Validate VPA API

This API allows merchants to validate a UPI (Unified Payment Interface) Virtual Payment Address.

HTTP Request Method: GET

Environment


Test	https://info.payu.inpayment-mode/v1/upi/vpa
Production	https://test.payu.in/payment-mode/v1/upi/vpa

Request headers

Parameter	Description
date	The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorization	The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

Field	Description
username	Represents the username or identifier for the client or merchant, for example smsplus.
algorithm	Use SHA512 algorithm for hashing and send this as header value.
headers	Specifies which headers have been used in generating the hash, for example date.
signature	The HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code

var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request body

Parameter	Description
isAutoVPAValid `mandatory`	`Boolean` Determines whether to check for auto-pay VPA validation.
vpa `mandatory`	`String` The UPI Virtual Payment Address to be validated.

Sample request

curl --location 'https://info.payu.in/payment-mode/v1/upi/vpa?isAutoVPAValid=true&vpa=test@payu' \
--header 'Content-Type: application/json' \
--header 'date: Tue, 17 Jun 2025 06:48:55 GMT' \
--header 'authorization: hmac username="smsplus", algorithm="sha512", headers="date", signature="b4db4b20d1d9146edfd846fc11c2145ab1ac99c001df5923e3a412672f577b73f3b2cee4dc492f18ea55a0be8a4ec9f0df4475ad6eb03bedc0c6ef46235f0ed7"'

Sample response

{
    "message": "Success",
    "status": 1,
    "result": {
        "isValidVpa": true,
        "payerAccountName": "Test",
        "vpa": "test@payu",
        "isAutoPayVPAValid": true
    }
}

Response parameters

Parameter	Description	Example
message	Response message indicating the operation result.	Success
status	Status code for the operation. It can be any of the following: `1` for success `0` for failure.	1
result	The result of the response in a JSON format. For more information, refer result JSON fields description	true

Parameter

Description

Example

message

Response message indicating the operation result.

Success

status

Status code for the operation. It can be any of the following:

1 for success
0 for failure.

result

The result of the response in a JSON format. For more information, refer result JSON fields description

true

result JSON fields description

Parameter	Description	Example
isValidVpa	Indicates whether the provided VPA is valid.	true
payerAccountName	Name associated with the VPA.	RIDHI GARG
vpa	The validated VPA.	ridhigarg95@okicici
isAutoPayVPAValid	Indicates whether the VPA is valid for auto-pay.	true