• Each endpoint in the API specifies the HTTP Method used to perform required operation. If it is not explicitly specified, the default HTTP Method is POST.
• The session timeout of UPI API Server is set as 60 seconds.
• Version of the API that the endpoint conforms to should be specified in the URI.
• Signature is transmitted in HTTP header, and signature verification is required for message interactions.
• All actionable fields shall be provided as part of the request parameters (path, query or body). Sensitive data shall be encrypted and then transmitted in HTTP body.
• All request and response payloads in the message body shall be sent in the JSON (JavaScript Object Notation) data-interchange format defined in [RFC 7159] or JWE object format as defined in [RFC 7516].
In order to be copped with fast evolving of the products, the UPI API is designed to be backward compatible.
The following changes are considered backwards compatible.
• Adding a new API request/response.
• Adding a new optional request data element to an existing API.
• Adding a new indicator value. The value can be added either in the request or the response.
• Adding a new response parameter to the API response.
For the users' API Server to receiving request or response, it shall:
• Ignore any unknown or undefined data objects received as part of API responses from UPI API Server.
• Ignore any unknown or undefined data objects received as part of API requests from UPI API Server.
• Be compatible with new optional parameters