Register Merchant

Register a new merchant on Omniware. The body of this request is AES-256-ECB encrypted (no IV) — see Encryption.

Endpoint

POST https://pgbiz.omniware.in/v2/registermerchant
Content-Type: application/x-www-form-urlencoded

Wire format

The body has just two form-urlencoded fields. Everything else is encrypted inside encrypted_data.

access_keystring (32)required

Your parent merchant's access key, issued by Omniware. Identifies which merchant is creating the sub-merchant and which encryption_key Omniware should use to decrypt. Not included in the encrypted JSON.

encrypted_datastringrequired

Base64 of the AES-256-ECB ciphertext of the JSON payload below. See Encryption → AES-256-ECB.

POST body:
access_key=YOUR_PARENT_ACCESS_KEY&encrypted_data=BASE64_CIPHERTEXT

Encrypted payload (before encryption)

Identity & login

referral_codestring (8)required

Your referral code, issued at onboarding.

business_namestring (50)required

loginstring (40)required

Login username for the new merchant's dashboard.

emailstring (40)required

passwordstring (20)required

contact_numberdigits(10)required

legal_entitystring (20)required

One of: Private Limited, Public Limited, Partnership, Limited Liability Partnership, Proprietorship, Trust, Club/Society/Association, Individual.

categorystring (20)required

Industry/MCC category (e.g. banking, retail, education). Use the codes Omniware supplies for your accounts.

Address

address_line_1string (50)required

address_line_2string (50)

citystring (40)required

statestring (40)required

countrystring (40)required

zipcodedigits(6)required

KYC

company_panstring (10)required

name_on_company_panstring (40)required

Primary contact

contact_namestring (40)required

contact_mobiledigits(10)required

contact_landlinestring (15)

contact_emailstring (40)required

Bank settlement account

account_holder_namestring (40)required

account_numbernum(25)required

account_ifscstring (15)required

bank_namestring (40)required

bank_branchstring (40)required

account_typestring (40)required

e.g. savings, current.

Optional metadata

website_linkstring (40)

gstinstring (40)

gstin_statestring (40)

activate_bharat_qrstring (1)

y or n. If y, the response includes a base64 BharatQR image.

aadhar_numberstring (40)

Required if activate_bharat_qr=y.

bharat_qr_entitystring (15)

merchant_template_iddigits(5)

Building the request

1. JSON-serialise the payload

   Stringify everything except access_key.

2. Encrypt with AES-256-ECB

   Use the encryption_key Omniware provided. PKCS7 padding.

3. Base64-encode the ciphertext

   Pass it as encrypted_data.

4. POST with plaintext access_key

   Send as application/x-www-form-urlencoded.

PHP

$payload = [
  "referral_code"       => "DIUW5M",
  "business_name"       => "TestMerchant",
  "login"               => "TestMerchantlogin",
  "email"               => "support@example.com",
  "password"            => "password1",
  "contact_number"      => "8904189041",
  "legal_entity"        => "Public Limited",
  "category"            => "banking",
  "address_line_1"      => "Kalyan Nagar",
  "city"                => "Bangalore",
  "state"               => "Karnataka",
  "country"             => "India",
  "zipcode"             => "560001",
  "company_pan"         => "ABCDC4698N",
  "name_on_company_pan" => "TestMerchant",
  "contact_name"        => "TestMerchant",
  "contact_mobile"      => "8904489574",
  "contact_email"       => "support@example.com",
  "account_holder_name" => "Test",
  "account_number"      => "6546498765",
  "account_ifsc"        => "HDFC0000001",
  "bank_name"           => "HDFC",
  "bank_branch"         => "Bangalore",
  "account_type"        => "savings",
];

$json = json_encode($payload);
$ciphertext = openssl_encrypt($json, "AES-256-ECB", $encryption_key, OPENSSL_RAW_DATA);
$encrypted_data = base64_encode($ciphertext);

$body = http_build_query([
  "access_key"     => $access_key,
  "encrypted_data" => $encrypted_data,
]);

$ch = curl_init("https://pgbiz.omniware.in/v2/registermerchant");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$res = curl_exec($ch);

Node.js

import crypto from "node:crypto";

const payload = {
  referral_code: "DIUW5M",
  business_name: "TestMerchant",
  login: "TestMerchantlogin",
  email: "support@example.com",
  password: "password1",
  contact_number: "8904189041",
  legal_entity: "Public Limited",
  category: "banking",
  address_line_1: "Kalyan Nagar",
  city: "Bangalore",
  state: "Karnataka",
  country: "India",
  zipcode: "560001",
  company_pan: "ABCDC4698N",
  name_on_company_pan: "TestMerchant",
  contact_name: "TestMerchant",
  contact_mobile: "8904489574",
  contact_email: "support@example.com",
  account_holder_name: "Test",
  account_number: "6546498765",
  account_ifsc: "HDFC0000001",
  bank_name: "HDFC",
  bank_branch: "Bangalore",
  account_type: "savings",
};

const cipher = crypto.createCipheriv("aes-256-ecb", Buffer.from(encryptionKey), null);
const ct = Buffer.concat([cipher.update(JSON.stringify(payload), "utf8"), cipher.final()]);
const encrypted_data = ct.toString("base64");

const res = await fetch("https://pgbiz.omniware.in/v2/registermerchant", {
  method: "POST",
  body: new URLSearchParams({ access_key: accessKey, encrypted_data }),
}).then(r => r.json());

Python

import base64, json
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
import requests

payload = {
    "referral_code": "DIUW5M",
    "business_name": "TestMerchant",
    "login": "TestMerchantlogin",
    "email": "support@example.com",
    "password": "password1",
    "contact_number": "8904189041",
    "legal_entity": "Public Limited",
    "category": "banking",
    "address_line_1": "Kalyan Nagar",
    "city": "Bangalore",
    "state": "Karnataka",
    "country": "India",
    "zipcode": "560001",
    "company_pan": "ABCDC4698N",
    "name_on_company_pan": "TestMerchant",
    "contact_name": "TestMerchant",
    "contact_mobile": "8904489574",
    "contact_email": "support@example.com",
    "account_holder_name": "Test",
    "account_number": "6546498765",
    "account_ifsc": "HDFC0000001",
    "bank_name": "HDFC",
    "bank_branch": "Bangalore",
    "account_type": "savings",
}

cipher = AES.new(ENCRYPTION_KEY.encode(), AES.MODE_ECB)
ct = cipher.encrypt(pad(json.dumps(payload).encode(), AES.block_size))
encrypted_data = base64.b64encode(ct).decode()

res = requests.post(
    "https://pgbiz.omniware.in/v2/registermerchant",
    data={"access_key": ACCESS_KEY, "encrypted_data": encrypted_data},
).json()

Response

{
  "status": "Registration Successful",
  "api_key": "NEW_MERCHANT_API_KEY",
  "salt": "NEW_MERCHANT_SALT",
  "static_qr_code": "<base64 PNG, only if activate_bharat_qr=y>",
  "username": "TestMerchantlogin",
  "description": "Verification email sent to support@example.com, please check verify email"
}

Store the returned api_key and salt against the new merchant's record on your side — they are the credentials the merchant will use for every other Omniware API.

warning

The new merchant must verify their email before the account is fully active. Until then, payment requests against the returned api_key will be rejected.