Decoupled Flow Integration
The S2S decoupled flow for cards involves the following steps for the redirect experience.
Steps to Integrate
- Initiate payment request with PayU
- Redirect the customer
- Authorize (charge) the Payment
- Check the response from PayU
<RegisterMerchantPrerequiste />
Notes:
- This API is backward compatible and you can continue to the existing integration parameters to process the 3DS 1.0.2 transactions.
- If you are using legacy integration of decoupled flow for S2S, refer to Legacy Flow for Server-to-Server.
Step 1: Initiate payment request with PayU
The merchant initiates PayU with the required transaction mandatory or optional parameters. This needs to be a server-to-server curl call request. URL, parameters, and their descriptions. For more information, refer to Cards Decoupled Flow.
<PaymentAPIEnvironment />
Request parameters
Parameter | Description | Example |
---|---|---|
<glossary:key> |
|
|
<glossary:txnid> |
|
|
amount |
|
|
productinfo |
|
|
firstname |
|
Ashish |
email |
|
|
phone |
|
|
pg |
|
CC |
bankcode |
|
AMEX |
ccnum |
|
5123456789012346 |
ccname |
|
Ashish Kumar |
ccvv |
|
123 |
ccexpmon |
|
10 |
ccexpyr |
|
2021 |
furl |
|
|
surl |
|
|
hash |
|
|
txn_s2s_flow |
|
|
auth_only |
|
|
termUrl |
|
|
authentication_flow |
|
|
s2s_client_ip |
|
|
s2s_device_info |
|
|
notifyurl |
|
|
address1 |
|
|
address2 |
|
|
city |
|
|
state |
|
|
country |
|
|
zipcode |
|
|
udf1 |
|
|
udf2 |
|
|
udf3 |
|
|
udf4 |
|
|
udf5 |
|
<HashingRequestParameters />
Sample request
curl --location \
--request \
POST 'https://secure.payu.in/_payment' --header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: PHPSESSID=mj185cifujktpv1igu9tmuoaal; PAYUID=6b0d4cbbe43702a8a938a4d4c546ae01; PHPSESSID=6388ab6306272' \
--data \
-urlencode 'hash=5e0f040fb08759d621caf04baab4bd893e1d9f5d3edfc2aa42bea00c2ac7140b14b7883028a3b7fc5df6fb728f7542d85c2930c3f3dc4bab6a8b3da1ff33d9fe' --data \
-urlencode 'key=smsplus' --data \
-urlencode 'txnid=payuTestTransaction8169502' --data \
-urlencode 'amount=1.1' --data \
-urlencode 'firstname=Postman' --data \
-urlencode '[email protected]' --data \
-urlencode 'phone=9988776655' --data \
-urlencode 'productinfo=Product Info' --data \
-urlencode 'surl=https://admin.payu.in/test_response' --data \
-urlencode 'furl=https://admin.payu.in/test_response' --data \
-urlencode 'notifyurl=https://admin.payu.in/test_response' --data \
-urlencode 'codurl=https://admin.payu.in/test_response' --data \
-urlencode 'ipurl=https://admin.payu.in/test_response' --data \
-urlencode 'lastname=' --data \
-urlencode 'udf1=' --data \
-urlencode 'udf2=' --data \
-urlencode 'udf3=' --data \
-urlencode 'udf4=' --data \
-urlencode 'udf5=' --data \
-urlencode 'pg=CC' --data \
-urlencode 'bankcode=CC' --data \
-urlencode 'ccnum=XXXXXXXXXXX8006' --data \
-urlencode 'ccname=ASHISH' --data \
-urlencode 'ccvv=XXX' --data \
-urlencode 'ccexpmon=05' --data \
-urlencode 'ccexpyr=2023' --data \
-urlencode 'txn_s2s_flow=4' --data \
-urlencode 'auth_only=1' --data \
-urlencode 'termUrl=https://admin.payu.in/test_response' --data \
-urlencode 'authentication_flow=REDIRECT'
Sample response
Understanding response parameters:
The response for the S2S payment request is not similar to Merchant Hosted or PayU Hosted Checkout. For description of response parameters, refer to Additional Info for Payment APIs.
{
"metaData": {
"message": null,
"referenceId": "00c44a4c8306f9cbe5ecf6133afe08a7",
"statusCode": null,
"txnId": "payuTestTransaction447674",
"txnStatus": "Enrolled",
"unmappedStatus": "pending"
},
"result": {
"otpPostUrl": "",
"acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vd3d3LjNkc2VjdXJlMS5pY2ljaWJhbmsuY29tL0FDU1dlYi9FbnJvbGxXZWIvSUNJQ0lCYW5rL3NlcnZlci9BY2Nlc3NDb250cm9sU2VydmVyP2lkY3Q9ODExMi5WIiBtZXRob2Q9InBvc3QiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Ik1EIiB2YWx1ZT0iYzJlOWU0NTYwMzdmMDMzZTVjYzNkN2I2ZTU1NjE4OWFkZjQxZWVhYmY3MDY4NDRkZmY3MGFhYzkxZjZiOGU3M2JiMTg0NjI4NmM4Zjk5ZWE3NjhjZjM4ZjdjMTIzNjljfDUyMzcyNzQ5MzY0Nzk1MGYzMjY4NGJkNmYxYWIwN2FhNjQ3NDAxNmYiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9IlBhUmVxIiB2YWx1ZT0iZU5wVlVrMXYyekFNL1N0Qjc3RytyTW9PV0FGTkRhdzVKTTNTN3RLYmJER3hoL2lqbGowMCsvV1RIR2ZkVHVLamlFZStSOEpiMlNObXIxaU1QV3JZb25QbWhJdktQdHpsOFQzbE9lVkxMbzkyR1Z0TWxvbFE2VkpZeFRrMVZDcGw3elRzSHcvNG9lRVg5cTVxRzgwaUduRWdOK2daKzZJMHphREJGQi9yelU3SGlVaVZCREpEcUxIZlpKb3puc1lKbFFrVmd0SjdJTmMwTktaRzdXclhuVWNIWkVKUXRHTXo5QmN0cEsrN0FSajdzeTZIb1hNclF0d2tKK3JNWll5cWh1UW1UMWw4dElVNVdta1pUeFJGcTR4TUZVdXBORGw1YXV1NmJmYW5BN3F1YlJ3K204YWVzUWNTU0lGOGFkaVBJWEoraU0vSzZ2ZTMwL0NTYmNYTEsvMzluaFdYN2M5MXVjMStpQjMvL2dBa1ZJQTFBMnBPdWRkSDJZS0psVkFyNGYyWjhtRHFNTDNlN0E0TEZqSHFUYmttb0F0OUhxK0FoWTkvRStERjlkZ1VOd2R1Q1BEVFQ0Kyt3amY0RzRORlYzZ1I4L09sNE9rNTdLUVlndnZ6Z040T0pTU1RLc2wzL0xSVzViZXdwNmtra0ZmZVp5Nm9uTmdEQUJKSXlId0NaTDRlSC8xM1ZYOEFEOUxGSGc9PSI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iVGVybVVybCIgdmFsdWU9Imh0dHBzOi8vc2VjdXJlLnBheXUuaW4vYmFiOTE0ZmRjYWZkNWQxMjg3MGVkN2E1OTcxOTA1YWIvQ29tbW9uUGdSZXNwb25zZUhhbmRsZXIiPjwvZm9ybT48c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cub25sb2FkPWZ1bmN0aW9uKCl7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbJ3BheW1lbnRfcG9zdCddLnN1Ym1pdCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICA8L3NjcmlwdD48L2JvZHk+PC9odG1sPg=="
},
"binData": {
"pureS2SSupported": false,
"issuingBank": "ICICI",
"category": "creditcard",
"cardType": "VISA",
"isDomestic": true
}
}
Step 2: Redirect the customer
Basis a successful response of the authentication API, you need to redirect the user to the bank page using acsTemplate. This API specifies the response that is posted to termUrl
after the authentication for the transaction has been processed.
Notes:
- All callbacks POST form data on the merchant’s
termUrl
that is passed in Initiate Transaction API.- Validation of the response happens on the basis of the hash value being returned in the hash value of the response.
Request parameters
Parameter | Description |
---|---|
rawBankData |
|
referenceId |
|
bankData |
|
authenticationStatus |
|
hash |
|
bankData JSON fields description
Field | Description | Applicable for EMV 3DS |
---|---|---|
cres |
|
Yes |
referenceId |
|
|
messageDigest |
|
|
pares |
|
|
additionalInfo |
|
|
authorizationUrl |
|
Sample response
{
“rawBankData” : “”
“referenceId”: “00c44a4c8306f9cbe5ecf6133afe08a7”
“bankData” : {
"referenceId": "00c44a4c8306f9cbe5ecf6133afe08a7",
"messageDigest": "c2e9e456037f033e5cc3d7b6e556189adf41eeabf706844dff70aac91f6b8e73bb1846286c8f99ea768cf38f7c12369c|523727493647950f32684bd6f1ab07aa6474016f",
"pares": "eNrVmdeS47i2pl+lo8+loje968jOCHojGtGLvKM3opHoyacfZmZVde06PWfOzMXEjCIUgkBiYRHAWv8H4s0phyzj7CyZh+z9TcvGMSqy36r0r99jFAfhGIT/gLE8/QNNM/IPEiGoP5CUgGEwAjGCSH9/f7vRVjZ+NvgsnTVLNoxV371D/wL/Bb8B3/+exoekjLrp/S1KXoysv6MkQhHYG/Dt71ubDTL3DkMwhZIgRoIIAoL4G/BV/Qb83f42f5TG0+GtSt9Dp5gMTkMMGzxCLtm1mik1zkV02PzrDfi44y2NpuwdBuHTNgj9BiF/IsSfyOnbZ/3b88Mc3fbzaRuCwDfg54q3c2SGrEv2dwQ7nfnx7y3bnn2XnXecdn6U34C/fXtG3Tv40wcFQeK0fda+Off3t6lqf/YJ/RMi/4ShN+Cz/m2comke34M34FvpLYmW5Z2maYYVTJqWzadhJqu+0t8/57N+3vKWJdU7eA7rx+9nK7op+qGayvbD1X+veAM+XAE+p+79za6K7uxsyH7b2qYb//q9nKbnnwCwruu/VuRf/VAA8PkgAEgB5w3pWBX/8ftXqyyVu7z/32rGRl3fVUnUVEc0nQtEy6ayT3/74ds/mXGsD0sQYPHsH6epPxII7f74qAERCDttAv9s9Kcn++/08quzwxj9MZYR9NHBL4be36wszz5WRPaba8l//f4f36OAq4psnP5Puvve1c8WvtvzombO3mc3DXRwZEp92R+80+1LH1P8RNQ4/9f3dl93vgE//Pvm/NdM/TQiXzc6RMf6GG04qXdxrxgV1PAQ4FJa38tkuNT”,
"additionalInfo":
{
"authUdf1": "",
"authUdf2": "",
"authUdf3": "",
"authUdf4": "",
"authUdf5": "",
"authUdf6": "",
"authUdf7": "",
"authUdf8": "",
"authUdf9": "",
"authUdf10": ""
}
},
“authenticationStatus” : “success”,
“hash” : “664b8ddd1b5b2d1b68abb7eee5ea6e001a02773499ddcd86956ba0833315e7d4e69c641d7b0b3e7590532e21e71936da173f4eda716fc09f83cd1117f0d0c37c”}
Step 3: Authorize (charge) the payment
The authorization request is the final step of transaction processing. This again needs to be an S2S call from the merchant’s server to PayU server.
Request parameters
Post URL: The data to be posted has to be exactly the same as the JSON response received in the authentication response in Step 2. The data must include the following parameters.
Environment
Parameter | Description |
---|---|
key |
|
txnid |
|
amount |
|
hash |
|
authentication_info |
|
Example for authentication_info JSON
{
"referenceId": "00c44a4c8306f9cbe5ecf6133afe08a7",
"cres": "eyJhY3NUcmFuc0lEIjoiODc3OTFjZWUtMjUxNC00MzZjLWJlZDgtYTYzYTg3YmJkZjAxIiwiY2hhbGxlbmdlQ29tcGxldGlvbkluZCI6IlkiLCJtZXNzYWdlVHlwZSI6IkNSZXMiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiJkNDFmNjIwMC0wNDM1LTQ5ZWUtYWExMS1mMzY2ZjA2NjFjNmYiLCJ0cmFuc1N0YXR1cyI6IlkifQ==",
"messageDigest": "",
"pares": "",
"additionalInfo": {
"authUdf1": "",
"authUdf2": "",
"authUdf3": "",
"authUdf4": "",
"authUdf5": "",
"authUdf6": "",
"authUdf7": "",
"authUdf8": "",
"authUdf9": "",
"authUdf10": ""
}
}
authentication_info JSON Fields Description
Field | Description | Applicable to EMV 3DS |
---|---|---|
cres | This field contains the Base 64 encoded value received from ACS as part of the authentication response | Yes |
referenceId | This field contains the same referenceId which sent in response of the first call | |
additionalInfo | This field can be used in the case of schemes where different parameters may need from merchant side. | |
messageDigest | This field includes the Base 64 encoding of (sha56 hash of the JSON data (post to server). | |
pares | This parameter contains the pares being returned by the bank. |
Step 4: Check the response from PayU
The response from PayU for Merchant Hosted and S2S integration is similar.
Hash validation logic for payment response (Reverse Hashing)
While sending the response, PayU takes the exact same parameters that were sent in the request (in reverse order) to calculate the hash and returns it to you. You must verify the hash and then mark a transaction as a success or failure. This is to make sure the transaction has not tampered within the response.
The order of the parameters is similar to the following code block:
sha512(SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key)
Response parameters
The parameters in the response for similar for all S2S flows. For more information, refer to Additional Info for Payment APIs.
Sample response
The formatted JSON response is similar to the following:
{
"metaData": {
"message": "No Error",
"referenceId": "b6035f64240b1862295bc571952cf984",
"statusCode": "E000",
"txnId": "payuTestTransaction2746829",
"unmappedStatus": "success",
"submitOtp": {
"status": "success"
}
},
"result": {
"mihpayid": "15270336226",
"mode": "CC",
"status": "success",
"key": "4wvMqy",
"txnid": "payuTestTransaction2746829",
"amount": "1.10",
"addedon": "2022-06-01 17:39:29",
"productinfo": "Product Info",
"firstname": "Postman",
"lastname": "",
"address1": "",
"address2": "",
"city": "",
"state": "",
"country": "",
"zipcode": "",
"email": "[email protected]",
"phone": "9988776655",
"udf1": "",
"udf2": "",
"udf3": "",
"udf4": "",
"udf5": "",
"udf6": "",
"udf7": "",
"udf8": "",
"udf9": "",
"udf10": "",
"card_token": "",
"card_no": "XXXXXXXXXXXX8006",
"field0": "",
"field1": "6540854745166970506094",
"field2": "947167",
"field3": "1.10",
"field4": "15270336226",
"field5": "100",
"field6": "",
"field7": "AUTHPOSITIVE",
"field8": "",
"field9": "Transaction is Successful",
"payment_source": "payuPureS2SAuth",
"PG_TYPE": "CC-PG",
"error": "E000",
"error_Message": "No Error",
"cardToken": "",
"net_amount_debit": "1.1",
"discount": "0.00",
"offer_key": "",
"offer_availed": "",
"unmappedstatus": "captured",
"hash": "cdc409dfd15a842b8d15d6627d0027619882ed800773fa413cef491ae8ff2ef0cdfa654680ba4c8f3567313c6a6b00b94cb3bb5e16bad21d26be01216a69af41",
"bank_ref_no": "6540854745166970506094",
"bank_ref_num": "6540854745166970506094",
"bankcode": "CC",
"surl": "",
"curl": "",
"furl": "",
"card_hash": "fdb59253e36daf8b3969525ae3799ccb4bb41993a5d2fcaf22737ec3ac8b90ab"
}
}
Updated about 2 hours ago