Support Documentation 4.4 Sandbox Testing Example
4.4 Sandbox Testing Example

Taking Pan Enrollment as example, the said API is a product of UPI QR Code APP Gateway and is one of a series of APIs to be called by cardholders for card binding in APP. Calling of the said API requires to send Pan Enrollment request message from APP Gateway to UPI system.

To apply for the sandbox testing of the said API, the user first need to login to the account on the platform and then click Sandbox Testing on the interface of UPI QR Code APP Gateway. After application is made successfully, the user can check the API product applied and the testing address of all the APIs on the interface of My Test. Testing address is where the request message constructed by the user during the sandbox testing process will be sent.

After obtaining the testing address, the user needs to build a test message. Message request method, request parameters, default parameters of sandbox testing and composition of response messages can be viewed in the introduction to this interface.

To sum up, API-related information can initially build the following messages:


Therein: the value of pan shall be encrypted, and the default value of signature is00000000 before signature.

The sandbox testing parameter of the said API product includes three certificates: (1) appGatewayPrivateKey.crt, a private key of gateway which will be used to countersign external request messages of gateway; (2) umpsEncCert.crt, a cryptographic public key of UPI system which will be used to encrypt pan; (3) umpsSignCert.crt, a countersigned public key of UPI system which will be used to verify the signature of the messages sent by UPI system;

To sum up, the default parameter of pan is 625094500000004 and the message upon encryption of umpsEncCert.crt is as follows:


Then, the message shall be countersigned via private key of gateway with the specific procedure as follows: the message shall get its hash value according to SHA256 algorithm; a digital signature result is obtained by encrypting the hash value via appGatewayPrivateKey.crt; the said result shall be inserted into the message as the value of signature and eventually get the following message:


Users can use message sending tools, such as Postman, to send messages with details as follows:


The response message of product obtainedeventually is as follows:


"trxInfo": {

"deviceID": "C3616AE813F97299DB450BA8BE60ABE9F164F71F1B0703E78764CD7601BAED87",

"enrolID": "92819",

"cvm": [



"tncID": "12",

"tncURL": "http://1.html"


"msgInfo": {

"versionNo": "1.0.0",

"msgType": "PAN_ENROLLMENT",

"msgID": "A00010344180423082537000003",

"timeStamp": "20180423082537",

"walletID": "00000001"


"msgResponse": {

"responseCode": "00",

"responseMsg": "Approved"


"certificateSignature": {

"umpsSignCertID": "59C4A65E",

"signature": "uSp8kiO6dplp3yRJERq69cElhCzkbCpkXpXhlhynzlI7dwmqbW2zJ0zEOlemBDRV9QUf9mu42R/MxX3UseKscUA65xrpcPJ5yXuLLFp+nA7lJYNxQ7lD9DOc28qzsZ4iyzBDx9o9moJLPk3HJ76kUZMDSZfqM18e7vNbAY4DW/E="



Therein: the signature of response message can refer to the aforesaid countersigning process and be verified via umpsSignCert.crt. No more detailed description is given herein.

The aforesaid contents specify an example for calling of API of APP Gateway. It is hereby illustrated for user’s reference.

  • Contact Us
  • If you have any further questions, please register and submit order in your user center.