BridgPay Docs

Merchant Onboarding

Portal, KYC, settlement account, API access, webhook, and go-live checklist for a new merchant.

Use this checklist before creating live payouts. The API will reject signed server-to-server calls while API access is disabled, even if the merchant can still log in to the portal.

Environment URLs

EnvironmentMerchant portalAPI base URLDocs
Productionhttps://merchant.bridg.moneyhttps://api.bridg.moneyhttps://docs.bridg.money/docs
Testing/UAThttps://merchant-beta.bridg.moneyhttps://api-beta.bridg.moneyhttps://docs-beta.bridg.money/docs

Production onboarding should use the production portal and production API base URL. Testing/UAT links are for controlled validation only.

Onboarding flow

  1. Sign in to the merchant portal.
  2. Complete Business Details.
  3. Add the Banking Details used for settlement and wallet operations.
  4. Upload the required Business Documents.
  5. Wait for KYC review and API access approval.
  6. Generate API keys, configure IP whitelist, and configure webhooks.
  7. Run test payouts in Beta/UAT, then switch the same integration to production credentials and production base URL.

Business details

The onboarding form expects:

FieldNotes
Legal Business NameEditable during onboarding. Should match KYC documents and settlement account.
Business DescriptionMinimum 100 characters. Explain the business, products/services, and customer type.
Business TypePrivate/Public Limited, Partnership/LLP, Proprietorship, or Trust/Society/NGO.
Business EmailOperational email for onboarding and communication.
Phone NumberIndian mobile number.
Business PANAAAAA9999A format.
GSTIN15-character GSTIN. Required in the portal form; upload GST certificate where applicable.
Website URLPublic HTTPS URL.
Refund/Cancellation Policy URLPublic HTTPS URL.
Registered/operational addressAddress line, city, state, and postal code.

Banking details

Add the merchant settlement account:

FieldNotes
Account Holder NameShould match the legal entity name on the account.
Account NumberSettlement account number.
IFSC11-character IFSC in AAAA0XXXXXX format.

KYC documents

Documents must be signed and self-attested by Directors/Authorised Signatory where applicable. The portal shows the exact slots for the selected business type; use the matrix below as the preparation checklist.

DocumentPrivate/Public LtdPartnership/LLPProprietorshipTrust/Society/NGO
Permanent Account Number (PAN)RequiredRequiredRequiredRequired
Business Address ProofRequiredRequiredRequiredRequired
Bank Account ProofRequiredRequiredRequiredRequired
Bank StatementRequiredRequiredRequiredRequired
PAN and Aadhaar of all Directors/Owners/Authorised PersonsRequiredRequiredRequiredRequired
Certificate of Incorporation (COI)Required---
Memorandum of Association (MOA)Required---
Articles of Association (AOA)Required---
CIN / MCA Registration DetailsRequired---
Board Resolution / AuthorisationRequired--Required
Partnership Deed / LLP Agreement-Required--
Authorisation Document / Resolution-Required-Required
Registration Certificate / Trust Deed / License---Required
GST CertificateOptionalOptionalOptionalOptional
Udyam / MSME Registration Certificate--Optional-

Approval and API access

KYC review has four business states: unstarted, in_review, approved, and rejected. API access is separate: enabled or disabled.

If API access is disabled, signed API requests return 403 with kyc_required. The merchant portal still works so the merchant can fix KYC or configuration gaps.

Integration setup

Complete these settings before live traffic:

SettingWhereRequirement
API key and signing keySettings -> API KeysStore the signing key immediately; it is shown once.
IP whitelistSettings -> IP WhitelistAdd production server egress IPs. Empty whitelist means the key is accepted from any source IP.
Webhook URLSettings -> WebhooksHTTPS endpoint that returns 2xx quickly. Store the webhook secret immediately.

See API Keys and IP Whitelist, Authentication Headers, and Webhooks.

First payout test

  1. Create a beneficiary. Use bank account + IFSC for bank rails, or vpa for UPI.
  2. Initiate a small payout with a unique Idempotency-Key.
  3. Read the response and store payoutTransactionId and transactionId.
  4. Poll GET /v1/payouts/:payoutTransactionId or wait for the webhook.
  5. Confirm terminal status:
    • 11 Successful includes the bank reference/UTR when available.
    • 12 Failed reverses the wallet reservation.
    • 3 or 4 means the payout is still pending/in progress.
  6. Verify the webhook signature and dedupe by payoutWebhookId.

Go-live checklist

Before production traffic:

  • KYC approved and API access enabled.
  • Production API key active and signing key stored in a secret manager.
  • Production server egress IPs whitelisted.
  • Webhook URL saved, secret stored, and signature verifier tested.
  • Test payout lifecycle verified in Beta/UAT.
  • Client handles 409 idempotency/beneficiary conflicts without duplicate payouts.
  • Client stores both transactionId and payoutTransactionId.
  • Client stores utr / transactionReference from payout details and webhooks.

On this page