Cashfree Payments uses API keys to allow access to the API. Once you have signed up at our merchant site, you will be able to see your AppId and SecretKey.
Cashfree expects API key to be included in all API requests to the server. Use the endpoint /api/v1/credentials/verify to verify your credentials.
Bank, UPI, and IFSC Verification End Points
| Environment | Base URL |
|---|---|
| Production | https://payout-api.cashfree.com |
| Test | https://payout-gamma.cashfree.com |
PAN, VPI VPA using Phone Number, and Aadhaar Verification End Points
| Environment | URL |
|---|---|
| Production | https://api.cashfree.com/verification |
| Test | https://sandbox.cashfree.com/verification |
Test Data
View the test data and use this information to trigger the validations. The test data are usable only in the test environments such as gamma and sandbox, which are mentioned above.
Signature Verification
Cashfree Payments sends a signature alongside every webhook, verifying this signature ( passed along with the POST parameters ) is mandatory before processing any response. It helps authenticate that the webhook is from Cashfree Payments.
We strongly recommend whitelisting Cashfree Payments production IP to help make your communication with us more secure.
Following are the steps to verify Cashfree Payments signature:
- Get all the POST parameters except βsignatureβ and assign it to an array as key-value pair.
- Sort the array based on keys.
- Concatenate all the values in this array and resultant is the post data (postData).
- postData needs to be encrypted using SHA-256 and then base64 encoded.
- Proceed further only if the signatures match. If not, discard the request.