e-KYC OTP Verification

This api is used for otp validation


You need to encrypt the aadhaar before passing it as a parameter.

Aadhaar Encryption -

  1. Decode public key using base64 encoding technique. (public key for UAT and production are different)
  2. Compute RSA encrypted signature using decoded key and message.
  3. Encode encrypted signature with base64 encoding to send message on API.

Public Key for Aadhaar Encryption - (UAT)


public static String calculateRSA( String salt ) throws InvalidKeyException, Exception {

Cipher encryptCipher = Cipher.getInstance("RSA");
encryptCipher.init(Cipher.ENCRYPT_MODE, getPublicKey());
byte[] secretMessageBytes = salt.getBytes("UTF-8");
byte[] encryptedMessageBytes = encryptCipher.doFinal(secretMessageBytes);
String encodedMessage = Base64.encodeBase64String(encryptedMessageBytes);
return encodedMessage;
public static PublicKey getPublicKey() throws Exception {
String rawPublicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXa63O/UXt5S0Vi8DM/PWF4yugx2OcTVbcFPLfXmLm9ClEVJcRuBr7UDHjJ6gZgG/qcVez5r6AfsYl2PtKmYP3mQdbR/BjVOjnrRooXxwyio6DFk4hTTM8fqQGWWNm6XN5XsPK5+qD5Ic/L0vGrS5nMWDwjRt59gzgNMNMpjheBQIDAQAB";
byte[] keyBytes = Base64.decodeBase64(rawPublicKey);
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePublic(spec);// generatePrivate(spec);

EKYC Steps -

  1. For service_code = 43, it is mandatory to use e-KYC OTP request, e-KYC OTP Verification and Biometric before AePS transaction.
    Please make sure you use these APIs consecutively.
  2. For service_code = 52, you just have to use e-KYC using Biometric only with ekyc_flag param = 1.
  3. The whole process of e-KYC is to be done for every merchant just once.
  4. For both of these services, Daily authentication i.e. 2FA is mandatory and to be done everyday.
  5. Merchant Authentication is required for before every transaction.

Response Error Codes

403ForbiddenRegenerate your secret key and
timestamp or check if your service is activated or not
500Internal Server ErrorCheck if your request url is correct or
the parameters you're passing is correct
according to the parameters mentioned above
415Unsupported Media TypeRe-check the content/type of the request body.