Connection via App Invoke Overview



Paytm provides a seamless way to integrate your POS application with the Paytm EDC App. This document contains the flow and integration steps for the Paytm EDC App Invoke Flow. With this flow, POS can initiate the below request to the EDC app:- 

  • Sale Transaction 
  • Local Status Check 
  • Void Transaction


Transaction Flow



  1. Cashier opens the POS App
  2. Select the goods/services customer wants to purchase and fill the relevant information like customer name, mobile number, etc. as per the implementation in the Billing POS App
  3. On the selection of cashless payments, merchant App passes the transaction amount, transaction id, and other information to Paytm and invokes the Paytm EDC App
  4. Customer chooses the payment mode


    Card Transaction: 

    • Customer either taps the card or inserts the card in EDC machine and inputs the PIN(if asked) to complete the payment

    QR Code: 

    • Cashier taps the “Scan QR” button in the EDC app to generate the QR(If not generated automatically)
    • Customer scans the Paytm QR code and complete the payment
  5. Once the transaction is completed, EDC app passes the transaction information. E.g.: transaction response, reference id, etc. to the merchant POS app
  6. Cashier, on successful payment, prints the receipt and processes the order

Void Flow




  1. Transaction status should be successful
  2. Transactions should be from the same day. Till 00:05 AM all the previous day transactions are considered as same-day transactions

Sample App for API Usage


  • Paytm team will provide the Sample DeepLink App for Retail + NCMC Deeplinks. 
  • Retail Deeplinks (Download Deeplink by clicking here).


Compliance Requirements


Paytm POS Machine and application are PCI PTS compliant. In order to host any third-party application, Paytm will require below mentioned reports


  • Third-Party Application Penetration testing report for the version going on Paytm POS Machine.
  • Letter from the merchant that the app is not utilising any critical function and is free from any malicious code. Basis the confirmation application will be signed with limited functionality required except (MAGCARD, PED, ICC, and PICC) .t signing can be subjected to integration case and business requirements)
  • If any card data is saved by the app at their end then a PCI-DSS compliance certificate is required for the merchant.



  • Any changes going to production will only be pushed after certain documentation is provided by the vendor
  • List of changes going to production
  • Secure code review for the code going to production (manual or automated)
  • Application security testing results(manual or automated)