Vistarkriya
VistarKriya
Sign In Create Free Account
Free forever • No credit card required
Home API Documentation
RESTful API v1

Build Powerful
Integrations

Access wallet, verification, CIBIL, marketplace, and more through our secure RESTful API with 3-layer authentication.

Base URL
https://vistarkriya.com/api/v1
Open API Workspace Request API Access
Sub-100ms
Fast response times across all endpoints
🔐
3-Layer Auth
API Key + HMAC-SHA256 + Tenant Code
🌐
IP Whitelist
Mandatory IP restriction for security
📄
RESTful JSON
Standard REST with consistent responses
API MODULES

6 API Modules

Comprehensive coverage for all platform capabilities. Each module provides RESTful endpoints with consistent JSON responses.

💰
FREE

Wallet API

Core wallet balance, transactions, pipeline and license operations

GET /wallet/core/balance
GET /wallet/core/transactions
GET /wallet/pipeline/balance
GET /wallet/license/balance
📊
SA Access

CIBIL Reports

Fetch credit reports and scores for individuals and businesses

GET /cibil/reports
POST /cibil/fetch
GET /cibil/status
Subscription

Verify Services

PAN, Aadhaar, Bank Account, GST and other verification APIs

GET /verify/services
POST /verify/pan
POST /verify/aadhaar
POST /verify/bank
🏪
FREE

Marketplace

Access marketplace services and products programmatically

GET /marketplace/services
GET /marketplace/products
POST /marketplace/order
💸
SA Access

Kamao Services

Commission and earnings management APIs

GET /kamao/earnings
GET /kamao/payouts
GET /kamao/reports
👥
FREE

B2C Services

Customer management and B2C operations

GET /b2c/customers
POST /b2c/customer
GET /b2c/orders
AUTHENTICATION

3-Layer Security

Every request requires 4 headers including HMAC-SHA256 signature for maximum security.

Required Headers

X-API-Key

Your API key from dashboard

vk_live_abc123...
X-Timestamp

Unix timestamp in seconds

1739612345
X-Signature

HMAC-SHA256 signature (hex)

a1b2c3d4e5...
X-Tenant-Code

Your 6-digit tenant code

123456

HMAC Signature Formula

Formula
HMAC-SHA256( timestamp + method + endpoint + body, api_secret )
Direct concatenation — no dots, colons, or spaces
Order: timestamp → method → endpoint → body
Method must be UPPERCASE (GET not get)
Timestamp must be within 5 minutes of server time
Tenant code is NOT included in signature — header only
Example String (GET)
1739612345GET/api/v1/wallet/core/balance

Visual Breakdown

GET Request

timestamp 1739612345
method GET
endpoint /api/v1/wallet/core/balance
body (empty)
Result: 1739612345GET/api/v1/wallet/core/balance

POST Request

timestamp 1739612345
method POST
endpoint /api/v1/verify/pan
body {"pan":"ABCDE1234F"}
Result: 1739612345POST/api/v1/verify/pan{"pan":"ABCDE1234F"}
CODE EXAMPLES

Quick Start

Ready-to-use code examples. Or use the API Workspace for interactive testing.

<?php
// Credentials
$api_key    = 'vk_live_your_api_key_here';
$api_secret = 'your_api_secret_here';
$tenant_code = '123456';

// Request
$timestamp = time();
$method    = 'GET';
$endpoint  = '/api/v1/wallet/core/balance';
$body      = '';

// HMAC Signature
$sig_string = $timestamp . $method . $endpoint . $body;
$signature  = hash_hmac('sha256', $sig_string, $api_secret);

// cURL
$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL            => 'https://vistarkriya.com' . $endpoint,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER     => [
        'X-API-Key: '      . $api_key,
        'X-Timestamp: '    . $timestamp,
        'X-Signature: '    . $signature,
        'X-Tenant-Code: '  . $tenant_code,
        'Content-Type: application/json'
    ]
]);

$response = curl_exec($ch);
$data = json_decode($response, true);
print_r($data);
Example Response 200 OK 
{
  "success": true,
  "data": {
    "balance": 15420.50,
    "currency": "INR",
    "last_updated": "2026-05-01T10:30:00Z"
  }
}
ERROR HANDLING

Authentication Errors

Common error codes and how to resolve them.

Error Codes

401
AUTH_MISSING_KEY

X-API-Key header missing

401
AUTH_INVALID_KEY

API key not found or invalid

401
HMAC_INVALID

Signature verification failed

401
TIMESTAMP_EXPIRED

Request too old (>5 min window)

403
AUTH_IP_BLOCKED

IP not in whitelist

429
RATE_LIMITED

Too many requests, slow down

Debugging Tips

1. Print your signature string

Should look like: 1739612345GET/api/v1/wallet/core/balance

2. Check timestamp sync

Must be within 5 minutes of server time. Use NTP.

3. Method must be UPPERCASE

Use GET not get

4. POST body = exact JSON

No extra whitespace. Use the same JSON string in both signature and request body.

5. Tenant code is header only

X-Tenant-Code is NOT part of the HMAC signature calculation.

Error Response Format

{
  "success": false,
  "error": {
    "code": "HMAC_INVALID",
    "message": "Signature verification failed",
    "http_status": 401
  }
}
GET API ACCESS

Request API Integration

Fill out the form below and our team will get back to you within 24 hours.

By submitting, you agree to our Privacy Policy

Ready to Start Building?

Sign up for a free account, get your API key, and start testing in the interactive workspace.

What you get:
✓ Interactive API Workspace ✓ Code examples in 4 languages ✓ IP Whitelist management ✓ API Key + Secret generation ✓ HMAC Playground tool ✓ Real-time request testing
Sign Up for API Access Talk to Sales
⚡ Sub-100ms Response 🛡️ 99.9% Uptime 🔐 3-Layer Security 📞 24/7 Support
💬 Chat with Agent 0