API

REST APIs for Indian business data

The Infyner data engine, available as a clean REST API

Q: How is auth handled?

Bearer-token authentication on every request. Tokens are scoped to a tenant and an environment (sandbox or production). You can issue multiple tokens, set a per-token rate limit, and revoke one without disturbing the others. Token rotation is supported via the developer portal.

Q: What are the rate limits?

Sandbox tokens: 60 requests per minute. Production tokens: 600 requests per minute by default, raisable on request for paying customers. Bulk endpoints have separate per-batch quotas (e.g. up to 1,000 GSTINs per bulk verification call).

Q: How is pricing structured?

Per-call. Each endpoint has a list price visible on the developer portal. Common rates: company lookup INR 0.50, GSTIN verification INR 0.25, PAN verification INR 0.50, director check INR 0.75, risk score INR 4. Volume tiers cut the rate by 30-60% above 100,000 calls a month.

Q: Is there a sandbox?

Yes. Free, unlimited, returns the same response shapes as production. Synthetic data is keyed to a fixed set of test PANs / GSTINs / CINs documented on the developer portal so you can write deterministic tests.

Q: Where does the data come from?

Primary sources only - MCA21, GSTN, the income-tax department, EPFO, ESIC, IBBI, MSME Samadhaan, the supreme-court and high-court e-courts feed. We do not buy from data brokers and we do not scrape. Every field on every response carries a source attribution.

Q: How fresh is the data?

MCA master data is refreshed nightly; live MCA endpoints (status, AGM date) pass through in real time. GSTN status is real time via the GSTN authorised channel. Director list is nightly. Litigation hits are weekly.

Q: Can I integrate with Webhooks for changes?

Yes - the change-feed API publishes events whenever a watched entity changes status (DIN deactivated, CIN struck off, GSTIN cancelled). Subscribe via Webhook URL or pull-style with cursors. Good for KYC remediation and ongoing-due-diligence pipelines.

Q: How is data privacy handled?

India-region storage only. AES-256 at rest, TLS 1.3 in transit. PII fields - PAN, Aadhaar, bank account - are tokenised at the edge so plaintext never reaches application logs. We are aligned with the Digital Personal Data Protection Act 2023.

Q: What happens if a primary source goes down?

For real-time endpoints, we return a 503 with a meaningful error code and a Retry-After header. For data we cache (MCA master), the response carries a max-age header so your client knows the freshness. We publish status at status.infyner.com.

Q: Can I get a dedicated SLA?

Yes. Enterprise plans (above INR 10 lakh annual usage) come with a 99.9% uptime SLA, named support engineer, quarterly business review and an expedited deprecation calendar. Talk to the team for terms.

Company lookup, GSTIN verification, PAN verification, CIN parsing, director networks, bank-statement analysis, MSME and EPFO checks - delivered as straightforward REST endpoints with token auth, sandbox keys, predictable latency and per-call billing. Built for fintechs, lending platforms, KYC products and SaaS startups that need verification inside their own onboarding flow.

Talk to us See how it works

p95 < 800ms

Latency at the 95th percentile

Sandbox free

Test keys for development

Per-call

Pay only what you call

99.95%

Quarterly uptime target

Why this exists

Indian business data is fragmented across half a dozen government portals

MCA21 publishes company status. GSTN publishes tax-filing status. The income-tax department holds PAN. EPFO handles labour compliance. IBBI lists insolvencies. MSME Samadhaan tracks payment delays. The supreme-court and high-court e-courts feeds list active litigation. Each is its own portal, its own login, its own response format. Stitching them together is what every fintech does in its first six months and what every KYC team does manually all year long.

Infyner API is the consolidator. One token, one contract, one bill, one OpenAPI spec. Behind that single endpoint surface, we maintain the boring infrastructure - the GSTN session keep-alive, the MCA21 nightly mirror, the e-courts crawler, the EPFO portal scraping. You consume the data. You ship product faster.

In plain words

What Infyner API actually does

Infyner API is a hosted REST API that exposes verified Indian business data. It is the same data engine that powers Infyner Verify (the console) and Infyner Credit Intelligence (the risk reports). The console exists for analysts. The API exists for engineering teams that want to put verification inside their own product without operating the data pipelines themselves.

The endpoint surface covers six families - company lookup, GSTIN verification, PAN verification, director networks, bank-name match and risk scoring. Each is documented in OpenAPI 3.1, sandbox-tested, version-locked, and priced per call with sane volume tiers. Production traffic is metered against a wallet you top up; sandbox traffic is free forever.

On the operational side, the API is built to the same standards a fintech expects from any infrastructure provider - p95 under 800 ms on cached endpoints, idempotency keys on POSTs, exponential backoff guidance, dedicated status page, change-feed Webhooks for ongoing monitoring, and quarterly access reviews for SOC 2-style audits.

Endpoints, not screens

What you can call from the Infyner API

Every console feature in Infyner Verify, Tax, GST and Compliance is also a REST endpoint. The console exists for analysts; the API exists for engineering teams who need verification inside their own product.

Company search and lookup

GET /v1/company/{cin} returns the full company profile - legal name, ROC, AGM date, paid-up capital, director list, last filing date. /search?q=... runs a federated lookup across CIN, name, GSTIN and PAN.

GSTIN verification

GET /v1/gstin/{gstin} returns active or cancelled, taxpayer type, registration date, last GSTR-3B and GSTR-1 filing date - sourced from the GSTN authorised channel. Bulk endpoint accepts up to 1,000 GSTINs per call.

PAN verification

POST /v1/pan/verify with PAN + DOB + name; returns existing or cancelled, name match score, linked GSTINs and director DINs. Used for KYC, vendor onboarding and salary-credit checks.

Director network

GET /v1/director/{din} returns DIN status, every company they currently and historically held, signatory roles, DSC validity and disqualification under Section 164(2). Useful for related-party-transaction screening.

Bank account name match

POST /v1/bank-name-match with IFSC + account; returns the registered name with a match-confidence score. Routed via a licensed payment-aggregator API. The account number is tokenised the moment it hits our edge.

Risk scoring

POST /v1/risk-score with CIN; returns a 1-100 composite score and the eight inputs that built it. Inputs include MCA status, director disqualification, GST cancellation, EPFO non-compliance, MSME delays, IBBI proceedings, strike-off and litigation hits.

How it works

From signup to first call in under ten minutes

Get a sandbox key

Sign up, name your application, get a sandbox token within 60 seconds. The sandbox returns the same response shapes as production with synthetic data so you can integrate without spending.

Implement against the OpenAPI spec

Every endpoint has an OpenAPI 3.1 definition. Import it into Postman or your codegen tool. Code samples in Node, Python, Go and C# are on the developer portal at /developers.

Switch to production

Top up the wallet, swap the token from sandbox to production, and you are live. Per-call billing draws from the wallet balance; you can set a low-balance alert and an auto-recharge threshold.

Who it is for

Whom we built this for

Fintech with a digital onboarding flow

Lending, payments, neo-banking, insurance

You need verification inside the user journey, not after. The API replaces your CKYC + GSTIN-status + bank-name-match + director-screening chain with a single token, a single contract and a single bill.

KYC / RegTech SaaS startup

Product needs Indian business data as a primary feature

You are not in the business of scraping MCA21 or fighting GSTN's portal session timeouts. License our verified data layer, layer your workflow on top, ship to your customers six months earlier.

Procurement system inside an enterprise

Internal vendor master, ERP integration

Your procurement team wants vendor onboarding to fail-fast on bad GSTINs and disqualified directors. Wire the API into your ERP's vendor master and the entry form rejects bad data at typing time.

Free sandbox forever. Production from INR 0.25 per call.

Sandbox tokens are unlimited and free. Production wallet starts at INR 1,000 minimum top-up. Per-call list prices on the developer portal. Volume tiers cut 30-60 percent above 100k monthly calls. Enterprise contracts include dedicated SLAs.

See volume rates

Trust and security

Production-grade, by design

Predictable latency

p50 under 200 ms, p95 under 800 ms for company / GSTIN / DIN lookups. Bank-name-match is bound by the upstream PSP, typically p95 under 1.5 s.

Idempotency and retries

Every POST accepts an Idempotency-Key header. Retries on the same key never double-charge or double-record. Exponential backoff with jitter is recommended on 5xx.

Versioned forever

/v1 is stable. Breaking changes get a /v2 prefix; /v1 stays available for at least 24 months from the /v2 release. We deprecate by email, not by surprise.

Per-tenant audit trail

Every API call - timestamp, endpoint, response code, billed amount - is logged for seven years and exportable as CSV. Useful when your compliance team asks who looked up what.

FAQ

Common questions from engineering teams