POSTAePS Fingpay — Daily Authentication (2FA)
Perform the mandatory daily biometric authentication that authorises an agent to carry out AePS transactions for the current calendar day.
AePS Fingpay requires every agent to authenticate themselves biometrically at the start of each working day. This daily 2FA must be completed before the first Cash Withdrawal transaction of the day (and is available only 3 or more days after the initial eKYC is completed). The API returns a reference_id that must be included in every subsequent Cash Withdrawal request as proof of daily authentication. Daily Auth does not need to be repeated for Balance Enquiry or Mini Statement within the same day.
Body parameters
| Field | Type | Required | Description |
|---|---|---|---|
initiator_id | string | required | Registered mobile number of the API user (see Platform Credentials).e.g. 9962981729 |
user_code | string | required | User code of the retailer/agent the service is run for.e.g. 20810200 |
client_ref_id | string | optional | Unique reference id per API call, generated by your system.e.g. REQ-20260101-001 |
aadhaar | string | required | RSA-encrypted, Base64-encoded Aadhaar number of the agent performing daily authentication.e.g. BASE64_ENCRYPTED_AADHAAR |
piddata | string | required | PID XML string from the UIDAI-certified biometric device (fType=2, Data type='X', mc in DeviceInfo). This represents the agent's own fingerprint, not the customer's.e.g. <?xml version='1.0'?><PidData><Data type='X'>...</Data><DeviceInfo mc='...' /></PidData> |
latlong | string | required | GPS coordinates of the agent's location at the time of daily authentication.e.g. 25.5941,85.1376 |
source_ip | string | required | IP address of the agent's terminal/system.e.g. 103.56.78.90 |
initiator_idstringRequiredRegistered mobile number of the API user (see Platform Credentials).
example: 9962981729
user_codestringRequiredUser code of the retailer/agent the service is run for.
example: 20810200
client_ref_idstringoptionalUnique reference id per API call, generated by your system.
example: REQ-20260101-001
aadhaarstringRequiredRSA-encrypted, Base64-encoded Aadhaar number of the agent performing daily authentication.
example: BASE64_ENCRYPTED_AADHAAR
piddatastringRequiredPID XML string from the UIDAI-certified biometric device (fType=2, Data type='X', mc in DeviceInfo). This represents the agent's own fingerprint, not the customer's.
example: <?xml version='1.0'?><PidData><Data type='X'>...</Data><DeviceInfo mc='...' /></PidData>
latlongstringRequiredGPS coordinates of the agent's location at the time of daily authentication.
example: 25.5941,85.1376
source_ipstringRequiredIP address of the agent's terminal/system.
example: 103.56.78.90
Headers
| Field | Type | Required | Description |
|---|---|---|---|
developer_key | string | required | Static API key issued to your account after KYC. |
secret-key | string | required | Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))). |
secret-key-timestamp | string | required | Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time. |
content-type | string | required | application/jsone.g. application/json |
developer_keystringRequiredStatic API key issued to your account after KYC.
secret-keystringRequiredDynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))).
secret-key-timestampstringRequiredCurrent time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time.
content-typestringRequiredapplication/json
example: application/json
Responses
statusnumberPrimary success indicator (0 = success).
messagestringHuman-readable response / error message.
response_status_idnumberGranular status id; see the shared error-codes table.
response_type_idnumberA unique id for every possible response shape (success or error) — useful for client logic branching and analytics.
dataobjectAPI-specific response payload.
reference_idstringDaily authentication reference ID. Pass this as the 'reference_id' parameter in every Cash Withdrawal request made during the current day. Valid for the current calendar day only.
auth_statusstringResult of the daily biometric authentication. 'success' means the agent is cleared to perform Cash Withdrawal transactions for the day.
valid_tillstringExpiry timestamp of this daily auth token (end of the current calendar day, IST).