Direct Authorization Integration
PayU enables merchants to process direct authorization for pre-authenticated transactions (external MPI/3DSS). This section describes how to integrate with PayU’s direct authorization flow.
Steps to Integrate
Before you begin:
Register for a account with PayU before you start integration. For more information, refer to Register for a Merchant Account.
Step 1: Post the parameters to PayU
Initiate an authorization request with the payment details provided post a successful authentication via the MPI/3DSS. For a sample request or response, refer to Collect Payment API - Server-to-Server.. In addition to the regular parameters, you need to post the following parameters:
| Parameter | Description | Example |
|---|---|---|
| txn_s2s_flow mandatory for S2S | String This parameter must be passed with the value as 3 for Direct Authorization. | 3 |
| authentication_info | JSON This parameter contains the authentication information in a JSON format for direct authorization. For more information refer to [authentication_info JSON Fields Description](#authentication_info-json-fields description). | Refer to authenticaion_info JSON Sample. |
| threeDS2RequestData | JSONThis parameter contains the following fields in an array format:- threeDSVersion: The message protocol version is to be specified in this field. - deviceChannel: The channel of transaction is to be specified in this field. Note: This parameter is applicable for the EMV 3DS transactions. | { “threeDSVersion” : “2.2.0”, “deviceChannel” : “APP/BRW” } |
Sample request
curl -X POST "https://test.payu.in/_payment
-H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d
"key=JP***g&txnid=ATGNMtNsHKgBQ4&amount=199.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=cc&bankcode=cc&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=5123456789012346&ccexpmon=05&ccexpyr=2022&ccvv=123&ccname=&txn_s2s_flow=3&threeDS2RequestData:{ “threeDSVersion” : “2.2.0”, “deviceChannel” : “APP/BRW”}&authentication_info: { "eci": "05","cavv":"AAABAWFlmQAAAABjRWWZEEFgFz+=","flowType": "Frictionless", "threeDSTransID": "67b4c71f-19bf-4d97-bd09-4e3687dc9e42", "threeDSServerTransID": "eea30d14-71cf-41af-b961-f95b7d67dc93", "threeDSTransStatus": "Y","threeDSTransStatusReason": "01-99", "additionalinfo": { "authudf2": "1_1665637507_954_104_l73c004m_IAMRB" }, "acquirer_bin": "401200"}"&s2s_client_ip=83.191.88.168&s2s_device_info=221.6.48.86&hash=1447162a8519a8cbaf8726fdff99487cbac7743595cf355a27fac4a2b42a576e5f23d21ebf59b50004714f7b6b4775e34355ce6acad86f60e2c7369b5df4c55b
Collect the response in the Collect Payment API - Server-to-Server under API Reference. The response for the S2S payment request is not similar to Merchant Hosted or PayU Hosted Checkout. For description of response parameters and authentication_info JSON Fields Description, refer to Additional Info for Payment APIs.
authentication_info JSON Sample
authentication_info” : {
"eci": "05",
"cavv": "AAABAWFlmQAAAABjRWWZEEFgFz+=",
"flowType": "Frictionless/Challenge",
"threeDSTransID": "67b4c71f-19bf-4d97-bd09-4e3687dc9e42",
"threeDSServerTransID": "eea30d14-71cf-41af-b961-f95b7d67dc93",
"threeDSTransStatus": "Y/N/U/R",
"threeDSTransStatusReason": "01-99",
"additionalinfo": {
"authudf2": "1_1665637507_954_104_l73c004m_IAMRB"
},
"acquirer_bin": "401200"
}
Note:
This API is backward compatible and you can continue to the existing integration parameters to process the 3DS 1.0.2 transactions.
Step 2: Check response from PayU
PayU marks the transaction status based on the response received from the bank. PayU provides the final transaction response string to you through a post response. A hash generated by PayU also accompanies the post response.
Note:
Verify the authenticity of the hash value before accepting or rejecting the invoice order. For more information, refer to Generate Hash
Response parameters description
The parameters in the response for similar for all S2S flows. For more information, refer to the Additional Info for Payment APIs.
Sample response
The authorization response received through S2S call output is a base64 encoded string and similar to the following sample response:
e8KgwqAic3RhdHVzIjogInN1Y2Nlc3MiLMKgwqAicmVzdWx0Ijoge8KgwqDCoMKgIm1paHBheWlkIjogIjE2MzEzOTM5NTg0IizCoMKgwqDCoCJtb2RlIjogIkNDIizCoMKgwqDCoCJzdGF0dXMiOiAic3VjY2VzcyIswqDCoMKgwqAia2V5IjogIkpQTTdGZyIswqDCoMKgwqAidHhuaWQiOiAiVFA3QlE1NVZERjJNUFBHMiIswqDCoMKgwqAiYW1vdW50IjogIjE5OS4wMCIswqDCoMKgwqAiYWRkZWRvbiI6ICIyMDIyLTExLTMwIDE4OjEyOjMwIizCoMKgwqDCoCJwcm9kdWN0aW5mbyI6ICIwQWk4NzJwcHBybnJ4ZUExMWR5OXc3M2l5aGNtIizCoMKgwqDCoCJmaXJzdG5hbWUiOiAiMEFpODcycHBwcm5yeGVBMTFkeTl3NzNpeWhjbSIswqDCoMKgwqAibGFzdG5hbWUiOiAiIizCoMKgwqDCoCJhZGRyZXNzMSI6ICIiLMKgwqDCoMKgImFkZHJlc3MyIjogIiIswqDCoMKgwqAiY2l0eSI6ICIiLMKgwqDCoMKgInN0YXRlIjogIiIswqDCoMKgwqAiY291bnRyeSI6ICIiLMKgwqDCoMKgInppcGNvZGUiOiAiIizCoMKgwqDCoCJlbWFpbCI6ICJwbGFjZWhvbGRlckBlbWFpbC5jb20iLMKgwqDCoMKgInBob25lIjogIjExMTExMTExMTExIizCoMKgwqDCoCJ1ZGYxIjogIiIswqDCoMKgwqAidWRmMiI6ICI2Njg2MjA3OTYyNTE0NTM3IizCoMKgwqDCoCJ1ZGYzIjogIiIswqDCoMKgwqAidWRmNCI6ICIiLMKgwqDCoMKgInVkZjUiOiAiIizCoMKgwqDCoCJ1ZGY2IjogIiIswqDCoMKgwqAidWRmNyI6ICIiLMKgwqDCoMKgInVkZjgiOiAiIizCoMKgwqDCoCJ1ZGY5IjogIiIswqDCoMKgwqAidWRmMTAiOiAiIizCoMKgwqDCoCJjYXJkX3Rva2VuIjogIiIswqDCoMKgwqAiY2FyZF9ubyI6ICJYWFhYWFhYWFhYWFgxMDA1IizCoMKgwqDCoCJmaWVsZDAiOiAiIizCoMKgwqDCoCJmaWVsZDEiOiAiIizCoMKgwqDCoCJmaWVsZDIiOiAiMjA0MTQ1IizCoMKgwqDCoCJmaWVsZDMiOiAiIizCoMKgwqDCoCJmaWVsZDQiOiAiIizCoMKgwqDCoCJmaWVsZDUiOiAiIizCoMKgwqDCoCJmaWVsZDYiOiAiMDAwIizCoMKgwqDCoCJmaWVsZDciOiAiQVVUSFBPU0lUSVZFIizCoMKgwqDCoCJmaWVsZDgiOiAiQVBQUk9WRUQiLMKgwqDCoMKgImZpZWxkOSI6ICJUcmFuc2FjdGlvbiBpcyBTdWNjZXNzZnVsIizCoMKgwqDCoCJwYXltZW50X3NvdXJjZSI6ICJkaXJBdXRoUzJTIizCoMKgwqDCoCJQR19UWVBFIjogIkNDLVBHIizCoMKgwqDCoCJlcnJvciI6ICJFMDAwIizCoMKgwqDCoCJlcnJvcl9NZXNzYWdlIjogIk5vIEVycm9yIizCoMKgwqDCoCJjYXJkVG9rZW4iOiAiIizCoMKgwqDCoCJuZXRfYW1vdW50X2RlYml0IjogIjE5OSIswqDCoMKgwqAiZGlzY291bnQiOiAiMC4wMCIswqDCoMKgwqAib2ZmZXJfa2V5IjogIiIswqDCoMKgwqAib2ZmZXJfYXZhaWxlZCI6ICIiLMKgwqDCoMKgInVubWFwcGVkc3RhdHVzIjogImNhcHR1cmVkIizCoMKgwqDCoCJoYXNoIjogIjNmOGZjZGQ2NzY0MmI0NDJkYjA0MjAxYzFmNTNmYmU2ZTdjMjQ5MTE1ZmQ3MThkN2NjZjU4Yjc4ZmVhOTAzOWJmYWFmYWYxYzMyZmZhNDM4NjVkOTVhODVhMDgzMjk1YzgyODZiMGFmNDc2Y2M1ZmE5OGJjNTEyNDQ2MjlhOWQyIizCoMKgwqDCoCJiYW5rX3JlZl9ubyI6ICIyMjExMzAxMjcwNTUiLMKgwqDCoMKgImJhbmtfcmVmX251bSI6ICIyMjExMzAxMjcwNTUiLMKgwqDCoMKgImJhbmtjb2RlIjogIkFNRVgiLMKgwqDCoMKgInN1cmwiOiAiaHR0cHM6Ly90ZXN0LnBheXUuY29tLyIswqDCoMKgwqAiY3VybCI6ICJodHRwczovL3Rlc3QucGF5dS5jb20vIizCoMKgwqDCoCJmdXJsIjogImh0dHBzOi8vdGVzdC5wYXl1LmNvbS8iLMKgwqDCoMKgImNhcmRfaGFzaCI6ICJmZmI0NTZiMmRhYTExM2YzNzc0ZTI3ODFmMWRhYmZhZjk3YTY4ZDgxMThhOTY4ZTJiMjBmZDc5OTY3ZDdmOWJhIsKgwqB9Cn0=
The formatted response is similar to the following:
{
"status": "success",
"result": {
"mihpayid": "16313939584",
"mode": "CC",
"status": "success",
"key": "JPM7Fg",
"txnid": "TP7BQ55VDF2MPPG2",
"amount": "199.00",
"addedon": "2022-11-30 18:12:30",
"productinfo": "0Ai872ppprnrxeA11dy9w73iyhcm",
"firstname": "0Ai872ppprnrxeA11dy9w73iyhcm",
"lastname": "",
"address1": "",
"address2": "",
"city": "",
"state": "",
"country": "",
"zipcode": "",
"email": "[email protected]",
"phone": "11111111111",
"udf1": "",
"udf2": "6686207962514537",
"udf3": "",
"udf4": "",
"udf5": "",
"udf6": "",
"udf7": "",
"udf8": "",
"udf9": "",
"udf10": "",
"card_token": "",
"card_no": "XXXXXXXXXXXX2346",
"field0": "",
"field1": "",
"field2": "204145",
"field3": "",
"field4": "",
"field5": "",
"field6": "000",
"field7": "AUTHPOSITIVE",
"field8": "APPROVED",
"field9": "Transaction is Successful",
"payment_source": "dirAuthS2S",
"PG_TYPE": "CC-PG",
"error": "E000",
"error_Message": "No Error",
"cardToken": "",
"net_amount_debit": "199",
"discount": "0.00",
"offer_key": "",
"offer_availed": "",
"unmappedstatus": "captured",
"hash": "3f8fcdd67642b442db04201c1f53fbe6e7c249115fd718d7ccf58b78fea9039bfaafaf1c32ffa43865d95a85a083295c8286b0af476cc5fa98bc51244629a9d2",
"bank_ref_no": "221130127055",
"bank_ref_num": "221130127055",
"bankcode": "AMEX",
"surl": "https://test.payu.com/",
"curl": "https://test.payu.com/",
"furl": "https://test.payu.com/",
"card_hash": "ffb456b2daa113f3774e2781f1dabfaf97a68d8118a968e2b20fd79967d7f9ba"
}
}
3DS Secure 2.0 Transaction
Request Parameter for 3DS Secure 2.0 Transaction
Along with the parameters mentioned in the Request Parameters section, you must include the threeDS2RequestData parameter in the following JSON format for 3DS Secure 2.0 support for cards:
{
browserInfo": {
"userAgent": "Mozilla\/5.0 (X11 Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) HeadlessChrome\/93.0.4577.0 Safari\/537.36",
"acceptHeader": "*\/*",
"language": "en-US",
"colorDepth": "24",
"screenHeight": "600",
"screenWidth": "800",
"timeZone": "-300",
"javaEnabled": true,
"ip": "10.248.2.71"
}
}
3DS Secure 2.0 browserDetails JSON Fields Description
| Field | Description | Example |
|---|---|---|
| userAgent | This field must include user agent of the device browser. | |
| acceptHeader | This field contains the format of the header. | application/json |
| language | This field contains the language for the 3D Secure Challenge. | en-US |
| colorDepth | This field contains the color depth of the screen. | 24 |
| screenHeight | This field contains the screen height of the device displaying the 3D Secure Challenge. | 640 |
| screenWidth | This field contains the screen width of the device displaying the 3D Secure Challenge. | 480 |
| javaEnabled | This field contains whether Java is enabled for the device. It can be any of the following: | true |
| timeZone | This field contains the time zone code where the payment is accepted. | 273 |
| ip | This should include the IP address of the device from which the browser is accessed. | 10.248.2.71 |
Sample cURL Request with 3DS Secure 2.0
The sample cURL request with 3DS Secure 2.0:
curl --location 'https://test.payu.in/_payment' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: PHPSESSID=nbn8otc350bsv6u5fqvhcbo73b; PHPSESSID=63a0499eaf13e' \
--data-urlencode 'key=JF****g' \
--data-urlencode 'firstname=Ashish' \
--data-urlencode '[email protected]' \
--data-urlencode 'amount=10' \
--data-urlencode 'phone= 9876543210' \
--data-urlencode 'productinfo=Product_info' \
--data-urlencode 'surl=http://pp30admin.payu.in/test_response' \
--data-urlencode 'furl=http://pp30admin.payu.in/test_response' \
--data-urlencode 'pg=CC' \
--data-urlencode 'bankcode=CC' \
--data-urlencode 'lastname=Test' \
--data-urlencode 'ccname=Test User' \
--data-urlencode 'ccvv=123' \
--data-urlencode 'ccexpmon=06' \
--data-urlencode 'ccexpyr=2024' \
--data-urlencode 'txnid=jYhbOYH9o4' \
--data-urlencode 'hash=e5b286a9c8545038de9d4e4ee4d8a2fd02e821015aff7e0323807ba174997d8643f9aa174981385e3e4dfe60b918650806ccb97b3e8e3471e1985ecadefd0184' \
--data-urlencode 'ccnum=4012000000002004' \
--data-urlencode 'txn_s2s_flow=4' \
--data-urlencode 'threeDS2RequestData={
"browserInfo": {
"userAgent": "Mozilla\/5.0 (X11 Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) HeadlessChrome\/93.0.4577.0 Safari\/537.36",
"acceptHeader": "*\/*",
"language": "en-US",
"colorDepth": "24",
"screenHeight": "600",
"screenWidth": "800",
"timeZone": "-300",
"javaEnabled": true,
"ip": "10.248.2.71"
}
}'
Updated about 8 hours ago