Frequently Asked Question

The signature was successfully verified using the demo project, but the response code E0 was still received.
2021-01-29 10:53:18

"In case UPI API Gateway declines the transaction, UPI API Gateway returns a response with the HTTP Status Code 401 (Unauthorized access), and the response body contains only a Message Response object as below:

{"MsgResponse": {"responseCode": "E0", "responseMsg": "Unauthorized access" }}

But the "Demo project of JWE/JWS" can verify the signature successfully."


The high probability is that there are some errors in the JWS Protected Header. It is recommended to check whether the JWS Protected Header complies with the specification. For example: UPI-TIMESTAMP format is unix timestamp +/-300 seconds.

"UPI- REQPATH" is the same as service URL suffix. For example, the service URL suffix of SaaS Card Issuing Service Platform for App Gateway Exchange rate inquiry is "/scis/switch/exchangerateinquiry".

Can I use base64 to encode the JWS ciphertext and JWE ciphertext.
2020-11-05 14:41:20

Must strictly follow the Security Requirements described in UPI Server-based API General Requirements.

The problem with Base64 is that it contains the characters +, /, and =, which have a reserved meaning in some filesystem names and URLs. So base64url solves this by replacing + with - and / with _. The trailing padding character = can be eliminated when not needed, but in a URL it would instead most likely be % URL encoded. Then the encoded data can be included in a URL without problems.

You should use Base64url to encode, otherwise we cannot successfully parse your request.

How to deal with HTTP Status Code 401?
2020-07-10 10:45:53

I successfully verified the signature locally by using a JWS-compliant library. But API Gateway still returned a response with the HTTP Status Code 401 (Unauthorized access).


If your payload has the characters included in the table below, you need to escape them using \ character. For example, the payload  {"trxInfo":{"prdNo": 1234}} needs to be escaped to {\"trxInfo\":{\"prdNo\": 1234}}.

1.Backspace is replaced with \b.

2.Form feed is replaced with \f.

3.Newline is replaced with \n.

4.Carriage return is replaced with \r.

5.Tab is replaced with \t.

6.Double quote is replaced with \"

7.Backslash is replaced with \\

What can i use to pass the UPI API Gateway's authentication?
2020-07-07 15:05:52

For Java Developers, we provided Jar file that can be used in signature, encryption, verification, and decryption. For developers using other programming languages, using a dependency library that supports our reference specification can help you get a pleasant development experience.

What if Tester's Public key and Private key in Sandbox Testing Parameter can't be used in the Demo project of JWE/JWS?
2020-07-07 15:01:01

Tester's Public key and Private key download from Unionpayintl Developer Platform are PKCS1 Key. Please convert PKCS1 key to pkcs8 format in order to import it from Demo project of JWE/JWS. Try using following command:

>  openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in PKCS1_filename -out PKCS8_filename

How to create library that complies with RFC 7797 JSON Web Signature (JWS) with Unencoded Payload Option specification?
2020-07-07 14:58:08

First create a RFC7515 signature string. The composition of the signature is shown below:

BASE64URL(UTF8(JWS Protected Header))+'.' +BASE64URL(JWS Payload)+'.' +BASE64URL(JWS Signature)

Please try to remove BASE64URL(JWS Payload), and then use BASE64URL(UTF8(JWS Protected Header)) + '..' +BASE64URL(JWS Signature) as your signature.

Couldn't find what you want?

Ask a Question
  • Contact Us
  • If you have any further questions, please register and submit order in your user center.