m2pfintech
API Integration

Authentication & Security

OAuth 2.0, JWT, and API Key authentication setup for M2P UPI Platform integration.

All M2P UPI APIs use a dual-layer authentication model.

Authentication Methods

Primary authentication for all API calls:

  • OAuth 2.0 Bearer tokens issued by M2P
  • JWT tokens with configurable expiry
  • Token refresh mechanism
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

Secondary layer for additional verification:

  • Static API key provided during onboarding
  • Included as a custom header
X-API-Key: your-api-key-here

Request Headers

Every API call requires these headers:

HeaderRequiredDescription
AuthorizationBearer token (OAuth 2.0 JWT)
Content-Typeapplication/json
X-Channel-CodeTenant/channel identifier
X-Request-IdRecommendedUnique request ID for tracing
During UAT, authentication may be relaxed for ease of integration. Full authentication is enforced in production.

Overview

Unified cross-GTM integration reference — understand how each partner type integrates with the M2P UPI Platform.

Encryption & Key Exchange

AES-256 payload encryption and RSA-2048 session key exchange for secure API communication.

On this page

Authentication Methods
Request Headers