POSTAePS Fingpay — Send OTP (eKYC)
Initiate AePS Fingpay eKYC by sending an OTP to the agent's registered Aadhaar-linked mobile number.
The first step in the one-time AePS Fingpay eKYC flow. Sends an OTP to the mobile number registered with the agent's Aadhaar. The eKYC flow — Send OTP → Verify OTP → Biometric Capture — must be completed once per agent before they can perform any AePS transactions. This step is a prerequisite; do not confuse it with the daily authentication (2FA) which is required on each calendar day.
Body parameters
| Field | Type | Required | Description |
|---|---|---|---|
initiator_id | string | required | Registered mobile number of the API user (see Platform Credentials).e.g. 9962981729 |
user_code | string | required | User code of the retailer/agent the service is run for.e.g. 20810200 |
client_ref_id | string | optional | Unique reference id per API call, generated by your system.e.g. REQ-20260101-001 |
aadhaar | string | required | RSA-encrypted, Base64-encoded Aadhaar number of the agent undergoing eKYC.e.g. BASE64_ENCRYPTED_AADHAAR |
initiator_idstringRequiredRegistered mobile number of the API user (see Platform Credentials).
example: 9962981729
user_codestringRequiredUser code of the retailer/agent the service is run for.
example: 20810200
client_ref_idstringoptionalUnique reference id per API call, generated by your system.
example: REQ-20260101-001
aadhaarstringRequiredRSA-encrypted, Base64-encoded Aadhaar number of the agent undergoing eKYC.
example: BASE64_ENCRYPTED_AADHAAR
Headers
| Field | Type | Required | Description |
|---|---|---|---|
developer_key | string | required | Static API key issued to your account after KYC. |
secret-key | string | required | Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))). |
secret-key-timestamp | string | required | Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time. |
content-type | string | required | application/jsone.g. application/json |
developer_keystringRequiredStatic API key issued to your account after KYC.
secret-keystringRequiredDynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))).
secret-key-timestampstringRequiredCurrent time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time.
content-typestringRequiredapplication/json
example: application/json
Responses
statusnumberPrimary success indicator (0 = success).
messagestringHuman-readable response / error message.
response_status_idnumberGranular status id; see the shared error-codes table.
response_type_idnumberA unique id for every possible response shape (success or error) — useful for client logic branching and analytics.
dataobjectAPI-specific response payload.
otp_ref_idstringReference ID for the OTP session. Must be passed to the Verify OTP API.
mobile_hintstringMasked mobile number to which the OTP was sent (e.g., ******7890), for UI display.