

All the HTTP request and response headers shall contain the followings elements:
Unless explicitly noted, if a mandatory data element is missing in the HTTP Header, the receiving entity must return a Message Response with the HTTP Status Code 401 (Unauthorized access). A data element is considered missing if either the key/value pair is absent, or the data object key is present but the value is empty.
• All request and response payloads in the message body shall be sent in the JSON (JavaScript Object Notation) data-interchange format defined in [RFC 7159] or JWE object format as defined in [RFC 7516].
• All the messages, both requests and responses shall be UTF-8 encoded.
• The business-specific data objects are defined by each application.
The HTTP status codes are defined in [RFC 7231]. The following common HTTP status codes are defined:
• 200: OK, the request was successful; details are included in the response body
• 401: Unauthorized access
In case UPI API Gateway declines the transaction, UPI API Gateway returns a response with the HTTP Status Code 401 (Unauthorized access), and the response body contains only a Message Response object as below: