---
title: "AePS Cash Withdrawal API Reference"
description: "Withdraw cash from any Aadhaar-linked bank account using biometric fingerprint authentication — no card or PIN required."
canonical: "https://eps.eko.in/docs/aeps-cash-withdrawal"
---
> **Canonical URL:** https://eps.eko.in/docs/aeps-cash-withdrawal
> This is a machine-readable Markdown version of the page for AI agents and LLMs. The primary (HTML) version lives at the canonical URL above.
# AePS Cash Withdrawal API Reference
`POST https://staging.eko.in/ekoapi/v3/customer/collection/aeps-fingpay/cash-withdrawal/{customer_id}`
Withdraw cash from any Aadhaar-linked bank account using biometric fingerprint authentication — no card or PIN required.
Allows a customer to withdraw cash from their bank account at an agent/BC point by providing their Aadhaar number and a live fingerprint scan. The agent's biometric device captures a PID XML blob which is passed verbatim to this API. The customer's Aadhaar is RSA-encrypted before transmission. Requires the agent to have completed AePS Fingpay activation, OTP-based eKYC, and the daily 2FA authentication for the current day.
> View product & pricing details: [AePS Cashout](https://eps.eko.in/products/aeps-api.md)
## Path parameters
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| customer_id | string | yes | Customer's registered mobile number. e.g. 9876543210 |
## Body parameters
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| initiator_id | string | yes | Registered mobile number of the API user (see Platform Credentials). e.g. 9962981729 |
| user_code | string | yes | User code of the retailer/agent the service is run for. e.g. 20810200 |
| client_ref_id | string | no | Unique reference id per API call, generated by your system. e.g. REQ-20260101-001 |
| bank_code | string | yes | Bank IIN/IFS code identifying the customer's bank. Obtain from the bank list API. e.g. 607153 |
| amount | number | yes | Withdrawal amount in Indian Rupees (integer). Must be greater than 0 for cash withdrawal. e.g. 1000 |
| aadhaar | string | yes | RSA-encrypted, Base64-encoded Aadhaar number. Encrypt the 12-digit Aadhaar using the Eko RSA public key with OPENSSL_SSLV23_PADDING, then Base64-encode the ciphertext. e.g. BASE64_ENCRYPTED_AADHAAR |
| piddata | string | yes | PID data captured from the UIDAI-certified biometric device, as a raw XML string. Must use Data type='X' (XML, not Protobuf). DeviceInfo must include the 'mc' (device certificate) parameter. fType must be 2. e.g. ... |
| pipe | number | yes | Routing pipe selector. Use 0 (default). e.g. 0 |
| notify_customer | number | yes | Send SMS notification to the customer. 1 = yes, 0 = no. e.g. 1 |
| latlong | string | yes | GPS coordinates of the transaction origin in 'latitude,longitude' format. e.g. 28.6139,77.2090 |
| source_ip | string | yes | IP address of the merchant/agent system initiating the transaction. e.g. 103.56.78.90 |
| reference_id | string | yes | 2FA reference ID obtained from the Daily Authentication (daily eKYC) API. Required for every Cash Withdrawal transaction due to compliance 2FA mandate. e.g. DAKYC20240101001 |
## Headers
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| developer_key | string | yes | Static API key issued to your account after KYC. |
| secret-key | string | yes | Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))). |
| secret-key-timestamp | string | yes | Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time. |
| content-type | string | yes | application/json e.g. application/json |
## Response
⭐ marks fields highlighted as verifiable.
| Field | Type | Description |
| --- | --- | --- |
| status | number | Primary success indicator (0 = success). |
| message | string | Human-readable response / error message. |
| response_status_id | number | Granular status id; see the shared error-codes table. |
| response_type_id | number | A unique id for every possible response shape (success or error) — useful for client logic branching and analytics. |
| tx_status | string | Transaction state: 0=Success, 1=Fail, 2=Awaited, 3=Refund Pending, 4=Refunded, 5=On Hold. |
| txstatus_desc | string | Human-readable transaction status. |
| data | object | API-specific response payload. |
| data.tid ⭐ | string | Eko's internal transaction ID. Use for reconciliation and support queries. |
| data.amount ⭐ | number | Withdrawal amount processed in the transaction (INR). |
| data.bank_name ⭐ | string | Name of the customer's bank where the debit occurred. |
| data.bank_ref_num ⭐ | string | Bank/NPCI reference number for the transaction. |
| data.balance | string | Remaining balance in the customer's bank account after withdrawal, if returned by the bank. |
| data.aadhaar_ref_num | string | Aadhaar authentication reference number from UIDAI. |
| data.service_type | number | Echo of the service_type from the request (2 for Cash Withdrawal). |
## Example request
```json
{
"initiator_id": "9962981729",
"user_code": "20810200",
"client_ref_id": "REQ-20260101-001",
"bank_code": "607153",
"amount": 1000,
"aadhaar": "BASE64_ENCRYPTED_AADHAAR",
"piddata": "...",
"pipe": 0,
"notify_customer": 1,
"latlong": "28.6139,77.2090",
"source_ip": "103.56.78.90",
"reference_id": "DAKYC20240101001"
}
```
## Example response
```json
{
"status": 0,
"response_status_id": 0,
"message": "Cash Withdrawal successful",
"tx_status": "0",
"txstatus_desc": "Success",
"data": {
"tid": "EKO20240101001234",
"tx_status": "0",
"txstatus_desc": "Success",
"amount": 1000,
"bank_name": "State Bank of India",
"bank_ref_num": "NPCI20240101ABCD",
"balance": "4500.00",
"aadhaar_ref_num": "UIDAI123456789",
"service_type": 2
}
}
```
## Error scenarios
| Status | Scenario |
| --- | --- |
| 200 | Biometric authentication failure |
| 200 | Insufficient balance in customer account |
| 200 | Daily 2FA reference_id missing or invalid |
| 200 | Transaction awaited / bank timeout |