FAQs | API Developer Portal

1. What are the key benefits of using this API for our agent onboarding?

Ans: Key benefits include:

Faster Onboarding
Reduced Manual Effort & Errors
Enhanced Compliance:Leverage iServeU's robust KYC and verification mechanisms (OTP, PAN verification, PID data processing) to ensure regulatory compliance.
Scalability
Seamless Integration

2. What types of agent data can be submitted via the API?

Ans: The API supports submission of comprehensive agent data, including personal details (name, mobile, email, PAN, Aadhaar number, PID data), address details (residential and shop address with pincodes), and geographical coordinates (latitude/longitude) of the agent's shop.

3. Does the API support various KYC methods for agent verification?

Ans: Yes, the API primarily supports OTP-based mobile no. verification. It's crucial to understand iServeU's specific requirements for PID data encryption for Aadhaar-based submissions.

4. Is data transmitted to and from the API encrypted?

Ans: Yes, iServeU ensures secure data transmission using AES-256 encryption for both the request and response bodies. Additionally, header_secrets and pass_key are used for authentication. It is critical for our client to implement the exact encryption and decryption logic provided by iServeU to ensure compatibility and security.

5. Can we test the API in a sandbox or UAT environment before going live?

Ans: Yes, iServeU provides access to a UAT (User Acceptance Testing) environment. Please contact your iServeU account manager or support team to get the necessary UAT API endpoints and credentials.

6. What is "PID data" and why is it mandatory?

Ans: PID data refers to the encrypted data related to Aadhaar verification. It's mandatory for Aadhaar-based authentication, which is a core part of iServeU's robust KYC and identity verification process to ensure compliance and prevent fraud.

7. What are the common reasons for agent onboarding API failures?

Ans: Common reasons for failure include:

Invalid Input:Incorrectly formatted data, missing mandatory fields, or data not adhering to specified validation rules (e.g., mobile number not 10 digits, invalid email format).
Authentication Failures:Incorrect header_secrets or pass_key.
OTP Verification Issues:Incorrect OTP, expired OTP if not validated in 90 sec, or OTP already validated.
Duplicate Data:Agent mobile number, PAN, or Aadhaar already registered in the system.
Aadhaar/Biometric Issues:Mismatched Aadhaar details, biometric data not matching, or Aadhaar details not updated as per UIDAI standards.
Internal Server Issues:Temporary issues on iServeU's end (e.g., database errors, microservices not responding).

8. Why is OTP verification required during merchant onboarding?

Ans: OTP verification ensures that the mobile number provided by the merchant is valid and accessible. It helps in authenticating the identity of the user and prevents fraudulent or duplicate registrations.

9. How does the OTP-Based Onboarding API support merchant onboarding?

Ans: The OTP-Based Onboarding API initiates the mobile verification process by sending a one-time password to the merchant’s registered mobile number. This step ensures that the number is active and belongs to the merchant applying for onboarding.

10. What happens if the merchant doesn’t receive the OTP?

Ans: If the OTP is not received within a specified time (e.g., 90 seconds), the merchant can use the resend OTP option. However, this feature includes a cooldown period to prevent misuse.

11. How many times can a merchant retry OTP verification?

Ans: The number of retry attempts is generally limited to prevent abuse. After a certain number of failed attempts, the process may need to be restarted or flagged for manual review.

12. What does the OTP Verify API do?

Ans: The OTP Verify API confirms the correctness of the OTP entered by the merchant. A successful verification allows the onboarding process to proceed to the next stage, such as biometric or document verification.

13. Is OTP verification enough for completing KYC?

Ans: No, OTP verification is one part of the complete KYC process. It validates the mobile number. Additional steps like biometric verification and Aadhaar validation are also required for full KYC completion.

14. Can the same mobile number be used for multiple merchant registrations?

Ans: No, duplicate checks are in place. If the same mobile number is already registered, the system will prevent further onboarding attempts using that number to maintain data integrity.

15. How is mobile OTP verification secured?

Ans: The OTP is time-bound and expires after a short duration (typically 90 seconds). Each OTP is unique and securely transmitted, ensuring that only the authorized person can use it for verification.

16. Suggest what to do in this case?
Case 1: user is able to successfully receive an OTP when sending it using valid credentials. However, upon attempting to verify the OTP, the response returns: "UIDVerificationFailed." Later, when the user tries to send the OTP again, the response shows: "Mobile number already registered."
Case 2: If user doing the registration process and stop the process in the middle and refresh the page. What should be the actual result
Case 3: User doing the process, generate OTP but doesn't verify the OTP and stop the process. What is the actual result?

Ans:
Case 1: In this case user OTP is already validated and UIDVerificationFailed response is coming from bank side, so user need to retry after 24 hours. Note: Try to pass correct PID data, it shows that user has tried with wrong PID data. May be reason that user has given different PID data and different Aadhaar Number.

Case 2: If user doing registration process and stop the process in the middle before sending OTP and refresh the page, then user will again request with all parameters and OTP will trigger to his mobile.

Case 3: User doing the process, generate OTP but doesn't verify the OTP and stop the process, then user need to resend OTP after 90 sec.