Generate OTP for Rupay Card API

The Generate OTP for Rupay Card API is used to generate OTP in the Seamless flow. After the customer receives the OTP, you must validate the OTP using the Verify OTP for Rupay Card API.

Endpoint

Productionhttps://pgdomain/authentication/api/v1/generateOTP
Testhttps://areionsbi.pc.enstage-sas.com/authentication/api/v1/generateOTP
Sample request
curl -X POST https://areionsbi.pc.enstage-sas.com/authentication/api/v1/generateOTP \
-H "Content-Type: application/json" \
-H "pgInstanceId: 720200" \
-d '{
  "header": {
    "version": "1.0.0.0",
    "pgInstanceId":”72702415”,
    "x-api-key”: “AF165FBD-4E85-4c66-BEB1C54DC16CD48B”
  },
  "body": {
     “pgInstanceId”:” 72702415”
     "merchantId":”123”,
     "pan": “6075xxxxxxxx4412”,	
     "expDate_:"022024",
     "cvd2":”123”,
     "nameOnCard":”test”,
     "email":”[email protected]”,
     "currencCode":”356”,
     "amount":”11025”
     "merchantReferenceNo":”122344sdg”
     "orderDesc":”One bat”,
     "mobileNumber":”8867772222”,
     “cardHolderStatus”:”NW”,
     "http_accept": “text/html, application/xhmtl (http accept of a browser)”,	
     "browser_user_agent":"user agent of a browser",
     "customerIpAddress":"ip-address of a customer",
     “ext1”:”123456”,
     “ext2”:”123456”,
     “amountInINR:”11025”,
     “originalAmount”:”11025”
     “purposeOfAuthentication”:” Token Transaction”,
      “tokenAuthenticationValue”:”wwopqds/qww=”
  }
}'

Response parameters
ParameterM/O/CType & SizeDescriptionExample
statusMN(5)Transaction Statussuccess or failed
validityPeriodCN(2)The validity of the OTP in minutes for this transaction. Any newly generated OTP for the same transaction will automatically invalidate the old OTPs.00 to 30
errorcodeMN(1-4)This is a numeric code used to provide success or failure response.0 = No Error. For the complete list of error codes, refer to Error codes sub-section and PG Error Codes.
errormsgCAN(0-(1024)Description for the error code.For the complete list of error codes with message, refer to PG Error Codes .
pgTransactionIdCN(1-8)Sale ID860
Sample response
{
      "status":"success",
      "errorcode":"0",
      "errormsg":"",
      "pgTransactionId":"32424",	
      “validityPeriod”:”25”
   }

Error codes ###Error codes
Error Code Description Reference XML Tag 
00Transaction was successfully authorized by Issuing bank.Entire SOAP envelop along with values of parameters passed  BEPG will successfully complete all technical as well as business validations on XML structure and values of all the parameters present within tag and passes the same to Issuing bank. On successful response from Issuinb bank, BEPG to return code '00'
01Missing ParameterEntire SOAP envelop along with values of parameters passed BEPG will check all the parameters and if any of the required parameter is not present then return this error code.
02Invalid Command BEPG checks if command in this tag is as per specs and if not will decline with this error code.
07Invalid ParameterBEPG checks all parameters and if any parameter is not as per specs and it will decline with this error code.
13Amount Error<auth_amount> under  
If amount value send by PG is not greater than 0 then BEPG will decline with this error code.
41DECLINED (lost card) 
If card is marked as Lost at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG
42DECLINED (no account) 
If no account is found for the card number provided at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
43DECLINED (stolen) 
If card is marked as Stolen at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
51NON SUFFICIENT FUNDS 
If sufficient funds are not available in cardholder account to process that transaction amount, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
54EXPIRED CARD 
If card is expired, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
55WRONG PIN 
If cardholder has submitted wrong PIN, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
57DECLINED (cardholder not allowed) 
If transactions are not allowed for the provided card at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
58DECLINED  (terminal not allowed) 
If transactions are not allowed for the provided terminal details at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
59DECLINED (fraud) 
If transaction is match any RISK criterias/rules at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
61DECLINED (exceeds with) 
If daily withdrawal amount limit is exceeded for provided card at Issuer end, Issuer to pass this error code to  BEPG and BEPG sends this error code to PG.
62DECLINED

(restricted card)
 
If card is marked as Restricted for usage at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
65DECLINED  (exceeds frequency) 
If daily withdrawal frequency limit is exceeded for provided card at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
91ERRORIf NPCI switch does not receives response from Issuer switch within specified time limit, transactions is declined by NPCI switch with this error code
92NO ROUTING AVAILABLEIf no routing is available for provided BIN at NPCI switch end, NPCI switch to pass this error code to BEPG and BEPG sends this error code to PG.
96SYSTEM ERRORIn case if due to any technical error BEPG is unable to process transaction then BEPG to return this error code.
96PREVIOUSLY AUTHORIZEDDuplicate Authorize API Call
Transaction was authorized at BEPG and received duplicate Authorize request for same transaction ID from PG.  It is completely on PG’s discretion to decline/approve the transaction based on response received for duplicate Authorize API call and member entity is always advised to trigger the Transaction Status API call in case of response not received for first authorize API call instead of duplicate Authorize API call.
96PREVIOUSLY DECLINEDDuplicate Authorize API Call
Transaction was authorized at BEPG and received duplicate Authorize request for same transaction ID from PG.  It is completely on PG’s discretion to decline/approve the transaction based on response received for duplicate Authorize API call and member entity is always advised to trigger the Transaction Status API call in case of response not received for first authorize API call instead of duplicate Authorize API call.
110NO ACCTIf not account is found for provided card at Issuer end, Issuer to pass this error code to BEPG and BEPG to send this error code to PG.
120ACCT CLOSEDIf not account is closed for the card provided at Issuer end, Issuer to pass this error code to BEPG and BEPG to send this error code to PG.
399SYSTEM UNAVAILABLEIn case if interfacing systems are unavailable at BEPG end, for some reasons resulting in non-processing of transaction then BEPG to return this error code
400General ErrorIf BEPG is not able to process transactions for codes as specified in this document then BEPG can return this code.
401Command is Null or Empty
IAS checks tag  and if NULL or Empty command found, then decline with this error code
402XML is Null or

Empty

If XML body in this tag is Null or Empty then return this message
406Not

Authenticated
, <partner_id>, <merchant_password>
Credentials mismatch/Invalid credentials OR not able to validate the signature/hash of the request in case or rest endpoints.
407Not AuthorizedSource IP 
BEPG checks for credentials passed by PG and source IP and if source IP is not from white listed IP addresses at application level then BEPG will return this error code.
408XML Data Error under
BEPG will validate entire XML structure/format and if validation fails then BEPG will return this error code
409Invalid

AuthenticaionValue
The authenticationValue sent in request is validated and if invalid or duplicate, the request is rejected with this code.
453Exhausted OTP resend countLimit reached for resend OTP request for this transaction. The user must initiate a new transaction.
454Duplicate requestIDThe requestID of generateOTP is already used for a different card number.
501EMI Not availableEMI program is not available for the given card bin.
504EMI details mismatchThe Emi details (emi tenure, emi rate of interest) does not match with EMI program available for the card bin.
505SI not registeredSI registration ID sent in request is not available in the system.
506Invalid  relationshipIDThe relationshipID sent in request is not available in the system or is invalid
507SFA device token security errorThe deviceToken is invalid for the relationshipID sent
Note: Reason could be:

1. deviceToken decryption error
2. deviceToken signature error
3. devicetoken validation error
508SFA token security errorThe token/token signature is invalid
Language
Click Try It! to start a request and see the response here!