Documentation Index Fetch the complete documentation index at: https://developer.moneyone.in/llms.txt
Use this file to discover all available pages before exploring further.
Overview The SDK Init API initializes a PFM SDK session for a specific user and returns a session token that can be used to launch the PFM interface. This API must be called from your backend server before launching the PFM SDK on the client side.
Example Request curl --location 'https://api-uat.pfm.equal.in/pfm/sdk/init' \ --header 'authorization: Basic {{base64_encoded_clientId:clientSecret}}' \ --header 'content-type: application/json' \ --data '{ "reference_id": "user_ref_12345", "pfm_config_id": "your_pfm_config_id", "user_profile": { "mobile_number": "9876543210", "name": "John Doe", "dob": "15-01-1990", "pan": "ABCDE1234F" } }'
Authentication This API requires authentication through the following headers that must be included in every request:
Header Type Required Description authorizationstring Yes Basic authentication header with base64 encoded clientId:clientSecret content-typestring Yes Must be set to application/json
Request Body The request body must be a JSON object containing the following parameters:
Parameter Type Required Description reference_idstring Yes Unique identifier for an user. Use this to track users as your end. pfm_config_idstring Yes PFM configuration identifier that determines the specific PFM setup to use for this user. user_profileobject Yes User profile information required for PFM initialization. user_profile.mobile_numberstring Yes User’s mobile number for identification and communication. user_profile.namestring No User’s full name as it appears in their identity documents. user_profile.dobstring No User’s date of birth in DD-MM-YYYY format. user_profile.panstring Yes User’s PAN (Permanent Account Number) for identity verification.
Response Success Response (200 OK) When the SDK initialization is successful, the API returns a session token:
{ "status" : "SUCCESS" , "session_token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }
Field Type Description statusstring Status of the API call. Will be SUCCESS for successful requests. session_tokenstring JWT session token to be used for launching the PFM SDK. This token has a limited validity period.
Error Responses (400 Bad Request) When the request contains invalid data or missing required fields, the API returns specific error responses:
Invalid PAN Response
Invalid Mobile Number Response
Invalid Config ID Response
Invalid Reference ID Response
{ "status" : "FAILED" , "message" : "PAN can't be empty or null" , "status_code" : "invalid_pan_number" , "is_retryable" : false }
Field Type Description statusstring Status of the API call. Will be FAILED for failed requests. messagestring Human-readable error message explaining what went wrong. status_codestring Machine-readable error code for programmatic error handling. is_retryableboolean Indicates whether the request can be retried. false means the request should not be retried without fixing the input.
Error Handling Error Code HTTP Status Description Resolution invalid_pan_number400 Bad Request PAN number is missing or empty Ensure the user_profile.pan field is provided with a valid PAN number invalid_mobile_number400 Bad Request Mobile number is missing or empty Ensure the user_profile.mobile_number field is provided with a valid mobile number invalid_pfm_config_id400 Bad Request PFM configuration ID is invalid or missing Verify the pfm_config_id value with your PFM configuration setup invalid_reference_id400 Bad Request Reference ID is missing or empty Ensure the reference_id field is provided with a unique identifier
Next Steps After successfully obtaining the session token from this API:
Store the Token : Keep the session token secure and use it immediately as it has a limited validity periodLaunch SDK : Use the session token to initialize and launch the PFM SDK in your client applicationHandle Expiry : If the token expires, call this API again to get a new session token
Security Considerations
Client Credentials : Never expose your client ID and secret in client-side codeToken Storage : Handle session tokens securely and avoid logging themHTTPS Only : Always use HTTPS when calling this APIToken Expiry : Implement proper token refresh logic for long-running sessionsEncryption Support : This API supports encryption. When encryption is enabled for your integration, both request and response payloads will be encrypted. See API Encryption Guide for details. 