Fintech Track Your Loan API

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank Restricted

Fintech

Track Your Loan API

Technical Document

Version 1.7

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 1 Restricted

DOCUMENT CONTROL

Document

Name :

HDFCBank_UserManual_4_Fintech_TrackYourLoan

API

Version :

1.7

Template

Owner :

BTG Retail

Prepared

By :

Dimple Kasturi

Date :

20/11/2019

Approved

By :

Chaitanya Kasibhatla

VERSION HISTORY

Version

Number

Date

Author(s)

Brief Description of Change

Reviewed by

1.1

28/12/2018

Snehal Ghosalkar

Addition to the New Template

Vinod Rasquinha

1.2

28/6/2019

Dimple Kasturi

Addition of Device , Filler and

note for special characters

Chaitanya

Kasibhatla

1.3

07/08/2019

Surendra Vichare

‘Field Length’ changes done as

given by Loan Assist Team

Dimple Kasturi

1.4

30/08/2019

Surendra Vichare

Contain changes like Sample Java

Code request & response

Dimple Kasturi

1.5

20/11/2019

Sandhya Sawant

Updated important notes to be

followed in case of rejected

document and Re-scan

Dimple Kasturi

1.6

18/01/2020

Sandhya Sawant

Updated specs for Value

Decryption Logic

Dimple Kasturi

1.7

06/03/2020

Aditya More

Added Los status to customer

table LOS to Customer Status

Summary

Dimple Kasturi

HDFC Bank Open API Banking Platform – User Manual     
Copyright@HDFCBank  2  Restricted   
TABLE OF CONTENTS 
1.  Purpose ............................................................................................................................................ 3 
2.  How to consume the service ............................................................................................................ 3 
2.1 Request: ........................................................................................................................................ 3 
2.1.1 Original REST-JSON Request Sample for Track Your Loan API: .............................................. 3 
2.2 Response: ..................................................................................................................................... 4 
2.2.1 Original JSON Response Payload Structure: .......................................................................... 4 
3.  Field Details ..................................................................................................................................... 9 
  Input parameters: ...................................................................................................................... 9 
  Output Fields: ........................................................................................................................... 10 
4.  Sample Java Code:- ........................................................................................................................ 13 
4.1  Filler4 Generation logic:- ................................................................................................... 13 
4.2  Response Description Decryption logic:- .......................................................................... 13 
4.3  Value Decryption logic:- .................................................................................................... 16 
5.  Error/Status Codes Details ............................................................................................................. 17 
  Service Error codes are as below:- ........................................................................................... 17 
  HDFC Bank’s Public API Gateway Error Codes:- ...................................................................... 17 
6.  Appendix ........................................................................................................................................ 18 
  Service Endpoint URL:- ............................................................................................................. 18 
  Other Prerequisites required from External partner: ............................................................. 18 
  API Key Details:- ....................................................................................................................... 18 
  Glossary: ................................................................................................................................... 19 
  LOS TO CUSTOMER STATUS SUMMARY ............................................................................................. 20 
 
 
 
 
 
 
 
 
 
 

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 3 Restricted

1. Purpose

This document provides external partners of HDFC Bank with technical details on how

to invoke an API for Tracking the Status of Loan and Documents. This API needs to be

called after Complete Document Upload API.

The Track Your Loan API accepts Loan Number with Fintech details. This API accepts a

Unique key provided by HDFC Bank and other required details. In response, Fintech will

receive status of loan and documents with document upload master.

The API follows a REST JSON format.

2. How to consume the service

Logic for Request & Response Processing:

2.1 Request:

2.1.1 Original REST-JSON Request Sample for Track Your Loan API:

{

"getStatusEnquiry": {

"deviceId": " FinTech_XXXXXXX",

"mobileNumber": "9769958177",

"RequestTime": "2018/07/31 11:30:10 AM",

"UniqueKey": "HDFCMOBAPPM1LC61KYRR",

"applicationId": "56947107",

"Filler1": "Android",

"Filler2": "",

"Filler3": "",

"Filler4": "H5PXIJG665D1PTSB44OE",

"Filler5": "",

"UserName": "FinTech",

"Password": "xpVxRulN3rmNKv799DzOOA=="

}

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 4 Restricted

2.2 Response:

2.2.1 Original JSON Response Payload Structure:

{

"getStatusEnquiryResponse": {

"getStatusEnquiryResult": {

"Filler1": "IGNEHGOPWQ2XSW8MTSGU",

"i_errorcode": "",

"Filler3": "",

"Filler2": "",

"responseCode": "0000",

"ParentDocMaster": {

"Parent_Doc": [{

"Parent_Doc_Id": "1",

"Parent_Doc_Desc": "ADDRESS PROOF",

"Child_Doc_flag": "Yes",

"ChildDocMaster": {

"Child_Doc": [{

"Child_Doc_Desc": "AADHAR

CARD",

"Child_Doc_Id": "1183"

}]

}

},

{

"Parent_Doc_Id": "6",

"Parent_Doc_Desc": "INCOME PROOF",

"Child_Doc_flag": "Yes",

"ChildDocMaster": {

"Child_Doc": [{

"Child_Doc_Desc":

"AUDITED P&L AND B/S - LAST 2 YRS",

"Child_Doc_Id": "3"

},

{

"Child_Doc_Desc": "IT

RETURNS - LAST 2 YRS",

"Child_Doc_Id": "7"

},

{

"Child_Doc_Desc":

"SALARY SLIP - LAST 2 MONTHS",

"Child_Doc_Id": "19"

},

{

"Child_Doc_Desc":

"TDS CERTIFICATE",

"Child_Doc_Id": "21"

},

{

"Child_Doc_Desc":

"FORM 16",

"Child_Doc_Id": "22"

},

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 5 Restricted

{

"Child_Doc_Desc":

"SALARY CERTIFICATE",

"Child_Doc_Id": "23"

},

{

"Child_Doc_Desc":

"APPOINTMENT LETTER",

"Child_Doc_Id": "24"

},

{

"Child_Doc_Desc":

"ASSESSMENT ORDER - LAST 2 YRS",

"Child_Doc_Id": "26"

},

{

"Child_Doc_Desc":

"CREDIT CARD STATEMENT",

"Child_Doc_Id": "33"

},

{

"Child_Doc_Desc":

"CREDIT CARD COPY",

"Child_Doc_Id": "39"

},

{

"Child_Doc_Desc":

"COMPUTATION OF INCOME-PROP",

"Child_Doc_Id": "93"

},

{

"Child_Doc_Desc":

"CERTIFIED BALANCE SHEET-PROP",

"Child_Doc_Id": "94"

},

{

"Child_Doc_Desc":

"CONTRACT COPY",

"Child_Doc_Id": "105"

},

{

"Child_Doc_Desc":

"PROJECTED PL AC BY CA APPT BY BANK",

"Child_Doc_Id": "759"

}

]

}

},

{

"Parent_Doc_Id": "50",

"Parent_Doc_Desc": "BANK STATEMENT",

"Child_Doc_flag": "Yes",

"ChildDocMaster": {

"Child_Doc": [{

"Child_Doc_Desc":

"BANK ST LESS THAN 3 MONTHS",

"Child_Doc_Id": "565"

},

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 6 Restricted

{

"Child_Doc_Desc":

"BANK ST 3 TO 5 MONTHS",

"Child_Doc_Id": "566"

},

{

"Child_Doc_Desc":

"BANK ST >= 6 MONTHS",

"Child_Doc_Id": "567"

},

{

"Child_Doc_Desc": "6

MTS EDC CR BK ST",

"Child_Doc_Id": "754"

}

]

}

},

{

"Parent_Doc_Id": "106",

"Parent_Doc_Desc": "ADDRESS/IDENTITY

PROOF",

"Child_Doc_flag": "Yes",

"ChildDocMaster": {

"Child_Doc": [{

"Child_Doc_Desc":

"PHOTOGRAPH",

"Child_Doc_Id": "16"

},

{

"Child_Doc_Desc":

"SIGNATURE VERIFICATION DOC",

"Child_Doc_Id": "20"

},

{

"Child_Doc_Desc":

"RATION CARD",

"Child_Doc_Id": "27"

},

{

"Child_Doc_Desc":

"DRIVING LICENCE",

"Child_Doc_Id": "28"

},

{

"Child_Doc_Desc":

"VOTERS ID CARD",

"Child_Doc_Id": "29"

},

{

"Child_Doc_Desc":

"PASPORT COPY",

"Child_Doc_Id": "30"

},

{

"Child_Doc_Desc":

"ELECTRICITY BILL",

"Child_Doc_Id": "31"

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 7 Restricted

},

{

"Child_Doc_Desc":

"LIC POLICY / RENT AGREEMENT",

"Child_Doc_Id": "32"

},

{

"Child_Doc_Desc":

"TELEPHONE BILL",

"Child_Doc_Id": "34"

},

{

"Child_Doc_Desc":

"SHOP & ESTBL ACT CERTIFICATE",

"Child_Doc_Id": "35"

},

{

"Child_Doc_Desc":

"SSI REGISTRATION CERTIFICATE",

"Child_Doc_Id": "36"

},

{

"Child_Doc_Desc":

"SALES TAX CERTIFICATE",

"Child_Doc_Id": "37"

},

{

"Child_Doc_Desc":

"PAN CARD",

"Child_Doc_Id": "89"

},

{

"Child_Doc_Desc": "CO

PROVIDED ACCOMODATION",

"Child_Doc_Id": "96"

},

{

"Child_Doc_Desc":

"SALE/PURCHASE AGREEMENT",

"Child_Doc_Id": "103"

},

{

"Child_Doc_Desc":

"CREDIT CARD PHOTO",

"Child_Doc_Id": "107"

},

{

"Child_Doc_Desc":

"COPY OF COMPANY ID CARD",

"Child_Doc_Id": "698"

},

{

"Child_Doc_Desc":

"GAS CONNECTION BILL",

"Child_Doc_Id": "699"

},

{

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 8 Restricted

"Child_Doc_Desc":

"LETTER FROM CATA & CATB CO.",

"Child_Doc_Id": "701"

},

{

"Child_Doc_Desc":

"MOBILE BILL",

"Child_Doc_Id": "702"

},

{

"Child_Doc_Desc":

"OTHERS-ADDRESS PROOF",

"Child_Doc_Id": "703"

},

{

"Child_Doc_Desc":

"AADHAR CARD.",

"Child_Doc_Id":

"1186"

},

{

"Child_Doc_Desc":

"NREGA JOB CARD",

"Child_Doc_Id":

"1714"

},

{

"Child_Doc_Desc":

"CENTRAL/STATE GOVT ID CARD",

"Child_Doc_Id":

"1715"

}

]

}

]

},

"Parent_Doc_flag": "Yes",

"responseDesc":

"0baad852ac0e6d2282b3ff3d072ee74eb3648bc73397de6c30eaabca4bd87c5a40decf839d

7a7cc8fde63c0c6e2b03e54696a75468e2f1ae73e99489e9802ee8uf7YboQeqbJPasTnzNFAq

VB1xwz831JgUOkCfOQ55iI=",

"strProductName": "",

"Parent_DocStatusMst": "",

"i_errorMsg": "",

"strRefNo": "",

"Parent_DocStatus_flag": "No",

"status": "Under Process",

"timestamp": "2018/12/28 05:09:58 PM"

}

NOTE:

 The Original JSON Response Payload fields may not be in sequential order.

 All Original REST-JSON Request payload field names are mandatory. However, the field

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 9 Restricted

values can be left empty (“”) for optional fields.

 Partners need to pass a unique value 'FinTech_XXXXXXX’ for fields ‘deviceId’ and

‘username’ in the request of this API, however, the XXXXXXX value needs to be obtained

by each partner from HDFC Bank before they invoke the API.

 As per best industry standards, special characters are blocked at API Gateway

o Characters that trigger SQL Injection error are ' # --

o Characters that trigger Code Injection error are *()<>^`&; *()<>^`&;`'";|&>\

 Our recommendations is that partners don’t send special characters in any field, in case

of special characters being encountered partners need to replace the special characters

with a space, this recommendation is line with global best practices to avoid threats due

to SQL injections and code injections in banking industry

Important Notes :-

Following are the Points which needs to be followed by Partner in case of documents are

rejected by Bank and in Track your loan those documents are requested to Re-Scan again :-

 Device ID and customer Mobile no should be same as Apply for loan API.

 Track Your Loan Filler 1 to be passed in Document Upload 1's Filler 2.

 Document Upload 1 Filler 1 to be passed in Document Upload 2's Filler 2.

 Document Upload 2 Filler 1 to be passed in Document Upload 3's Filler 2.

 Document Upload 3 Filler 1 to be passed in Document Upload 4's Filler 2.

 Document Upload 4 Filler 1 will be passed in Complete Document Upload Filler 2.

3. Field Details

 Input parameters:

Field Name

Type

Field

Descriptio

n

Sample Value

Mandatory /

Optional

Remarks

Encryption

Details

(Encryption

Algorithm/Encr

yption

mode/Encrypti

on padding)

with Sample

code to create

encrypted

value for the

field

deviceId

varchar(10

0)

Source

Unique Id

Partners need to

pass a unique

value

'FinTech_XXXXX

XX’ for fields

‘deviceId’ and

Mandatory

Fixed value

NA

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 10 Restricted

‘username’ in

the request of

this API,

however, the

XXXXXXX value

needs to be

obtained by

each partner

from HDFC Bank

before they

invoke the API

mobileNumb

er

Number(10

)

Customer

Mobile

Number

9999988888

Mandatory

10 digit

NA

RequestTime

datetime

Request

Date

Time

2018/07/25

11:31:26 AM

Mandatory

yyyy/MM/dd

hh:mm:ss tt

NA

UniqueKey

varchar(10

0)

Unique

Key

HDFCMOBAPPM1LC

61KYRR

Mandatory

Fixed value

NA

applicationId

varchar(10

0)

Loan

Number

1234567890

Mandatory

Filler1

varchar(10

0)

Partner

Type

Android

Mandatory

Android/iOS/

Website

NA

Filler2

varchar(10

0)

Optional

For Future

Use

NA

Filler3

varchar(10

0)

Optional

For Future

Use

NA

Filler4

varchar(10

0)

Key

generate

d by

Partner

H5PXIJG665D1PTSB

44OE

Mandatory

Filler4

Generation

logic

(Refer section

4.1 for sample

code)

Filler4

Generation

logic

(Refer section

4.1 for sample

code)

Filler5

varchar(10

0)

Optional

For Future

Use

NA

UserName

varchar(15)

User

Name

FinTech

Mandatory

Fixed

NA

Password

varchar(10

0)

Password

xpVxRulN3rmNKv79

9DzOOA==

Mandatory

Fixed Value

provided by

Bank during

Partner

onboarding

process.

NA

 Output Fields:

Field Name

Type

Field Description

Sample Value

Mandato

ry /

Remarks

Encryption

Details

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 11 Restricted

Optional

(Encryption

Algorithm/Encry

ption

mode/Encryptio

n padding) with

Sample code to

create encrypted

value for the

field

responseCode

varchar(100)

Response Code

0000

Mandato

ry

Response

Code

NA

responseDesc

varchar(500)

Response

Description

Success

Mandato

ry

Respons

e string

encrypte

d using

Respons

e

Descripti

on

Encryptio

n logic.

(Refer

section

4.2 for

sample

code for

decryptio

n of this

field)

Response

string

encrypted

using

Response

Description

Encryption

logic.

(Refer section

4.2 for sample

code for

decryption of

this field)

status

varchar(500)

Loan Application

Status

In Process

Mandato

ry

Status

NA

timestamp

datetime

Date Time

2018/07/25

11:24:09 AM

Mandato

ry

Response

Date Time

NA

i_errorMsg

varchar(500)

Error Message

i_errorcode

varchar(100)

Error Code

Filler1

varchar(100)

Alphanumeric

Key to use in next

API

3NOCNIUHR9HD

JZB1KGMP

Mandat

ory

Alphanu

meric

Key to

use in

next API

NA

Filler2

varchar(100)

Filler3

varchar(100)

Key generated by

Source

Option

al

For

Future

Use

NA

strRefNo

varchar(50)

Reference Number

MLA000174022

Mandato

ry

Reference

No

NA

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 12 Restricted

strProductName

varchar(100)

Product Name

Personal Loan

Mandato

ry

Product

Name

NA

Parent_DocStatus_flag

varchar(50)

Parent Document

Status Flag

Yes

Mandato

ry

Yes or No

NA

Parent_Doc_Id

varchar(50)

Parent Doc Id

2

Mandato

ry

Parent

Doc Id

NA

Parent_Doc_Desc

varchar(500)

Parent Doc

Description

APPLICATION

FORM

Mandato

ry

Parent

Doc

Descriptio

n

NA

Child_Doc_Id

varchar(50)

Child Doc Id

913

Mandato

ry

Child Doc

Id

NA

Child_Doc_Desc

varchar(500)

Child Doc

Description

APPLICATION

FORM - IMAGING

Mandato

ry

Child Doc

Descriptio

n

NA

Status

varchar(500)

Status

In Process

Mandato

ry

Status

NA

Description

varchar(500)

Description

In Process

Mandato

ry

Descriptio

n

NA

Remarks

varchar(500)

Remarks

In Process

Mandato

ry

Remarks

NA

Parent_Doc_flag

varchar(50)

Parent Document

Flag

Yes

Mandato

ry

Yes or No

NA

Parent_Doc_Id

varchar(50)

Parent Doc Id

2

Mandato

ry

Parent

Doc Id

NA

Parent_Doc_Desc

varchar(500)

Parent Doc

Description

APPLICATION

FORM

Mandato

ry

Parent

Doc

Descriptio

n

NA

Child_Doc_flag

varchar(50)

Child Doc Flag

Yes

Mandato

ry

Yes or No

NA

Child_Doc_Id

varchar(50)

Child Doc Id

913

Mandato

ry

Child Doc

Id

NA

Child_Doc_Desc

varchar(500)

Child Doc

Description

APPLICATION

FORM - IMAGING

Mandato

ry

Child Doc

Descriptio

n

NA

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 13 Restricted

4. Sample Java Code:-

4.1 Filler4 Generation logic:-

public class RandomString {

private final Random random = new Random();

private final char[] buf;

private final int length = 20;

public RandomString() {

if (length < 1)

throw new IllegalArgumentException("length < 1: " + length);

buf = new char[length];

}

public String getUniqueReqId() {

char[] symbols;

StringBuilder tmp = new StringBuilder();

for (char ch = '0'; ch <= '9'; ++ch)

tmp.append(ch);

for (char ch = 'A'; ch <= 'Z'; ++ch)

tmp.append(ch);

symbols = tmp.toString().toCharArray();

for (int idx = 0; idx < buf.length; ++idx)

buf[idx] = symbols[random.nextInt(symbols.length)];

return new String(buf);

}

4.2 Response Description Decryption logic:-

UNIQUE_REQUEST_ID in below code is generated using above code with method getUniqueReqId.

private boolean isSuccessResponse(String tokenReceivedFromServer) {

String tokenForThisReq = null;

try {

tokenForThisReq = JwtTokenForReqId.getJwtTokenForReqId(UNIQUE_REQUEST_ID);

} catch (UnsupportedEncodingException e) {

if (debug) e.printStackTrace();

} catch (NoSuchAlgorithmException e) {

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 14 Restricted

if (debug) e.printStackTrace();

} catch (InvalidKeyException e) {

if (debug) e.printStackTrace();

}

if (tokenForThisReq == null) return false;

if (tokenForThisReq.equals(tokenReceivedFromServer)) return true;

return false;

}

public class JwtTokenForReqId{

public static String getJwtTokenForReqId(String uniqueRequestId) throws UnsupportedEncodingException,

NoSuchAlgorithmException, InvalidKeyException {

String secretKey = "";

String response2 = null;

String keyToEncode = "";

StringBuffer sb, sb2, sb3;

try {

//STEP 1 //Remove ‘_’ from ApplicationVariables.DEVICE_UNIQUE_ID for below code only.

String keyString = ApplicationVariables.DEVICE_UNIQUE_ID + "." +

com.indigo.hdfcloans.utils.Utility.getCurrentDateIn_yyyymmdd() + "." + uniqueRequestId;

Log.e("KEYSTRING", keyString);

MessageDigest mDigest = MessageDigest.getInstance("SHA256");

byte[] result = mDigest.digest(keyString.getBytes());

sb = new StringBuffer();

for (int i = 0; i < result.length; i++) {

sb.append(Integer.toString((result[i] & 0xff) + 0x100, 16).substring(1));

}

String string = "{\"alg\":\"HS256\",\"typ\":\"HQR\"}";

mDigest = MessageDigest.getInstance("SHA256");

byte[] result2 = mDigest.digest(string.getBytes());

sb2 = new StringBuffer();

for (int i = 0; i < result2.length; i++) {

sb2.append(Integer.toString((result2[i] & 0xff) + 0x100, 16).substring(1));

}

//STEP 2.2

String string1 = "{\"tokenId\":43124832,\"userId\":\"" + ApplicationVariables.DEVICE_UNIQUE_ID +

"\",\"username\":\"Guest\",\"validity\":\"2016-05-07 17:07\"}";

mDigest = MessageDigest.getInstance("SHA256");

byte[] result3 = mDigest.digest(string1.getBytes());

sb3 = new StringBuffer();

for (int i = 0; i < result3.length; i++) {

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 15 Restricted

sb3.append(Integer.toString((result3[i] & 0xff) + 0x100, 16).substring(1));

}

//STEP 2.3

keyToEncode = sb2.toString() + sb3.toString();

HMAC_SHA256(sb.toString(), keyToEncode);

// Removing (.) DOT // sb.toString() should be assign to key and keyToEncode should be assign

to message in HMAC_SHA256 function

response2 = sb2.toString() + sb3.toString() + HMAC_SHA256(sb.toString(), keyToEncode);

} catch (Exception e) {

e.printStackTrace();

}

return response2;

}

Definition of com.indigo.hdfcloans.utils.Utility.getCurrentDateIn_yyyymmdd()

public static String getCurrentDateIn_yyyymmdd() {

String month = "";

String day = "";

//EEE MMM dd kk:mm:ss z yyyy

if ((getCurrentMonth() + 1) <= 9) {

String monthStr = "" + (getCurrentMonth() + 1);

if (monthStr.length() == 1)

month = "00" + (getCurrentMonth() + 1);

else

month = "0" + (getCurrentMonth() + 1);

} else {

month = "0" + (getCurrentMonth() + 1);

}

if ((getCurrentDay()) <= 9) {

String dateStr = "" + getCurrentDay();

if (dateStr.length() == 1)

day = "0" + getCurrentDay();

else

day = "" + getCurrentDay();

} else {

day = "" + getCurrentDay();

}

String date = getCurrentYear() + "" + month + "" + day;

return date;

}

public static int getCurrentMonth() {

return Calendar.getInstance().get(Calendar.MONTH);

}

public static int getCurrentDay() {

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 16 Restricted

return Calendar.getInstance().get(Calendar.DAY_OF_MONTH);

}

public static int getCurrentYear() {

return Calendar.getInstance().get(Calendar.YEAR);

}

Definition of HMAC_SHA256

private static String HMAC_SHA256(String secret, String message) {

String hash = "";

try {

Mac sha256_HMAC = Mac.getInstance("HmacSHA256");

SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");

sha256_HMAC.init(secret_key);

hash = Base64.encodeToString(sha256_HMAC.doFinal(message.getBytes()), Base64.NO_WRAP);

} catch (Exception e) {

}

return hash.trim();

}

4.3 Value Decryption logic:-

import javax.crypto.Cipher;

import javax.crypto.spec.SecretKeySpec;

import javax.crypto.spec.IvParameterSpec;

import io.fabric.sdk.android.services.network.HttpRequest;

class AAAA{ // class can have any name

public static String getDecryptedValueFor(String encryptedResponseField) {

String decryptedValue = null;

try {

String decryptedString = getDecryptedTextFor(encryptedResponseField);

if(decryptedString.contains(ApplicationVariables.lastReceivedToken)) {

decryptedValue = decryptedString.replaceAll(ApplicationVariables.lastReceivedToken, "");

} else {

// This should never happen

System.out.println("======== WRONG DATA RECEIVED...");

}

} catch (Exception e) {

e.printStackTrace();

}

return decryptedValue;

}

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 17 Restricted

public static String getDecryptedTextFor(String base64Str) throws Exception {

byte[] keyBytes = new byte[16];

String key = "HDFCBANK!@#987MOBAPP";

byte[] b = key.getBytes("UTF-8");

int len = b.length;

if (len > keyBytes.length) len = keyBytes.length;

System.arraycopy(b, 0, keyBytes, 0, len);

SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");

byte[] base64ToByteArray = Base64.decode(base64Str, Base64.DEFAULT);

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

IvParameterSpec ivSpec = new IvParameterSpec(keyBytes);

cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);

String decryptedStr = new String(cipher.doFinal(base64ToByteArray), "UTF-8");

return decryptedStr;

}

Note : lastReceivedToken will be Filler1 received in response of Track your loan FinTech API.

5. Error/Status Codes Details

 Service Error codes are as below:-

Error Code - 0 for Success

Error Code - 1 for Failure

Error Message - For Error description

 HDFC Bank’s Public API Gateway Error Codes:-

Error Codes

Error Message

Http Status Code

TH99401

SSL Required For API Access

401 Unauthorized

TH99401

Access denied for the IP:10.X.X.170

401 Unauthorized

TH99405

Request Method Not Allowed For API Access

405 Method Not Allowed

TH99413

Message Size Exceeded Limit

413 Payload Too Large

TH99429

DDOS Attack Detected from Requester

429 Too Many Requests

TH99410

Cross Site Forgery Detected in API Request Message Payload

410 Gone

TH99400

Code Injection Detected in API Request Message Payload

400 Bad Request

TH99421

Document Structure Threat in API Request Message Payload

421 Misdirected Request

TH99422

SQL Injection Detected in API Request Message Payload

422 Unprocessable Entity

(WebDAV)

TH99411

Invalid Content Type in API Request Message Payload

411 Length Required

TH99503

API Back-end Service Not Available or Timed-Out

503 Service Unavailable

TH99429

API Access Quota Exceeded

429 Too Many Requests

TH99423

XML Entity Expansion Attack Detected from Requester

423 Locked (WebDAV)

TH99500

HDFC Bank API Blackout Window Operational

500 Internal Server Error

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 18 Restricted

TH99409

Message Payload Validation failed

409 Conflict

TH99412

Oauth Token Validation failed

412 Precondition Failed

TH99412

You Are Not Authorized To Access This Functionality

412 Precondition Failed

TH99401

Invalid Client Certificate

401 Unauthorized

TH99401

Scope Validation Failed

401 Unauthorized

TH99401

Signature verification Failed

401 Unauthorized

TH99401

Invalid apikey

401 Unauthorized

TH99400

Decryption Failed

400 Bad Request

TH99400

Bad Request

400 Bad Request

TH99509

Account Plan limit exceeded

509 Bandwidth Limit Exceeded

In case the transaction fails at the HDFC Bank’s Public API Gateway, the error structure will be

as follows:

HTTP status code is returned with error payload in JSON format as below-

{"TH99401": "Invalid API Key"}

6. Appendix

 Service Endpoint URL:-

https://openapiuat.hdfcbank.com:9443/API/Fintech_TrackYourLoan

 Other Prerequisites required from External partner:

a) SSL Certificate of the external partner, Two Way SSL needs to be

configured

b) List of IPs of the external entity for IP white-listing

c) HTTPS requests to HDFC Bank should TLS 1.2

d) Signed Legal Agreements required in HDFC bank’s template

e) Sign-up at https://openbankinguat.hdfcbank.com, by Representative of

external partner. Following acceptance of Sign-up by HDFC Bank,

external partner needs to click on link Activation mail, and complete a

form on the Bank’s API Portal.

 API Key Details:-

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 19 Restricted

The Bank's API Portal will display a value known as an apikey after access to the

API has been granted. The API Key should be sent, by the external partner, as

part of the request header of the API request made to HDFC Bank.

The Bank's Public API will be verifying the apikey value coming from the external

partner.

A screen shot of the Bank’s main web service testing tool, SoapUI, shows the

apikey in the header encircled in blue. (Sample screenshot below)

 Glossary:

DEFINITION

The following are definitions of terms, abbreviations and acronyms used in this document.

Term

Definition

REST

(REpresentational State Transfer) is an architectural style for developing

web services

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 20 Restricted

JSON

JavaScript Object Notation, a lightweight data-interchange format

Base64

Base64 is an encoding and decoding technique used to convert binary data

to an American Standard for Information Interchange (ASCII) text format,

and vice versa

 LOS TO CUSTOMER STATUS SUMMARY

Id

LOS_Status

LOS_Status_To_Customer

1

Quick Data Entry

Case Initiated

2

SAS

Under Process

3

Cibil Process

Under Process

4

DDEBRE

Under Process

5

In-Principle Approval

Under Process

6

DUP

Under Process

7

Mini Dedupe Referral

Duplicate case

8

Detail Data Entry

Under Process

9

Document Collection

Pre-Sanction Document Check

10

In-Principle Approval2

Under Process

11

Underwriting AUTO or

Underwriting

Decision Awaited

12

Disbursal Details

Disbursement Under Process

13

End

Disbursed

14

Approve

Approved

15

UND Pending

Additional Documents / Check pending

16

Dedupe Referral

Under Process

17

Rejection Activity

Reject

18

CANCEL

Cancelled

19

DID

Disbursed

20

Ric Scoring

Under Process

21

FI Completion

Verification Pending

22

FI Initiation

Verification Pending

23

FI Verification Detail

Verification Pending

24

Template Approval

Approved

25

Post Sanc Doc

Approved

26

Underwriting AUTO

Decision Awaited

27

Underwriting

Decision Awaited

28

Case Initiated

29

Under Process

30

Duplicate case

31

Pre-Sanction Document Check

32

Decision Awaited

33

Disbursement Under Process

34

Disbursed

35

Approved

36

Additional Documents / Check

pending

Additional Documents / Check pending

HDFC Bank Open API Banking Platform – User Manual

Copyright@HDFCBank 21 Restricted

37

Reject

38

Cancelled

39

Verification Pending