Partners

Technology Partners

Onboard Businesses

Onboarding Sdk

Custom Onboarding SDK

Integrate with Custom Onboarding SDK to create client accounts using APIs and prefill KYC details.

To integrate with Custom Onboarding SDK:

  1. Generate Token

  2. Create accounts and upload KYC details using onboarding APIs

  3. Redirect users to Razorpay-hosted onboarding to add pending details

  4. Fetch access token associated with the merchant

  5. Access resources using access token

  6. Subscribe to onboarding webhooks to receive account activation updates

1. Generate Token

You require a bearer token to access onboarding APIs. Below is a sample code to generate a bearer token using Onboarding SDK.

The access_token is valid for 90 days. After your access token expires, you will receive a 4XX error response. Regenerate the access token using your credentials.

2. Create Account and Upload KYC Details

Use onboarding APIs to add KYC details of your clients. You can pre-fill all or a few KYC details using APIs and let the users fill in the remaining on the onboarding form.

Below are the APIs available to onboard clients.

3. Redirect Users to Onboarding

You need to share the Razorpay-hosted co-branded onboarding URL with your clients. Clients use this URL to continue the onboarding process.

  1. The user will be redirected to the co-branded onboarding form when they click the embedded onboarding button on your platform. The user has to enter any pending KYC details and verify the pre-filled information.
  2. After the necessary details are submitted, the user is prompted to authorise your platform to access data and create payments and refunds.
    Sample Authorisation Interface
  3. The client gives authorisation, which allows Razorpay to connect their client account to your Partner account.
  4. On successful authorisation, Razorpay redirects the user back to a URL configured by you in your application settings. While redirecting, Razorpay shares an authentication code. You need to use this Auth code in the token API request to generate an Auth token.

Generate Onboarding URL

Below is the sample code to generate the onboarding URL.

Sample Onboarding URL

Query Parameters

Define the following query parameters in the URL.

client_id

mandatory

string The unique client identifier.

response_type

mandatory

string Specifies that the application is requesting an authorisation code grant. Possible value is code.

redirect_uri

mandatory

string Callback URL used by Curlec to redirect after the user approves or denies the authorisation request. The client should whitelist the redirect_uri.

scope

mandatory

string Defines what access your application is requesting from the user. You can request multiple scopes by separating with a space. Possible values:

  • read_only: Provides read access to all resources. All GET API requests.
  • read_write: Provides read and write access to all resources on the API.

state

mandatory

string A random string generated by your service. This parameter helps prevent cross-site request forgery (CSRF) attacks. State validation has to be implemented by your application and should work as described below:

  1. Your application should generate a unique random string and save it in the database.
  2. Send the random string to Curlec in the authorisation request in the state parameter.
  3. Curlec sends back the same state value as query params on your redirect URI.
  4. In your backend, you validate that the state value stored in your database matches the one you received for the client_id and the user that initiated the authorisation.

onboarding_signature

conditionally mandatory

string This parameter is applicable only for accounts created using KYC pre-fill. Know more about

onboarding signature

.

Success Response Parameters

We send the following query parameters if the user approves the authorisation request:

code

URL-encoded authorisation code. You can exchange this code for an access token in the next step.

state

The value of the state parameter sent in the authorisation request.

Error Response Parameters

Refer to our

errors

page for the complete list of errors and solutions.

Onboarding Signature

onboarding_signature is a mandatory parameter if you are pre-filling KYC details. The onboarding signature is used to verify the identity of the partner initiating the onboarding URL.

Use the below sample code to generate an onboarding_signature.

Authorisation Response

After completion, the browser is redirected to URI specified in the redirect_uri parameter.

4. Fetch Access Token

You require an access token to create payments and refunds on behalf of your clients using APIs. Exchange the authorisation code received in the previous step for an access token.

Handy Tips

The authorisation code is URL-encoded. Decode it before sending in this request.

Given below is a sample request to be made from the application's backend server.

Request Parameters

client_id

mandatory

string Unique client identifier.

client_secret

mandatory

string Client secret string.

grant_type

mandatory

string Defines the grant type for the request. Possible value is authorization_code.

redirect_uri

mandatory

string Specifies the same redirect_uri used in the authorisation request.

code

mandatory

string Decoded authorisation code received in the last step.

mode

optional

string The type of mode. Possible values:

  • test
  • live (default)

Handy Tips

Clients on production can only make requests for live mode.

Response Parameters

The server responds with the following parameters:

token_type

string Defines the type of access token. Possible value is Bearer.

expires_in

integer Integer representing the TTL of the access token in seconds.

access_token

string A private key used to access sub-merchant resources on Curlec. Used for server-to-server calls only.

public_token

string A public key is used only for public routes such as Checkout or Payments.

refresh_token

string Used to refresh the access token when it expires.

razorpay_account_id

string Identifies the sub-merchant ID who granted the authorisation.

Error Response Parameters

Refer to our

errors

page for the list of errors and solutions.

Store the access_token received above on your server. Using this token, you can access the sub-merchant's data, create payments and refunds using Curlec APIs.

Regenerate Access Token

The access_token is valid for 90 days. After your access token expires, you will receive a 4XX error response. Use a refresh token to generate a new access token. You can make a request using your refresh token to generate a new (access_token and refresh_token) pair.

Below is a sample API request to request a new token.

5. Access Resources Using Access Token

After you obtain an access token, you can use it to access the sub-merchant's data on Curlec APIs. The access is controlled based on the scope requested for and granted by the user during the authorisation process.

Provide the access token in the Bearer authorisation header while requesting

Curlec APIs
.

Given below is a sample code for the

Fetch all Payments API

.

After you obtain an access token, you can use it to access the sub-merchant's data on Razorpay APIs. The access is controlled based on the scope requested for and granted by the user during the authorisation process.

6. Subscribe to Onboarding Webhooks

Subscribe to webhook events to receive real time notifications on the onboarding status of your clients. Check the available

Partner Webhooks

.

With this, your integration is complete. Test the integration before going live.

Related Information

Was this page helpful?

partners
embedded payments
onboarding sdk
custom

ON THIS PAGE