Request Url:
UAT: https://uat.pay10.com/pgws/upi/validatevpa

PROD: https://secure.pay10.com/pgws/upi/validatevpa

Request Format
Please refer the table below for details of the required and optional parameters that need to be included in request. Request is in JSON format.

Field	Description	Required
PAY_ID	Pay ID is provided by Pay10	Y
ORDER_ID	Generate Dynamic Id	Y
CURRENCY_CODE	Currency Code (356 for INR)	Y
TXNTYPE	SALE	Y
MOP_TYPE	UP	Y
PAYMENT_TYPE	UP	Y
CUST_EMAIL	User email id	Y
CUST_PHONE	User phone number	Y
PAYER_ADDRESS	User UPI address Applicable and mandatory only for collect flow	Y

Method of generating hash
To generate a hash you need to make a request of all the required parameters

For example, if you have to pass the following name value pairs in your Request:

📘
Array ( [PAY_ID][PAY_ID] => 1023920310232327 [ORDER_ID][ORDER_ID] => BHARTID0907221107 [CURRENCY_CODE][CURRENCY_CODE] => 356 [TXNTYPE] => SALE [MOP_TYPE][MOP_TYPE] => UP [PAYMENT_TYPE][PAYMENT_TYPE] => UP [CUST_EMAIL][CUST_EMAIL] => cust email@domain.com [CUST_PHONE][CUST_PHONE] => 9876543211 [PAYER_ADDRESS][PAYER_ADDRESS] => work@yesb )

Then you need to sort all the parameters in ascending order and add “Tilde” symbol as separator

📘
CURRENCY_CODE=356~CUST_EMAIL=cust-email@domain.com~CUST_PHONE=9876543211~MOP_TYPE=UP~ORDER_ID=PAY100707220817~ AYER_A DDRESS=work@yesb~PAYMENT_TYPE=UP~PAY_ID=1023920310232327~TXNTYPE=SALE

Next step is to append the Secret Key at the end of the parameter string given by Pay10.After adding you will get the following output:

📘
CURRENCY_CODE=356~CUST_EMAIL=cust- email@domain.com~CUST_PHONE=9876543211~MOP_TYPE=UP~ORDER_ID=PAY100707220817~PAYER_A DDRESS=work@yesb~PAYMENT_TYPE=UP~PAY_ID=1023920310232327~TXNTYPE=SALE_910d73cfd7eb4785

After completing the above-mentioned process, you will have to call SHA256 algorithm and pass the parameter string to the same and the SHA256 will return the desired result as given below

📘
Hash value= aa60cd280d0ae7cce67051fa74dc9e2280f0fcdb1fb0c7e63d42095470b3db79

Now you have to convert the generated value to the Uppercase and you will get the final result as hash value.

📘
Hash value= AA60CD280D0AE7CCE67051FA74DC9E2280F0FCDB1FB0C7E63D42095470B3DB79

The purpose of the SHA256 signature field is to ensure the integrity of the data posted back to your server. You should always compare the SHA256 signature field's value posted by Pay10 servers with the one you calculated.

Encrypting the request Encryption Key

The encryption key will be sent over email to the registered email id when the merchant is proceeding to

live mode.

Encryption mechanism

After the plain text request is prepared, the hash is also appended to the request string:

📘
{ CURRENCY_CODE=356~CUST_EMAIL=cust-email@domain.com~CUST_PHONE=9876543211~MOP_TYPE=UP~ORDER_ID=PAY100707220826~PAYER_ADDRESS=work@yesb~PAYMENT_TYPE=UP~PAY_ID=1023920310232327~TXNTYPE=SALE~HASH=A8B654D3F C5A1B45DA23BDE98A24DEB867734C70FFA2E1AF0F7888B21E2DCD29}

After the hash is appended the request string is encrypted using AES algorithm with “/CBC/PKCS5PADDING” and then posted over to the Pay10 PG with parameter name ENCDATA

📘
ENCDATA=”SB0+5HDj0d6ZdlyXb0zaxDFZcnOMhjChC465Hk6xweSul0++M7ZLQ5bGeUR2Vdr2NAvflSIgovk+KnLDrxNWobwRh5/ubLDpGyCIPujVmi78OUF/6sR0UNZjyos5y7ZJVoca46UPjyCtQbtwWKStdYOJQ3AXRGJzwKZGhhbGRvbaMYRLU6FMSWQyUfmRrTA7QXBFhXr//KoL7JaieJ85kk/5zy3dAVWpewVhoRXwRAxURPHesC69PaI4YztDa64m81TTxao3abvz4ZgTxJ+nwKYOiHgbda5QIN4ntLru1+0OLZjptrOlCVgZ/h/wDsf3OvIi4Ij22Rol8kns1L7IW4rFk CEywtqBXmM3zTnUYDM= "

Note: Please do not append the salt key with the request String before encryption

Sending request and Getting Response

Below listed endpoints will be used to validate VPA

Request Url:

UAT: https://uat.pay10.com/pgws/upi/validatevpa

PROD: https://secure.pay10.com/pgws/upi/validatevpa

Request

Headers required to post a request:

Key	Value
Content-Type	application/json
X-Content-Type-Options	nosniff
Accept	Application/json
Cache-Control	no-cache

Request:

📘
{"PAY_ID":"1023920310232327","ENCDATA":"SB0+5HDj0d6ZdlyXb0zaxDFZcnOMhjChC465Hk6xweSul0++M7ZLQ5bGeUR2Vdr2NAvflSIgovk+KnLDrxNWobwRh5/ubLDpGyCIPujVmi78OUF/6sR0UNZjyos5y7ZJVoca46UPjyCtQbtwWKStdYOJQ3AXRGJzwKZGhhbGRvbaMYRLU6FMSWQyUfmRrTA7QXBFhXr//KoL7JaieJ85kk/5zy3dAVWpewVhoRXwRAxURPHesC69PaI4YztDa64m81TTxao3abvz4ZgTxJ+nwKYOiHgbda5QIN4ntLru1+0OLZjptrOlCVgZ/h/wDsf3OvIi4Ij22Rol8kns1L7IW4rFk CEywtqBXmM3zTnUYDM= "}

Response

The response received to the merchant in the same format with ENCDATA and PAY_ID as the parameters. ENCDATA is decrypted using the same encryption key and Hash is validated.

For example,

Encrypted data received

📘
{"PAY_ID":"1023920310232327","ENCDATA":"fH0JQRIV/FtIBu12T97CtbJ4GHR0Uu+yw5+4vKpsrGCdN7WqxhCDQUjk2qz9Nu5kL1GI8ZVGnmtkkHNgk8pfDeL3lrC//yITq/cHQVLpSdlAoYEQdnygepRklMNSk1rdMAtKZKHAu9MLUxdNAAtvVNqh2Ja3ZbIdNFWfVcjpR5U6hqAt3Un3iaRJAVfvID1asKMv4dbjdco1dkez/pixGV+F4w32Qtb0OYpogBGYiLgoGD2KE6c7TUmafXOMgznr+h/y3beZdgmyttQyDVjlLFG9LVe7uat3W2gnWH8vdIiWNZ+EswJ58i4lbthlxg1qHFtFsvE3NMSvV4C/m8+hwk/v3h/B2Q3r0pgdGwDLVt6blQGes1iDavONq58EJf9lLYCrXzoaXQC3V03b7/cdogaLepuyODfsYczD2mLLKnaqSbGsnrYiKZILvgTxXWxurB16mJ8CZlmMWhGBLVWfYnWDB/E8TqnjXy6YNLLo157f//x6yyRd3D0+m9R4VD6BbzuakElx5AF/Zo0SJLByIOcRCrP3W90q3+bKtLPUZBQ"}

Decrypted Data:

📘
RESPONSE_CODE=787~PAYER_NAME=PUNEETKAPOOR~TXN_ID=1033920709163753~IS_MERCHANT_HOSTED=Y~CUST_PHONE=9876543211~MOP_TYPE=UP~TXNTYPE=SALE~CURRENCY_CODE=356~HASH=0EA4609DD8F486BD2F24577E63B3E32D232266EF2257EB7787F5CE0D2768A3AE~PAYMENT_TYPE=UP~PG_TXN_MESSAGE=Virtual Address already exists~STATUS=Success~PAY_ID=1023920310232327~PAYER_ADDRESS=work@yesb~ORDER_ID= BHARTID0907221107~CUST_EMAIL=cust-email@domain.com

The hash value is extracted, and Hash is calculated in the same way as request HASH but using the response params.

Now you can split the decrypted string to get a plain text. ["RESPONSECODE=787","PAYER_NAME=PUNEET KAPOOR","TXN_ID=1033920709163753","IS_MERCHANT_HOSTED=Y","CUST_PHONE=9876543211","MOP TYPE=UP","TXNTYPE=SALE","CURRENCY_CODE=356","HASH=0EA4609DD8F486BD2F24577E63B3E32D23226 6EF2257EB7787F5CE0D2768A3AE","PAYMENT_TYPE=UP","PG_TXN_MESSAGE=Virtual Address already exists","STATUS=Success","PAY_ID=1023920310232327","PAYER_ADDRESS=work@yesb","ORDER_ID= BHARTID0907221107","CUST_EMAIL=cust-email@domain.com"]["RESPONSE_CODE=787","PAYER_NAME=PUNEET KAPOOR","TXN_ID=1033920709163753","IS_MERCHANT_HOSTED=Y","CUST_PHONE=9876543211","MOP_ TYPE=UP","TXNTYPE=SALE","CURRENCY_CODE=356","HASH=0EA4609DD8F486BD2F24577E63B3E32D23226 6EF2257EB7787F5CE0D2768A3AE","PAYMENT_TYPE=UP","PG_TXN_MESSAGE=Virtual Address already exists","STATUS=Success","PAY_ID=1023920310232327","PAYER_ADDRESS=work@yesb","ORDER_ID= BHARTID0907221107","CUST_EMAIL=cust-email@domain.com"]