Merchant payments (and potentially avoid issues seen with major payment apps)

[reeteshranjan]

Is your feature request related to a problem? Please describe.

1. Merchant payments: UPI deep linking specification, implemented by this package, is for merchant payments by design though individual to individual payments are supported by several apps on an ad-hoc basis. Work on this feature will add merchant payment support.
2. Security warning/errors on major apps: Discussion with Bank of Baroda UPI team reveals that several major payment apps are looking to avoid fraud on UPI by doing a strict check on authenticity of payments. This makes these issues appear more related to the lack of merchant signature in current version of the package. This is further seen in the following snippet from the UPI deep linking specification which is about how a UPI payment app should verify a UPI deep linking request (the ones made through this package)

Describe the solution you'd like

1. Mechanism in which users can create merchant signature themselves:
   1. Provide an API that would generate the UPI transaction request in the format specified in point 3 in section 1.3 of UPI deep linking specification towards signing by a package user app using their merchant private key.
   2. Provide an API that would accept the UPI transaction data and the signature created and will perform the UPI transaction
2. Provide an API that implements signing using the algorithm described in point 3 in section 1.3 (RSA512 and SHA256) for users that are OK with providing their private key and then performs the UPI transaction.

The API changes/additions should retain backward compatibility for non-merchant payments.

Describe alternatives you've considered

This aspect of the UPI deep linking specification has no alternatives.

Any example solutions

This feature is research based and is an attempt to implement part of the UPI deep linking specification not yet implemented. There is no example solution known.

Additional context

None