Decoupled Flow Integration
The S2S decoupled flow for cards involves the following steps for the redirect experience.
Steps to Integrate
- Initiate payment request with PayU
- Redirect the customer
- Authorize (charge) the Payment
- Check the response from PayU
Before you begin:
Register for a account with PayU before you start integration. For more information, refer to Register for a Merchant Account.
Notes:
- This API is backward compatible and you can continue to the existing integration parameters to process the 3DS 1.0.2 transactions.
- If you are using legacy integration of decoupled flow for S2S, refer to Legacy Flow for Server-to-Server.
Step 1: Initiate payment request with PayU
The merchant initiates PayU with the required transaction mandatory or optional parameters. This needs to be a server-to-server curl call request. URL, parameters, and their descriptions. For more information, refer to Cards Decoupled Flow. Collect the response in the Card Decoupled Flow under API Reference. The response for the S2S payment request is not similar to Merchant Hosted or PayU Hosted Checkout. For description of response parameters, refer to Additional Info for Payment APIs.
Environment
| Test Environment | https://test.payu.in/_payment |
| Production Environment | https://secure.payu.in/_payment |
Sample request
curl --location \
--request \
POST 'https://secure.payu.in/_payment' --header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: PHPSESSID=mj185cifujktpv1igu9tmuoaal; PAYUID=6b0d4cbbe43702a8a938a4d4c546ae01; PHPSESSID=6388ab6306272' \
--data \
-urlencode 'hash=5e0f040fb08759d621caf04baab4bd893e1d9f5d3edfc2aa42bea00c2ac7140b14b7883028a3b7fc5df6fb728f7542d85c2930c3f3dc4bab6a8b3da1ff33d9fe' --data \
-urlencode 'key=smsplus' --data \
-urlencode 'txnid=payuTestTransaction8169502' --data \
-urlencode 'amount=1.1' --data \
-urlencode 'firstname=Postman' --data \
-urlencode '[email protected]' --data \
-urlencode 'phone=9988776655' --data \
-urlencode 'productinfo=Product Info' --data \
-urlencode 'surl=https://admin.payu.in/test_response' --data \
-urlencode 'furl=https://admin.payu.in/test_response' --data \
-urlencode 'notifyurl=https://admin.payu.in/test_response' --data \
-urlencode 'codurl=https://admin.payu.in/test_response' --data \
-urlencode 'ipurl=https://admin.payu.in/test_response' --data \
-urlencode 'lastname=' --data \
-urlencode 'udf1=' --data \
-urlencode 'udf2=' --data \
-urlencode 'udf3=' --data \
-urlencode 'udf4=' --data \
-urlencode 'udf5=' --data \
-urlencode 'pg=CC' --data \
-urlencode 'bankcode=CC' --data \
-urlencode 'ccnum=XXXXXXXXXXX8006' --data \
-urlencode 'ccname=ASHISH' --data \
-urlencode 'ccvv=XXX' --data \
-urlencode 'ccexpmon=05' --data \
-urlencode 'ccexpyr=2023' --data \
-urlencode 'txn_s2s_flow=4' --data \
-urlencode 'auth_only=1' --data \
-urlencode 'termUrl=https://admin.payu.in/test_response' --data \
-urlencode 'authentication_flow=REDIRECT'
Sample response
{
"metaData": {
"message": null,
"referenceId": "00c44a4c8306f9cbe5ecf6133afe08a7",
"statusCode": null,
"txnId": "payuTestTransaction447674",
"txnStatus": "Enrolled",
"unmappedStatus": "pending"
},
"result": {
"otpPostUrl": "",
"acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vd3d3LjNkc2VjdXJlMS5pY2ljaWJhbmsuY29tL0FDU1dlYi9FbnJvbGxXZWIvSUNJQ0lCYW5rL3NlcnZlci9BY2Nlc3NDb250cm9sU2VydmVyP2lkY3Q9ODExMi5WIiBtZXRob2Q9InBvc3QiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Ik1EIiB2YWx1ZT0iYzJlOWU0NTYwMzdmMDMzZTVjYzNkN2I2ZTU1NjE4OWFkZjQxZWVhYmY3MDY4NDRkZmY3MGFhYzkxZjZiOGU3M2JiMTg0NjI4NmM4Zjk5ZWE3NjhjZjM4ZjdjMTIzNjljfDUyMzcyNzQ5MzY0Nzk1MGYzMjY4NGJkNmYxYWIwN2FhNjQ3NDAxNmYiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9IlBhUmVxIiB2YWx1ZT0iZU5wVlVrMXYyekFNL1N0Qjc3RytyTW9PV0FGTkRhdzVKTTNTN3RLYmJER3hoL2lqbGowMCsvV1RIR2ZkVHVLamlFZStSOEpiMlNObXIxaU1QV3JZb25QbWhJdktQdHpsOFQzbE9lVkxMbzkyR1Z0TWxvbFE2VkpZeFRrMVZDcGw3elRzSHcvNG9lRVg5cTVxRzgwaUduRWdOK2daKzZJMHphREJGQi9yelU3SGlVaVZCREpEcUxIZlpKb3puc1lKbFFrVmd0SjdJTmMwTktaRzdXclhuVWNIWkVKUXRHTXo5QmN0cEsrN0FSajdzeTZIb1hNclF0d2tKK3JNWll5cWh1UW1UMWw4dElVNVdta1pUeFJGcTR4TUZVdXBORGw1YXV1NmJmYW5BN3F1YlJ3K204YWVzUWNTU0lGOGFkaVBJWEoraU0vSzZ2ZTMwL0NTYmNYTEsvMzluaFdYN2M5MXVjMStpQjMvL2dBa1ZJQTFBMnBPdWRkSDJZS0psVkFyNGYyWjhtRHFNTDNlN0E0TEZqSHFUYmttb0F0OUhxK0FoWTkvRStERjlkZ1VOd2R1Q1BEVFQ0Kyt3amY0RzRORlYzZ1I4L09sNE9rNTdLUVlndnZ6Z040T0pTU1RLc2wzL0xSVzViZXdwNmtra0ZmZVp5Nm9uTmdEQUJKSXlId0NaTDRlSC8xM1ZYOEFEOUxGSGc9PSI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iVGVybVVybCIgdmFsdWU9Imh0dHBzOi8vc2VjdXJlLnBheXUuaW4vYmFiOTE0ZmRjYWZkNWQxMjg3MGVkN2E1OTcxOTA1YWIvQ29tbW9uUGdSZXNwb25zZUhhbmRsZXIiPjwvZm9ybT48c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cub25sb2FkPWZ1bmN0aW9uKCl7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbJ3BheW1lbnRfcG9zdCddLnN1Ym1pdCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICA8L3NjcmlwdD48L2JvZHk+PC9odG1sPg=="
},
"binData": {
"pureS2SSupported": false,
"issuingBank": "ICICI",
"category": "creditcard",
"cardType": "VISA",
"isDomestic": true
}
}
Step 2: Redirect the customer
Basis a successful response of the authentication API, you need to redirect the user to the bank page using acsTemplate. This API specifies the response that is posted to termUrl after the authentication for the transaction has been processed.
Notes:
- All callbacks POST form data on the merchant’s
termUrlthat is passed in Initiate Transaction API.- Validation of the response happens on the basis of the hash value being returned in the hash value of the response.
Request parameters
| Parameter | Description |
|---|---|
| rawBankData mandatory | String This parameter contains the raw response that is received from bank after authentication. The response is urlencoded and in query string format. |
| referenceId mandatory | String This parameter contains the reference id being returned for the transaction |
| bankData mandatory | JSON This parameter contains the JSON string that is to be used for authorization call.This parameter is received in case of successful OTP submission of decoupled transactions.
The postToBank contains messageDigest and pares that is to be posted back for authorization. For more information on the fields in this JSON, refer to bankData JSON Fields Description. |
| authenticationStatus mandatory | String This parameter contains the authentication status of the transaction |
| hash *mandatory | String This parameter contains the calculated hash of the data that is posted to the merchant. For security purpose it is recommended to validate the hash value before consuming the response |
bankData JSON fields description
| Field | Description | Applicable for EMV 3DS |
|---|---|---|
| cres | StringThis field contains the Base64 encoded value received from ACS as part of the authentication response. | Yes |
| referenceId mandatory | String This field is returned in case of decoupled flow. This field contains the reference id for the transaction | |
| messageDigest mandatory | String This field is returned in case of decoupled flow. This field contains the MD value being returned by the bank. | |
| pares mandatory | String This field is returned in case of decoupled flow. This field contains the pares being returned by the bank | |
| additionalInfo mandatory | String This field is returned in case of decoupled flow. This field contains the data that is being used for the gateways that do not return pares. | |
| authorizationUrl mandatory | String This integration document assumes that you have opt-ed out for the particular configuration.The authorization URL in legacy integrations are present basis the config at PayU. Please reach out to [email protected] to know more about. |
Sample response
{
“rawBankData” : “”
“referenceId”: “00c44a4c8306f9cbe5ecf6133afe08a7”
“bankData” : {
"referenceId": "00c44a4c8306f9cbe5ecf6133afe08a7",
"messageDigest": "c2e9e456037f033e5cc3d7b6e556189adf41eeabf706844dff70aac91f6b8e73bb1846286c8f99ea768cf38f7c12369c|523727493647950f32684bd6f1ab07aa6474016f",
"pares": "eNrVmdeS47i2pl+lo8+loje968jOCHojGtGLvKM3opHoyacfZmZVde06PWfOzMXEjCIUgkBiYRHAWv8H4s0phyzj7CyZh+z9TcvGMSqy36r0r99jFAfhGIT/gLE8/QNNM/IPEiGoP5CUgGEwAjGCSH9/f7vRVjZ+NvgsnTVLNoxV371D/wL/Bb8B3/+exoekjLrp/S1KXoysv6MkQhHYG/Dt71ubDTL3DkMwhZIgRoIIAoL4G/BV/Qb83f42f5TG0+GtSt9Dp5gMTkMMGzxCLtm1mik1zkV02PzrDfi44y2NpuwdBuHTNgj9BiF/IsSfyOnbZ/3b88Mc3fbzaRuCwDfg54q3c2SGrEv2dwQ7nfnx7y3bnn2XnXecdn6U34C/fXtG3Tv40wcFQeK0fda+Off3t6lqf/YJ/RMi/4ShN+Cz/m2comke34M34FvpLYmW5Z2maYYVTJqWzadhJqu+0t8/57N+3vKWJdU7eA7rx+9nK7op+qGayvbD1X+veAM+XAE+p+79za6K7uxsyH7b2qYb//q9nKbnnwCwruu/VuRf/VAA8PkgAEgB5w3pWBX/8ftXqyyVu7z/32rGRl3fVUnUVEc0nQtEy6ayT3/74ds/mXGsD0sQYPHsH6epPxII7f74qAERCDttAv9s9Kcn++/08quzwxj9MZYR9NHBL4be36wszz5WRPaba8l//f4f36OAq4psnP5Puvve1c8WvtvzombO3mc3DXRwZEp92R+80+1LH1P8RNQ4/9f3dl93vgE//Pvm/NdM/TQiXzc6RMf6GG04qXdxrxgV1PAQ4FJa38tkuNT”,
"additionalInfo":
{
"authUdf1": "",
"authUdf2": "",
"authUdf3": "",
"authUdf4": "",
"authUdf5": "",
"authUdf6": "",
"authUdf7": "",
"authUdf8": "",
"authUdf9": "",
"authUdf10": ""
}
},
“authenticationStatus” : “success”,
“hash” : “664b8ddd1b5b2d1b68abb7eee5ea6e001a02773499ddcd86956ba0833315e7d4e69c641d7b0b3e7590532e21e71936da173f4eda716fc09f83cd1117f0d0c37c”}
Step 3: Authorize (charge) the payment
The authorization request is the final step of transaction processing. This again needs to be an S2S call from the merchant’s server to PayU server.
Request parameters
Post URL: The data to be posted has to be exactly the same as the JSON response received in the authentication response in Step 2. The data must include the following parameters.
Environment
| Parameter | Description |
|---|---|
| key mandatory | String The merchant key is provided by PayU and acts as a unique identifier for a specific merchant account in PayU’s database. |
| txnid mandatory | String The transaction ID is the order reference number generated by the merchant to track a particular order. It can be used only once and PayU’s system does not accept a duplicate Transaction ID. |
| amount mandatory | String It should contain the payment amount of the particular transaction. The amount must be greater than Rs. 8000 for the cardless EMI option. |
| hash mandatory | String It is used to avoid the possibility of transaction tampering. The hash must in the following structure:valueOf(key)| valueOf(txnid) | valueOf(amount) |valueOf(authentication_info) | valueOf(salt) |
| authentication_info mandatory | JSON The JSON value received in the bankData on the Term URL or pass the fields as in the JSON example. |
Example for authentication_info JSON
{
"referenceId": "00c44a4c8306f9cbe5ecf6133afe08a7",
"cres": "eyJhY3NUcmFuc0lEIjoiODc3OTFjZWUtMjUxNC00MzZjLWJlZDgtYTYzYTg3YmJkZjAxIiwiY2hhbGxlbmdlQ29tcGxldGlvbkluZCI6IlkiLCJtZXNzYWdlVHlwZSI6IkNSZXMiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiJkNDFmNjIwMC0wNDM1LTQ5ZWUtYWExMS1mMzY2ZjA2NjFjNmYiLCJ0cmFuc1N0YXR1cyI6IlkifQ==",
"messageDigest": "",
"pares": "",
"additionalInfo": {
"authUdf1": "",
"authUdf2": "",
"authUdf3": "",
"authUdf4": "",
"authUdf5": "",
"authUdf6": "",
"authUdf7": "",
"authUdf8": "",
"authUdf9": "",
"authUdf10": ""
}
}
authentication_info JSON Fields Description
| Field | Description | Applicable to EMV 3DS |
|---|---|---|
| cres | This field contains the Base 64 encoded value received from ACS as part of the authentication response | Yes |
| referenceId | This field contains the same referenceId which sent in response of the first call | |
| additionalInfo | This field can be used in the case of schemes where different parameters may need from merchant side. | |
| messageDigest | This field includes the Base 64 encoding of (sha56 hash of the JSON data (post to server). | |
| pares | This parameter contains the pares being returned by the bank. |
Step 4: Check the response from PayU
The response from PayU for Merchant Hosted and S2S integration is similar.
Response parameters
The parameters in the response for similar for all S2S flows. For more information Decoupled Flow for Cards - Server-to-Server
Sample response
The formatted JSON response is similar to the following:
{
"metaData": {
"message": "No Error",
"referenceId": "b6035f64240b1862295bc571952cf984",
"statusCode": "E000",
"txnId": "payuTestTransaction2746829",
"unmappedStatus": "success",
"submitOtp": {
"status": "success"
}
},
"result": {
"mihpayid": "15270336226",
"mode": "CC",
"status": "success",
"key": "4wvMqy",
"txnid": "payuTestTransaction2746829",
"amount": "1.10",
"addedon": "2022-06-01 17:39:29",
"productinfo": "Product Info",
"firstname": "Postman",
"lastname": "",
"address1": "",
"address2": "",
"city": "",
"state": "",
"country": "",
"zipcode": "",
"email": "[email protected]",
"phone": "9988776655",
"udf1": "",
"udf2": "",
"udf3": "",
"udf4": "",
"udf5": "",
"udf6": "",
"udf7": "",
"udf8": "",
"udf9": "",
"udf10": "",
"card_token": "",
"card_no": "XXXXXXXXXXXX8006",
"field0": "",
"field1": "6540854745166970506094",
"field2": "947167",
"field3": "1.10",
"field4": "15270336226",
"field5": "100",
"field6": "",
"field7": "AUTHPOSITIVE",
"field8": "",
"field9": "Transaction is Successful",
"payment_source": "payuPureS2SAuth",
"PG_TYPE": "CC-PG",
"error": "E000",
"error_Message": "No Error",
"cardToken": "",
"net_amount_debit": "1.1",
"discount": "0.00",
"offer_key": "",
"offer_availed": "",
"unmappedstatus": "captured",
"hash": "cdc409dfd15a842b8d15d6627d0027619882ed800773fa413cef491ae8ff2ef0cdfa654680ba4c8f3567313c6a6b00b94cb3bb5e16bad21d26be01216a69af41",
"bank_ref_no": "6540854745166970506094",
"bank_ref_num": "6540854745166970506094",
"bankcode": "CC",
"surl": "",
"curl": "",
"furl": "",
"card_hash": "fdb59253e36daf8b3969525ae3799ccb4bb41993a5d2fcaf22737ec3ac8b90ab"
}
}
Updated 1 day ago