Skip to main content

CKYC FAQs

This document addresses common technical questions and integration scenarios for CKYC Search and Download and CKYC Upload APIs.

CKYC Search and Download FAQs

Why are two API calls made during OTP validation?

There are two API calls in the backend:

  • First call: The mobile number is passed to validate if it exists and matches the user details in CERSAI's database. If it does, CERSAI triggers the OTP.
  • Second call: This call includes the mobile number and the OTP (received from the user) to validate if the OTP entered matches the one sent by CERSAI, and proceeds to download the details accordingly.

From the user's perspective, REs (Regulated Entities) should collect the mobile number once and pass it to both API requests.

How many times can an OTP be validated or resent?

A user is allowed 3 resend attempts. Per resend, 3 validation attempts are allowed (9 total attempts per requestId).

How long is the OTP valid?

The OTP is valid for 10 minutes.

Is there a wait time between OTP resend requests?

Yes - you must wait 90 seconds before triggering an OTP resend request.

If you try to resend the OTP before 90 seconds, the API will return an error.

Can the same mobile number be used in both /start and /validateOtpAndDownload APIs?

Yes - it must be the same. The mobile number passed to /validateOtpAndDownload must exactly match the mobile number used in /start.

What happens if the customer enters an old OTP after resending?

Only the latest OTP sent is valid. If an old OTP is entered after a resend, the validation will fail and count against the 3 allowed attempts.

What happens if the mobile number is not registered in the CKYC record?

Individual download is not possible for such cases. The following error response is returned:

"Download failed. Mobile number is not registered in the KYC record. Please download using bulk file methods"

To resend the OTP, should the client call /start again?

No - do not call /start again.

Instead, trigger a resend by calling /validateOtpAndDownload with the following:

  • Pass otp as an empty string ("")
  • Set the retry parameter to "yes"

This will instruct CERSAI to resend the OTP (provided 90 seconds have passed and attempts are within the limit).

What happens after all OTP attempts (resends + validations) are exhausted?

The following error response is returned:

"Download failed. Number of attempts to resend OTP exceeded <limit>"

At this point, no further action is possible on the current session. The RE must restart the process by calling /start again.

Do we have visibility into the SMS content of the OTP sent by CERSAI?

Yes. The message format is:

"OTP for CKYC No XX1234 download request at Amica Payment Services Private Limited is 110192. OTP will be valid for 10 minutes -CERSAI"

Why is the mobile number captured in the initial request if CERSAI triggers the OTP?

The mobile number is captured to share it with CERSAI. CERSAI verifies if this mobile number matches their records before sending an OTP to the user.

Is OTP or sensitive data logged anywhere by HyperVerge Docker?

The Docker solution does not store or log OTPs, personal identifiers, or CKYC data locally. All sensitive data remains transient and encrypted as per CERSAI protocols. Data retention is fully under client (RE) control.

Is a private key required for accessing CKYC Search and Download APIs?

Yes. CERSAI mandates that all API requests be digitally signed and encrypted using public-private key cryptography. This ensures secure communication and tamper-proof data exchange.

CKYC Upload FAQs

How and when should we update the CKYC password credentials?

As per CERSAI policies, the CKYC Maker (SFTP/portal) password expires periodically (typically every 30 days, or as per portal rules).

HyperVerge uses the configured credentials to connect to CERSAI on your behalf. If the password is changed on the CKYC portal but not updated via the PreUpload API, CKYC Upload requests fail due to authentication errors, interrupting upload processing.

To prevent downtime, the updated password must be configured immediately using the PreUpload API.

How to update the password:

  • Use the PUT method on the PreUpload endpoint. Only the password field needs to be passed.
  • All other fields are optional and should not be included unless they also need to be updated.

Sample cURL: Production Password Update

curl --location --request PUT 'https://ind-ckyc.hyperverge.co/api/v1/config/upload' \
--header 'Content-Type: application/json' \
--header 'appId: <Enter_the_App_ID>' \
--header 'appKey: <Enter_the_App_Key>' \
--header 'transactionId: <Enter_the_Transaction_ID>' \
--data '{
    "password": "<Enter_the_Password>"
}'

How are CKYC uploads processed, and what happens if we exceed the daily limit?

When you send user data via the Upload API, HyperVerge performs internal validations and applies necessary data transformations to align with CKYCRR requirements. Valid records are then batched into consolidated file(s) and uploaded to CKYCRR using the configured Maker credentials as part of the Maker step.

Uploads are processed in batches (not real-time). CKYCRR allows a maximum of 1 GB per entity per day through this route. If the total data volume exceeds this limit, excess records are securely queued and processed in the next eligible cycle. The Upload API continues to accept and acknowledge requests without interruption.

If you anticipate high daily volumes, we recommend planning uploads accordingly and aligning on expected processing timelines to avoid spillovers.

What should be done if PAN is unavailable?

  • If PAN is unavailable, pass FORM60 in the pan field in the CKYC Upload API.
  • While Regulated Entities (REs) must collect Form 60 as per compliance requirements, Form 60 details are not required to be sent via the CKYC Upload API.

Why are yesterday's CKYC batches not visible on the CERSAI portal?

Cases are batched from our end daily. We recommend waiting 1-2 days if the batch is not received for approval, as CERSAI processing can occasionally take additional time.

How do we take action on probable match cases?

Once the probable match status is received, cases are visible on the HV Reconciliation Dashboard. Please take action there within 7 days for further processing.

What is the meaning of the error "Rejected - ID provided already under process" in the long rejected status?

This means CERSAI already has an active CKYC transaction in progress for that PAN/Aadhaar from another FI. Until that workflow is completed on their side, all duplicate submissions are blocked, so the long-reject seen is a terminal end state.

CERSAI has not published a fixed TAT for clearing this lock. In most cases it resolves in a few days, but it can take longer depending on the other FI's process. A "final update" will not come on this submission; once the upstream case completes, you will either see a CKYC ID available via a Search call, or be able to re-submit successfully.

Was this helpful?
ON THIS PAGE
Ask AIBeta
Hi! How can I help?
Ask me anything about HyperVerge products, APIs, and SDKs.
Try asking: