Developer Docs
API Endpoints
Eko.inGithubAsk GPT

Pay Bills API

post https://staging.eko.in/ekoapi/v2/billpayments/paybill

Helps you pay your bills of any operator

Please make sure you've activated your service for BBPS on production before using the APIs.
To activate - Refer here

Header Parameter request_hash generation process below:

📘

First, the secret-key value which you have passed "d2fe1d99-6298-4af2-8cc5-d97dcf46df30"; is not a value of secret-key this is the key which is encoded to generate the secret-key and secret-key-timestamp.

Please generate the request hash properly. Please check the request hash generation code again. Before generating the request hash you need to generate a string which will be generated by concatenating some parameters in a particular manner only. You cannot change the sequence.

Sequence of concatenated string

secret_key_timestamp + utility_acc_no + amount + user_code

After generating the concatenated string please follow the following procedure :

  1. Encode your authenticator password using the base 64. Authenticator password will be the key which you have used for the secret-key generation. Authenticator password for the staging server is "d2fe1d99-6298-4af2-8cc5-d97dcf46df30"

// Initializing key in some variable. You will receive this key from Eko via email
$key = "d2fe1d99-6298-4af2-8cc5-d97dcf46df30";
$encodedKey = base64_encode($key);

  1. After encoding the key, you need to hmac the concatenated string and encoded_key using hmac256.
    $signature_req_hash = hash_hmac('SHA256', $data, $encodedKey, true);
    In the $data you need to send the concatenated string.

  2. After hmac , you need to again encode the result using the base64.
    $request_hash = base64_encode($signature_req_hash);

Final result after encoding will be the request_hash.
Please make sure that you are generating the request_hash in this manner only.

Code to generate the request hash -

<?php

const HMAC_SHA256 = 'sha256';

function activateEKyc()
{
	try {
    	$key = 'd2fe1d99-6298-4af2-8cc5-d97dcf46df30'; //use your authentication key
    	$encodedKey = base64_encode($key);
    	$timestamp = round(microtime(true) * 1000);
     	$secret_key_timestamp = (string) $timestamp;

    	$secret_key = base64_encode(hash_hmac(HMAC_SHA256, $secret_key_timestamp, $encodedKey, true));

    	$utility_acc_no = '151627591';
    	$amount = '50';
    	$user_code = '20810200';

    	$concatenatedString = $secret_key_timestamp . $utility_acc_no . $amount . $user_code;
    	$request_hash = base64_encode(hash_hmac(HMAC_SHA256, $concatenatedString, $encodedKey, true));

    	echo "secret-key: $secret_key\n";
    	echo "secret-key-timestamp: $secret_key_timestamp\n";
    	echo "request_hash: $request_hash\n";
	} catch (Exception $e) {
    	echo $e->getMessage();
	}
}

activateEKyc();
?>


import base64
import hashlib
import hmac
import time

HMAC_SHA256 = 'sha256'

def activate_ekyc():
    try:
        key = 'd2fe1d99-6298-4af2-8cc5-d97dcf46df30'
        encoded_key = base64.b64encode(key.encode()).decode()
        timestamp = round(time.time() * 1000)
        secret_key_timestamp = str(timestamp)

        secret_key = base64.b64encode(
            hmac.new(encoded_key.encode(), secret_key_timestamp.encode(), hashlib.sha256).digest()
        ).decode()

        utility_acc_no = '151627591'
        amount = '50'
        user_code = '20810200'

        concatenated_string = secret_key_timestamp + utility_acc_no + amount + user_code
        request_hash = base64.b64encode(
            hmac.new(encoded_key.encode(), concatenated_string.encode(), hashlib.sha256).digest()
        ).decode()

        print(f"secret-key: {secret_key}")
        print(f"secret-key-timestamp: {secret_key_timestamp}")
        print(f"request_hash: {request_hash}")

    except Exception as e:
        print(str(e))

activate_ekyc()


using System;

using System.Text;

using System.Security.Cryptography;


public class Program

{

    public static void Main(string[] args)

    {

        // Initialize variables

        string key = “d2fe1d99-6298-4af2-8cc5-d97dcf46df30”;

        string utility_acc_no = "12333";

        string amount = "244";

        string userCode = "111112";

        

        // Get current timestamp in milliseconds since UNIX epoch as STRING

        string unixTime = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString();

        

        // Encode key using base64

        string encodedKey = Convert.ToBase64String(Encoding.UTF8.GetBytes(key));

        

        // Compute secret key

        byte[] secretKeyBytes = ComputeHmacSHA256(encodedKey, unixTime);

        string secretKey = Convert.ToBase64String(secretKeyBytes);

        

        // Concatenate string for request hash

        string concatenatedString = unixTime + utility_acc_no + amount + userCode;

        

        // Compute request hash

        byte[] requestHashBytes = ComputeHmacSHA256(encodedKey, concatenatedString);

        string requestHash = Convert.ToBase64String(requestHashBytes);

        

        // Display results

        Console.WriteLine("secret-key: " + secretKey);

        Console.WriteLine("secret-key-timestamp: " + unixTime);

        Console.WriteLine("request_hash: " + requestHash);

    }


    private static byte[] ComputeHmacSHA256(string key, string message)

    {

        byte[] keyBytes = Encoding.UTF8.GetBytes(key);

        byte[] messageBytes = Encoding.UTF8.GetBytes(message);

        

        using (var hmac = new HMACSHA256(keyBytes))

        {

            return hmac.ComputeHash(messageBytes);

        }

    }

}





const key = "d2fe1d99-6298-4af2-8cc5-d97dcf46df30";

// Encode it using base64
const encodedKey = Buffer.from(key).toString('base64');

// Get current timestamp in milliseconds since UNIX epoch as STRING
const secret_key_timestamp = Date.now().toString(); // Convert timestamp to string

// Compute secret key
const crypto = require('crypto');
const secret_key = crypto.createHmac('sha256', encodedKey)
                       .update(secret_key_timestamp)
                       .digest('base64');

// Define other variables
const utility_acc_no = '151627591';
const amount = '50';
const user_code = '20810200';

// Concatenate string
const concatenatedString = secret_key_timestamp + utility_acc_no + amount + user_code;

// Compute request hash
const request_hash = crypto.createHmac('sha256', encodedKey)
                            .update(concatenatedString)
                            .digest('base64');

// Display
console.log("secret-key: " + secret_key);
console.log("secret-key-timestamp: " + secret_key_timestamp);
console.log("request_hash: " + request_hash);

🚧

For MSEB Operator:

postalcode parameter needs to be passed. The value of this parameter will be the pincode.

🚧

Precaution

Check parameters required to pass in the body from that get operators info API.
Parameters name should be exactly same as param_name asked in operator info API
Value passed for request body should adhere param_type and regex

📘

High Commission (Offline)

This will allow API partner to send fetch bill and pay bill transaction via new high commission channel parallel to existing instant channels. Note that it will only work for billers that has high_commission channel available to them. You can check that in fetch biller details API response. Note that high commission channel is parallel to that of regular instant channel. It will not affect transaction flow (including old request structure) from existing regular channel.
hc_channel is optional parameter; you can pass its value as 1 to choose high commissions channel for you transaction otherwise it will default channel as instant. Please note that high commission channel might take upto 6 hours to complete transaction on biller side.

Language