Skip to main content

When to Use

Call this endpoint after all data-collection steps are complete to obtain a redirectLink for the merchant verification iFrame. The URL loads the PayGlocal partner onboarding experience where the merchant completes T&C acknowledgement, DigiLocker, and VKYC. Use this as step 8 in the onboarding sequence — after Configure Products and before polling Get Onboarding Status.
This endpoint can only be called when every pre-verification checklist step is complete. Calling it earlier returns 400 Bad Request. It cannot be called again after DigiLocker, VKYC, and T&C are all complete.

Preconditions

The following checklist fields must not be INCOMPLETE before calling this endpoint: Poll GET /status and confirm documentsToBeUploaded is empty before calling redirect.

Notes

  • Authenticate with x-gl-auth and x-gl-digest — sign the raw JSON request body (same as other PUT endpoints). See Authentication.
  • Request field is callBackUrl (camelCase with capital B).
  • Response field is redirectLink, not redirectUrl.
  • redirectLink format: {baseUrl}?token={sessionToken}&onboardingId={onboardingId}. The session token is valid for 24 hours and must not be cached or reused.
  • callBackUrl is persisted on the merchant record and used as the post-verification redirect target. Its domain must be whitelisted.
  • Environment base URLs for redirectLink:

What Happens Server-Side

  1. Validates the onboarding checklist via isVerificationAllowed().
  2. Stores callBackUrl on the merchant record.
  3. Generates a single-use session token (24-hour TTL).
  4. Returns the composed redirectLink for iFrame embedding.
See iFrame Integration for embed instructions and Partner Onboarding Events for completion signals.

Error Scenarios