This API allows merchants to validate a UPI (Unified Payment Interface) Virtual Payment Address.
HTTP Request Method: GET
Environment
Request headers
Parameter | Description |
---|---|
date | The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT. |
authorization | The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description. |
authorization fields description
Field | Description |
---|---|
username | Represents the username or identifier for the client or merchant, for example smsplus. |
algorithm | Use SHA512 algorithm for hashing and send this as header value. |
headers | Specifies which headers have been used in generating the hash, for example date. |
signature | The HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm. |
hashing algorithm
You must hash the request parameters using the following hash logic:
Hash logic: sha512(<Body data>
+ '|' + date + '|' + merchant_secret)
Where <Body data>
contains the request body posted with the request.
Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();
// authorization
var authorization = getAuthHeader(date);
function getAuthHeader(date) {
var AUTH_TYPE = 'sha512';
var data = isEmpty(request['data']) ? "" : request['data'];
var hash_string = data + '|' + date + '|' + merchant_secret;
var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}
Request body
Parameter | Description |
---|---|
isAutoVPAValid
|
|
vpa
|
|
Sample request
curl --location 'https://info.payu.in/payment-mode/v1/upi/vpa?isAutoVPAValid=true&vpa=ridhigarg95@okicici' \
--header 'Content-Type: application/json' \
--header 'date: Tue, 17 Jun 2025 06:48:55 GMT' \
--header 'authorization: hmac username="smsplus", algorithm="sha512", headers="date", signature="b4db4b20d1d9146edfd846fc11c2145ab1ac99c001df5923e3a412672f577b73f3b2cee4dc492f18ea55a0be8a4ec9f0df4475ad6eb03bedc0c6ef46235f0ed7"'
Sample response
{
"message": "Success",
"status": 1,
"result": {
"isValidVpa": true,
"payerAccountName": "RIDHI GARG",
"vpa": "ridhigarg95@okicici",
"isAutoPayVPAValid": true
}
}
Response parameters
Parameter | Description | Example |
---|---|---|
message | Response message indicating the operation result. | Success |
status | Status code for the operation. It can be any of the following:
| 1 |
result | The result of the response in a JSON format. For more information, refer result JSON fields description | true |
result JSON fields description
Parameter | Description | Example |
---|---|---|
isValidVpa | Indicates whether the provided VPA is valid. | true |
payerAccountName | Name associated with the VPA. | RIDHI GARG |
vpa | The validated VPA. | ridhigarg95@okicici |
isAutoPayVPAValid | Indicates whether the VPA is valid for auto-pay. | true |