View end points

Cashfree Payments uses API keys to allow access to the API. Once you have signed up at our merchant site, you will be able to see your AppId and SecretKey. Cashfree expects API key to be included in all API requests to the server. Use the endpoint /api/v1/credentials/verify to verify your credentials.
EnvironmentURL
Productionhttps://api.cashfree.com/verification
Testhttps://sandbox.cashfree.com/verification

Generate API keys

Follow the instructions below to generate API keys:
  1. Log in to your Secure ID dashboard and click Developers on the navigation panel.
  2. Click API Keys.
  3. Click Generate API Keys from the API Keys screen.

    Generate API Keys

  4. The New API Keys popup displays with the client ID and client secret information.
  5. Click Download API Keys to download the information and save them in your local system folder. Do not share the keys with anyone because they are confidential. You can generate a maximum of 10 API keys.
API Keys - Production Environment: You need to perform an OTP authentication to generate API keys for production environment.

Whitelist your IP address

Whitelisting the IP address or generating a public key provides a layer of authentication. These cybersecurity techniques prevent anonymous or unknown disbursement requests and allow only verified requests. Your IP address needs to be whitelisted in the Cashfree Payments production server or it rejects all incoming requests. Follow the instructions below to whitelist your IP:
  1. Log in to your Secure ID dashboard and click Developers from the navigation pane > Two-Factor Authentication from the Secure ID card.
  2. Choose IP Whitelist from the Select 2FA Method drop-down.
  3. Click Add IP Address.
  4. Enter the IP address you want to whitelist in the respective field and click Add IP Address to save the details. Note that only IPv4 must be whitelisted, not IPv6. The whitelisted IPs appear in the dashboard.
You can whitelist up to 25 IP addresses. If you need to whitelist more than 25 IP addresses or if your IP addresses are dynamic (not static), use the Signature Generation method.
How to find my IP address?Depending on your operating system, you can retrieve the IP of the system via multiple methods. You can also find your IP using helper sites such as https://whatismyipaddress.com/.

2FA API signature generation

To generate a signature, you need to generate the public key. You then use the generated public key to generate the signature.

Generate public key

  1. Log in to your Secure ID dashboard and click Developers from the navigation pane > Two-Factor Authentication from the Secure ID card.
  2. Select Public Key from the Select 2FA Method drop-down.
  3. Click Generate Public Key. You can have only one active public key at a time, and you can download it only once.
  4. The public key is downloaded to your computer. The public key file is password protected you need to use the unique password sent to your registered email address (linked to your Cashfree account) to open it.

Generate signature

Follow the steps below to generate your signature:
  1. Retrieve your clientId (one which you are passing through the header X-Client-Id)
  2. Append this with CURRENT UNIX timestamp separated by a period (.)
  3. Encrypt this data using RSA encrypt with Public key you received – this is the signature.
  4. Pass this signature through the header X-Cf-Signature.
This method generates a signature that is valid for 5 minutes. Generate a new signature every 5 minutes.
In the case of using our library, go through the libraries section. During the initialization process, you need to pass the key as a parameter. 
<?php
public static function getSignature() {
    $clientId = "<your clientId here>";
    $publicKey =
openssl_pkey_get_public(file_get_contents("/path/to/certificate/public
_key.pem"));
    $encodedData = $clientId.".".strtotime("now");
    return static::encrypt_RSA($encodedData, $publicKey);
  }
private static function encrypt_RSA($plainData, $publicKey) { if (openssl_public_encrypt($plainData, $encrypted, $publicKey,
OPENSSL_PKCS1_OAEP_PADDING))
      $encryptedData = base64_encode($encrypted);
    else return NULL;
    return $encryptedData;
  }
?>

Configure success rate alerts

Configure email alerts for each KYC API to be notified when the success rate (SR) falls below a specified threshold for any endpoint. These alerts help you proactively monitor API performance and take timely action to maintain smooth verification workflows. To configure alerts for your Secure ID account:
  1. Log in to your Secure ID dashboard using your credentials.
  2. Select Settings from the top navigation menu.
  3. Select Email Notifications under the Secure ID section.
  4. Select the SR Alerts tab and enable the specific API endpoints you want to monitor.
  5. Select Email Notification from the Manage Notifications drop-down, and enter the email addresses to receive alerts.
  6. Select Next, review your configuration, and select Submit.

Contact us for any queries

For identifying, diagnosing, and resolving problems related to API requests, ensure the information below is communicated while contacting us:
  • Share the API request and response details along with referenceId or verificationId.
  • Mention the registered email ID and environment in the email.
  • Use your registered email address (with Cashfree Payments) to send the email or mention the registered email address.
  • Include your account manager in the CC of the email request.
For dashboard queries, share the screenshot and .har file of the screen.