UPI Number Mapper API

UPI Number is an 8-11 digit number that can be registered from any PSP App on NPCI. Along with this number, the Default VPA of this PSP App gets registered at the NPCI end.

The UPI Number API command is used to fetch the VPA from the NPCI database. After the customer enters the UPI Number on your website, you need to initiate this API to check whether the UPI number is registered. If the UPI number is registered it will return the VPA associated with that Mobile Number.

HTTP Method: GET

Environment

Request parameters

📘

Note:

The request parameters must be passed in headers.

FieldDescriptionExample
Date
mandatory
String The date and time should be in the GMT time conversion(not the IST). For example, current time in India is 18:00:00 IST, the time in the date header should be 12:30:00 GMT. Thu, 17 Feb 2022 08:17:59 GMT 
Digest
mandatory
Sttring Base 64 encode of (sha256 hash of the JSON data (post to server). vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0=
Authorization
mandatory
String This field is in the String format. For more information, refer to Authorization field format. 

Authorization field format

The Authorization field format is similar to the following example:

hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="CkGfgbho69uTMMOGU0mHWf+1CUAlIp3AjvsON9n9/E4="

 Where, the fields in this example are:

  • username: The merchant key of the merchant.
  • algorithm: This must have the value as hmac-sha256 that is used for this API.
  • headers: This must have the value as date digest.
  • signature: This must contain the hmacsha256 of (signing_string, merchant_secret), where:
    • signing_string: It must be in the "date: {dateValue}"+"\n"+"digest: {digestValue}" format. Here, the dateVale and digestValue is the same values in the fields listed in this table For example, "date: Thu, 17 Feb 2022 08:17:59 GMT\ndigest: vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0="
    • merchant_secret: The merchant Salt of the merchant. For more information on getting the merchant Salt, refer to Generate Merchant Key and Salt.

The following sample Java code contains the logic used to encrypt as described in the above table:

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class HmacAuth {

    public static String getSha256(String input) {
        try {
            MessageDigest md = MessageDigest.getInstance("SHA-256");
            byte[] digest = md.digest(input.getBytes());
            return Base64.encodeBase64String(digest);
        } catch (NoSuchAlgorithmException ignored) {}
        return null;
    }

    public static JsonObject getRequestBody(){
        JsonObject requestJson = new JsonObject();
        requestJson.addProperty("firstname","John");
        requestJson.addProperty("lastname","Doe");
        return requestJson;
    }

    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
        String key = "smsplus";
        String secret = "admin";
        Gson gson = new Gson();
        String date = DateTimeFormat.forPattern("EEE, dd MMM yyyy HH:mm:ss 'GMT'").withZoneUTC().print(new DateTime());
        System.out.println(date);
        JsonObject requestJson = getRequestBody();
        String digest = getSha256(gson.toJson(requestJson));
        System.out.println(digest);
        String signingString = new StringBuilder()
            .append("date: " + date)
            .append("\ndigest: " + digest).toString();
        Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
        SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
        sha256_HMAC.init(secret_key);
        String signature = Base64.encodeBase64String(sha256_HMAC.doFinal(signingString.getBytes()));
        String authorization = new StringBuilder()
            .append("hmac username=\"")
            .append(key)
            .append("\", algorithm=\"hmac-sha256\", headers=\"date digest\", signature=\"")
            .append(signature)
            .append("\"").toString();
        System.out.println(authorization);
    }
}

The sample header is similar to the following:

📘

Note:

You need to include the current date and time in the Date field of the header.

'Date: Tue, 09 Aug 2022 12:14:51 GMT'
'Digest: vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0= '
'Authorization: hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="zGmP5Zeqm1pxNa+d68DWfQFXhxoqf3st353SkYvX8HI=""'

Sample Request

For UPI Collect

curl --location --request GET 'https://info.payu.in/payment-mode/v1/upi/vpa?upiNumber=9123412345 \ 
--header 'Content-Type: application/json' \ 
--header 'Date: Thu, 09 Feb 2023 10:13:28 GMT' \ 
--header 'Digest: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' \ 
--header 'Authorization: hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="T4FRZcZ3AUYNCMnpZOePT6EKwhiGwCPgglp0RLyYN6Q="' 

For UPI Autopay

curl --location --request GET 'https://info.payu.in/payment-mode/v1/upi/vpa?isAutoVPAValid=true&upiNumber=9123412345' \ 
--header 'Content-Type: application/json' \ 
--header 'Date: Thu, 09 Feb 2023 10:13:28 GMT' \ 
--header 'Digest: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' \ 
--header 'Authorization: hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="T4FRZcZ3AUYNCMnpZOePT6EKwhiGwCPgglp0RLyYN6Q="' 

Response parameters

FieldDescriptionExample
message String This parameter returns whether the API call is success or not Success 
status String This parameter returns the any of the following status of web service call: 
result JSON Object This field contains the result of the API query including Payer VPA and Payer Name in a JSON format. For more information on fields in the JSON, refer to Description of Fields in JSON.Refer to the subsection below 

Description of fields in the Result JSON

FieldDescriptionExample
isValidVpa Whether the UPI Number is Valid or not true 
payerAccountName If UPI Number is valid, Name associated with the VPA Abc
vpa VPA associated with the UPI Number 9123412345@okhdfcbank 
isAutoPayVPAValid Whether the VPA is UPI Autopay supported or not.
Note: This will only be included if isAutoVPAValid=true is sent as part of the request.
true

Sample Response

Success Scenarios

  • For UPI Collect
{ 
    "message": "Success", 
    "status": 1, 
    "result": { 
        "isValidVpa": true, 
        "payerAccountName": "Abc", 
        "vpa": "9123412345@okhdfcbank" 
    } 
} 
  • For UPI Autopay
{ 
    "message": "Success", 
    "status": 1, 
    "result": { 
        "isValidVpa": true, 
        "payerAccountName": "Abc", 
        "vpa": "9123412345@okhdfcbank", 
        "isAutoPayVPAValid": true 
    } 
}

Failure Scenario

{ 
    "message": "Success", 
    "status": 1, 
    "result": { 
        "isValidVpa": false, 
        "payerAccountName": "NA", 
        "vpa": null 
    } 
}