Merchant Onboarding API

The Merchant Onboarding API is used to onboard new merchants on the Twid platform.

Environment


Production	{{loyalty-service-url}}/merchant/v1
Test	https://apitest.payu.in/merchant/v1

Request header

For non-seamless integration

Mandatory Header: mid

For seamless integration

Request Header

Parameter	Description
date	The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorization	The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

Parameter	Description
username	Represents the username or identifier for the client or merchant, in this case, it's "smsplus".
algorithm	Indicates the hashing algorithm used for the HMAC signature. Here, it is set to "sha512".
headers	Specifies which headers have been used in generating the hash. In this case, only the "date" header is used.
signature	The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

sha512(<Body data> + '|' + date + '|' + merchant_secret}

Where, <Body data> contains the request Body posted with the request.

Sample header code

var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';

// date
var date = new Date();
// var date = "Wed, 28 Jun 2023 11:25:19 GMT";
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);
console.log(authorization);

function getAuthHeader(date) {
var AUTH_TYPE = 'sha512';
var data = isEmpty(request['data'])?"":request['data'];
var hash_string = data + '|' + date + '|' + merchant_secret;
console.log("Hash String is ", hash_string);
var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
var authHeader = 'hmac username="' + merchant_key + '", ' + 'algorithm="' + AUTH_TYPE + '", headers="date", signature="' + hash + '"'
return authHeader;
}

pm.environment.set('date', date);
pm.environment.set('authorization', authorization);
pm.environment.set('merchant_key',merchant_key);
pm.environment.set('merchant_secret',merchant_secret);

function isEmpty(obj) {
for(var key in obj) {
if(obj.hasOwnProperty(key))
return false;
}
return true;
}

Request parameters

Parameter	Description	Example
payuMerchantKey `mandatory`	`String` - PayU Merchant Key	`"BCRVuw324"`
payuMerchantId `mandatory`	`String` - PayU-assigned merchant ID	`"12711755234"`
name `mandatory`	`String` - Merchant name	`"MerchantName"`
category `mandatory`	`String` - Merchant category	`"Merchant Category"`
companyName `mandatory`	`String` - Merchant's company name	`"Company name"`
email `mandatory`	`String` - Merchant's email address	`"[email protected]"`
phone `mandatory`	`String` - Merchant's phone number	`"9999999999"`
active `mandatory`	`Integer` - Merchant status (1 = Active, 0 = Inactive)	`1`
loyaltyProvider `mandatory`	`String` - Loyalty provider (e.g., TWID)	`"TWID"`

Sample request

Non-seamless integration

curl -X POST "https://apitest.payu.in/loyalty-points/merchant/v1" \
  -H "Content-Type: application/json" \
  -H "mid: YOUR_MERCHANT_ID" \
  -d '{
    "payuMerchantKey": "BCRVuw324",
    "payuMerchantId": "12711755234",
    "name": "MerchantName",
    "category": "Merchant Category",
    "companyName": "Company name",
    "email": "[email protected]",
    "phone": "9999999999",
    "active": 1,
    "loyaltyProvider": "TWID"
  }'

Seamless integration

curl -X POST "https://apitest.payu.in/loyalty-points/merchant/v1" \
  -H "Content-Type: application/json" \
  -H "Date: Wed, 08 Sep 2025 13:22:43 GMT" \
  -H "Authorization: hmac username="YOUR_MERCHANT_KEY", algorithm="sha512", headers="date", signature="GENERATED_SIGNATURE"" \
  -d '{
    "payuMerchantKey": "BCRVuw324",
    "payuMerchantId": "12711755234",
    "name": "MerchantName",
    "category": "Merchant Category",
    "companyName": "Company name",
    "email": "[email protected]",
    "phone": "9999999999",
    "active": 1,
    "loyaltyProvider": "TWID"
  }'

Response parameters

Parameter	Description	Example
loyaltyMerchantKey	`String` - Unique key assigned to the merchant for loyalty integration	`"LS309b6df5-4740-4459-889f-ea4b261d3d2a"`
msg	`String` - The outcome message of the API call	`"SUCCESS"`

Sample response

{
  "loyaltyMerchantKey": "LS309b6df5-4740-4459-889f-ea4b261d3d2a",
  "msg": "SUCCESS"
}