NACH E-Mandate API Variant


What is API?

An application-programming interface (API) is a set of programming instructions and standards for accessing a Web-based software application or Web tool that allows two applications to talk each other.

What is OnMAGS?

How banks/ corporates can interact with OnMAGS?

Necessary ports needs to be opened between Merchant servers, NPCI server & Merchant banks webpage. Also required certificates needs to be installed at NPCI, Merchant site & Bank site servers. Bank can refer the E-mandate authorization specification document for more details.

How mandates initiated using API?

Corporate will develop an API in their portal or with the help of integrator which will have the facility of capturing all the mandate related information. Further merchant site re-direct the customer to bank page using NPCI interface for selection of authentication mode and for authenticating the mandate using either internet banking credentials or debit card credentials.

What are the types of authentication modes?

Below are the two types of authentication modes

  1. Internet banking and
  2. Debit card

What is role for customer in NPCI API interface?

Customer has to verify whether all the mandate details he/she going to authenticate are correct.  Select the mode of authentication and authenticate the mandate duly providing his/her credentials.

How merchant / customer will find the list of live banks for each authentication mode?

NPCI interface will provide the list of the banks that are live on each authentication mode.

How will customer provide his credentials?

For “Internet banking” authentication, customer will be prompted to enter the login and password credentials. Whereas for “Debit card” authentication, Debit card number and OTP details will be requested.  Banks may introduce additional checks and balances as well, as per their internal policies.

Is it mandatory to mention the utility code in the mandate?

Yes. The mandate cannot be initiated without a utility code in the MMS system. The utility code helps to identify the corporate in whose favour the mandate is issued.

Who will issue the utility code?

Utility codes are issued by NPCI at the request of the corporate routed through their bank.

What is the process for obtaining utility code from NPCI?

Corporate creation form should be submitted by the corporate. The request should be routed through the sponsor bank with their due authentication. NPCI after scrutinizing the documents, if found ok, will issue a utility code to the corporate.

What is the cap on the mandate amount?

The cap on the mandate amount currently is Rs.1.00 lakhs.

What validations should be built in API?

The APIs should be built in such a way that the key fields entered by the customer are validated against the mandatory data validation provided in the business specification document. If any data value is not in line with the specifications then the system should not allow submission of such mandate.

What if any data provided by the corporate is not as per NPCI specifications?

The mandate will be rejected at NPCI interface. Please refer API E-mandate authentication specification document shared by NPCI.

What is the encryption methodology used in API E-mandate?

Below methodology is used for encryption of secure information

  • Encryption Methodology – Asymmetric
  • Hashing Algorithm – SHA256
  • Cryptography – RSA 2048 bits

Should the customer bank register the mandate in CBS?

Yes. After necessary business validations (as per bank policy) followed by customer authentication, all mandates to be recorded by the bank for future reference. Destination bank raises API mandate for all customer accepted mandates in NACH system, to which inward should be sent to sponsor bank. Upon sponsor bank acceptance, destination bank registers the mandate in CBS.

Is there any change in the file format?

Only change is sequence field in the file name to contain “API” followed by sequence number. There is no change in the file format.  You may refer to API technical specification document. 

What is the TAT for the destination bank and acceptance by the sponsor bank?

Destination bank to present the mandates on same day in NACH system. Sponsor bank to process and respond within the TAT of 2 days.

What is the identifier for a mandate initiated based on net banking/API by the actual customer?

Yes. The UMR number which is 20 digits will have the 5th digit as “7”, when initiated through API.

How will the customer come to know whether the mandate is accepted by the sponsor bank?

After successful authentication of the mandate the bank will page will confirm success or failure of the mandate. The message should be displayed by the corporate to the customer. Additionally SMS may be sent by the corporate/customer bank to the customer intimating the successful registration of the mandate.

What if the mandate is returned by the sponsor bank?

If the mandate is rejected by the sponsor bank then the destination bank should remove the mandate registration from CBS. Destination/customer bank should send SMS to the customer when the mandate is returned by the sponsor bank along with the reason for rejection.

How will the corporate get to know of the mandates have been authorized by the sponsor bank?

Sponsor bank should send daily report to the corporate with the details of the mandates successfully accepted in the system.

When can the corporate initiate the debit transaction to the customer’s account?

Debit transaction, to the customer’s account, cane be initiated only after mandate is accepted by the sponsor bank and UMRN is active in MMS system.

Who can amend / cancel the mandate?

Amendment/Cancellation can be done only by the sponsor bank.

How to initiate an amendment to an already registered mandate?

Customer can approach either the corporate or his banker for amending a mandate. The bank should follow the amendment procedure detailed in the business specification document.

When will the amendment comes in to effect?

It will be effective after the acceptance of the receiver bank.

What is the procedure for cancellation of a mandate?

Customer should approach the corporate for cancellation of a mandate. Based on the request, corporate will intimate the sponsor bank for initiating the request. The bank should follow the cancellation procedure detailed in the business specification document.

What is the period for which the mandate record should be maintained?

As per RBI guidelines the records should be retained for a period of 10 years. Record maintenance is governed by RBI, therefore if the stipulated period changes the member banks should follow the guidelines issued by RBI from time to time.