Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.payglocal.in/llms.txt

Use this file to discover all available pages before exploring further.

Overview

PayGlocal Payment APIs (/gl/v1/payments/*) use asymmetric key cryptography for authentication. Every request payload is wrapped in an RSA-signed JWS (JSON Web Signature) token sent in the x-gl-token-external header, and every response includes a signed token you can verify. This ensures request authenticity and response integrity.
The default scheme is JWS signing (authenticity). Some flows (e.g., billpay) additionally require the request body to be encrypted as a JWE using PayGlocal’s public certificate — your PayGlocal integration lead will confirm whether your MID needs encryption.

The Two Keys

KeyNameWho Owns ItWhat It Does
PVT-KEYYour Private KeyYou (the merchant/client)Signs your outgoing requests (JWS)
PUBCERTPayGlocal Public CertificatePayGlocalVerifies PayGlocal’s response token; encrypts request body when JWE is required
Your Private Key (PVT-KEY) is never stored by PayGlocal. You can only download it once — at the moment of creation. If you lose it, you must create a new key pair.

How the Keys Work Together

Your Server                                PayGlocal Server
    │                                             │
    │  1. Sign payload with PVT-KEY → JWS token   │
    │     (optionally encrypt with PUBCERT → JWE) │
    │──────── x-gl-token-external: JWS ──────────▶│
    │                                             │
    │◀────────── Response with x-gl-token ────────│
    │                                             │
    │  2. Validate x-gl-token with PUBCERT        │
    │  3. Extract payment status                  │

Environments

PayGlocal has two separate environments, each requiring their own set of keys:
EnvironmentControl Center URLAPI Base URL
UAThttps://gcc.uat.payglocal.inhttps://api.uat.payglocal.in
Productionhttps://gcc.prod.payglocal.inhttps://api.prod.payglocal.in
Download your keys from the correct environment. UAT keys will not work in Production and vice versa. Access to the Production environment is only enabled after you have executed the service contract with PayGlocal.

Security Standards

PayGlocal uses industry-leading encryption to protect your data:
  • TLS 1.3 for point-to-point transport security
  • End-to-End Encryption (E2EE) — the payload is encrypted throughout its entire journey, even through intermediaries
  • RSA 2,048-bit keys for resistance against cryptanalytic advances
  • Zero-trust architecture for data at rest, in transit, and in use

Next Steps

Download Your Private Key

Step-by-step guide to creating and downloading your PVT-KEY from the PayGlocal Control Center.

Download the Public Certificate

How to obtain PayGlocal’s PUBCERT for encrypting requests and validating responses.

Construct API Requests

Configure the sample client code and start making authenticated API calls.