API Overview

Recent Revisions to This Document

About This Guide

VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Overview of RuPay Payer Authentication
- Authentication Modes

Redirection Mode Payer Authentication
- Check Enrollment Service
  - Check Enrollment Request
  - pa-rupay-int-redir-enroll-overview-resp
  - REST Example: Enrollment Service
- Authenticating Cards Using Redirection
  - HTML Frame Requirements
  - HTTP Post Form
  - PARes Message from the RuPay Card-Issuing Bank
- Authorization Service
  - REST Example: Authorization
- Validating Authentication
  - Validation Service Request
  - Pass or Fail Message Page
  - REST Example: Validate Authentication Service

Seamless Flow Payer Authentication
- Possible Authentication Results
- One-Time Password Generation
  - Required Fields for Generating a One-Time Password in RuPay
  - REST Example: One-Time Password Generation
  - REST Example: One-Time Password Generation (with Token)
- One-Time Password Resend
  - Required Field for Resending a One-Time Password in RuPay
  - Response Field for Checking Enrollment in Payer Authentication
  - REST Example: One-Time Password Resend
  - REST Example: One-Time Password Resend (with Token)
- One-Time Password Validation
  - Required Fields for Validating a One-Time Password in RuPay
  - Response Fields for Payer Authentication Validation in RuPay
  - Example: One-Time Password Validation (No Token)

Standing Instructions
- Standing Instruction Registration
  - Required Fields for Standing Instruction Registration
  - Optional Fields for Standing Instruction Registration
  - REST Example: Registering a Standing Instruction
  - REST Example: Registering a Standing Instruction (with Token)
- Standing Instruction Modification
  - Required Fields for Standing Instruction Modification
  - Optional Fields for Standing Instruction Modification
  - REST Example: Modifying a Standing Instruction
  - REST Example: Modifying a Standing Instruction (with Token)
- Standing Instruction Deregistration (Cancellation)
  - Required Fields for Deregistering a Standing Instruction
  - REST Example: Deregistering a Standing Instruction
  - REST Example: Deregistering a Standing Instruction (with Token)
- Completion of Standing Instructions
  - Required Fields for Standing Instruction Completion
  - REST Example: Completing a Standing Instruction
- Standing Instructions Intimation
  - Required Fields
  - REST Example: Intimating a Standing Instruction
- One-Time Password Generation
  - Required Fields for Generating a One-Time Password in RuPay
  - Optional Fields for Generating a One-Time Password
  - REST Example: One-Time Password Generation
  - REST Example: One-Time Password Generation (with Token)
- One-Time Password Resend
  - REST Example: One-Time Password Resend
  - REST Example: One-Time Password Resend (with Token)
- One-Time Password Validation
  - Required Fields for Validating a One-Time Password in RuPay
  - Response Fields for Payer Authentication Validation in RuPay
  - Example: One-Time Password Validation (No Token)
- Standing Instruction Authorization
  - Required Fields for SI Authorizations
  - Optional Fields for Standing Instruction Authorization
  - REST Example: Authorizing a Standing Instruction
  - REST Example: Authorization of a Standing Instruction Transaction (with Token)

On This Page

Authentication Modes

RuPay authenticates the cardholder in two ways:

Redirection—This mode of payer authentication has the issuer hosting the password entry page. When a cardholder is being authenticated during a transaction, the issuer sends a one-time password to the cardholder's phone so that the cardholder can enter the password into a displayed entry form. If the entered password matches the password that was sent, the cardholder is authenticated and the transaction proceeds. In the Redirection mode, the password authentication is redirected away from the merchant to a URL that the issuer sends. The issuer hosts the password entry form at this URL. This redirection from the merchant to the issuer can cause lag time during the transaction processing due to network traffic.

Seamless Server to Server—This mode of payer authentication has the merchant hosting the password entry page. This is an improved method of authenticating with a one-time password. The process of password authenticating is much the same as the redirection but this method keeps the hosting of the password entry page with the merchant. The cardholder does not leave the merchant's web site during authentication. When the merchant hosts the password entry page, timeouts are reduced and transactions process faster.

The first section of this guide describes the Redirection Flow of payer authentication while the following section describes the Seamless Flow mode.

Back to top