• Each endpoint in the API specifies the HTTP Method used to perform required operation. If it is not explicitly specified, the default HTTP Method is POST.
• The session timeout of UPI API Server is set as 60 seconds.
• Version of the API that the endpoint conforms to should be specified in the URI.
• Signature is transmitted in HTTP header, and signature verification is required for message interactions.
• All actionable fields shall be provided as part of the request parameters (path, query or body). Sensitive data shall be encrypted and then transmitted in HTTP body.
In order to be copped with fast evolving of the products, the UPI API is designed to be backward compatible.
The following changes are considered backwards compatible.
• Adding a new API request/response.
• Adding a new optional request data element to an existing API.
• Adding a new indicator value. The value can be added either in the request or the response.
• Adding a new response parameter to the API response.
For the users' API Server to receiving request or response, it shall:
• Ignore any unknown or undefined data objects received as part of API responses from UPI API Server.
• Ignore any unknown or undefined data objects received as part of API requests from UPI API Server.
• Be compatible with new optional parameters