API Documentation - Developer Platform |

API MODULES

6 Powerful API Modules

Comprehensive API coverage for all platform capabilities. Each module provides RESTful endpoints with consistent response formats.

💰

FREE

Wallet API

Core wallet balance, transactions, pipeline management, and license operations

Endpoints

GET /wallet/core/balance

GET /wallet/core/transactions

GET /wallet/pipeline/balance

GET /wallet/license/balance

📊

SA Access

CIBIL Reports

Fetch credit reports and scores for individuals and businesses

Endpoints

GET /cibil/reports

POST /cibil/fetch

GET /cibil/status

✅

Subscription

Verify Services

PAN, Aadhaar, Bank Account, GST and other verification APIs

Endpoints

GET /verify/services

POST /verify/pan

POST /verify/aadhaar

POST /verify/bank

🏪

FREE

Marketplace

Access marketplace services and products programmatically

Endpoints

GET /marketplace/services

GET /marketplace/products

POST /marketplace/order

💸

SA Access

Kamao Services

Commission and earnings management APIs

Endpoints

GET /kamao/earnings

GET /kamao/payouts

GET /kamao/reports

👥

FREE

B2C Services

Customer management and B2C operations

Endpoints

GET /b2c/customers

POST /b2c/customer

GET /b2c/orders

AUTHENTICATION

3-Layer Security

All API requests require 4-header authentication including HMAC-SHA256 signature for maximum security.

🔑 Required Headers

X-API-Key

Your API key

vk_live_abc123...

X-Timestamp

Unix timestamp (seconds)

1739612345

X-Signature

HMAC-SHA256 signature (hex)

a1b2c3d4e5...

X-Admin-Code

Your 6-digit admin code

123456

🔐 HMAC Signature Formula

Signature Formula


                        Signature = HMAC-SHA256( timestamp + method + endpoint + body, api_secret )

⚠️ No separator - Direct concatenation (no dots, colons, or spaces)

⚠️ Order matters - Always: timestamp → method → endpoint → body

⚠️ Method is UPPERCASE - Use GET not get

⚠️ Timestamp validity - Must be within 5 minutes of server time

✓ Admin code NOT in signature - Only sent as header

GET Request Example

String: 1739612345GET/api/v1/wallet/balance

Visual Breakdown

GET Request

timestamp 1739612345

method GET

endpoint /api/v1/wallet/balance

body (empty)

Result: 1739612345GET/api/v1/wallet/balance

POST Request

timestamp 1739612345

method POST

endpoint /api/v1/verify/pan

body {"pan":"ABCDE1234F"}

Result: 1739612345POST/api/v1/verify/pan{"pan":"ABCDE1234F"}

CODE EXAMPLES

Quick Start Examples

Get started quickly with ready-to-use code examples in your favorite language.

<?php
// Your credentials
$api_key = 'vk_live_your_api_key_here';
$api_secret = 'your_api_secret_here';
$tenant_code = '123456';

// Request details
$timestamp = time();
$method = 'GET';
$endpoint = '/api/v1/wallet/core/balance.php';
$body = '';

// Generate signature
$signature_string = $timestamp . $method . $endpoint . $body;
$signature = hash_hmac('sha256', $signature_string, $api_secret);

// Make request
$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL => 'https://vistarkriya.com' . $endpoint,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        'X-API-Key: ' . $api_key,
        'X-Timestamp: ' . $timestamp,
        'X-Signature: ' . $signature,
        'X-Admin-Code: ' . $tenant_code,
        'Content-Type: application/json'
    ]
]);

$response = curl_exec($ch);
$data = json_decode($response, true);
print_r($data);

import time
import hmac
import hashlib
import requests

# Your credentials
api_key = 'vk_live_your_api_key_here'
api_secret = 'your_api_secret_here'
tenant_code = '123456'

# Request details
timestamp = str(int(time.time()))
method = 'GET'
endpoint = '/api/v1/wallet/core/balance.php'
body = ''

# Generate signature
signature_string = timestamp + method + endpoint + body
signature = hmac.new(
    api_secret.encode('utf-8'),
    signature_string.encode('utf-8'),
    hashlib.sha256
).hexdigest()

# Make request
headers = {
    'X-API-Key': api_key,
    'X-Timestamp': timestamp,
    'X-Signature': signature,
    'X-Admin-Code': tenant_code,
    'Content-Type': 'application/json'
}

response = requests.get(
    f'https://vistarkriya.com{endpoint}',
    headers=headers
)
print(response.json())

const crypto = require('crypto');
const https = require('https');

// Your credentials
const apiKey = 'vk_live_your_api_key_here';
const apiSecret = 'your_api_secret_here';
const tenantCode = '123456';

// Request details
const timestamp = Math.floor(Date.now() / 1000).toString();
const method = 'GET';
const endpoint = '/api/v1/wallet/core/balance.php';
const body = '';

// Generate signature
const signatureString = timestamp + method + endpoint + body;
const signature = crypto
    .createHmac('sha256', apiSecret)
    .update(signatureString)
    .digest('hex');

// Make request
const options = {
    hostname: vistarkriya.com,
    path: endpoint,
    method: method,
    headers: {
        'X-API-Key': apiKey,
        'X-Timestamp': timestamp,
        'X-Signature': signature,
        'X-Admin-Code': tenantCode,
        'Content-Type': 'application/json'
    }
};

const req = https.request(options, (res) => {
    let data = '';
    res.on('data', chunk => data += chunk);
    res.on('end', () => console.log(JSON.parse(data)));
});
req.end();

# Step 1: Set variables
API_KEY="vk_live_your_api_key_here"
API_SECRET="your_api_secret_here"
TENANT_CODE="123456"
TIMESTAMP=$(date +%s)
METHOD="GET"
ENDPOINT="/api/v1/wallet/core/balance.php"
BODY=""

# Step 2: Generate signature
SIGNATURE_STRING="${TIMESTAMP}${METHOD}${ENDPOINT}${BODY}"
SIGNATURE=$(echo -n "$SIGNATURE_STRING" | openssl dgst -sha256 -hmac "$API_SECRET" | cut -d' ' -f2)

# Step 3: Make request
curl -X GET "https://vistarkriya.com${ENDPOINT}" \
  -H "X-API-Key: ${API_KEY}" \
  -H "X-Timestamp: ${TIMESTAMP}" \
  -H "X-Signature: ${SIGNATURE}" \
  -H "X-Admin-Code: ${TENANT_CODE}" \
  -H "Content-Type: application/json"

Example Response 200 OK

{
  "success": true,
  "data": {
    "balance": 15420.50,
    "currency": "INR",
    "last_updated": "2024-02-20T10:30:00Z"
  }
}

ERROR HANDLING

Authentication Errors

Common error codes and how to resolve them.

Common Error Codes

401

AUTH_MISSING_KEY

X-API-Key header missing

401

AUTH_INVALID_KEY

API key not found

401

HMAC_INVALID

Signature doesn't match

401

TIMESTAMP_EXPIRED

Request too old (>5 min)

403

AUTH_IP_BLOCKED

IP not in whitelist

🐛 Debugging Tips

1. Print your signature string

Before hashing, verify it looks like: 1739612345GET/api/v1/wallet/balance

2. Check timestamp sync

Your server time must be within 5 minutes of our server. Use NTP.

3. Verify method is UPPERCASE

Use GET not get

4. Check body encoding

For POST, use exact JSON string. No extra whitespace.

5. Admin code NOT in signature

X-Admin-Code is sent as header only, not in HMAC calculation.

Error Response Format

{
  "success": false,
  "error": {
    "code": "HMAC_INVALID",
    "message": "Signature verification failed",
    "http_status": 401
  }
}

Build Powerful
Integrations

6 Powerful API Modules

Wallet API

CIBIL Reports

Verify Services

Marketplace

Kamao Services

B2C Services

3-Layer Security

🔑 Required Headers

🔐 HMAC Signature Formula

Visual Breakdown

GET Request

POST Request

Quick Start Examples

Authentication Errors

Common Error Codes

🐛 Debugging Tips

1. Print your signature string

2. Check timestamp sync

3. Verify method is UPPERCASE

4. Check body encoding

5. Admin code NOT in signature

Error Response Format

Ready to Start Building?

Stay Updated

Build Powerful Integrations

6 Powerful API Modules

Wallet API

CIBIL Reports

Verify Services

Marketplace

Kamao Services

B2C Services

3-Layer Security

🔑 Required Headers

🔐 HMAC Signature Formula

Visual Breakdown

GET Request

POST Request

Quick Start Examples

Authentication Errors

Common Error Codes

🐛 Debugging Tips

1. Print your signature string

2. Check timestamp sync

3. Verify method is UPPERCASE

4. Check body encoding

5. Admin code NOT in signature

Error Response Format

Ready to Start Building?

Stay Updated

Change Language?

Build Powerful
Integrations