Paperless
Developer Docs

Developer Documentation

Everything you need to integrate Paperless into your application.

Introduction

The Paperless API is a REST-based interface for accepting payments across Bangladesh. Built for developers, it supports cards (Visa, Mastercard, AMEX), every major mobile financial service (bKash, Nagad, Rocket, Upay), and internet banking — all through a single integration.

Base URL
api.paperless.org.in
API Version
2026-06-01
Format
JSON over HTTPS

Quick Start

Accept your first payment in 3 minutes. Replace sk_test_… with the test secret key from your dashboard.

curl
curl https://api.paperless.org.in/v1/payments \
  -u sk_test_xxxxxxxxxxxxxxxxxxxx: \
  -d amount=10000 \
  -d currency=BDT \
  -d channel=bkash \
  -d customer_phone=+8801XXXXXXXXX \
  -d redirect_url=https://yoursite.com/return

The response includes a checkout_url. Redirect the customer there to complete payment.

Authentication

Paperless uses HTTP Basic Auth with your secret API key as the username (no password). All requests must be made over HTTPS — plain HTTP requests are rejected.

javascript
const response = await fetch('https://api.paperless.org.in/v1/payments', {
  method: 'POST',
  headers: {
    'Authorization': 'Basic ' + btoa('sk_test_xxx:'),
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ amount: 10000, currency: 'BDT', channel: 'card' }),
});

Never expose your secret key in client-side code. Use the publishable key (pk_test_…) for browser integrations.

Payments API

Create a payment

POST /v1/payments

json
{
  "id": "pay_01HXYZABCDEFG",
  "amount": 10000,
  "currency": "BDT",
  "channel": "bkash",
  "status": "pending",
  "checkout_url": "https://pay.paperless.org.in/c/01HXYZ...",
  "created_at": "2026-06-01T10:23:45Z"
}

Retrieve a payment

GET /v1/payments/{id}

Refund a payment

POST /v1/payments/{id}/refund

Webhooks

Paperless sends webhooks when payment status changes. Every webhook is signed with HMAC-SHA256 — always verify the signature before processing.

javascript
import { createHmac, timingSafeEqual } from 'crypto';

function verify(body, signature, secret) {
  const expected = createHmac('sha256', secret).update(body).digest('hex');
  return timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}
payment.succeeded
payment.failed
payment.refunded
payment.disputed

Security

  • PCI-DSS Level 1 certified infrastructure
  • TLS 1.3 enforced on every endpoint
  • Card data tokenization — your servers never touch PANs
  • 3D Secure 2.0 supported on all card transactions
  • Real-time fraud scoring on every transaction

Official SDKs

Node.js
npm install @paperless/node
PHP
composer require paperless/paperless-php
Python
pip install paperless
Java
implementation 'in.org.paperless:paperless-java:1.0.0'

Changelog

2026-06-01

Added Upay channel support. New payment.disputed webhook.

2026-04-12

3D Secure 2.0 enforcement on all card transactions.

2026-02-28

Public launch of v1 API.