By continuing your navigation on our website, you consent to the use of cookies to provide you with better services. To learn more, read our cookies policy.
x
Search
APIs
Solutions
Partner
Support
Sign in
Search
International
中国站
Open API >QR Code Payments >UPI QR Code Acceptance
UPI QR Code Acceptance
QR Code Payments Developer Acquirer Mobile Payment
UPI QR Code is a product of inter-bank switch for mobile payments. Through UPI system with API Interfaces, acquirers outside of mainland China will be able to support UPI QR Code payment for its merchants.
Sandbox Testing
API Introduction
API Introduction
What is it?

UPI QR Code product can be used by UPI QR Code merchants to support a low-cost, convenient and secure innovative payment solution by either displaying a static/dynamic QR Code (Merchant-Presented) or scanning consumer's payment QR Code (Consumer-Presented).

This set of API provides all the necessary functions, allowing acquirers to connect to UPI system with JSON message instead of traditional ISO 8385 message, and supporting UPI QR Code payments in both Merchant-Presented and Consumer-Presented mode.


Key Features

Open

The platform is open. QR Code can be displayed on merchant's app. The transaction can be completed with any APP that can support UPI's QR Code.

Security 

Security is a basic requirement for payments. UPI adopts Tokenization technology which supports risk control for whole transaction process, making sure of safety and preventing leakage of account information.

Interoperability

UPI's QR Code is of EMVCo standard and extendable for future use of compatibility of other international card schemes, which makes QR Code payment in and out of mainland China interoperable.

Integrity

UPI's QR Code payment sticks to 4-party mode which is almost the same with bank card transaction only except for the information interaction. UPI's QR Code payment has a whole integrated mechanism of business, risk control, techniques which makes user's capital secured.


When to Use it?

When UPI QR Code Acquirers want to connect to UPI system and support QR Code payment through JSON interface.

Who Use it?
Acquirer, Third-party payment company and Software developer.
Where to Use it?
This API is available globally except for mainland China
Things to Know

1. UPI highly suggest acquirers to support both Merchant-Presented and Consumer-Presented QR Code payments mode, in order to meet different requirements from merchants and cardholders (consumers);

2. In Merchant-Presented mode, acquirers shall support QR Code generation and verification of transaction message and validity of QR Code info. sent from UPI system.

3. In Consumer-Presented mode, acquirers shall support decoding and payment request submission to UPI system;

4. Transaction types supported shall include Purchase, Void, Refund, and Message Result Inquiry;

5. Acquirer shall support sending transaction result notification to merchants.

6.Acquirer will connect to UPI system which supports single-message transaction only through API.

7.For encoding specification of consumer-presented and merchant-presented code, please refer to 'Consumer-presented QR Code'and 'Merchant-presented QR Code' column.

8.For sample message of each interface, you will find them in each API's sample code column and a package of all sample message in the 'Documentation' column


Flow Chart
Flow Chart


Consumer-Presented.jpg

Merchant-presented.jpg
API Reference
API Reference
  • PURCHASE
  • VOID
  • REFUND
  • MSG_RESULT_INQUIRY
  • MPQRC_VERIFICATION
  • TRX_STATUS_NOTIFICATION
Interface description
This interface is used to realize the QRC purchase transaction for Consumer-Presented case.
Request Method
HTTP POST
Request Parameter
Field name Identifier Type Length Request Default value Note
Message Information msgInfo object M:Mandatory
Version Number versionNo ANS 5 M:Mandatory Valid Value: "1.0.0"
Message ID msgID AN 29 M:Mandatory It is used to match a response to its request. The value must uniquely identify any message that the Acquirer initiates on any day. The value in the response must match the value in the request.Components: “Q”+ Acquirer IIN+ Transmission Year (YYYY) + Transmission Date and Time (MMDDhhmmss) + System Trace Audit Number (6 numeric digits).Example:Q0001034420171230235959000000
Time Stamp timeStamp N 14 M:Mandatory The value in the response must match the value in the request.Example:20170714235959 Format: YYYYMMDDhhmmss
Message Type msgType ANS 1-50 M:Mandatory Valid Value: "PURCHASE".Example:PURCHASE
Acquirer IIN acquirerIIN AN 8 M:Mandatory The distinctive value associated to the Acquirer. Example:00010344
Transaction Information trxInfo object M:Mandatory
Card Information Capture Method captureMethod ANS 1-64 M:Mandatory Valid Values: "CONSUMER_PRESENTED_QRC",Reserved Values:"NFC" "STORED_CREDENTIALS" "MANUAL" "CONTACT" "MAGSTRIPE" "UNKNOWN"
Consumer presented QR Code Payload cpqrcPayload ANS 1-320 C:Conditional Present if it is a consumer-presented QRC transaction.It contains the raw payload data.
Primary Account Number pan AN 1-2048 M:Mandatory Encrypted with the public key of the Encryption Certificate. The "pan" can be the card number or a token representing the Cardholder account. Example:Encrypted value of "6211110000000000000"
Transaction Amount trxAmt ANS 1-13 M:Mandatory The value shall only include (numeric) digits "0" to "9" and may contain a single "." character as the decimal mark.When the amount includes decimals, the "." character shall be used to separate the decimals from the integer value, and the "." character may be present even if there are no decimals.The following are examples of valid Transaction Amounts: "98.73", "98" and "98.".
Transaction Currency trxCurrency N 3 M:Mandatory A 3-digit numeric value, as defined by [ISO 4217], that indicates the currency code of the transaction. The currency also applies to the "discount", "costAmount", and "trxFeeAmt" if they exist.Example:156
Transaction Fee Amount trxFeeAmt ANS 1-13 C:Conditional Present if the Tip or Convenience Fee exists.The tip or the convenience fee.Example:1.10
Coupon Information couponInfo ANS 1-30 O:Optional
Merchant ID merchantID AN 1-15 M:Mandatory The distinctive value associated to the Merchant. The value must uniquely identify any Merchant of the Acquirer.Example:ABCDE01
Merchant Category Code mcc N 4 M:Mandatory Convenience store is represented by "5411".
Merchant Country Code merchantCountry N 3 M:Mandatory 156
Merchant Name merchantName ANS 1-25 M:Mandatory "UnionPay International"
Merchant City merchantCity ANS 1-12 M:Mandatory The distinctive value associated to the terminal. Example:“abcde01”
Terminal ID terminalID ANS 1-8 M:Mandatory The distinctive value associated to the terminal.
Certificate and Signature certificateSignature object M:Mandatory
Acquirer Signature Certificate ID acquirerSignCertID AN 1-128 M:Mandatory The serial number of the certificate. The Acquirer uses the private key of this certificate for signature.
UAIS Encryption Certificate ID uaisEncCertID AN 1-128 C:Conditional The serial number of the certificate. The Acquirer system uses the public key of this certificate for encryption.
Signature signature ANS 1-2048 M:Mandatory Refer to the Signature for details.
Synchronous Response parameters
Filed name Identifier Type Length Request Default value Note
Message Information msgInfo object M:Mandatory
Version Number versionNo ANS 5 M:Mandatory Valid Value: "1.0.0"
Message ID msgID AN 29 M:Mandatory It is used to match a response to its request. The value must uniquely identify any message that the Acquirer initiates on any day. The value in the response must match the value in the request.Components: “Q”+ Acquirer IIN+ Transmission Year (YYYY) + Transmission Date and Time (MMDDhhmmss) + System Trace Audit Number (6 numeric digits).Example:"Q0001034420171230235959000000"
Time Stamp timeStamp N 14 M:Mandatory The value in the response must match the value in the request.Example:"20170714235959" Format: YYYYMMDDhhmmss
Message Type msgType ANS 1-50 M:Mandatory Valid Value: "PURCHASE".Example:“PURCHASE"
Acquirer IIN acquirerIIN AN 8 M:Mandatory The distinctive value associated to the Acquirer. Example:"00010344"
Transaction Information trxInfo object M:Mandatory
Primary Account Number pan AN 1-2048 M:Mandatory Encrypted with the public key of the Encryption Certificate. The "pan" can be the card number or a token representing the Cardholder account. Example:Encrypted value of "6211110000000000000"
Transaction Amount trxAmt ANS 1-13 M:Mandatory The value shall only include (numeric) digits "0" to "9" and may contain a single "." character as the decimal mark. When the amount includes decimals, the "." character shall be used to separate the decimals from the integer value, and the "." character may be present even if there are no decimals. The following are examples of valid Transaction Amounts: "98.73", "98" and "98.". The following are NOT valid Transaction Amounts: "98,73" and "3 705".
Transaction Currency trxCurrency N 3 M:Mandatory A 3-digit numeric value, as defined by [ISO 4217], that indicates the currency code of the transaction. The currency also applies to the "discount", "costAmount", and "trxFeeAmt" if they exist.Example:"156"
Discount discount ANS 1-13 O:Optional The amount of discount. The value shall only include (numeric) digits "0" to "9" and may contain a single "." character as the decimal mark. When the amount includes decimals, the "." character shall be used to separate the decimals from the integer value, and the "." character may be present even if there are no decimals.Example:"1.10"
Cost Amount costAmount ANS 1-13 O:Optional The cost amount after the discount, indicating the amount the Cardholder actually pays for the transaction when a promotion is involved. The value shall only include (numeric) digits "0" to "9" and may contain a single "." character as the decimal mark. When the amount includes decimals, the "." character shall be used to separate the decimals from the integer value, and the "." character may be present even if there are no decimals.Example:“100.00” 
QRC Voucher Number qrcVoucherNo ANS 1-20 C:Conditional Example:"1234567890123456789"
Retrieval Reference Number retrievalReferenceNumber AN 12 C:Conditional Populated by UnionPay if the payment is approved.
Settlement Date settlementDate N 4 C:Conditional Example:"1230" Format: MMDD
Settlement Currency settlementCurrency N 3 C:Conditional A 3-digit numeric value, as defined by [ISO 4217], that indicates acquirer’s settlement currency. Example:“840”
Settlement Amount settlementAmt ANS 1-13 C:Conditional The value shall only include (numeric) digits "0" to "9" and may contain a single "." character as the decimal mark. When the amount includes decimals, the "." character shall be used to separate the decimals from the integer value, and the "." character may be present even if there are no decimals.Example:“15.17”
Settlement Conversion Rate settlementConvRate ANS 1-9 C:Conditional Example:"0.15000"
Cardholder Billing Currency cardholderBillingCurrency N 3 C:Conditional A 3-digit numeric value, as defined by [ISO 4217], that indicates the currency code of the card account. Example:“840”
Cardholder Billing Amount cardholderBillingAmt ANS 1-13 C:Conditional The value shall only include (numeric) digits "0" to "9" and may contain a single "." character as the decimal mark. When the amount includes decimals, the "." character shall be used to separate the decimals from the integer value, and the "." character may be present even if there are no decimals.Example:“15.17”
Cardholder Billing Conversion Rate cardholderBillingConvRate ANS 1-9 C:Conditional Example:"0.15000"
Conversion Date conversionDate N 4 C:Conditional Example:"1230" Format: MMDD
Message Response msgResponse object M:Mandatory
Response Code responseCode AN 2 M:Mandatory It contains a code that defines the response to a request. Refer to the Response Code and Message for the valid values.Example:"00"
Response Message responseMsg S 1-100 M:Mandatory It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed by the Merchant to notify the consumer of the payment outcome. Refer to the Response Code and Message for details.Example:"Approved"
Certificate and Signature certificateSignature object M:Mandatory
UAIS Signature Certificate ID uaisSignCertID AN 1-128 M:Mandatory The serial number of the certificate. The UAIS system uses the private key of this certificate for signature.
Acquirer Encryption Certificate ID acquirerEncCertID AN 1-128 C:Conditional The serial number of the certificate. The UAIS system uses the public key of this certificate for encryption.
Signature signature ANS 1-2048 M:Mandatory Refer to the Signature for details.
Sample code
Request code
Java Other 
public class UPIInterfaceRequest {	
    private static String URL = "https://uaistest.unionpayintl.com/uais";	
    private static String CONTENT_TYPE = "application/json"; 
    private static String USER_AGENT = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36";	
    public static void main(String[] args) {		
        //Assemble the transaction message.		
        TranData tranData = getKeyInquiryExchange();		
        //Data Encryption		
        String pan = tranData.getTrxInfo().get("pan");
        String encPan = encryptByPublicKey(pan.getBytes("UTF-8"),publicKey);
	tranData.getTrxInfo().put("pan", encPan);
	String jString = JSON.toJSONString(tranData);		
	//Obtain a signed message.		
	String signString = addSign(jString);		
	//Get the HTTP response		
	String resString = sendPost(URL, jString);		
	//signature verification		
	verifySign(resString,publicKey);		
	//Data Decryption		
	tranData = JSON.parseObject(resString,TranData.class);
	pan = decryptByPrivateKey(Base64Utils.decode(tranData.getTrxInfo().get("pan")), privateKey);
    }	
	
    //Send an HTTP request	
    public static String sendPost(String url, String bodyParams) {        try {
        HttpResponse<String> response = Unirest.post(url)
                    .header("User-Agent", USER_AGENT)
                    .header("Content-Type", CONTENT_TYPE)
                    .body(bodyParams)
                    .asString();           
            return response.getBody();
        } catch (UnirestException e) {
        	e.printStackTrace();
            System.out.println("HTTP Get Error:{}");
        }        return "";
    }	
	
    //Assemble the transaction message	
    public static TranData getKeyInquiryExchange() {
	TranData tranData = new TranData();
	MsgInfo msgInfo = new MsgInfo();
	HashMap<String, Object> trxInfo = new HashMap<String, Object>();
	HashMap<String, Object> certificateSignature = new HashMap<String, Object>();
	String msgType = "KEY_INQUIRY_EXCHANGE";
	String timeStamp = "20180131170300";
	String versionNo = "1.0.0";
	String acquireIIN = "47030344";
	String msgID = StringUtil.getMsgID(acquireIIN);
	String uaisSignCertID = "1111111111";
	String uaisEncCertID = "1111111111";
	msgInfo.setMsgID(msgID);
	msgInfo.setMsgType(msgType);
	msgInfo.setTimeStamp(timeStamp);
	msgInfo.setVersionNo(versionNo);
	msgInfo.setAcquirerIIN(acquireIIN);
	trxInfo.put("uaisSignCertID", uaisSignCertID);
	trxInfo.put("uaisEncCertID", uaisEncCertID);
	certificateSignature.put("acquirerSignCertID", "180328105101");
	certificateSignature.put("signature", "00000000");
	tranData.setMsgInfo(msgInfo);
	tranData.setTrxInfo(trxInfo);
	tranData.setCertificateSignature(certificateSignature);
	String str = JSON.toJSONString(tranData);		
	return tranData;
    }	
	
    /**
    * Signature verification
    * @param data
    * @param publicKey
    * @param sign
    * @return
    * @throws Exception
    */
    private static boolean verifyUais(byte[] data, String publicKey, String sign) throws Exception {
	MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
	messageDigest.update(data);		
	byte[] hashData = messageDigest.digest();		
	byte[] keyBytes = Base64Utils.decode(publicKey);
	X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
	KeyFactory keyFactory = KeyFactory.getInstance("RSA");
	PublicKey publicK = keyFactory.generatePublic(keySpec);
	Signature signature = Signature.getInstance("NONEWithRSA");
	signature.initVerify(publicK);
	signature.update(hashData);		
	return signature.verify(Base64Utils.decode(sign));
    }	
	
	
    /**
    * Encrypted with the public key
    * @param data
    * @param publicKey
    * @return
    * @throws Exception
    */
    private static String encryptByPublicKey(byte[] data, String publicKey) throws Exception {		
        byte[] keyBytes = Base64Utils.decode(publicKey);
        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
	KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
	Key publicK = keyFactory.generatePublic(x509KeySpec);
	Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
	cipher.init(Cipher.ENCRYPT_MODE, publicK);		
	int inputLen = data.length;
	ByteArrayOutputStream out = new ByteArrayOutputStream();	int offSet = 0;		
	byte[] cache;		
	int i = 0;		
	while (inputLen - offSet > 0) {			
	    if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
		cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
	    } else {
		cache = cipher.doFinal(data, offSet, inputLen - offSet);
	    }
	    out.write(cache, 0, cache.length);
	    i++;
	    offSet = i * MAX_ENCRYPT_BLOCK;
	}		
	byte[] encryptedData = out.toByteArray();
	out.close();		
	return Base64Utils.encode(encryptedData);
	}
	
    	
    /**
    * Decrypted only with the private key
    * @param encryptedData
    * @param privateKey
    * @return
    * @throws Exception
    */
    private static String decryptByPrivateKey(byte[] encryptedData, String privateKey) throws Exception {		
        byte[] keyBytes = Base64Utils.decode(privateKey);
	PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
	KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
	Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
	Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
	cipher.init(Cipher.DECRYPT_MODE, privateK);		
	int inputLen = encryptedData.length;
	ByteArrayOutputStream out = new ByteArrayOutputStream();	int offSet = 0;		
	byte[] cache;		
	int i = 0;		
	while (inputLen - offSet > 0) {			
	    if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
		cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
	    } else {
		cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet);
	    }
	    out.write(cache, 0, cache.length);
	    i++;
	    offSet = i * MAX_DECRYPT_BLOCK;
	}		
	byte[] decryptedData = out.toByteArray();
	out.close();	
	return Base64Utils.encode(decryptedData);
    }
}
Response code
Other

 
   "msgInfo": 
      "acquirerIIN":"27200704",
      "msgID":"Q2720070420180418210404552567",
      "msgType":"PURCHASE",
      "timeStamp":"20180409181042",
      "versionNo":"1.0.0"
   },
   "trxInfo": 
      "msgHead":"303130202020202020202020696E636F6D32202020203137322E31392E3138342E33362020B1F0D8D8620100002020202020202020202020202020202020202020202020202020202020202020202020",
      "trxCurrency":"840",
      "qrcVoucherNo":"18041821070392008014",
      "retrievalReferenceNumber":"041821070496",
      "settlementDate":"0418",
      "pan":"JPN33h9+DoKQ4zz7KjCkf2ha9MD6FuAGq1HCZokCQzn+oO+ZBfkOEevTL6g/bsmXJmsk/xKd8fMrj63qhDWT60uF51Bf9mBj1G7bWTkIbiWi47B40lolZd3CnlGJY4aAHEKr2TO//zEaT+p5NxMxCdK7dJ+unYE0HiB08LxJ7irb6OuDL9PWh71a+53Zu+sg2cQ2tamZhRo9OWAHu6VOZ9P++wrcRLEYDVHtsu9sDLc+gsIjjrqzvh5vOuewBRvGWrdkr3xH/o4ZauSFWScaPu9+lqnLzbD/byCb5mdRAOQFoKD+m+3CYuaZRbV+eVknGUlxhb1/A2Jr0bzrL32Rkg==",
      "trxAmt":"10.00"
   },
   "msgResponse": 
      "responseCode":"00",
      "responseMsg":"Approved"
   },
   "certificateSignature": 
      "signature":"jZGdSlGdneeRAJlHFXcYc4q6CctVgn7GaRxe1zEdxoB2NKFm5jnLCRP8mvtNUTOuD8OO4IQ3TkNasWpe2dcBTr24t8mBojksz3mUEYEC00hiv7xfDyCWFV6mWeXl99r2uGx5LjykmcvoCDwkvZXz14ol3K8MeDl9lw7fnXobHMaenTLfBFPh+n1gPnP/27vo75NQa5d0eDPfcd3iqMs9y3hzQ2ltDPjCbXEs1zpV06kXQxg5DJPKxOHyL3zVUfVEPUNqQuc6n78U4ga4M8hvARRXFkDqjoxFucZanb/1nMcBuPZQVI+/Ic8Wk/dBzuJy3DjG8QkqVjnPfbcHzqRkSg==",
      "uaisSignCertID":"180328105101",
      "acquirerEncCertID":"180328105101"
   }
}

Response Code Reference
Response Code Reference
Response code Description
00 Approved
01 Please refer to the card issuer
03 Invalid merchant
04 Pending. Transaction result is unknown. Please check later.
05 Cardholder verification fails.
12 Invalid transaction
13 Invalid amount
14 Invalid card number
15 No such issuer
20 Duplicated QRC transaction and expired QRC
21 Card status error
25 Unable to locate the original transaction
30 Message format error
34 Fraud card
40 The transaction is not supported by the issuer. Cross-border QRC transaction is not applicable for the card
41 Lost card
43 Stolen card
51 Insufficient balance
54 Expired card.
55 User input invalid PIN or didn’t input PIN
57 Transaction not permitted to cardholder or QRC transaction is not applicable for the card
61 The transaction amount exceeds issuer’s limit on crossborder QRC transaction limit
62 Restricted transaction
90 The system is in cut-off.
91 Issuer system error
92 Network error
94 Duplicated transaction
96 UnionPay system error
98 Timeout
A0 Signature verification fails.
Sequence Chart
Sequence Chart

A.Purchase (Merchant-Presented)

 purchase (merchant-presented)-新.png


1.Merchant requests an EMV QR Code from the Acquirer.  

2.The Acquirer generates the EMV QR Code and returns to the merchant. 

Note: the QR code requested by merchants can be either a long-term static QR code or a one-time dynamic QR code. 

3.Cardholder scans the QR Code showed by the merchant via their App, which then parses the QR Code to obtain the relevant information of merchant (including elements such as the merchant ID, merchant name, merchant type, merchant location, transaction amount, transaction currency and country code) and initiates a payment request to the UnionPay system. 

Note: For a static QR Code payment, if the transaction amount is not included in the QR Code then the cardholder will need to type the payment amount into the App and confirm to pay. For a dynamic QR Code payment, the card holder will not need to type the payment amount into the App but they will need to confirm the payment (need to type in their CDCVM or PIN into the App).

4.UnionPay System initates the transacation verification to the Accquirer . 

Note: QRC voucher number refers to a string of numbers as the transaction voucher number that is generated by UnionPay system. It can be obtained by the cardholder in the App transaction notification, and included in the transaction notification to merchant as well. The QRC voucher number is unique and is used for subsequent transaction processing.

5.The Acquirer checks the validity of merchant information. If merchant info. is NOT valid, the Acquiring system will return a payment response to UnionPay System and rejects the transaction. UnionPay System then sends a rejected payment result response to the App Gateway, and the App Gateway sends the rejection result notification to the App. 

6.The Acquirer checks the validity of the merchant information. If merchant info. IS valid, the Acquiring system will return a payment reponse to UnionPay System and confirm the transaction. 

7.UnionPay System transfers the payment request (including QRC voucher number) and sends to the Issuer for authorization and obtain the corresponding payment response. 

8.If the transaction is successful, UnionPay System returns a transaction result notification to Acquirer, and then the Acquirer sends the transaction result notification to the merchant. 

9.UnionPay System sends the transaction result notificaiton to the App Gateway, including the QRC voucher number. The App Gateway sends the payment result response to the cardholder App, including the QRC voucher number. 

Notice:

1.If the UnionPay System system does not receive the response of transaction notification from Acquirer within 10s, it will reject the merchant-presented QRC purchase request from the App Gateway and send the transaction notification to the Acquirer with the rejected status.

2.If the UnionPay System does not receive the transaction notification response from the Acquirer within 10s, it will store and forward transaction notification request message.


B.Purchase (Consumer-Presented)

  purchase (consumer-presented)-新.png

1.Cardholder requests an EMV QR Code from UnionPay System and displays the QR Code with App. 

2.After scanning the QR Code, the merchant submits a payment request to Acquirer, and Acquirer initiates the payment request to UnionPay System.

3.UnionPay system will verify the transaction information including the QR Code; if the verification is approved, UnionPay system may, depending on the QR Code transaction requirement set by App, choose to trigger an additional processing request to cardholder, then App verifies the identity of cardholder and cardholder confirms to submit payment. 

4.If additional processing fails, UnionPay system will directly respond to Acquirer; if the previous step successds, UnionPay system will continue initiating an authorization request to the issuer;. 

5.After receiving the success response, UnionPay system returns a purchase response to the Acquirer (may choose to return the QRC payment voucher number  (F125) according to the situation of the acquirer); 

6.Meanwhile, UnionPay system sends a transaction notiofication to cardholder. 

7.The transaction is successfully completed and the merchant prints the transaction receipt according to the cardholder's request, signature will not be required. 

Notice:

1.When Acquirer does not receive the PURCHASE response message within 45 seconds, it can initiate a message result inquiry, using the Message ID of the PUECHASE massage to check if the payment is successful.

2.UnionPay System will return the PURCHASE transaction outcome (approved/rejected/pending) and settlement information to the Acquirer.


C.Cancellation 

 Cancellation-新.png


1.Merchant initiates a CANCELATION request to the Acquirer through using the QRC voucher number.

2.Under Merchant-Presented Mode, the Acquirer matches the transaction according to QRC voucher number and initiates an cancelation request to UnionPay System;

Under Consumer-Presented Mode, the Acquirer uses the Message ID of PURCHASE to void the consumer-presented QRC purchase.

3.UnionPay System sends the canelation request to the Issuer.

4.The Issuer sends the cancelation response to UnionPay System. 

5.UnionPay System sends the cancelation response to the Acquirer, and the Acquiring system returns the cancelation notification to the merchant.

6.UnionPay System sends the CANCELATION notification to the App through App Gateway. 


D.Refund 

 refund-新.png


1.Merchant initiates a REFUND notification to the Acquirer using the QRC voucher number.

2.The Acquirer matches the transaction with the QRC voucher number and submits a refund request to UnionPay System. 

3.UnionPay System immediately responds to the Acquirer with a refund response, and the Acquirer sends the refund notification to merchants.

4.UnionPay System sends a refund notification to the Issuer.

5.UnionPay System sends a refund notificaiton to the App Gateway, and the App gateway sends a refund notification to the App. 
Consumer-presented QR Code
Consumer-presented QR Code

The QR Code has the same structure as the EMVCo QRC does. 1 Application Template is shown below.

E_个人码-模板_1.png
Merchant-presented QR Code
Merchant-presented QR Code


Please refer to Merchant Presented QR Code Encoding Specification
Successful Case
Successful Case

2. 威富通-QR code acceptance.png
Steps to Launch
Steps to Launch

Step 1 - QR Code Self-Test

Developers shall check and test if the acquirer system can generate QR Code compliant with UPI Standard, or parse the UPI QR Code from Consumer App.


1) For Merchant-Presented QR Code Acquirer, developers shall test if the QR Code is generated following UPI Technical Specification, and can be scanned and processed by mobile wallet (Consumer App) supported UPI QR Code.

The testing Consumer App can be obtained from testing support team or QR Code Self-Test Platform"

 

2) For Consumer-Presented QR Code Acquirer, developers shall test if the acquirer system can recognize and decode the QR Code generated by mobile wallet (Consumer App) supported UPI QR Code.

The testing Consumer QR Code can be obtained from testing support team or QR Code Self-Test Platform."

    

Step 2 - Public Key Management

Developers need to exchange certificate of encryption & signature (Acquirer Encryption Certificate ID, Acquirer Encryption Public Key, Acquirer Signature Certificate ID and Acquirer Signature Public Key) before requesting payment transaction.

 

1) The first time exchange shall be operated manually between Developers and UPI Technology specialist considering security. 

Note: Developers could use Acquirer IIN 47030344 to test, which does not need signature and encryption process.


2) The Acquirer shall submit a KEY_INQUIRY_EXCHANGE request message to the UAIS system at least once per day.


3) If the UAIS returns the new UAIS Signature Certificate ID or new UAIS Encryption Certificate ID, the Acquirer shall add in its system the new UAIS Signature Certificate ID and new UAIS Signature Public Key, or the new UAIS Encryption Certificate ID and new UAIS Encryption Public Key and send the KEY_RESET_RESULT request to the UAIS.

 

Note:

1) During the Public Key Management process, the UAIS and Acquirer shall both use the old Signature Certificate ID and old Signature Public Key for “Signature” in the request and response messages of KEY_INQUIRY_EXCHANGE and KEY_RESET_RESULT. The new Signature Certificate ID and new Signature Public Key shall be enabled after the Public Key Management processing.


2) Once an encryption public key or a signature public key is updated successfully, both the UAIS and the Acquirer shall reserve the old key and the new key for at least 7 days in their systems. After 7 days, the systems can remove the old key only if the new key is successfully used for one message."

    

Step 3 - Online Test and Operation Process

Developers shall submit the testing application to UPI UTSS for online testing and proceed following standardized operation process.
FAQ and Documentation
FAQ and Documentation
FAQS:
  • Q :
    Are all currency supported?
    A :

    We support all currecny transaction, which can be configured under certain Acquirer. For testing acquirer given in sandbox testing, only '156' currency is supported. Please use 156 currency code to test, or you will recieve 'Message Format Error'

  • Q :
    Unauthorized Access Error
    A :

    Please check whether the 'acquirerIIN' is 47030344. This IIN does not require developers to encrypt and sign request message.Currently, other IIN is not supported.

  • Q :
    Time Requirements for transactions of 'Void' and 'Refund'
    A :

    'Void' supports trasactions happened in that day, and 'Refund' supports trasactions happened in one year.

Documents:
  • Contact Us
  • If you have any further questions, please register and submit order in your user center.
©Copyright 2002 - 2020. All rights reserved