EPF — employee provident fund verification
note
Status: Fixture Mode — Endpoint, schema, auth, and SDKs are production-grade. Responses are deterministic samples drawn from real regulator publications. Activates to live within 5–15 business days of order — no integration changes required.
What it does
Employees' Provident Fund Organisation maintains establishment and member registries. Our API exposes establishment-level data (active/dormant, employee count, contribution-recency) and consent-mediated UAN verification — useful for HRMS vendors, payroll-trust audits, and employer-of-record platforms.
Base URL
https://epf.sahayakonline.co.in/v1/
Endpoints
| Method | Path | Description |
|---|---|---|
GET | /health | Liveness probe |
GET | /v1/epf/establishment/{est_id} | Establishment status + employee count |
GET | /v1/epf/uan/verify | Verify a UAN (consent flow required) |
Sample request
- cURL
- Python
- Node.js
curl -sS https://epf.sahayakonline.co.in/v1/epf/establishment/MHBAN0123456 \
-H "Authorization: Bearer $SAHAYAK_KEY" \
-H "Accept: application/json"
import os, requests
resp = requests.get(
"https://epf.sahayakonline.co.in/v1/epf/establishment/MHBAN0123456",
headers={"Authorization": f"Bearer {os.environ['SAHAYAK_KEY']}", "Accept": "application/json"},
timeout=10,
)
resp.raise_for_status()
print(resp.json())
const fetch = (await import('node-fetch')).default;
const resp = await fetch('https://epf.sahayakonline.co.in/v1/epf/establishment/MHBAN0123456', {
headers: {
'Authorization': `Bearer ${process.env.SAHAYAK_KEY}`,
'Accept': 'application/json',
},
});
console.log(await resp.json());
Sample response
{
"spec_ref": "spec_epf_v1",
"endpoint": "/v1/epf/establishment/MHBAN0123456",
"method": "GET",
"results": [
{
"establishment_id": "MHBAN0123456",
"name": "Sample Employer Pvt Ltd",
"status": "active",
"employee_count": 142,
"last_contribution_month": "2026-04",
"compliance_grade": "A"
}
],
"meta": { "fixture_mode": true, "note": "Activates to live data within 5–15 business days of order." }
}
Error codes
| Code | Meaning | Recommended action |
|---|---|---|
400 | Malformed request (missing required param, invalid format) | Fix request shape. Response body includes error.field pinpointing the issue. |
401 | Missing or invalid Authorization header | Verify key prefix matches your tier and that the header is Authorization: Bearer …. |
403 | Key valid but not entitled to this endpoint | Sandbox keys cannot call live-tier endpoints. Upgrade or request entitlement. |
404 | Resource not found | Check identifier format. Some endpoints return 200 with empty results[] instead of 404 — verify the endpoint convention. |
429 | Rate limit exceeded | Honor Retry-After header. Sandbox 30 r/m, Starter 300 r/m, Growth 1500 r/m. |
503 | Upstream regulator unreachable after retries | Live-tier only. Sahayak retries 3× with backoff before surfacing. Implement circuit-breaker on caller side. |
Rate limits
| Tier | Rate limit | Monthly cap |
|---|---|---|
| Sandbox | 30 r/min | 1,000 live calls (shared across 3 LIVE endpoints) |
| Starter | 300 r/min | 10,000 live calls |
| Growth | 1,500 r/min | 100,000 live calls |
| Scale | custom | 500,000+ |
SLA reference
See Status & SLA for uptime targets, latency targets, and incident communication. Live activation requires DSC-based employer consent flow for member-level lookups.