An application-programming interface (API) is a set of programming instructions and standards for accessing a Web-based software application or Web tool that allows two applications to talk each other.
Necessary ports needs to be opened between Merchant servers, NPCI server & Merchant banks webpage. Also required certificates needs to be installed at NPCI, Merchant site & Bank site servers. Bank can refer the E-mandate authorization specification document for more details.
Corporate will develop an API in their portal or with the help of integrator which will have the facility of capturing all the mandate related information. Further merchant site re-direct the customer to bank page using NPCI interface for selection of authentication mode and for authenticating the mandate using either internet banking credentials or debit card credentials.
Below are the two types of authentication modes
Customer has to verify whether all the mandate details he/she going to authenticate are correct. Select the mode of authentication and authenticate the mandate duly providing his/her credentials.
NPCI interface will provide the list of the banks that are live on each authentication mode.
For “Internet banking” authentication, customer will be prompted to enter the login and password credentials. Whereas for “Debit card” authentication, Debit card number and OTP details will be requested. Banks may introduce additional checks and balances as well, as per their internal policies.
Yes. The mandate cannot be initiated without a utility code in the MMS system. The utility code helps to identify the corporate in whose favour the mandate is issued.
Utility codes are issued by NPCI at the request of the corporate routed through their bank.
Corporate creation form should be submitted by the corporate. The request should be routed through the sponsor bank with their due authentication. NPCI after scrutinizing the documents, if found ok, will issue a utility code to the corporate.
The cap on the mandate amount currently is Rs.1.00 lakhs.
The APIs should be built in such a way that the key fields entered by the customer are validated against the mandatory data validation provided in the business specification document. If any data value is not in line with the specifications then the system should not allow submission of such mandate.
The mandate will be rejected at NPCI interface. Please refer API E-mandate authentication specification document shared by NPCI.
Below methodology is used for encryption of secure information
Encryption Methodology – Asymmetric Hashing Algorithm – SHA256 Cryptography – RSA 2048 bits
Yes. After necessary business validations (as per bank policy) followed by customer authentication, all mandates to be recorded by the bank for future reference. Destination bank raises API mandate for all customer accepted mandates in NACH system, to which inward should be sent to sponsor bank. Upon sponsor bank acceptance, destination bank registers the mandate in CBS.
Only change is sequence field in the file name to contain “API” followed by sequence number. There is no change in the file format. You may refer to API technical specification document.
Destination bank to present the mandates on same day in NACH system. Sponsor bank to process and respond within the TAT of 2 days.
Yes. The UMR number which is 20 digits will have the 5th digit as “7”, when initiated through API.
After successful authentication of the mandate the bank will page will confirm success or failure of the mandate. The message should be displayed by the corporate to the customer. Additionally SMS may be sent by the corporate/customer bank to the customer intimating the successful registration of the mandate.
If the mandate is rejected by the sponsor bank then the destination bank should remove the mandate registration from CBS. Destination/customer bank should send SMS to the customer when the mandate is returned by the sponsor bank along with the reason for rejection.
Sponsor bank should send daily report to the corporate with the details of the mandates successfully accepted in the system.
Debit transaction, to the customer’s account, cane be initiated only after mandate is accepted by the sponsor bank and UMRN is active in MMS system.
Amendment/Cancellation can be done only by the sponsor bank.
Customer can approach either the corporate or his banker for amending a mandate. The bank should follow the amendment procedure detailed in the business specification document.
It will be effective after the acceptance of the receiver bank.
Customer should approach the corporate for cancellation of a mandate. Based on the request, corporate will intimate the sponsor bank for initiating the request. The bank should follow the cancellation procedure detailed in the business specification document.
As per RBI guidelines the records should be retained for a period of 10 years. Record maintenance is governed by RBI, therefore if the stipulated period changes the member banks should follow the guidelines issued by RBI from time to time.