Validate VPA API

This API allows merchants to validate a UPI (Unified Payment Interface) Virtual Payment Address.

HTTP Request Method: GET

Environment

Request headers

ParameterDescription
dateThe current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorizationThe actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

FieldDescription
usernameRepresents the username or identifier for the client or merchant, for example smsplus.
algorithmUse SHA512 algorithm for hashing and send this as header value.
headersSpecifies which headers have been used in generating the hash, for example date.
signatureThe HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request body

Parameter

Description

isAutoVPAValid mandatory

Boolean Determines whether to check for auto-pay VPA validation.

vpa mandatory

String The UPI Virtual Payment Address to be validated.

Sample request

curl --location 'https://info.payu.in/payment-mode/v1/upi/vpa?isAutoVPAValid=true&vpa=ridhigarg95@okicici' \
--header 'Content-Type: application/json' \
--header 'date: Tue, 17 Jun 2025 06:48:55 GMT' \
--header 'authorization: hmac username="smsplus", algorithm="sha512", headers="date", signature="b4db4b20d1d9146edfd846fc11c2145ab1ac99c001df5923e3a412672f577b73f3b2cee4dc492f18ea55a0be8a4ec9f0df4475ad6eb03bedc0c6ef46235f0ed7"'

Sample response

{
    "message": "Success",
    "status": 1,
    "result": {
        "isValidVpa": true,
        "payerAccountName": "RIDHI GARG",
        "vpa": "ridhigarg95@okicici",
        "isAutoPayVPAValid": true
    }
}

Response parameters

Parameter

Description

Example

message

Response message indicating the operation result.

Success

status

Status code for the operation. It can be any of the following:

  • 1 for success
  • 0 for failure.

1

result

The result of the response in a JSON format. For more information, refer result JSON fields description

true

result JSON fields description

ParameterDescriptionExample
isValidVpaIndicates whether the provided VPA is valid.true
payerAccountNameName associated with the VPA.RIDHI GARG
vpaThe validated VPA.ridhigarg95@okicici
isAutoPayVPAValidIndicates whether the VPA is valid for auto-pay.true