> ## Documentation Index
> Fetch the complete documentation index at: https://telr-docs.cashfree.com/llms.txt
> Use this file to discover all available pages before exploring further.

# End Points

> Use the Verification Suite APIs to verify bank account information, PAN, GSTIN of your customers. You can check the required parameters, success, and error responses.

Telr uses API keys to allow access to the API. Once you have signed up at our merchant site, you will be able to see your AppId and SecretKey.

Telr expects API key to be included in all API requests to the server. Use the endpoint /api/v1/credentials/verify to verify your credentials.

## End Points

| Environment | URL                                                                                    |
| :---------- | :------------------------------------------------------------------------------------- |
| Production  | [https://api.cashfree.com/verification](https://api.cashfree.com/verification)         |
| Test        | [https://sandbox.cashfree.com/verification](https://sandbox.cashfree.com/verification) |

***

## Test Data

View the [test data](/api-reference/vrs/data-to-test-integration) and use this information to trigger the validations. The test data are usable only in the test environments such as gamma and sandbox, which are mentioned above.

***

## Signature Verification

Telr sends a signature alongside every webhook, verifying this signature ( passed along with the POST parameters ) is mandatory before processing any response. It helps authenticate that the webhook is from Telr.

We strongly recommend whitelisting Telr production IP to help make your communication with us more secure.

Following are the steps to verify Telr signature:

1. Get all the POST parameters except ‘signature’ and assign it to an array as key-value pair.
2. Sort the array based on keys.
3. Concatenate all the values in this array and resultant is the post data (**postData**).
4. **postData** needs to be encrypted using SHA-256 and then base64 encoded.
5. Proceed further only if the signatures match. If not, discard the request.
