Initialize Reverse Penny Drop Verification

Endpoint Overview

POST /api/v1/bank-verification/reverse-penny-drop/initialize

Description

The Reverse Penny Drop Initialize API initiates a bank account verification process where the user makes a minimal payment (typically ₹1) to a designated account. This method verifies the user's bank account ownership by confirming their ability to make a transaction from the account. The API generates payment links for various UPI apps, making it easy for users to complete the verification process across different payment platforms.

Key Benefits

Verifies bank account ownership without requiring sensitive bank details

Provides multi-platform UPI payment links for seamless user experience

Supports webhook notifications for automated verification status updates

Reduces fraud by confirming the user's ability to transact from the account

Use Cases

Financial Services

Payment Platforms

HR & Payroll

KYC verification for digital lending platforms

Bank account verification for investment apps

Customer onboarding for neo-banking services

Technical Implementation

Authentication

All API requests require authentication using a JWT Bearer token. Authentication follows these steps:

Obtain API Credentials: Register with Surepass to receive your API key.

Generate JWT Token: Use your API key to generate a JWT token.

Include in Requests: Add the token to the Authorization header as Bearer TOKEN.

Different authentication tokens are used for sandbox and production environments:

Sandbox: https://sandbox.surepass.io

Production: https://kyc-api.surepass.io

Request Parameters

Request Headers

Header	Required	Description
Authorization	Yes	JWT Bearer token for authentication (format: `Bearer YOUR_TOKEN`)
Content-Type	Yes	Must be set to `application/json`

Request Body

Parameter	Type	Required	Description
webhook_url	String (URL)	Yes	The URL where verification status updates will be sent after the user completes the payment

Example Request

{
    "webhook_url": "https://test.example.com"
}

Process Response

Response Parameters

Parameter	Type	Description
data	Object	Contains the verification details
data.client_id	String	Unique identifier for this verification request
data.payment_link	String	Universal UPI payment link for verification
data.ios_links	Object	Platform-specific UPI links optimized for iOS devices
data.ios_links.paytm	String	Paytm-specific UPI link
data.ios_links.phonepe	String	PhonePe-specific UPI link
data.ios_links.gpay	String	Google Pay-specific UPI link
data.ios_links.bhim	String	BHIM-specific UPI link
data.ios_links.whatsapp	String	WhatsApp-specific UPI link
status_code	Integer	HTTP status code of the response
success	Boolean	Indicates if the request was successful
message	String	Human-readable status message
message_code	String	Machine-readable status code

Example Successful Response

{
    "data": {
        "client_id": "reverse_penny_drop_YnaoOsFcdMxQxbvOBlqr",
        "payment_link": "upi://pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220",
        "ios_links": {
            "paytm": "paytm://upi/pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220",
            "phonepe": "phonepe://upi/pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220",
            "gpay": "gpay://upi/pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220",
            "bhim": "bhim://upi/pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220",
            "whatsapp": "upi://pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220"
        }
    },
    "status_code": 200,
    "success": true,
    "message": "Success",
    "message_code": "success"
}

Possible Error Responses

Authentication Error

Invalid Request

{
    "status_code": 401,
    "success": false,
    "message": "Unauthorized access",
    "message_code": "unauthorized"
}

This error occurs when the JWT token is missing, expired, or invalid.

Integration Best Practices

Security Recommendations

Store JWT tokens securely and never expose them in client-side code

Implement HTTPS for your webhook endpoint to ensure secure data transmission

Validate the webhook payload to ensure it comes from Surepass

Implement IP whitelisting for your webhook endpoint if possible

User Experience Guidelines

Present appropriate UPI app options based on the user's device (Android/iOS)

Clearly communicate that a ₹1 payment is required for verification purposes

Provide clear instructions on how to complete the verification process

Implement a status indicator to show verification progress

Code Samples

cURL

Python

Node.js

Related APIs

Verify Reverse Penny Drop Status: Check the status of a reverse penny drop verification

Bank Account Verification: Verify bank account details using account number and IFSC

Bank Statement Analysis: Analyze bank statements for financial behavior assessment

Compliance and Legal Considerations

The reverse penny drop verification process involves collecting a small amount from users. Ensure your terms of service and privacy policy clearly communicate this requirement. The verification process must comply with RBI guidelines for KYC and AML regulations. Maintain proper records of verification attempts for audit purposes.

curl --location --request POST 'https://kyc-api.surepass.app/api/v1/bank-verification/reverse-penny-drop/initialize' \ --header 'Content-Type: application/json' \ --data-raw '{ "webhook_url": "https://test.example.com" }'

{ "data": { "client_id": "reverse_penny_drop_YnaoOsFcdMxQxbvOBlqr", "payment_link": "upi://pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220", "ios_links": { "paytm": "paytm://upi/pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220", "phonepe": "phonepe://upi/pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220", "gpay": "gpay://upi/pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220", "bhim": "bhim://upi/pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220", "whatsapp": "upi://pay?pa=SUREPASS@dbs&pn=&am=1&cu=INR&tn=&tr=CHE00041220" } }, "status_code": 200, "success": true, "message": "Success", "message_code": "success" }

Initialize

Initialize Reverse Penny Drop Verification#

Description#

Use Cases#

Technical Implementation#

Request Headers#

Request Body#

Example Request#

Response Parameters#

Example Successful Response#

Possible Error Responses#

Integration Best Practices#

Code Samples#

Request

Responses