EMAIL=[email protected]~CUST_PHONE=9876543211~MOP_TYPE=UP~ORDER_ID=PAY100707220817~ AYER_A DDRESS=work@yesb~PAYMENT_TYPE=UP~PAY_ID=1023920310232327~TXNTYPE=SALE
Next step is to append the Secret Key at the end of the parameter string given by Pay10.After adding you will get the following output:
CURRENCY_CODE=356~CUST_EMAIL=cust- [email protected]~CUST_PHONE=9876543211~MOP_TYPE=UP~ORDER_ID=PAY100707220817~PAYER_A DDRESS=work@yesb~PAYMENT_TYPE=UP~PAY_ID=1023920310232327~TXNTYPE=SALE_910d73cfd7eb4785
After completing the above-mentioned process, you will have to call SHA256 algorithm and pass the parameter string to the same and the SHA256 will return the desired result as given below
Hash value= aa60cd280d0ae7cce67051fa74dc9e2280f0fcdb1fb0c7e63d42095470b3db79
Now you have to convert the generated value to the Uppercase and you will get the final result as hash value.
Hash value= AA60CD280D0AE7CCE67051FA74DC9E2280F0FCDB1FB0C7E63D42095470B3DB79
The purpose of the SHA256 signature field is to ensure the integrity of the data posted back to your server. You should always compare the SHA256 signature field's value posted by Pay10 servers with the one you calculated.
Encrypting the request Encryption Key
The encryption key will be sent over email to the registered email id when the merchant is proceeding to
live mode.
Encryption mechanism
After the plain text request is prepared, the hash is also appended to the request string:
{ CURRENCY_CODE=356~CUST_EMAIL=[email protected]~CUST_PHONE=9876543211~MOP_TYPE=UP~ORDER_ID=PAY100707220826~PAYER_ADDRESS=work@yesb~PAYMENT_TYPE=UP~PAY_ID=1023920310232327~TXNTYPE=SALE~HASH=A8B654D3F C5A1B45DA23BDE98A24DEB867734C70FFA2E1AF0F7888B21E2DCD29}
After the hash is appended the request string is encrypted using AES algorithm with “/CBC/PKCS5PADDING” and then posted over to the Pay10 PG with parameter name ENCDATA
ENCDATA=”SB0+5HDj0d6ZdlyXb0zaxDFZcnOMhjChC465Hk6xweSul0++M7ZLQ5bGeUR2Vdr2NAvflSIgovk+KnLDrxNWobwRh5/ubLDpGyCIPujVmi78OUF/6sR0UNZjyos5y7ZJVoca46UPjyCtQbtwWKStdYOJQ3AXRGJzwKZGhhbGRvbaMYRLU6FMSWQyUfmRrTA7QXBFhXr//KoL7JaieJ85kk/5zy3dAVWpewVhoRXwRAxURPHesC69PaI4YztDa64m81TTxao3abvz4ZgTxJ+nwKYOiHgbda5QIN4ntLru1+0OLZjptrOlCVgZ/h/wDsf3OvIi4Ij22Rol8kns1L7IW4rFk CEywtqBXmM3zTnUYDM= "
Note: Please do not append the salt key with the request String before encryption
Sending request and Getting Response
Below listed endpoints will be used to validate VPA
Request Url:
UAT: https://uat.pay10.com/pgws/upi/validatevpa
PROD: https://secure.pay10.com/pgws/upi/validatevpa
Request
Headers required to post a request:
| Key | Value |
|---|---|
| Content-Type | application/json |
| X-Content-Type-Options | nosniff |
| Accept | Application/json |
| Cache-Control | no-cache |
Request:
{"PAY_ID":"1023920310232327","ENCDATA":"SB0+5HDj0d6ZdlyXb0zaxDFZcnOMhjChC465Hk6xweSul0++M7ZLQ5bGeUR2Vdr2NAvflSIgovk+KnLDrxNWobwRh5/ubLDpGyCIPujVmi78OUF/6sR0UNZjyos5y7ZJVoca46UPjyCtQbtwWKStdYOJQ3AXRGJzwKZGhhbGRvbaMYRLU6FMSWQyUfmRrTA7QXBFhXr//KoL7JaieJ85kk/5zy3dAVWpewVhoRXwRAxURPHesC69PaI4YztDa64m81TTxao3abvz4ZgTxJ+nwKYOiHgbda5QIN4ntLru1+0OLZjptrOlCVgZ/h/wDsf3OvIi4Ij22Rol8kns1L7IW4rFk CEywtqBXmM3zTnUYDM= "}
Response
The response received to the merchant in the same format with ENCDATA and PAY_ID as the parameters. ENCDATA is decrypted using the same encryption key and Hash is validated.
For example,
Encrypted data received
{"PAY_ID":"1023920310232327","ENCDATA":"fH0JQRIV/FtIBu12T97CtbJ4GHR0Uu+yw5+4vKpsrGCdN7WqxhCDQUjk2qz9Nu5kL1GI8ZVGnmtkkHNgk8pfDeL3lrC//yITq/cHQVLpSdlAoYEQdnygepRklMNSk1rdMAtKZKHAu9MLUxdNAAtvVNqh2Ja3ZbIdNFWfVcjpR5U6hqAt3Un3iaRJAVfvID1asKMv4dbjdco1dkez/pixGV+F4w32Qtb0OYpogBGYiLgoGD2KE6c7TUmafXOMgznr+h/y3beZdgmyttQyDVjlLFG9LVe7uat3W2gnWH8vdIiWNZ+EswJ58i4lbthlxg1qHFtFsvE3NMSvV4C/m8+hwk/v3h/B2Q3r0pgdGwDLVt6blQGes1iDavONq58EJf9lLYCrXzoaXQC3V03b7/cdogaLepuyODfsYczD2mLLKnaqSbGsnrYiKZILvgTxXWxurB16mJ8CZlmMWhGBLVWfYnWDB/E8TqnjXy6YNLLo157f//x6yyRd3D0+m9R4VD6BbzuakElx5AF/Zo0SJLByIOcRCrP3W90q3+bKtLPUZBQ"}
Decrypted Data:
RESPONSE_CODE=787~PAYER_NAME=PUNEETKAPOOR~TXN_ID=1033920709163753~IS_MERCHANT_HOSTED=Y~CUST_PHONE=9876543211~MOP_TYPE=UP~TXNTYPE=SALE~CURRENCY_CODE=356~HASH=0EA4609DD8F486BD2F24577E63B3E32D232266EF2257EB7787F5CE0D2768A3AE~PAYMENT_TYPE=UP~PG_TXN_MESSAGE=Virtual Address already exists~STATUS=Success~PAY_ID=1023920310232327~PAYER_ADDRESS=work@yesb~ORDER_ID= BHARTID0907221107~CUST_EMAIL=[email protected]
The hash value is extracted, and Hash is calculated in the same way as request HASH but using the response params.
Now you can split the decrypted string to get a plain text. ["RESPONSECODE=787","PAYER_NAME=PUNEET KAPOOR","TXN_ID=1033920709163753","IS_MERCHANT_HOSTED=Y","CUST_PHONE=9876543211","MOP TYPE=UP","TXNTYPE=SALE","CURRENCY_CODE=356","HASH=0EA4609DD8F486BD2F24577E63B3E32D23226 6EF2257EB7787F5CE0D2768A3AE","PAYMENT_TYPE=UP","PG_TXN_MESSAGE=Virtual Address already exists","STATUS=Success","PAY_ID=1023920310232327","PAYER_ADDRESS=work@yesb","ORDER_ID= BHARTID0907221107","CUST_EMAIL=[email protected]"]["RESPONSE_CODE=787","PAYER_NAME=PUNEET KAPOOR","TXN_ID=1033920709163753","IS_MERCHANT_HOSTED=Y","CUST_PHONE=9876543211","MOP_ TYPE=UP","TXNTYPE=SALE","CURRENCY_CODE=356","HASH=0EA4609DD8F486BD2F24577E63B3E32D23226 6EF2257EB7787F5CE0D2768A3AE","PAYMENT_TYPE=UP","PG_TXN_MESSAGE=Virtual Address already exists","STATUS=Success","PAY_ID=1023920310232327","PAYER_ADDRESS=work@yesb","ORDER_ID= BHARTID0907221107","CUST_EMAIL=[email protected]"]