Udyog Aadhaar

Endpoint Overview

POST /api/v1/ocr/udyog-aadhaar

Description

The Udyog Aadhaar OCR API enables automated extraction of key identification details from Udyam/Udyog Aadhaar registration certificates. By submitting an image or PDF of the certificate, the API uses optical character recognition (OCR) to accurately parse and return the unique UDYAM registration number and document type in a structured JSON format.

This API is particularly valuable for businesses, financial institutions, and government platforms that need to verify MSME (Micro, Small & Medium Enterprise) registrations as part of onboarding, loan processing, or compliance workflows — eliminating manual data entry and reducing errors.

Key Benefits

Instant Verification: Automatically extract Udyam registration numbers in real time, removing the need for manual document review.

Multi-Format Support: Accepts both image files and PDF documents, offering flexible integration into existing document workflows.

Structured Output: Returns clean, machine-readable JSON data ready to plug into downstream systems such as KYC platforms, ERP tools, or lending systems.

Scalable & Reliable: Built for high-throughput production workloads with sandbox support for safe integration testing.

Use Cases

Banking & Lending

Government & Compliance

Fintech & SaaS Platforms

Validate MSME registration certificates during business loan applications to ensure only legitimate enterprises are processed.

Automate extraction of UDYAM IDs for pre-filling credit application forms, reducing onboarding friction.

Cross-verify extracted registration numbers against government databases during KYC and due diligence checks.

Technical Implementation

Authentication

All API requests require authentication using a JWT Bearer token. Authentication follows these steps:

Obtain API Credentials: Register with Surepass to receive your API key.

Generate JWT Token: Use your API key to generate a JWT token.

Include in Requests: Add the token to the Authorization header as Bearer <YOUR_JWT_TOKEN>.

Different authentication tokens are used for sandbox and production environments:

Sandbox: https://sandbox.surepass.app

Production: https://kyc-api.surepass.app

⚠️ Never share your JWT token publicly or embed it in client-side code. Use environment variables or a secrets manager to store credentials securely.

Request Parameters

Request Headers

Header	Required	Description
`Authorization`	Yes	JWT Bearer token in the format `Bearer <YOUR_JWT_TOKEN>`
`Content-Type`	Yes	Must be `multipart/form-data` when uploading files

Request Body

Parameter	Type	Required	Description
`file`	File	Yes	The Udyog Aadhaar / Udyam registration certificate to be processed. Accepted formats include common image types (JPEG, PNG) and PDF.
`use_pdf`	Boolean	No	Set to `true` when the uploaded file is a PDF document. If omitted or `false`, the file is treated as an image.

Example Request

Process Response

Response Parameters

Parameter	Type	Description
`data`	Object	Contains the extracted document data.
`data.client_id`	String	A unique identifier for this specific OCR request, prefixed with `ocr_udyog_aadhaar_`.
`data.id_number`	String	The extracted UDYAM registration number from the certificate (e.g., `UDYAM-UP-11-0001234`).
`data.document_type`	String	The type of document identified. Returns `"udyam"` for Udyam/Udyog Aadhaar certificates.
`status_code`	Integer	HTTP status code of the response. `200` indicates success.
`success`	Boolean	`true` if the request was processed successfully; `false` otherwise.
`message`	String	A human-readable status message (e.g., `"success"`).
`message_code`	String	A machine-readable status code string (e.g., `"success"`).

Example Successful Response

{
    "data": {
        "client_id": "ocr_udyog_aadhaar_ZsqtIuswKMrjVxCryfXu",
        "id_number": "UDYAM-UP-11-0001234",
        "document_type": "udyam"
    },
    "status_code": 200,
    "success": true,
    "message": "success",
    "message_code": "success"
}

Possible Error Responses

Unauthorized (401)

Bad Request (400)

Internal Server Error (500)

{
    "data": null,
    "status_code": 401,
    "success": false,
    "message": "Authentication credentials were not provided or are invalid.",
    "message_code": "unauthorized"
}

This error occurs when the Authorization header is missing, malformed, or contains an expired/invalid JWT token. Ensure you are passing a valid Bearer <TOKEN> and that the token has not expired.

Integration Best Practices

Security Recommendations

Store tokens securely: Never hardcode JWT tokens in source code. Use environment variables, secret vaults (e.g., AWS Secrets Manager, HashiCorp Vault), or secure configuration management.

Use HTTPS exclusively: Always transmit API requests over HTTPS to prevent interception of documents and tokens in transit.

Rotate tokens regularly: Establish a token rotation policy and revoke credentials immediately if a breach is suspected.

Restrict token scope: Use the minimum required permissions for each integration and avoid sharing tokens across services.

Validate on your backend: Perform file type and size validation on your server before forwarding documents to the API to prevent abuse.

User Experience Guidelines

Set upload expectations: Inform users about accepted file formats (images and PDFs) and recommended resolution (at least 300 DPI) for best OCR results.

Provide real-time feedback: Show a loading indicator while the document is being processed to keep users informed of progress.

Handle errors gracefully: Display user-friendly error messages when OCR fails (e.g., "We couldn't read the document. Please upload a clearer image.") rather than exposing raw API error codes.

Pre-fill forms automatically: Use the extracted id_number to auto-populate registration fields, reducing manual input and the risk of transcription errors.

Allow manual override: Always give users the option to manually edit the extracted data in case of OCR inaccuracies.

Code Samples

cURL

Python

Node.js

Related APIs

PAN Card OCR — Extract PAN number, name, date of birth, and other fields from PAN card images or PDFs.

Aadhaar OCR — Parse personal details including name, date of birth, address, and Aadhaar number from Aadhaar card documents.

GST Certificate OCR — Retrieve GSTIN, legal business name, registration date, and other fields from GST registration certificates.

Bank Statement OCR — Extract account details, transaction summaries, and balance information from uploaded bank statements.

Driving License OCR — Read DL number, name, validity, and other fields from driving licence documents.

Compliance and Legal Considerations

Data Privacy: Udyog Aadhaar and Udyam registration certificates may contain sensitive business and personal information. Ensure that all data handling complies with applicable privacy regulations, including India's Digital Personal Data Protection Act (DPDP Act) and any sector-specific guidelines issued by RBI, SEBI, or other regulators.

Purpose Limitation: Use the extracted data solely for the purpose declared during onboarding with Surepass. Repurposing or selling extracted data to third parties without explicit consent is prohibited.

Document Retention: Establish and follow a clear document retention and deletion policy. Do not store raw certificate images or extracted data longer than operationally necessary.

Consent: Obtain explicit consent from the business owner or authorized representative before collecting and processing their Udyog Aadhaar/Udyam certificate as part of any KYC or verification workflow.

Audit Trails: Maintain logs of API calls (including client_id references) for audit and dispute resolution purposes, without storing the actual document content beyond the required retention period.

Provide your bearer token in the

Authorization

header when making requests to protected resources.

Example:

Authorization: Bearer ********************

{ "data": { "client_id": "ocr_udyog_aadhaar_ZsqtIuswKMrjVxCryfXu", "id_number": "UDYAM-UP-11-0001234", "document_type": "udyam" }, "status_code": 200, "success": true, "message": "success", "message_code": "success" }

Description#

Use Cases#

Technical Implementation#

Request Headers#

Request Body#

Example Request#

Response Parameters#

Example Successful Response#

Possible Error Responses#

Integration Best Practices#

Code Samples#

Request

Responses