POSTAePS Aadhaar Pay

Accept merchant payments debited directly from a customer's Aadhaar-linked bank account via biometric authentication.

POST/customer/collection/aeps-fingpay

Aadhaar Pay (service_type=5) enables merchants to accept payments from customers whose bank accounts are Aadhaar-linked, authenticated with a fingerprint scan. Unlike Cash Withdrawal (where cash is dispensed), the funds are transferred to the merchant. This is useful for last-mile digital payments at kirana stores and service points where customers have no UPI or debit card. The flow is identical to Cash Withdrawal but with a positive merchant-side credit.

Body parameters

Field	Type	Required	Description
`initiator_id`	string	required	Registered mobile number of the API user (see Platform Credentials).e.g. 9962981729
`user_code`	string	required	User code of the retailer/agent the service is run for.e.g. 20810200
`client_ref_id`	string	optional	Unique reference id per API call, generated by your system.e.g. REQ-20260101-001
`service_type`	number	required	Transaction type. Use 5 for Aadhaar Pay.e.g. 5
`customer_id`	string	required	Customer's registered mobile number.e.g. 9876543210
`bank_code`	string	required	Bank IIN/IFS code identifying the customer's bank.e.g. 607153
`amount`	number	required	Payment amount in INR (integer). This amount is debited from the customer and credited to the merchant.e.g. 250
`aadhaar`	string	required	RSA-encrypted, Base64-encoded Aadhaar number of the paying customer.e.g. BASE64_ENCRYPTED_AADHAAR
`piddata`	string	required	PID XML string from UIDAI-certified biometric device (fType=2, Data type='X', mc in DeviceInfo).e.g. <?xml version='1.0'?><PidData><Data type='X'>...</Data><DeviceInfo mc='...' /></PidData>
`pipe`	number	required	Routing pipe selector. Use 0 (default).e.g. 0
`notify_customer`	number	required	Send SMS notification to the customer. 1 = yes, 0 = no.e.g. 1
`latlong`	string	required	GPS coordinates of the transaction origin in 'latitude,longitude' format.e.g. 28.6139,77.2090
`source_ip`	string	required	IP address of the merchant system initiating the transaction.e.g. 103.56.78.90

initiator_idstringRequired

Registered mobile number of the API user (see Platform Credentials).

example: 9962981729

user_codestringRequired

User code of the retailer/agent the service is run for.

example: 20810200

client_ref_idstringoptional

Unique reference id per API call, generated by your system.

example: REQ-20260101-001

service_typenumberRequired

Transaction type. Use 5 for Aadhaar Pay.

example: 5

customer_idstringRequired

Customer's registered mobile number.

example: 9876543210

bank_codestringRequired

Bank IIN/IFS code identifying the customer's bank.

example: 607153

amountnumberRequired

Payment amount in INR (integer). This amount is debited from the customer and credited to the merchant.

example: 250

aadhaarstringRequired

RSA-encrypted, Base64-encoded Aadhaar number of the paying customer.

example: BASE64_ENCRYPTED_AADHAAR

piddatastringRequired

PID XML string from UIDAI-certified biometric device (fType=2, Data type='X', mc in DeviceInfo).

example: <?xml version='1.0'?><PidData><Data type='X'>...</Data><DeviceInfo mc='...' /></PidData>

pipenumberRequired

Routing pipe selector. Use 0 (default).

example: 0

notify_customernumberRequired

Send SMS notification to the customer. 1 = yes, 0 = no.

example: 1

latlongstringRequired

GPS coordinates of the transaction origin in 'latitude,longitude' format.

example: 28.6139,77.2090

source_ipstringRequired

IP address of the merchant system initiating the transaction.

example: 103.56.78.90

Headers

Field	Type	Required	Description
`developer_key`	string	required	Static API key issued to your account after KYC.
`secret-key`	string	required	Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))).
`secret-key-timestamp`	string	required	Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time.
`content-type`	string	required	application/jsone.g. application/json

developer_keystringRequired

Static API key issued to your account after KYC.

secret-keystringRequired

Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))).

secret-key-timestampstringRequired

Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time.

content-typestringRequired

application/json

example: application/json

Responses

statusnumber
Primary success indicator (0 = success).
messagestring
Human-readable response / error message.
response_status_idnumber
Granular status id; see the shared error-codes table.
response_type_idnumber
A unique id for every possible response shape (success or error) — useful for client logic branching and analytics.
tx_statusstring
Transaction state: 0=Success, 1=Fail, 2=Awaited, 3=Refund Pending, 4=Refunded, 5=On Hold.
txstatus_descstring
Human-readable transaction status.
dataobject
API-specific response payload.
- tidstring
  Eko's internal transaction ID.
- amountnumber
  Payment amount processed (INR).
- bank_namestring
  Name of the customer's debited bank.
- bank_ref_numstring
  NPCI/bank reference number.