Developer Docs
API Endpoints
Eko Platform ServicesGithubAsk GPT
These docs are for v1. Click to read the latest docs for v3.

Pay Bills API

post
https://staging.eko.in/ekoapi/v2/billpayments/paybill

Helps you pay your bills of any operator

Please make sure you've activated your service for BBPS on production before using the APIs.
To activate - Refer here

Header Parameter request_hash generation process below:

📘

First, the secret-key value which you have passed "d2fe1d99-6298-4af2-8cc5-d97dcf46df30"; is not a value of secret-key this is the key which is encoded to generate the secret-key and secret-key-timestamp.

Please generate the request hash properly. Please check the request hash generation code again. Before generating the request hash you need to generate a string which will be generated by concatenating some parameters in a particular manner only. You cannot change the sequence.

Sequence of concatenated string

secret_key_timestamp + utility_acc_no + amount + user_code

After generating the concatenated string please follow the following procedure :

  1. Encode your authenticator password using the base 64. Authenticator password will be the key which you have used for the secret-key generation. Authenticator password for the staging server is "d2fe1d99-6298-4af2-8cc5-d97dcf46df30"

// Initializing key in some variable. You will receive this key from Eko via email
$key = "d2fe1d99-6298-4af2-8cc5-d97dcf46df30";
$encodedKey = base64_encode($key);

  1. After encoding the key, you need to hmac the concatenated string and encoded_key using hmac256.
    $signature_req_hash = hash_hmac('SHA256', $data, $encodedKey, true);
    In the $data you need to send the concatenated string.

  2. After hmac , you need to again encode the result using the base64.
    $request_hash = base64_encode($signature_req_hash);

Final result after encoding will be the request_hash.
Please make sure that you are generating the request_hash in this manner only.

Code to generate the request hash -

<?php

const HMAC_SHA256 = 'sha256';

function activateEKyc()
{
	try {
    	$key = 'd2fe1d99-6298-4af2-8cc5-d97dcf46df30'; //use your authentication key
    	$encodedKey = base64_encode($key);
    	$timestamp = round(microtime(true) * 1000);
     	$secret_key_timestamp = (string) $timestamp;

    	$secret_key = base64_encode(hash_hmac(HMAC_SHA256, $secret_key_timestamp, $encodedKey, true));

    	$utility_acc_no = '151627591';
    	$amount = '50';
    	$user_code = '20810200';

    	$concatenatedString = $secret_key_timestamp . $utility_acc_no . $amount . $user_code;
    	$request_hash = base64_encode(hash_hmac(HMAC_SHA256, $concatenatedString, $encodedKey, true));

    	echo "secret-key: $secret_key\n";
    	echo "secret-key-timestamp: $secret_key_timestamp\n";
    	echo "request_hash: $request_hash\n";
	} catch (Exception $e) {
    	echo $e->getMessage();
	}
}

activateEKyc();
?>


import base64
import hashlib
import hmac
import time

HMAC_SHA256 = 'sha256'

def activate_ekyc():
    try:
        key = 'd2fe1d99-6298-4af2-8cc5-d97dcf46df30'
        encoded_key = base64.b64encode(key.encode()).decode()
        timestamp = round(time.time() * 1000)
        secret_key_timestamp = str(timestamp)

        secret_key = base64.b64encode(
            hmac.new(encoded_key.encode(), secret_key_timestamp.encode(), hashlib.sha256).digest()
        ).decode()

        utility_acc_no = '151627591'
        amount = '50'
        user_code = '20810200'

        concatenated_string = secret_key_timestamp + utility_acc_no + amount + user_code
        request_hash = base64.b64encode(
            hmac.new(encoded_key.encode(), concatenated_string.encode(), hashlib.sha256).digest()
        ).decode()

        print(f"secret-key: {secret_key}")
        print(f"secret-key-timestamp: {secret_key_timestamp}")
        print(f"request_hash: {request_hash}")

    except Exception as e:
        print(str(e))

activate_ekyc()


using System;

using System.Text;

using System.Security.Cryptography;


public class Program

{

    public static void Main(string[] args)

    {

        // Initialize variables

        string key = “d2fe1d99-6298-4af2-8cc5-d97dcf46df30”;

        string utility_acc_no = "12333";

        string amount = "244";

        string userCode = "111112";

        

        // Get current timestamp in milliseconds since UNIX epoch as STRING

        string unixTime = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString();

        

        // Encode key using base64

        string encodedKey = Convert.ToBase64String(Encoding.UTF8.GetBytes(key));

        

        // Compute secret key

        byte[] secretKeyBytes = ComputeHmacSHA256(encodedKey, unixTime);

        string secretKey = Convert.ToBase64String(secretKeyBytes);

        

        // Concatenate string for request hash

        string concatenatedString = unixTime + utility_acc_no + amount + userCode;

        

        // Compute request hash

        byte[] requestHashBytes = ComputeHmacSHA256(encodedKey, concatenatedString);

        string requestHash = Convert.ToBase64String(requestHashBytes);

        

        // Display results

        Console.WriteLine("secret-key: " + secretKey);

        Console.WriteLine("secret-key-timestamp: " + unixTime);

        Console.WriteLine("request_hash: " + requestHash);

    }


    private static byte[] ComputeHmacSHA256(string key, string message)

    {

        byte[] keyBytes = Encoding.UTF8.GetBytes(key);

        byte[] messageBytes = Encoding.UTF8.GetBytes(message);

        

        using (var hmac = new HMACSHA256(keyBytes))

        {

            return hmac.ComputeHash(messageBytes);

        }

    }

}





const key = "d2fe1d99-6298-4af2-8cc5-d97dcf46df30";

// Encode it using base64
const encodedKey = Buffer.from(key).toString('base64');

// Get current timestamp in milliseconds since UNIX epoch as STRING
const secret_key_timestamp = Date.now().toString(); // Convert timestamp to string

// Compute secret key
const crypto = require('crypto');
const secret_key = crypto.createHmac('sha256', encodedKey)
                       .update(secret_key_timestamp)
                       .digest('base64');

// Define other variables
const utility_acc_no = '151627591';
const amount = '50';
const user_code = '20810200';

// Concatenate string
const concatenatedString = secret_key_timestamp + utility_acc_no + amount + user_code;

// Compute request hash
const request_hash = crypto.createHmac('sha256', encodedKey)
                            .update(concatenatedString)
                            .digest('base64');

// Display
console.log("secret-key: " + secret_key);
console.log("secret-key-timestamp: " + secret_key_timestamp);
console.log("request_hash: " + request_hash);

🚧

For MSEB Operator:

postalcode parameter needs to be passed. The value of this parameter will be the pincode.

🚧

Precaution

Check parameters required to pass in the body from that get operators info API.
Parameters name should be exactly same as param_name asked in operator info API
Value passed for request body should adhere param_type and regex

📘

High Commission (Offline)

This will allow API partner to send fetch bill and pay bill transaction via new high commission channel parallel to existing instant channels. Note that it will only work for billers that has high_commission channel available to them. You can check that in fetch biller details API response. Note that high commission channel is parallel to that of regular instant channel. It will not affect transaction flow (including old request structure) from existing regular channel.
hc_channel is optional parameter; you can pass its value as 1 to choose high commissions channel for you transaction otherwise it will default channel as instant. Please note that high commission channel might take upto 6 hours to complete transaction on biller side.

Query Params
string
required

The unique cell number with which you are onboarded on Eko's platform. For UAT refer to [Platform Credentials] (https://developers.eko.in/docs/platform-credentials)

Form Data
string
required

Unique code of the retailer/ merchant after onboarding from Onboard user API

string
required

Unique transaction ID which you will generate from your end for every transaction. It should be more than 5 characters and less than 20 characters.

string
required

Account number provided by operator against which bill needs to be fetched / paid

string
required

Value of customer's mobile number

string
required

Valid Name of Customer

string
required

check the get operator API

string
required

IP of the user from whom the request is coming. We are asking this details in case any fraud happens so please make sure to pass the valid IP of the merchant's system.

string
required

latlong of the user from whom the request is coming. We are asking this details in case any fraud happens so please make sure to pass the valid location of the merchant's system.

string
required

Amount value of the bill/ recharge

string

Needs to be passed only when value of this parameter is 1 in Get operator list API. You will get the value of this parameter in [Fetch Bill API] (https://developers.eko.in/reference#fetch-bills-api)

string
Defaults to DD/MM/YYYY

This parameter has to be added only in the case of LIC online & Offline

Headers
string
required

application/json

string
required

Your unique API key that will authenticate your request. For UAT, refer to [Platform Credentials] (https://developers.eko.in/docs/platform-credentials)

string
required

Refer to [authentication section] (https://developers.eko.in/docs/authentication)

string
required

Refer to [authentication section] (https://developers.eko.in/docs/authentication)

string
required

Refer below for the request hash generation

Response

Updated over 1 year ago

What’s Next
Language
LoadingLoading…
Response
Choose an example:
application/json

Updated over 1 year ago

What’s Next