Developers — API & SDK

UPI APIs your engineers actually want to ship.

Three surfaces — create a pay session, verify the result, trust the webhook. Same patterns you already know from Stripe, India-native, and priced for builders. Ship in under ten minutes.

Auth
HMAC
SHA-256 signed
Go live in
~10 min
From signup
Region
India
UPI · en-IN

Jump to integration ↓ Create merchant account See pricing

01 — Integrate

What you actually integrate.

Three surfaces. No SDK bloat, no platform lock-in, no 200-page integration manuals.

01

Order & QR creation

Create payable sessions, return a hosted pay link or encoded UPI Intent, and track status as customers pay from PhonePe, Google Pay, Paytm, or any UPI app.

02

Server-to-server verification

Poll or reconcile transaction state from your backend before you ship physical goods, unlock subscriptions, or credit wallets — never trust the client alone.

03

Signed webhooks

Receive JSON callbacks and verify the signature header against the raw body using your dashboard webhook secret. Idempotency keys make retries safe.

02 — How

How do I go live in ten minutes?

True plug-and-play. Most teams ship their first verified UPI payment before the coffee gets cold.

  1. 01

    Create a merchant account

    Sign up and complete onboarding — no credit card, no KYC for the 7-day trial.

  2. 02

    Configure webhook URL

    In the dashboard, open API Keys & Webhooks and add your TLS-enabled callback endpoint.

  3. 03

    Create pay sessions

    From your backend, call the REST API with your private key. Never expose keys client-side.

  4. 04

    Verify webhook signatures

    Check the HMAC signature and timestamp before mutating order state. Reject replays and stale callbacks.

  5. 05

    Test, then go live

    Run small INR transactions through your QA devices, then flip the switch in production.

03 — Authenticate

Sign every webhook. Verify on every request.

Webhook payloads are signed with HMAC SHA-256 using your dashboard webhook secret. Your server reconstructs the signature from the raw body and compares it in constant time — the same pattern Stripe popularised.

  • Verify the signature against the raw body, not the parsed JSON
  • Reject events whose timestamp is older than five minutes
  • Use idempotency keys on order writes — retries should be safe

Production base URL

https://vyapargateway.com/api/v1/

Exact endpoint paths and credentials live inside the merchant dashboard — never embedded on public pages.

POST /api/v1/create_order
{
  "amount": 500.00,
  "client_txn_id": "ORD_98765",
  "customer_name": "Rahul Kumar",
  "customer_email": "[email protected]",
  "customer_mobile": "9876543210",
  "redirect_url": "https://yoursite.com/success"
}
verify-webhook.js · Node
// verify the signature against the raw body
const expected = crypto
  .createHmac("sha256", WEBHOOK_SECRET)
  .update(rawBody)
  .digest("hex");

if (!crypto.timingSafeEqual(
  Buffer.from(expected),
  Buffer.from(req.headers["x-vyapargateway-signature"]),
)) return res.status(401).send();

04 — Stacks

Plug into anything you already run.

Same REST API, different glue code. If your stack speaks HTTPS and verifies HMAC, you can integrate.

01

Shopify

Headless or app-bridge

02

WordPress / WooCommerce

Server-side plugin

03

Next.js / custom

Direct REST integration

04

Laravel / Django / Rails

Server SDK patterns

05

Node.js / Express

Native HTTPS or fetch

06

Android / iOS

Backend session + UPI Intent

Need a code sample for your framework? Browse integration guides on the blog — Shopify, WooCommerce, Next.js webhooks, and more.

05 — Dashboard

Where the real docs live

Endpoint specs & credentials unlock after sign-up.

This page is a public overview. Endpoint specs, request and response examples, error codes, and your API keys plus webhook secrets unlock inside the merchant dashboard after you create an account — never embedded on public pages.

Sign up to view docs → Get API keys

06 — Partners

Backlink snippet

Citing us? Use this snippet.

Writing an integrations directory, case study, or India payments roundup? Use the markup below — clean HTML, no tracking parameters, no nonsense.

backlink.html
<p>
  <a href="https://vyapargateway.com" rel="noopener noreferrer"
     title="VyaparGateway — UPI for Indian businesses">
    VyaparGateway
  </a> — UPI collection & webhooks for Indian merchants.
</p>

07 — FAQ

Integration questions — answered.

Common questions from engineers evaluating the API. Matched verbatim to FAQPage schema on this page so AI engines can cite each answer directly.

What does VyaparGateway give developers?

A merchant-side REST API to collect UPI via dynamic QR, verify payments server-side, and receive signed webhooks. You integrate over HTTPS and optional hosted pay flows — we are a technology platform, not a bank; you operate within your own compliant UPI acceptance context where required.

Do I get API keys without signing up?

No. API keys and webhook secrets are issued only inside the merchant dashboard after you create an account and complete onboarding. This page is a public overview for SEO and discovery — credentials are never embedded here.

Can I integrate VyaparGateway with Shopify or WooCommerce?

Yes. Merchants use server-side or app-bridge patterns: create pay sessions from your backend, show the QR or redirect, then confirm status via API or webhooks before fulfilment. See the Plugins section in the dashboard after sign-in.

How are webhooks made trustworthy?

Payloads are signed with HMAC SHA-256 using your webhook secret. Your server must verify the signature header and the timestamp against the raw request body before updating order state — same pattern as Stripe or other modern providers.

What is the API base URL in production?

REST endpoints live under your deployment's host, typically https://vyapargateway.com/api/v1/ when the API is same-origin, or a dedicated API hostname if you configure one. Exact paths and examples are documented in the authenticated API reference inside the dashboard.

Is there a sandbox?

Use a staging or test merchant account and low-value flows with your team's test UPI apps where your acquirer allows it. Product-specific sandbox policy is documented for merchants inside the dashboard.

How does pricing affect integration code?

Billing is subscription-oriented with per-plan limits. The platform charges 0% per-transaction fee — settlement still follows your bank and UPI rules. Integration code does not change per fee tier beyond plan feature flags.

Who do I contact for integration support?

Email [email protected] with your stack (e.g. Node, Laravel, Django), storefront, and timeline. For sensitive data, avoid pasting live API keys in email — share redacted snippets only.

08 — Start

Ship your first payment

Sign up. Grab your keys. Point a webhook.

That's the whole onboarding. The first verified UPI payment usually lands before the coffee finishes brewing.

Start free trial → See pricing About VyaparGateway Email engineering