Step 1: Check if your JSON format is correct at https://jsonlint.com/. We will demonstrate the checksumming process through the Single Sign On API request.
Sample Payload
{
"grantToken": "GRT979a63f48f21b6f1db7ba93bb4a0fb2975d49afbc2cd107da0fac1dd57de7fb4"
}
Step 2: Encode above request to base64. You can check the correct encoding at
https://www.base64encode.org/
Example of the above encoding:
ewoJImdyYW50VG9rZW4iOiAiR1JUOTc5YTYzZjQ4ZjIxYjZmMWRiN2JhOTNiYjRhMGZiMjk3NWQ0OWFmYmMyY2QxMDdkYTBmYWMxZGQ1N2RlN2ZiNCIKfQ==
Step 3: Calculate X-VERIFY
SHA256(only base64 encoded str+ “/v3/service/access” + salt key) + ### + salt index
SHA256 OF (ewoJImdyYW50VG9rZW4iOiAiR1JUOTc5YTYzZjQ4ZjIxYjZmMWRiN2JhOTNiYjRhMGZiMjk3NWQ0OWFmYmMyY2QxMDdkYTBmYWMxZGQ1N2RlN2ZiNCIKfQ==/v3/service/auth/access+”SALTKEY”).
SALT KEY will be shared by the PhonePe team corresponding to your Merchant ID.
Example:
"keyIndex":1,"key":"6b451f58-d565-4890-836f-6fb1gjt84d97",
"keyIndex":2,"key":"487667h6e9-91d3-4dfa-930a-8d3813745441"
Use one of the keys to generate SHA256.
SHA256 OF
(ewoJImdyYW50VG9rZW4iOiAiR1JUOTc5YTYzZjQ4ZjIxYjZmMWRiN2JhOTNiYjRhMGZiMjk3NWQ0OWFmYmMyY2QxMDdkYTBmYWMxZGQ1N2RlN2ZiNCIKfQ==/v3/service/auth/access6b451f58-d565-4890-836f-6fb1gjt84d97)
Which will be:
5DE0E70CF2B78F3923CA108E583E6A80FABE910EFD1726570B3E5CB2040DF7D2
You can validate the value at https://passwordsgenerator.net/sha256-hash-generator/
Once SHA256 is calculated, you should calculate the X-VERIFY header value.
SHA256(only base64 encoded str+ “/v3/service/access” + salt key) + ### + salt index
X-VERIFY : 5DE0E70CF2B78F3923CA108E583E6A80FABE910EFD1726570B3E5CB2040DF7D2###1
Where 1 is keyIndex as shared above.
So the request should be:
curl -X POST \
https://mercury-uat.phonepe.com/v3/service/access \
-H 'content-type: application/json' \
-H 'x-verify: 5DE0E70CF2B78F3923CA108E583E6A80FABE910EFD1726570B3E5CB2040DF7D2###1' \
-d '{
"request": "ewoJImdyYW50VG9rZW4iOiAiR1JUOTc5YTYzZjQ4ZjIxYjZmMWRiN2JhOTNiYjRhMGZiMjk3NWQ0OWFmYmMyY2QxMDdkYTBmYWMxZGQ1N2RlN2ZiNCIKfQ=="
}'