[Internal Review]Cards Integration for CB LRS
This section explains how to integrate plain card payments for cross-border transactions under LRS (Liberalised Remittance Scheme) using the Server-to-Server (S2S) flow. This is the standard card transaction flow without tokenization.
Verify PAN card details for KYC compliance
Post the required parameters to PayU for card payment with LRS parameters
Verify the response hash and transaction status
Handle the response and proceed with 3DS authentication
Verify the payment status and ensure transaction completion
Step 1: Validate the PAN Card
The PAN Card Status Check API allows merchants to verify PAN (Permanent Account Number) card details. It validates whether a given PAN number is active, confirms if the provided name and date of birth match the official PAN records, and checks the seeding status of the PAN. This API is essential for KYC (Know Your Customer) processes, identity verification, and regulatory compliance.
Endpoint
https://test10-onboarding.payu.in/dvs/kyc/check_pan_card_status
Request parameters
| Parameter | Description | Example |
|---|---|---|
pan_numbermandatory | The PAN (Permanent Account Number) to be verified | "CYCPD2784G" |
namemandatory | The name of the PAN card holder as it appears on the PAN card | "AKASH DEEP" |
dobmandatory | Date of Birth of the PAN holder in DD/MM/YYYY format | "15/09/1993" |
Sample Request
curl --location 'https://test10-onboarding.payu.in/dvs/kyc/check_pan_card_status' \
--header 'Content-Type: application/json' \
--header 'Date: Thu, 17 Jun 2025 08:17:59 GMT' \
--header 'Digest: DFXmqI0rFnXlmHLlsRwdDMw9vUSVzyYQzGP+MKLo8f8=' \
--header 'Authorization: hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="7qjgpH9B4QALxDR0nVlHdEKEYMZ0XeJ0QpnvveSyqMo="' \
--header 'platformId: 1' \
--data '{
"pan_number": "CYCPD2784G",
"name": "AKASH DEEP",
"dob": "15/09/1993"
}'Sample Response
{
"id": 86235,
"api_name": "pan_status_check",
"identifier": "79c0d918a4f4661cb9cb17d96d24ac1cf04b6013d504cc766ac5235380bfc0d5",
"response": {
"result": {
"status": "Active",
"nameMatch": "Y",
"dobMatch": "Y",
"seedingStatus": "Y"
}
},
"status": "success",
"http_status": 200,
"client_id": "195ab95fa4700eeaaf38b7f5b538d2979f0f281e0a4eaedca1aa675b79b331a2",
"created_at": "2025-04-30T05:51:40.000Z",
"updated_at": "2025-04-30T05:51:40.000Z",
"client_name": "SignzyClient"
}Response Parameters
| Parameter | Description | Example |
|---|---|---|
| id | Unique identifier for the verification request | 86235 |
| api_name | Identifier of the API that was called | "pan_status_check" |
| identifier | A unique hash identifier for the verification request | "79c0d918a4f4661cb9cb17d96d24ac1cf04b6013d504cc766ac5235380bfc0d5" |
| response | Contains the verification results | See result table below |
| status | Overall status of the API call | "success" |
| http_status | HTTP status code of the response | 200 |
| client_id | Unique identifier of the client making the request | "195ab95fa4700eeaaf38b7f5b538d2979f0f281e0a4eaedca1aa675b79b331a2" |
| created_at | Timestamp when the verification record was created | "2025-04-30T05:51:40.000Z" |
| updated_at | Timestamp when the verification record was last updated | "2025-04-30T05:51:40.000Z" |
| client_name | Name of the client account | "SignzyClient" |
Response Result Object
| Parameter | Description | Example |
|---|---|---|
| status | Status of the PAN card | "Active" |
| nameMatch | Indicates if the provided name matches with PAN records (Y/N) | "Y" |
| dobMatch | Indicates if the provided DOB matches with PAN records (Y/N) | "Y" |
| seedingStatus | Indicates if the PAN is seeded with additional verifications (Y/N) | "Y" |
Step 2: Request Payment with PayU
Post the payment parameters to PayU's _payment API endpoint to initiate a card transaction with LRS parameters.
Environment
| Test Environment | <https://test.payu.in/_payment> |
| Production Environment | <https://secure.payu.in/_payment> |
Request Parameters
| Parameter | Description | Example |
|---|---|---|
keymandatory | String Merchant key provided by PayU during onboarding. | JPM7Fg |
txnidmandatory | String The transaction ID is a reference number for a specific order generated by the merchant. Must be unique. | payuTestTxn12345 |
amountmandatory | String The payment amount for the transaction. | 100.00 |
productinfomandatory | String Name or brief description of the goods/services being sold. In case of physical goods, please include name / description of all products. Character Limit: 100 | iPhone |
firstnamemandatory | String The first name of the customer as on their Permanent Account Number (PAN). This should be validated by PAN Status Check API. Character Limit: 60 | Ashish |
lastnamemandatory | String The last name of the customer as on their Permanent Account Number (PAN). This should be validated by PAN Status Check API. Character Limit: 60 | Kumar |
emailmandatory | String The email address of the customer. Character Limit: 50 | [email protected] |
phonemandatory | String The phone number of the customer. | 9876543210 |
address1mandatory | varchar The customer's primary billing address line. This field is required for billing and fraud prevention purposes. Character limit: 255. | 123 Main Street |
citymandatory | varchar The customer's billing city. This field is required for billing and fraud prevention purposes. Character limit: 50. | New Delhi |
statemandatory | varchar The customer's billing state or province. This field is required for billing and fraud prevention purposes. Character limit: 50. | Delhi |
countrymandatory | varchar The customer's billing country. This field is required for billing and fraud prevention purposes. | India |
zipcodemandatory | varchar The customer's billing postal/zip code. This field is required for billing and fraud prevention purposes. Character limit: 6 digit (India Zipcode) | 110075 |
surlmandatory | String The Success URL - page PayU will redirect to if the transaction is successful. | https://example.com/success |
furlmandatory | String The Failure URL - page PayU will redirect to if the transaction fails. | https://example.com/failure |
pgmandatory | String Payment gateway type. For cards, use CC. | CC |
bankcodemandatory | String Bank code for the payment option. Use CC for credit cards, DC for debit cards. | CC |
ccnummandatory | String 13-19 digit card number (15 for AMEX, 13-19 for Maestro). Validate with LUHN algorithm. | 5506900480000008 |
ccvvmandatory | String 3-digit CVV (4 digits for AMEX). | 123 |
ccnamemandatory | String Cardholder name as entered by the customer. | Test User |
ccexpmonmandatory | String Card expiry month in MM format (01-12). | 09 |
ccexpyrmandatory | String Card expiry year in YYYY format. | 2026 |
txn_s2s_flowmandatory | Integer Parameter to enable S2S flow. Set to 4 for S2S4 flow. | 4 |
s2s_client_ipmandatory | String Client IP captured by merchant in S2S flow. Required for fraud detection. | 10.200.12.12 |
s2s_device_infomandatory | String User Agent captured by merchant in S2S flow. | Mozilla/5.0 (Windows NT 10.0;Win64; x64) PayU-API-Test/1.0 |
udf1mandatory for LRS | String The Permanent Account Number (PAN) of the buyer must be collected in this field. Character limit: 10 character alphanumeric | ABCDE1234K |
udf2optional | String User-defined field for storing transaction-specific data. Character limit: 255. | Additional transaction data |
udf3mandatory for LRS | String Date of Birth (DOB) of buyer in DD-MM-YYYY format as on their PAN. This should be validated by PAN Status Check API. | 02-02-1980 |
udf4mandatory for payment aggregators | String End merchant legal entity name. Character limit: 255. | XYZ Pvt. Ltd. |
udf5mandatory | String Contains invoice ID for the transaction. Invoice ID / number should be the ID present on the invoice issued to the customer. Character limit: 255. | INV123456 |
udf_paramsoptional | String JSON UDF7 value to capture "Import or Export Code" of the buyer. UDF8 value to capture Airway Bill Number / Consignment Number (in case of goods imports) | {"udf7":"0100000029", "udf8":"99953729071"} |
hashmandatory | String This must include the generated hash. For more information, refer to Hash Generation below this table. | Your Generated Hash |
buyer_type_businessconditional for cross-border transactions | This parameter is used to identify whether it is a business-to-business transaction. If 1 is posted, it is a B2B transaction. In case of B2B, no other LRS specific parameters (listed below) need to be sent, as B2B transactions are outside the scope of the regulation. | 0 |
lrs_mandatory_limit_declarationmandatory for LRS S2S transactions | String Mandatory declaration from buyer that they have remitted less than $250,000 USD under Liberalised Remittance Scheme.Note: The limit is as per RBI regulation and needs to be mandatorily collected on the checkout page. | 1 |
lrs_tncmandatory for LRS S2S transactions | String Mandatory declaration from buyer that they agree to PayU's terms & conditions.Note: The declaration needs to be taken mandatorily from the buyer on the checkout page. | 1 |
lrs_service_typemandatory for LRS S2S transactions | String The LRS service type describes the nature of service & decides the tax amount based on it. For more information, refer to the lrs_service_type parameter values table. | travel |
tcs_amountmandatory for LRS S2S transactions | String Amount of TCS (Tax Collected at Source) to be charged.Note: The amount needs to be captured as per guidance in the lrs_service_type parameter values table. | 2.00 |
lrs_tcs_declaration_under_limitmandatory for LRS S2S transactions | String Declaration from buyer that they are either under or over INR 1,00,000 based on which TCS will be collected.Values expected: 0 (in case of under the limit) 1 (in case of over the limit) Note: The declaration needs to be taken mandatorily from the buyer on the checkout page. Also, when user declares they are over the limit (i.e., when this param is sent as "1", the "tcs_amount" field to contain amount calculated as per the lrs_service_type parameter values table. | 0 / 1 |
lrs_service_type parameter values
| lrs_service_type | Txn Amount <= INR 10 lacs | Txn Amount > INR 10 lacs |
|---|---|---|
| education_loan | 0 | 0 |
| education_non_loan | 0 | 5% |
| medical | 0 | 5% |
| travel | 0 | 20% |
| others | 0 | 20% |
Hash Generation
Parameters in the below sequence needs to be checked before generating the hash, if these params are being posted, it needs to be added in the hash calculation:
|additional_charges|miles|base_payuid|base_merchantid|paisa_mecode|subvention_amount|subvention_eligibility|merchant_data|payoutdetails|loan_id|twid_customer_hash|splitrequest|percentage_additional_charges|force_pa|udf_params|buyer_type_business|tcs_amount
- Case1 example: Simple Hashing, if the merchant is not sending the api_version in the payment request, then it will be treated as hash sequence version 1.
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||si_details|salt
- Case2 example: if the merchant is passing the additional_charges in the payment request then they have to append the additional_charges value in the raw hash sequence as below.
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||si_details|salt|additional_charges
- Case3 example: If the merchant wants to pass additional_charges, buyer_type_business in the payment request, then hash formula for payment request will be:
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||si_details|salt|additional_charges|buyer_type_business
- Case4 example: if the merchant wants to pass the api_version = 7 and buyer_type_business, udf_params in the payment request.
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||si_details|salt|udf_params|buyer_type_businesskey|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10|salt|additional_charges|buyer_type_business- Case4 example: if the merchant wants to pass the api_version = 7 and buyer_type_business, udf_params in the payment request.
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10|si_details|salt|udf_params|buyer_type_businessReference: PayU recommends you to use PayU Hash Verification Tool to verify the hashing. For more information, refer to Using PayU Hash Verification Tool
Sample Request
curl --location --request POST 'https://test.payu.in/_payment' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'key=JPM7Fg' \
--data-urlencode 'txnid=payuTestTransaction12345' \
--data-urlencode 'amount=100.00' \
--data-urlencode 'firstname=Ashish' \
--data-urlencode 'lastname=Kumar' \
--data-urlencode '[email protected]' \
--data-urlencode 'phone=9988776655' \
--data-urlencode 'productinfo=Product Info' \
--data-urlencode 'address1=123 Main Street' \
--data-urlencode 'city=New Delhi' \
--data-urlencode 'state=Delhi' \
--data-urlencode 'country=India' \
--data-urlencode 'zipcode=110001' \
--data-urlencode 'surl=https://test.payu.in/admin/test_response' \
--data-urlencode 'furl=https://test.payu.in/admin/test_response' \
--data-urlencode 'pg=CC' \
--data-urlencode 'bankcode=CC' \
--data-urlencode 'ccnum=5506900480000008' \
--data-urlencode 'ccname=Test User' \
--data-urlencode 'ccvv=123' \
--data-urlencode 'ccexpmon=09' \
--data-urlencode 'ccexpyr=2026' \
--data-urlencode 'txn_s2s_flow=4' \
--data-urlencode 's2s_client_ip=10.200.12.12' \
--data-urlencode 's2s_device_info=Mozilla/5.0 (Windows NT 10.0; Win64; x64) PayU-API-Test/1.0' \
--data-urlencode 'udf1=CYCPD2784G' \
--data-urlencode 'udf3=02-02-1980' \
--data-urlencode 'udf4=XYZ Pvt. Ltd.' \
--data-urlencode 'udf5=INV123456' \
--data-urlencode 'buyer_type_business=0' \
--data-urlencode 'lrs_mandatory_limit_declaration=1' \
--data-urlencode 'lrs_tnc=1' \
--data-urlencode 'lrs_service_type=travel' \
--data-urlencode 'tcs_amount=2.00' \
--data-urlencode 'lrs_tcs_declaration_under_limit=0' \
--data-urlencode 'hash=YOUR_CALCULATED_HASH'Step 3: Check Response from PayU
Hash validation logic for payment response (Reverse Hashing)
While sending the response, PayU takes the exact same parameters that were sent in the request (in reverse order) to calculate the hash and returns it to you. You must verify the hash and then mark a transaction as a success or failure. This is to make sure the transaction has not tampered within the response.
The order of the parameters is similar to the following code block:
sha512(SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key)Sample response [Parsed]
Success scenario
Array
(
[mihpayid] => 403993715524069222
[mode] => CC
[status] => success
[unmappedstatus] => captured
[key] => JF***g
[txnid] => EaE4ZO3vU4iPsp
[amount] => 100.00
[cardCategory] => domestic
[discount] => 0.00
[net_amount_debit] => 102
[addedon] => 2021-09-08 19:37:19
[productinfo] => iPhone
[firstname] => Ashish
[lastname] => Kumar
[address1] => 123 Main Street
[address2] =>
[city] => New Delhi
[state] => Delhi
[country] => India
[zipcode] => 110001
[email] => [email protected]
[phone] => 9876543210
[udf1] => CYCPD2784G
[udf2] =>
[udf3] => 02-02-1980
[udf4] => XYZ Pvt. Ltd.
[udf5] => INV123456
[udf6] =>
[udf7] =>
[udf8] =>
[udf9] =>
[udf10] =>
[hash] => ed99957adb08fea56c907b88e8d158a79c3562c67f96c298461509826f77a7ae9e88b2a176b3234c25f50bcd451271728719656f3bb59c13a52bebabc468615a
[field1] => 0608273386032718000015
[field2] => 986987
[field3] => 100.00
[field4] => 403993715524069222
[field5] => 100
[field6] => 02
[field7] => AUTHPOSITIVE
[field8] =>
[field9] => Transaction is Successful
[payment_source] => payu
[PG_TYPE] => CC-PG
[bank_ref_num] => 0608273386032718000015
[bankcode] => CC
[error] => E000
[error_Message] => No Error
[name_on_card] => payu
[cardnum] => 512345XXXXXX2346
[tcs_amount] => 2
)Failure scenario
Transaction failed
Array
(
[mihpayid] => 20869277619
[mode] => CC
[status] => failure
[unmappedstatus] => failed
[key] => L43t1c
[txnid] => 26ba7cd6a67b0a010542
[amount] => 100.00
[cardCategory] => domestic
[discount] => 0.00
[net_amount_debit] => 0.00
[addedon] => 2024-09-05 17:46:10
[productinfo] => Product Info
[firstname] => Payu-Admin
[lastname] =>
[address1] =>
[address2] =>
[city] =>
[state] =>
[country] =>
[zipcode] =>
[email] => [email protected]
[phone] => 1234567890
[udf1] => CYCPD2784G
[udf2] =>
[udf3] => 02-02-1980
[udf4] => XYZ Pvt. Ltd.
[udf5] => INV123456
[udf6] =>
[udf7] =>
[udf8] =>
[udf9] =>
[udf10] =>
[hash] => ac7720e4bc33e5494bec6d37302e522171175a987f9d47286bfd29e8a7fc794f56433fcacf0bc120db781c4dc1d05a4857d71e83f00f6ed6aa9c97a1938b9467
[field1] =>
[field2] =>
[field3] =>
[field4] =>
[field5] => 05
[field6] =>
[field7] => AUTHNEGATIVE
[field8] =>
[field9] => Authorization failed at Bank
[payment_source] => payu
[pa_name] => PayU
[PG_TYPE] => CC-PG
[bank_ref_num] => 2409052690
[bankcode] => AMEX
[error] => E1903
[error_Message] => Authorization failed at Bank
[cardnum] => XXXXXXXXXXXX2003
[cardhash] => This field is no longer supported in postback params.
[tcs_amount] => 2
)Transaction declined due to either incorrect cvv/expiry or card validation
Array{
"mihpayid": "28192699814",
"mode": "DC",
"status": "failure",
"key": "Fa2IFz",
"txnid": "J4HKQFNCV37V8GZ2",
"amount": "1.00",
"addedon": "2026-04-16 00:05:43",
"productinfo": "AD04725400032CIN",
"firstname": "Anderson",
"lastname": "Alex",
"address1": "Jaipur Golden Hospital Rd",
"address2": "",
"city": "Delhi",
"state": "DL",
"country": "IN",
"zipcode": "XXXXXX",
"email": "_emailid_",
"phone": "##########",
"udf1": "",
"udf2": "AdobePayU_India:2506306:visapremiumdebit",
"udf3": "eyIwIjoiNTk3YjRhYzEtYWFiMy00NTJhLWE2NDQtODY4YTQ3ZmI5MWJlIiwiMSI6IiwsYWRob2MsLG1heCIsIjIiOiJBZG9iZSBJbmMgUHVyY2hhc2UifQ==",
"udf4": "",
"udf5": "AD04725400032CIN",
"udf6": "",
"udf7": "",
"udf8": "",
"udf9": "",
"udf10": "",
"card_token": "a71073543f334ebcb0a6",
"card_no": "XXXXXXXXXXXX0825",
"field0": "",
"field1": "7762781447786003305914",
"field2": "",
"field3": "",
"field4": "",
"field5": "N7",
"field6": "05",
"field7": "AUTHNEGATIVE",
"field8": "N7 | Negative online CAM, dCVV, iCVV, CVV, or CAVV results or Offline | Decline - Invalid Card Verification Number (CVN).",
"field9": "Transaction declined due to either incorrect cvv/expiry or card validation failure",
"payment_source": "dirAuthS2S",
"cardToken": "a71073543f334ebcb0a6",
"authenticationMethod": "",
"PG_TYPE": "DC-PG",
"error": "E1632",
"error_Message": "Transaction declined due to either incorrect cvv/expiry or card validation failure",
"net_amount_debit": "0",
"discount": "0.00",
"offer_key": "",
"offer_availed": "",
"unmappedstatus": "failed",
"hash": "b2de8ada51ad044dfe1ef46e9425a2adabb6f04407ff63905ceb9dc5ed63bc12d7e167b73b5e1019fbd6cd75e71bdfb8de6583af33d88ea44018972f01a87c5d",
"bank_ref_no": "7762781447786003305914",
"bank_ref_num": "7762781447786003305914",
"bankcode": "VISA",
"surl": "https://admin.payu.in/test_response",
"curl": "https://admin.payu.in/test_response",
"furl": "https://admin.payu.in/test_response",
"card_hash": "4450a1d65a7c323a3111c7b9c6024b18678ef4b916b2c7f3eda24b1f7ae4276d"
}Failed to tokenize
Array{
"mihpayid": "28192801355",
"mode": "CC",
"status": "success",
"key": "Fa2IFz",
"txnid": "HCGBF2SFBMS8QNW2",
"amount": "1516.30",
"addedon": "2026-04-16 00:23:53",
"productinfo": "Direct Authorization",
"firstname": "Jaleel",
"lastname": "Yousuf",
"address1": "7 253 chakkamdam kochi kerala india",
"address2": "",
"city": "Kochi",
"state": "KL",
"country": "IN",
"zipcode": "XXXXXX",
"email": "",
"phone": "",
"udf1": "",
"udf2": "AdobePayU_India:2506306:mcsuperpremiumcredit",
"udf3": "",
"udf4": "",
"udf5": "BL_mobilenum_",
"udf6": "",
"udf7": "",
"udf8": "",
"udf9": "",
"udf10": "",
"card_token": "",
"card_no": "XXXXXXXXXXXX3004",
"field0": "f64a03dc002349ce89aaddb14625bb41",
"field1": "",
"field2": "482380",
"field3": "",
"field4": "",
"field5": "",
"field6": "00",
"field7": "AUTHPOSITIVE",
"field8": "Transaction successful",
"field9": "Transaction is Successful",
"payment_source": "dirAuthS2S",
"cardToken": "",
"authenticationMethod": "",
"PG_TYPE": "CC-PG",
"error": "E000",
"error_Message": "No Error",
"net_amount_debit": "1516.3",
"discount": "0.00",
"offer_key": "",
"offer_availed": "",
"unmappedstatus": "captured",
"hash": "90d6c2415e0fcf00e201ddc97000654c9182d60fef0efcdb068d5503b76eb1bda1eb15bb7c1bd960b50e6f205cc16e9a21ee8dae4606a2559c4e8a48d5561f3e",
"bank_ref_no": "610600388883",
"bank_ref_num": "610600388883",
"bankcode": "CC",
"surl": "https://admin.payu.in/test_response",
"curl": "https://admin.payu.in/test_response",
"furl": "https://admin.payu.in/test_response",
"card_hash": "32dc03f83963f2af4a693fdd4a1dc60b40c98aaec8e0c356937194e040d6dfad"
}Step 4: Handle the Initiate Response from PayU
After posting the payment request, PayU returns a response containing transaction status and next steps for 3DS authentication.
Response Parameters
| Parameter | Description | Example |
|---|---|---|
| metaData | ObjectJSON object containing transaction metadata. | - |
| metaData.referenceId | StringPayU reference ID to be sent back in subsequent calls. | 5a3e7cb9884e003dce1f28f965478a9a12fb9244fc15be91b0b3de48763a12e7 |
| metaData.txnId | StringMerchant's transaction ID. | payuTestTransaction12345 |
| metaData.txnStatus | StringTransaction status (e.g., "Enrolled"). | Enrolled |
| metaData.unmappedStatus | StringStatus for flow control: pending, captured, or failed. | pending |
| result.otpPostUrl | StringURL to post OTP for verification. | https://test.payu.in/ResponseHandler.php |
| result.acsTemplate | StringBase64 encoded HTML form for bank ACS redirect. | PGh0bWw+PGJvZHk+... |
| binData.pureS2SSupported | BooleanWhether native S2S OTP flow is supported. | true |
| binData.issuingBank | StringCard issuing bank. | AXIS |
| binData.category | StringCard category ( creditcard or debitcard). | creditcard |
| binData.cardType | StringCard network ( VISA, MAST, RUPAY). | MAST |
| binData.isDomestic | BooleanWhether the card is domestic. | true |
Sample Response
{
"metaData": {
"message": null,
"referenceId": "5a3e7cb9884e003dce1f28f965478a9a12fb9244fc15be91b0b3de48763a12e7",
"statusCode": null,
"txnId": "payuTestTransaction12345",
"txnStatus": "Enrolled",
"unmappedStatus": "pending",
"resendOtp": {
"isSupported": true,
"attemptsLeft": 2
},
"submitOtp": {
"attemptsLeft": 3
}
},
"result": {
"otpPostUrl": "https://test.payu.in/ResponseHandler.php",
"acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0i..."
},
"binData": {
"pureS2SSupported": true,
"issuingBank": "AXIS",
"category": "creditcard",
"cardType": "MAST",
"isDomestic": true
}
}Handling the Response
In S2S4, rely on the metaData.unmappedStatus field from the response JSON. Perform the following actions based on its value:
- If metaData.unmappedStatus = 'pending':
- Check the value of the binData.pureS2SSupported parameter:
- If binData.pureS2SSupported = true:
- Invoke the OTP page and present it to the customer, Use Submit OTP API to Collect & Submit OTP from your Page.
- If the customer opts to redirect to the bank ACS for entering the OTP, provide a "Redirect to Bank Page" link. Upon selection, load the value of the result.acsTemplate parameter as the Bank Form by decoding it using base64 encoding formula.
- If binData.pureS2SSupported = false:
- Redirect the customer using the result.acsTemplate parameter, which contains a Base64-encoded HTML form.
- Check the value of the binData.pureS2SSupported parameter:
- The metaData.referenceId value from the response JSON will be used as the input for the referenceId parameter in both the submitOtp and resentOtp APIs.
- If metaData.unmappedStatus = 'failure', refer to the metaData.statusCode and metaData.msg fields for details on the failure reasons.
Based on the unmappedStatus value, take the following actions:
| Status | Action |
|---|---|
pending | Proceed with 3DS authentication using the acsTemplate or OTP flow |
captured | Transaction successful, no further action needed |
failed | Transaction failed, display error to customer |
Redirect the customer using the result.acsTemplate(base64encoded) to their bank's page for authentication. The final response will be posted to surl/furl and the configured Webhook.
Reference: PayU recommends you to use PayU Hash Verification Tool to verify the reverse hashing. For more information, refer to Using PayU Hash Verification Tool
Step 5: Verify the Payment
After the payment is complete, verify the transaction status using PayU's verification APIs.
Verification Methods
Use one of the following methods to verify the payment:
- Webhook/Callback: PayU sends a POST request to your
surlorfurlwith transaction details - Verify Payment API: Call the
verify_paymentAPI with the transaction ID
Verify Payment API
curl --location --request POST 'https://info.payu.in/merchant/postservice.php?form=2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'key=JPM7Fg' \
--data-urlencode 'command=verify_payment' \
--data-urlencode 'var1=payuTestTransaction12345' \
--data-urlencode 'hash=YOUR_CALCULATED_HASH'Use the webhooks to verify the payment. The following is the sample webhook payload in response. For more information, refer to Webhook Events and Sample Payloads.
Sample Webhook Response
mihpayid=27553369917
&mode=SBQR
&status=success
&key=rZ1fX4
&txnid=T2603041446091822117753
&amount=40.00
&addedon=2026-03-04+14%3A46%3A14
&productinfo=Static+QR
&firstname=
&lastname=
&address1=
&address2=
&city=Gurgaon
&state=
&country=
&zipcode=122001
&email=
&phone=##########
&udf1=
&udf2=
&udf3=
&udf4=SoftQR
&udf5=BFL0000006601446
&udf6=
&udf7=
&udf8=
&udf9=
&udf10=
&card_token=
&card_no=
&field0=STQ9IUFeqlafg78815827
&field1=PRIYA+SHANKAR+PUSNAKE
&field2=995486
&field3=_mobilenum_%40axl
&field4=bajajpay.6879729.d2m9cckd%40indus
&field5=AXLd36cfcd317f243b5b3a2d62bc71caf78
&field6=00000038683323284%7C_mobilenum_%7CSBIN0011418
&field7=APPROVED+OR+COMPLETED+SUCCESSFULLY%7C00
&field8=Payment+from+PhonePe
&field9=Transaction+is+Successful.+Bank+Sent%3ATransaction+success
&payment_source=payu
&cardToken=
&authenticaticationMethod=
&PG_TYPE=SBQR-PG
&error=E000
&error_Message=No+Error
&net_amount_debit=40
&discount=0.00
&offer_key=
&offer_availed=
&unmappedstatus=captured
&hash=aefe0213c4299c7ee2039d5430f7bee63711ee627e1b47d2605d0384abbbf828f3641dae3cb126c8b2f761084cbb0bebad27bb325696cc44ce3061157d7cd9ff
&bank_ref_no=793887773815
&bank_ref_num=793887773815
&bankcode=UPISBQR
&surl=
&curl=
&furl=
&psp_nUpdated about 2 months ago
