Mahindra Finance — NTB Journey
Fixed Deposit · New to Bank · Mahindra Finance (MAH) · NBFC
Total
Passed
Failed
Skipped
Running
Duration
1 Login
66 cases
pending POS POST Send OTP to Mahindra Finance test mobile number user
pending POS POST Verify success flag for valid send OTP request user
pending POS POST Verify body statusCode for valid send OTP request user
pending POS POST Verify success message for send OTP request user
pending POS POST Verify payload object exists in send OTP response user
pending POS POST Verify attemptsUsed value on first send OTP request user
pending POS POST Verify send OTP response content type user
pending POS POST Verify send OTP response schema user
pending POS POST Verify send OTP response time user
pending POS POST Verify OTP resend functionality for same mobile user
pending POS POST Verify attemptsUsed increments on resend user
pending NEG POST Send OTP should fail when phone is missing user
pending NEG POST Send OTP should fail when phone is empty user
pending NEG POST Send OTP should fail when phone is null user
pending NEG POST Send OTP should fail for 10-digit phone without 91 prefix user
pending NEG POST Send OTP should fail for 11-digit phone number user
pending NEG POST Send OTP should fail for phone number longer than 12 digits user
pending NEG POST Send OTP should fail for non-numeric phone user
pending NEG POST Send OTP should fail for phone with special characters user
pending NEG POST Send OTP should fail for phone containing spaces user
pending NEG POST Send OTP should fail for phone with leading space user
pending NEG POST Send OTP should fail for phone with trailing space user
pending NEG POST Send OTP should fail for too-short phone number user
pending NEG POST Send OTP should fail for wrong country code prefix user
pending NEG POST Send OTP should fail for decimal phone value user
pending NEG POST Send OTP should fail for unicode phone characters user
pending NEG POST Send OTP should reject SQL-injection phone payload user
pending NEG POST Send OTP should reject XSS phone payload user
pending NEG POST Send OTP should reject HTML phone payload user
pending NEG POST Send OTP should reject JSON-injection payload user
pending NEG POST Send OTP should fail for extremely long phone string user
pending NEG POST Send OTP should fail for malformed JSON body user
pending NEG POST Send OTP should fail for empty request body user
pending NEG POST Send OTP should fail without Content-Type header user
pending NEG POST Send OTP should fail with invalid Content-Type header user
pending NEG POST Verify success field in invalid-mobile error response user
pending NEG POST Verify statusCode field in invalid-mobile error response user
pending NEG POST Verify error message in invalid-mobile error response user
pending NEG POST Verify payload object in invalid-mobile error response user
pending NEG POST Verify error array exists in invalid-mobile error response user
pending NEG POST Verify FIXUSER1208 error code for invalid mobile user
pending NEG POST Verify invalid-mobile error code for invalid mobile user
pending NEG POST Verify nested error message is not null user
pending NEG POST Verify error schema structure for invalid mobile response user
pending NEG POST Verify multiple validation errors returned for invalid mobile user
pending EDG POST Verify duplicate registration request returns controlled response user
pending EDG POST Verify OTP generated for unregistered mobile user
pending POS POST Verify OTP generated for registered mobile user
pending EDG POST Verify OTP resend limit user
pending EDG POST Verify user blocked after maximum OTP attempts user
pending EDG POST Verify cooldown period after OTP limit reached user
pending EDG POST Verify HTTPS-only communication user
pending POS POST Verify sensitive data is not exposed in send OTP response user
pending POS POST Verify send OTP response header values user
pending POS POST Verify send OTP API availability user
pending POS POST Verify mobile-number boundary value for valid length user
pending POS POST Verify mobile-number boundary value for maximum valid length user
pending POS POST Verify OTP and extract auth tokens (Mahindra Finance) user
pending NEG POST Verify OTP should fail for wrong OTP value user
pending NEG POST Verify OTP should fail when OTP is missing user
pending NEG POST Verify OTP should fail for non-numeric OTP user
pending NEG POST Verify OTP should fail for 5-digit OTP user
pending NEG POST Verify OTP should fail for 7-digit OTP user
pending NEG POST Verify OTP should fail when phone is missing user
pending NEG POST Verify OTP should fail for invalid phone format user
pending NEG POST Verify OTP should fail for unknown partner URL user
2 FD Detail
70 cases
pending POS GET Get Mahindra Finance issuer detail master
pending POS GET Get Mahindra maturity quote and capture investment vehicle id master
pending NEG GET MAH maturity should reject missing auth master
pending POS GET MAH Maturity payout success master
pending POS GET MAH Monthly payout success master
pending POS GET MAH Quarterly payout success master
pending POS GET MAH HalfYearly payout success master
pending POS GET MAH Yearly payout success master
pending POS GET MAH min amount boundary success master
pending POS GET MAH max amount boundary success master
pending NEG GET MAH amount below min should fail master
pending NEG GET MAH tenure below min should fail master
pending NEG GET MAH non-multiple amount should fail FIXMAS091 master
pending NEG GET MAH women_citizen=true should fail master
pending POS GET Verify product_interest field is populated master
pending POS GET Verify average_yield field is populated master
pending POS GET Verify maturity_date field is returned master
pending POS GET Verify f_investment_vehicle_id field is returned master
pending POS GET Verify minimum investment amount returned (5000) master
pending POS GET Verify maximum investment amount returned (50000000) master
pending POS GET Verify maturity amount greater than principal in cumulative FD master
pending POS GET Verify total_payout returned for monthly (non-cumulative) FD master
pending POS GET Verify payout_amount field present for monthly (non-cumulative) FD master
pending POS GET Verify payout data is grouped by year master
pending POS GET Verify payout dates are in ascending order master
pending NEG GET Verify invalid payout_frequency value is rejected master
pending NEG GET Verify missing API key is rejected master
pending EDG GET Verify a non-empty (invalid) API key value still passes (apikey presence bypasses partner-key check) master
pending NEG GET Verify blank API key header is rejected master
pending POS GET Verify response content type is application/json master
pending POS GET Verify response time is within SLA (<2s) master
pending EDG GET Verify SQL injection payload in investment_amount is safely ignored (leading numeric value '5000' is parsed, no injection) master
pending NEG GET Verify SQL injection payload in tenure is rejected master
pending NEG GET Verify XSS payload in payout_frequency is rejected master
pending NEG GET Verify HTML injection payload in payout_frequency is rejected master
pending NEG GET Verify tampered/unsupported product_type is rejected master
pending POS GET Verify rate limiting on maturity endpoint master
pending POS GET Verify maturity_date format is YYYY-MM-DD master
pending POS GET Verify payout date format is YYYY-MM-DD master
pending POS GET Verify product_min_tenure equals 365 master
pending POS GET Verify product_max_tenure is a valid bound (>= product_min_tenure) for the matched product master
pending POS GET [POSITIVE] `MAH` master
pending POS GET [POSITIVE] `MAH` master
pending POS GET [POSITIVE] `MAH` master
pending POS GET [POSITIVE] `MAH` master
pending POS GET [POSITIVE] `MAH` master
pending POS GET [POSITIVE] MAH valid min boundary cumulative master
pending POS GET [POSITIVE] Optional flags all false master
pending POS GET [POSITIVE] Optional flags: senior only master
pending POS GET [POSITIVE] Flags: `women_citizen=true` (unsupported for MAH) master
pending POS GET [POSITIVE] Flags: `tax_saver=true` (unsupported for MAH) master
pending POS GET [POSITIVE] Flags: all true (unsupported for MAH) master
pending EDG GET [EDGE] `MAH` master
pending EDG GET [EDGE] `MAH` master
pending POS GET [POSITIVE] `MAH` master
pending POS GET [POSITIVE] `MAH` master
pending POS GET [POSITIVE] `MAH` master
pending POS GET [POSITIVE] MAH NC Monthly with amount 49,000 (below rule) master
pending POS GET [POSITIVE] MAH NC Monthly with amount 50,000 (exact min) master
pending POS GET [POSITIVE] MAH NC Quarterly with amount 49,000 (below rule) master
pending POS GET [POSITIVE] MAH NC HalfYearly with amount 24,000 (below rule) master
pending POS GET [POSITIVE] MAH NC Yearly with amount 25,000 (exact min) master
pending POS GET [POSITIVE] `MAH` master
pending POS GET [POSITIVE] `MAH` master
pending EDG GET [EDGE] `MAH` master
pending EDG GET [EDGE] `MAH` master
pending EDG GET [EDGE] `MAH` master
pending EDG GET [EDGE] `MAH` master
pending EDG GET [EDGE] `MAH` master
pending EDG GET [EDGE] `MAH` master
3 PAN Verification
37 cases
pending STA GET Get user profile before PAN entry (Mahindra Finance) user
pending STA POST Track insights event for PAN verification step (Mahindra Finance) user
pending POS POST Verify PAN for Mahindra Finance user
pending POS POST Verify PAN response success flag user
pending POS POST Verify PAN response schema user
pending POS POST Verify PAN response content type user
pending POS POST Verify PAN response time user
pending POS POST Verify payload object exists in PAN success response user
pending NEG POST Verify PAN field blank user
pending NEG POST Verify PAN field null user
pending NEG POST Verify PAN field missing user
pending NEG POST Verify PAN less than 10 characters user
pending NEG POST Verify PAN more than 10 characters user
pending NEG POST Verify PAN with lowercase characters user
pending NEG POST Verify PAN with special characters user
pending NEG POST Verify PAN with spaces user
pending NEG POST Verify numeric-only PAN user
pending NEG POST Verify alphabet-only PAN user
pending NEG POST Verify invalid PAN pattern user
pending NEG POST Verify SQL injection in PAN field user
pending NEG POST Verify XSS payload in PAN field user
pending NEG POST Verify malformed request JSON user
pending NEG POST Verify empty request body user
pending NEG POST Verify request without Content-Type header user
pending NEG POST Verify invalid Content-Type user
pending NEG POST Verify error response schema user
pending NEG POST Verify error response message user
pending NEG POST Verify error code mapping user
pending NEG POST Verify payload object in error response user
pending POS POST Verify required response headers user
pending POS POST Verify PAN data is not exposed in response user
pending EDG POST Verify concurrent requests with same PAN user
pending EDG POST Verify API under load user
pending EDG POST Verify API rate limiting user
pending POS POST Verify PAN holder name returned user
pending POS POST Verify father name returned user
pending POS PUT Persist DOB for downstream eligibility (Digilocker/Aadhaar fallback) user
4 Email Verification
139 cases
pending POS POST Verify OTP sent to valid email (Mahindra user) user
pending POS POST Verify response status code user
pending POS POST Verify success flag user
pending POS POST Verify success message user
pending POS POST Verify payload object exists user
pending POS POST Verify startTime returned user
pending POS POST Verify endTime returned user
pending POS POST Verify durationMs returned user
pending POS POST Verify otpSentCount returned user
pending POS POST Verify attemptsUsed returned user
pending POS POST Verify OTP send with valid fd_info user
pending POS POST Verify OTP send with invalid fd_info user
pending POS POST Verify OTP send without fd_info user
pending POS POST Verify otpSentCount increments on resend user
pending NEG POST Verify missing email validation user
pending NEG POST Verify null email validation user
pending NEG POST Verify empty email validation user
pending NEG POST Verify invalid email without @ user
pending NEG POST Verify email with multiple @ user
pending NEG POST Verify email missing domain user
pending NEG POST Verify email missing TLD user
pending NEG POST Verify email with leading dot domain user
pending NEG POST Verify email with double dot domain user
pending NEG POST Verify leading whitespace email user
pending NEG POST Verify trailing whitespace email user
pending NEG POST Verify numeric email value user
pending NEG POST Verify boolean email value user
pending NEG POST Verify array email value user
pending NEG POST Verify object email value user
pending POS POST Verify uppercase email user
pending POS POST Verify mixed-case email user
pending EDG POST Verify maximum valid email length user
pending EDG POST Verify oversized email length user
pending NEG POST Verify empty JSON body user
pending POS POST Verify extra unsupported field user
pending POS POST Verify fd_info null user
pending POS POST Verify fd_info empty string user
pending EDG POST Verify rate limit handling user
pending EDG POST Verify retryAfter field user
pending EDG POST Verify retryAfterSeconds field user
pending EDG POST Verify email provider failure user
pending NEG POST Verify API without JWT user
pending NEG POST Verify API with invalid JWT user
pending NEG POST Verify API with expired JWT user
pending NEG POST Verify API with empty Authorization header user
pending NEG POST Verify API with malformed token user
pending POS POST Verify response content type user
pending POS POST Verify required response headers user
pending POS POST Verify response does not leak email value user
pending POS POST Verify email OTP (Mahindra user) user
pending POS PUT Save email to user profile (Mahindra user) user
pending POS GET Get user to confirm email state (Mahindra user) user
pending POS POST [POSITIVE] Send OTP to valid email user
pending POS POST [POSITIVE] Send OTP with fd_info provided (valid JSON) user
pending POS POST [POSITIVE] fd_info invalid JSON string → OTP still sent user
pending POS POST [POSITIVE] otpSentCount increments on repeat sends user
pending NEG POST [NEGATIVE] Missing email field → FIXUSER1002 user
pending NEG POST [NEGATIVE] email missing @ → FIXUSER1002 user
pending NEG POST [NEGATIVE] email multiple @ → FIXUSER1002 user
pending NEG POST [NEGATIVE] email missing TLD → FIXUSER1002 user
pending NEG POST [NEGATIVE] email leading dot in domain → FIXUSER1002 user
pending NEG POST [NEGATIVE] email double dot in domain → FIXUSER1002 user
pending NEG POST [NEGATIVE] email with leading whitespace → FIXUSER1002 user
pending NEG POST [NEGATIVE] email with trailing whitespace → FIXUSER1002 user
pending NEG POST [NEGATIVE] email non-string (number) → FIXUSER1002 user
pending NEG POST [NEGATIVE] email null → FIXUSER1002 user
pending EDG POST [EDGE] Very long valid email (boundary) user
pending EDG POST [EDGE] Rate limit exceeded (multiple sends) → 429 user
pending POS POST [POSITIVE] No JWT → 401 user
pending POS POST [POSITIVE] Expired JWT → 401 user
pending POS POST [POSITIVE] Invalid JWT → 401 user
pending POS POST [POSITIVE] Correct OTP verifies email user
pending POS POST [POSITIVE] OTP verified — fd_info omitted user
pending POS POST [POSITIVE] BY_PASS_OTP=true — wrong OTP still verifies (UAT only) user
pending NEG POST [NEGATIVE] Incorrect OTP → 400 (1st wrong attempt) user
pending NEG POST [NEGATIVE] OTP with whitespace — trimmed, treated as wrong user
pending NEG POST [NEGATIVE] Missing otp field → 400 user
pending NEG POST [NEGATIVE] otp as number (type coercion) → 400 or 200 user
pending NEG POST [NEGATIVE] otp is null → 400 user
pending EDG POST [EDGE] 5th wrong attempt → 400 with 0 remaining user
pending EDG POST [EDGE] 6th wrong attempt → 429 rate limited user
pending EDG POST [EDGE] attemptsUsed counter increments user
pending EDG POST [EDGE] Bad fd_info JSON string does not block verification user
pending POS POST [POSITIVE] No JWT → 401 user
pending POS POST [POSITIVE] Expired JWT → 401 user
pending POS POST [POSITIVE] Invalid JWT → 401 user
pending POS POST [POSITIVE] BY_PASS_OTP must be disabled in production user
pending POS PUT [POSITIVE] All query params accepted user
pending POS PUT [POSITIVE] credit_card must be boolean-string user
pending POS PUT [POSITIVE] Bank issuer branch SSFB user
pending POS PUT [POSITIVE] Bank issuer branch USFB user
pending POS PUT [POSITIVE] Bank issuer branch AUSFB user
pending POS PUT [POSITIVE] Bank issuer branch IIB user
pending POS PUT [POSITIVE] Unsupported issuer_code with BANK user
pending POS PUT [POSITIVE] NBFC path does not use bank branch user
pending POS PUT [POSITIVE] `email` user
pending POS PUT [POSITIVE] `occupation` user
pending POS PUT [POSITIVE] `marital_status` user
pending POS PUT [POSITIVE] `annual_income` user
pending POS PUT [POSITIVE] `mother_name` user
pending POS PUT [POSITIVE] `father_name` user
pending POS PUT [POSITIVE] `dob` user
pending POS PUT [POSITIVE] `pan` user
pending POS PUT [POSITIVE] `education` user
pending POS PUT [POSITIVE] `source_of_income` user
pending POS PUT [POSITIVE] `kin` user
pending POS PUT [POSITIVE] `kin_first_name/kin_last_name` user
pending POS PUT [POSITIVE] `user_tax_status` user
pending POS PUT [POSITIVE] `kin_middle_name` user
pending POS PUT [POSITIVE] `residence` user
pending POS PUT [POSITIVE] booleans user
pending POS PUT [POSITIVE] date fields (ISO) user
pending POS PUT [POSITIVE] `partner_url` provided by client user
pending NEG PUT [NEGATIVE] email without `@` user
pending NEG PUT [NEGATIVE] PAN bad format user
pending NEG PUT [NEGATIVE] DOB in future user
pending NEG PUT [NEGATIVE] under-18 DOB user
pending NEG PUT [NEGATIVE] invalid occupation user
pending NEG PUT [NEGATIVE] invalid annual income user
pending NEG PUT [NEGATIVE] invalid marital status user
pending NEG PUT [NEGATIVE] invalid kin user
pending NEG PUT [NEGATIVE] kin name invalid chars user
pending NEG PUT [NEGATIVE] mother_name whitespace user
pending NEG PUT [NEGATIVE] father_name invalid chars user
pending NEG PUT [NEGATIVE] education invalid user
pending NEG PUT [NEGATIVE] source invalid user
pending NEG PUT [NEGATIVE] unknown field rejected (only `/user`) user
pending NEG PUT [NEGATIVE] boolean sent as string user
pending NEG PUT [NEGATIVE] boolean sent as number user
pending NEG PUT [NEGATIVE] invalid date string user
pending NEG PUT [NEGATIVE] invalid date string user
pending POS PUT [POSITIVE] If `email_verification_required=true` and user `is_email_verified=false`, block personal-details submit user
pending POS PUT [POSITIVE] Duplicate email mapping user
pending POS PUT [POSITIVE] Generic failure mapping user
pending POS PUT [POSITIVE] Missing JWT user
pending POS GET [POSITIVE] Personal info prefill works user
pending POS GET [POSITIVE] After OTP, verify `is_email_verified=false` blocks submit user
pending POS GET [POSITIVE] SSFB overlay present if available user
pending POS GET [POSITIVE] Missing JWT rejected user
5 Personal Details
84 cases
pending STA GET Get dropdown options for personal info form (Mahindra Finance) user
pending POS PUT Save personal details for Mahindra Finance user user
pending POS PUT Verify personal-details response content type user
pending POS PUT Verify personal-details response time user
pending POS PUT Verify all query parameters accepted user
pending POS PUT Verify valid email update user
pending NEG PUT Verify invalid email format user
pending NEG PUT Verify email missing domain user
pending NEG PUT Verify email missing username user
pending NEG PUT Verify email with multiple @ user
pending EDG PUT Verify null email user
pending EDG PUT Verify empty email user
pending NEG PUT Verify valid PAN update user
pending NEG PUT Verify PAN lowercase validation user
pending NEG PUT Verify PAN with special characters user
pending NEG PUT Verify PAN length less than 10 user
pending NEG PUT Verify PAN length greater than 10 user
pending NEG PUT Verify null PAN user
pending NEG PUT Verify empty PAN user
pending NEG PUT Verify valid DOB update user
pending NEG PUT Verify future DOB validation user
pending NEG PUT Verify underage DOB validation user
pending NEG PUT Verify invalid DOB format user
pending NEG PUT Verify null DOB user
pending NEG PUT Verify empty DOB user
pending NEG PUT Verify age exactly 18 years user
pending POS PUT Verify valid occupation update user
pending NEG PUT Verify invalid occupation user
pending EDG PUT Verify null occupation user
pending NEG PUT Verify empty occupation user
pending POS PUT Verify valid annual income update user
pending NEG PUT Verify invalid annual income user
pending NEG PUT Verify empty annual income user
pending POS PUT Verify valid marital status update user
pending NEG PUT Verify invalid marital status user
pending EDG PUT Verify null marital status user
pending NEG PUT Verify empty marital status user
pending POS PUT Verify valid mother name update user
pending NEG PUT Verify blank mother name user
pending EDG PUT Verify null mother name user
pending NEG PUT Verify mother name with numeric characters user
pending NEG PUT Verify mother name with special characters user
pending POS PUT Verify valid father name update user
pending NEG PUT Verify blank father name user
pending EDG PUT Verify null father name user
pending NEG PUT Verify father name with numeric characters user
pending NEG PUT Verify father name with special characters user
pending NEG PUT Verify valid kin relation update user
pending NEG PUT Verify invalid kin relation user
pending NEG PUT Verify null kin relation user
pending NEG PUT Verify empty kin relation user
pending NEG PUT Verify invalid kin first name user
pending NEG PUT Verify invalid kin last name user
pending NEG PUT Verify kin first name with special characters user
pending NEG PUT Verify kin last name with special characters user
pending NEG PUT Verify valid kin middle name user
pending NEG PUT Verify null kin middle name user
pending POS PUT Verify valid education update user
pending NEG PUT Verify invalid education user
pending EDG PUT Verify null education user
pending NEG PUT Verify empty education user
pending POS PUT Verify valid source of income update user
pending NEG PUT Verify invalid source of income user
pending EDG PUT Verify null source of income user
pending NEG PUT Verify empty source of income user
pending NEG PUT Verify valid user tax status update user
pending NEG PUT Verify valid residence update user
pending NEG PUT Verify valid boolean fields update user
pending NEG PUT Verify is_aadhaar_verified as string user
pending NEG PUT Verify is_bank_present as number user
pending NEG PUT Verify invalid Aadhaar verification date user
pending NEG PUT Verify invalid PAN verification date user
pending EDG PUT Verify valid ISO date fields user
pending NEG PUT Verify client provided partner_url user
pending NEG PUT Verify API without JWT user
pending NEG PUT Verify API with invalid JWT user
pending NEG PUT Verify API with expired JWT user
pending NEG PUT Verify unknown field rejection user
pending POS PUT Verify personal-details response headers user
pending NEG PUT Verify sensitive personal data not echoed back raw user
pending EDG PUT Verify duplicate email mapping user
pending EDG PUT Verify email verification gate user
pending NEG PUT Verify generic update failure user
pending NEG PUT Verify restricted partner field violation user
6 Aadhaar KYC (Digilocker)
55 cases
pending POS GET Mahindra Aadhaar gate: fresh user has is_aadhaar_xml_present falsy user
pending POS POST Verify Digilocker URL generation with valid token user
pending POS POST Verify Digilocker URL starts with HTTPS user
pending POS POST Verify Digilocker URL format validity user
pending POS POST Verify response content type user
pending POS POST Verify response time (external Signzy session creation) user
pending POS POST Verify URL does not expose personal data in plain text user
pending POS POST Verify response does not expose JWT token user
pending POS POST Verify repeated calls generate a Digilocker URL successfully user
pending NEG POST Verify missing source query is rejected with FIXUSER1091 (quirk: success stays 1) user
pending NEG POST Verify Authorization header mandatory user
pending NEG POST Verify invalid JWT token user
pending NEG POST Verify expired JWT token user
pending NEG POST Verify Bearer keyword missing user
pending NEG POST Verify invalid Bearer format (Basic scheme) user
pending POS GET Verify Digilocker status reflects initiated session user
pending POS GET Verify Digilocker status is unverified until external completion user
pending NEG GET Verify Digilocker status missing JWT user
pending NEG GET Verify Digilocker status invalid JWT user
pending POS POST Verify Digilocker response envelope datatypes user
pending POS POST Verify Digilocker response does not leak PAN or mobile number user
pending NEG POST Verify SQL injection through headers on Digilocker URL generation user
pending NEG POST Verify XSS injection through headers on Digilocker URL generation user
pending NEG POST Verify HTML injection through headers on Digilocker URL generation user
pending NEG POST Verify header tampering (X-Forwarded-For / X-Forwarded-Host) on Digilocker URL generation user
pending EDG POST Verify Digilocker URL generation behavior under burst traffic user
pending EDG GET Verify HTTP method GET instead of POST for Digilocker URL generation user
pending EDG PUT Verify HTTP method PUT instead of POST for Digilocker URL generation user
pending EDG DELETE Verify HTTP method DELETE instead of POST for Digilocker URL generation user
pending EDG POST Verify invalid digilocker query value is tolerated user
pending EDG POST Verify empty event_id query value is tolerated user
pending NEG POST Verify SQL injection in source query param is handled gracefully user
pending NEG POST Verify XSS payload in event_id query param is handled gracefully user
pending EDG POST Verify HTTP method POST instead of GET for Digilocker status user
pending EDG PUT Verify HTTP method PUT instead of GET for Digilocker status user
pending POS GET Verify Digilocker status response envelope datatypes user
pending NEG GET Verify Digilocker status rejects when Bearer keyword is missing user
pending NEG GET Verify Digilocker status rejects Basic auth scheme user
pending POS GET Verify Digilocker status response time user
pending EDG GET Verify Digilocker status behavior under burst traffic user
pending POS POST Save verified bank account for fresh user (Mahindra) user
pending STA GET Get bank accounts for Mahindra payout user
pending POS GET [POSITIVE] NBFC/local list returns array payload user
pending POS GET [POSITIVE] Valid `page/limit` doesn’t crash user
pending POS GET [POSITIVE] Invalid page/limit are reset by controller user
pending POS GET [POSITIVE] `decrypt=true` decrypts account number in NBFC branch user
pending POS GET [POSITIVE] Security: default must not return plaintext digits user
pending POS GET [POSITIVE] `issuer_code=USFB` uses USFB branch user
pending POS GET [POSITIVE] `issuer_code=IIB` uses IIB branch user
pending POS GET [POSITIVE] `decrypt=true` is ignored for USFB branch user
pending POS GET [POSITIVE] `decrypt=true` is ignored for IIB branch user
pending POS GET [POSITIVE] `page_name` passes through and may change projections user
pending POS GET [POSITIVE] Missing auth rejected user
pending POS GET [POSITIVE] Malformed token rejected user
pending POS GET [POSITIVE] Expired token rejected user
7 Mahindra Lead and KYC Context
29 cases
pending POS POST Create Mahindra lead and KYC context (Jump MAH/lead-and-kyc) invest
pending NEG POST Reject lead creation without JWT invest
pending NEG POST Reject lead creation with invalid JWT invest
pending NEG POST Reject lead creation with expired JWT invest
pending NEG POST Reject lead creation with malformed/corrupted JWT invest
pending NEG POST Reject lead creation when Bearer keyword is missing invest
pending NEG POST Reject lead creation with Basic auth scheme instead of Bearer invest
pending NEG POST Reject lead creation with empty Authorization header invest
pending EDG GET Verify HTTP method GET instead of POST for lead creation invest
pending EDG PUT Verify HTTP method PUT instead of POST for lead creation invest
pending EDG DELETE Verify HTTP method DELETE instead of POST for lead creation invest
pending POS POST Verify lead creation response envelope datatypes invest
pending POS POST Verify lead creation response time invest
pending POS POST Verify lead creation response does not leak PAN or mobile number invest
pending POS POST Verify lead creation response does not expose JWT token invest
pending POS POST Verify repeated lead creation calls do not error (idempotent / re-runnable) invest
pending NEG POST Verify SQL injection through headers on lead creation invest
pending NEG POST Verify XSS injection through headers on lead creation invest
pending NEG POST Verify header tampering (X-Forwarded-For / X-Forwarded-Host) on lead creation invest
pending EDG POST Verify lead creation behavior under burst traffic invest
pending NEG GET Reject lead status check without JWT invest
pending NEG GET Reject lead status check with expired JWT invest
pending NEG GET Reject lead status check with malformed JWT invest
pending NEG GET Reject lead status check when Bearer keyword is missing invest
pending EDG POST Verify HTTP method POST instead of GET for lead status check invest
pending NEG GET Lead status with malformed transaction id is handled gracefully invest
pending EDG GET Lead status with well-formed but non-existent transaction id is handled gracefully invest
pending NEG GET Lead status with SQL injection in transaction id is handled gracefully invest
pending NEG GET Lead status with XSS payload in transaction id is handled gracefully invest
8 Nominee
82 cases
pending POS GET Get existing nominees (MAH) user
pending POS POST Create valid adult nominee (MAH) user
pending POS GET Get nominee by id returns the created nominee user
pending POS PUT Update nominee relation by id user
pending POS POST Create minor nominee with guardian details user
pending POS DELETE Delete nominee by id (cleanup minor nominee) user
pending POS GET List nominees with explicit pagination user
pending EDG GET List nominees with invalid pagination is auto-corrected user
pending POS POST Create nominee via legacy POST /user-nominee route user
pending POS DELETE Delete legacy-route nominee (cleanup) user
pending POS POST Create nominee with relation Mother user
pending POS POST Create nominee with relation Husband user
pending POS POST Create nominee with relation Daughter user
pending POS POST Create nominee with a valid nominee PAN user
pending NEG POST Reject relation "Self" (not in allowed relation list) user
pending NEG POST Reject nominee first name containing a SQL-injection payload user
pending NEG POST Reject nominee first name containing an XSS payload user
pending EDG POST Create nominee whose name matches the applicant's own PAN name user
pending NEG POST Reject guardian DOB indicating a minor guardian user
pending NEG POST Reject invalid nominee relation user
pending NEG POST Reject invalid nominee salutation user
pending NEG POST Reject invalid nominee PAN format user
pending NEG POST Reject invalid nominee DOB format user
pending NEG POST Reject future nominee DOB user
pending NEG POST Reject numeric nominee first name user
pending NEG POST Reject invalid guardian salutation user
pending NEG POST Reject empty nominee payload user
pending EDG GET Get nominee by unknown id does not crash user
pending EDG PUT Update nominee with unknown id does not crash user
pending EDG DELETE Delete nominee with unknown id does not crash user
pending NEG GET List nominees without auth is rejected user
pending NEG POST Create nominee without auth is rejected user
pending NEG GET List nominees with invalid JWT is rejected user
pending NEG DELETE Delete nominee without auth is rejected user
pending POS POST Create nominee via three-part full_name is parsed into first/middle/last user
pending POS POST Create nominee via single-word full_name auto-sets last_name to "." user
pending NEG POST Reject full_name containing digits user
pending NEG POST Reject full_name equal to "." user
pending NEG POST Reject payload missing both full_name and first_name user
pending NEG POST Reject middle_name with invalid characters user
pending NEG POST Reject last_name with invalid characters user
pending NEG POST Reject nominee_phone that is not a 10-digit number user
pending POS POST Create nominee with a valid nominee_phone user
pending NEG POST Reject invalid nominee_email user
pending POS POST Create nominee with a valid nominee_email user
pending NEG POST Reject lowercase nominee_relation (case-sensitive enum) user
pending NEG POST Reject lowercase nominee_salutation (case-sensitive enum) user
pending NEG POST Reject minor nominee with no guardian_first_name at all user
pending NEG POST Reject invalid guardian_pan format user
pending POS POST is_default=true unsets the previously default nominee user
pending POS GET Follow-up list shows only one nominee with is_default=true user
pending EDG POST Empty nominee_pan is treated as absent (not encrypted) user
pending EDG POST Lowercase nominee_pan is accepted and stored encrypted user
pending EDG POST Extra unknown field in payload is silently ignored user
pending POS GET List nominees decrypts nominee_phone when present user
pending NEG GET List nominees with expired JWT is rejected user
pending EDG POST Create default nominee matching applicant PAN name (for FIXINV165 booking check) user
pending POS POST Create address for nominee (MAH) user
pending POS GET Get nominee address — newly added address is returned user
pending EDG POST Create nominee address with same_as_user copies applicant address user
pending EDG GET Get nominee addresses without a nominee filter returns the full address list user
pending EDG GET Get nominee address for an unknown nominee id returns an empty list user
pending NEG POST Create nominee address without auth is rejected user
pending NEG GET Get nominee address without auth is rejected user
pending NEG POST Create nominee address missing f_user_nominee_id is rejected user
pending NEG POST Create nominee address with non-numeric pincode is rejected user
pending POS POST state field is uppercased before save user
pending POS POST country defaults to INDIA when omitted user
pending POS POST Repeated create for same nominee upserts instead of duplicating user
pending POS GET Get nominee address after upsert returns exactly one record for the nominee user
pending POS PUT Update nominee via v1/update (MAH) user
pending POS PUT Update nominee via v1/update with nomineeAddress upserts the address user
pending NEG PUT Reject first_name with invalid characters user
pending NEG PUT Reject middle_name with invalid characters user
pending NEG PUT Reject last_name with invalid characters user
pending NEG PUT Reject invalid nominee_dob user
pending NEG PUT Reject future nominee_dob user
pending NEG PUT Reject invalid nominee_relation user
pending NEG PUT Reject invalid nominee_salutation user
pending POS PUT PAN provided lowercase is accepted and stored encrypted user
pending NEG PUT Update via v1/update without auth is rejected user
pending NEG PUT Update via v1/update with expired JWT is rejected user
API calls run on the Node.js server, not in the browser — they will not appear in Chrome DevTools → Network. Use this panel to inspect every request, status, timing, and curl for the run.