Direct Authorization Integration

PayU enables merchants to process direct authorization for pre-authenticated transactions (external MPI/3DSS). This section describes how to integrate with PayU’s direct authorization flow.

Steps to Integrate

  1. Post the Parameters to PayU
  2. Check Response from PayU

👍

Before you begin:

Register for a account with PayU before you start integration. For more information, refer to Register for a Merchant Account.

Step 1: Post the parameters to PayU

Initiate an authorization request with the payment details provided post a successful authentication via the MPI/3DSS.  For a sample request or response, refer to Collect Payment API - Server-to-Server.. In addition to the regular parameters, you need to post the following parameters:

ParameterDescriptionExample
txn_s2s_flow
mandatory for S2S
String This parameter must be passed with the value as 3 for Direct Authorization.3
authentication_infoJSON This parameter contains the authentication information in a JSON format for direct authorization. For more information refer to [authentication_info JSON Fields Description](#authentication_info-json-fields description).Refer to authenticaion_info JSON Sample.
threeDS2RequestDataJSONThis parameter contains the following fields in an array format:
- threeDSVersion: The message protocol version is to be specified in this field.
- deviceChannel: The channel of transaction is to be specified in this field.
Note: This parameter is applicable for the EMV 3DS transactions.
{
“threeDSVersion” : “2.2.0”,
“deviceChannel” : “APP/BRW”
}

Sample request

curl -X POST "https://test.payu.in/_payment
-H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d

"key=JP***g&txnid=ATGNMtNsHKgBQ4&amount=199.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=cc&bankcode=cc&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=5123456789012346&ccexpmon=05&ccexpyr=2022&ccvv=123&ccname=&txn_s2s_flow=3&threeDS2RequestData:{ “threeDSVersion” : “2.2.0”, “deviceChannel” : “APP/BRW”}&authentication_info: { "eci": "05","cavv":"AAABAWFlmQAAAABjRWWZEEFgFz+=","flowType": "Frictionless", "threeDSTransID": "67b4c71f-19bf-4d97-bd09-4e3687dc9e42", "threeDSServerTransID": "eea30d14-71cf-41af-b961-f95b7d67dc93", "threeDSTransStatus": "Y","threeDSTransStatusReason": "01-99", "additionalinfo": { "authudf2": "1_1665637507_954_104_l73c004m_IAMRB" }, "acquirer_bin": "401200"}"&s2s_client_ip=83.191.88.168&s2s_device_info=221.6.48.86&hash=1447162a8519a8cbaf8726fdff99487cbac7743595cf355a27fac4a2b42a576e5f23d21ebf59b50004714f7b6b4775e34355ce6acad86f60e2c7369b5df4c55b

Collect the response in the Collect Payment API - Server-to-Server under API Reference. The response for the S2S payment request is not similar to Merchant Hosted or PayU Hosted Checkout. For description of response parameters and authentication_info JSON Fields Description, refer to Additional Info for Payment APIs.

authentication_info JSON Sample

authentication_info” : { 
  "eci": "05", 
  "cavv": "AAABAWFlmQAAAABjRWWZEEFgFz+=", 
  "flowType": "Frictionless/Challenge", 
  "threeDSTransID": "67b4c71f-19bf-4d97-bd09-4e3687dc9e42", 
  "threeDSServerTransID": "eea30d14-71cf-41af-b961-f95b7d67dc93", 
  "threeDSTransStatus": "Y/N/U/R", 
  "threeDSTransStatusReason": "01-99", 
  "additionalinfo": { 
    "authudf2": "1_1665637507_954_104_l73c004m_IAMRB" 
  }, 
  "acquirer_bin": "401200" 
}

📘

Note:

This API is backward compatible and you can continue to the existing integration parameters to process the 3DS 1.0.2 transactions.

Step 2: Check response from PayU

PayU marks the transaction status based on the response received from the bank. PayU provides the final transaction response string to you through a post response. A hash generated by PayU also accompanies the post response.

📘

Note:

Verify the authenticity of the hash value before accepting or rejecting the invoice order. For more information, refer to Generate Hash

Response parameters description

The parameters in the response for similar for all S2S flows. For more information, refer to the Additional Info for Payment APIs.

Sample response

The authorization response received through S2S call output is a base64 encoded string and similar to the following sample response:

e8KgwqAic3RhdHVzIjogInN1Y2Nlc3MiLMKgwqAicmVzdWx0Ijoge8KgwqDCoMKgIm1paHBheWlkIjogIjE2MzEzOTM5NTg0IizCoMKgwqDCoCJtb2RlIjogIkNDIizCoMKgwqDCoCJzdGF0dXMiOiAic3VjY2VzcyIswqDCoMKgwqAia2V5IjogIkpQTTdGZyIswqDCoMKgwqAidHhuaWQiOiAiVFA3QlE1NVZERjJNUFBHMiIswqDCoMKgwqAiYW1vdW50IjogIjE5OS4wMCIswqDCoMKgwqAiYWRkZWRvbiI6ICIyMDIyLTExLTMwIDE4OjEyOjMwIizCoMKgwqDCoCJwcm9kdWN0aW5mbyI6ICIwQWk4NzJwcHBybnJ4ZUExMWR5OXc3M2l5aGNtIizCoMKgwqDCoCJmaXJzdG5hbWUiOiAiMEFpODcycHBwcm5yeGVBMTFkeTl3NzNpeWhjbSIswqDCoMKgwqAibGFzdG5hbWUiOiAiIizCoMKgwqDCoCJhZGRyZXNzMSI6ICIiLMKgwqDCoMKgImFkZHJlc3MyIjogIiIswqDCoMKgwqAiY2l0eSI6ICIiLMKgwqDCoMKgInN0YXRlIjogIiIswqDCoMKgwqAiY291bnRyeSI6ICIiLMKgwqDCoMKgInppcGNvZGUiOiAiIizCoMKgwqDCoCJlbWFpbCI6ICJwbGFjZWhvbGRlckBlbWFpbC5jb20iLMKgwqDCoMKgInBob25lIjogIjExMTExMTExMTExIizCoMKgwqDCoCJ1ZGYxIjogIiIswqDCoMKgwqAidWRmMiI6ICI2Njg2MjA3OTYyNTE0NTM3IizCoMKgwqDCoCJ1ZGYzIjogIiIswqDCoMKgwqAidWRmNCI6ICIiLMKgwqDCoMKgInVkZjUiOiAiIizCoMKgwqDCoCJ1ZGY2IjogIiIswqDCoMKgwqAidWRmNyI6ICIiLMKgwqDCoMKgInVkZjgiOiAiIizCoMKgwqDCoCJ1ZGY5IjogIiIswqDCoMKgwqAidWRmMTAiOiAiIizCoMKgwqDCoCJjYXJkX3Rva2VuIjogIiIswqDCoMKgwqAiY2FyZF9ubyI6ICJYWFhYWFhYWFhYWFgxMDA1IizCoMKgwqDCoCJmaWVsZDAiOiAiIizCoMKgwqDCoCJmaWVsZDEiOiAiIizCoMKgwqDCoCJmaWVsZDIiOiAiMjA0MTQ1IizCoMKgwqDCoCJmaWVsZDMiOiAiIizCoMKgwqDCoCJmaWVsZDQiOiAiIizCoMKgwqDCoCJmaWVsZDUiOiAiIizCoMKgwqDCoCJmaWVsZDYiOiAiMDAwIizCoMKgwqDCoCJmaWVsZDciOiAiQVVUSFBPU0lUSVZFIizCoMKgwqDCoCJmaWVsZDgiOiAiQVBQUk9WRUQiLMKgwqDCoMKgImZpZWxkOSI6ICJUcmFuc2FjdGlvbiBpcyBTdWNjZXNzZnVsIizCoMKgwqDCoCJwYXltZW50X3NvdXJjZSI6ICJkaXJBdXRoUzJTIizCoMKgwqDCoCJQR19UWVBFIjogIkNDLVBHIizCoMKgwqDCoCJlcnJvciI6ICJFMDAwIizCoMKgwqDCoCJlcnJvcl9NZXNzYWdlIjogIk5vIEVycm9yIizCoMKgwqDCoCJjYXJkVG9rZW4iOiAiIizCoMKgwqDCoCJuZXRfYW1vdW50X2RlYml0IjogIjE5OSIswqDCoMKgwqAiZGlzY291bnQiOiAiMC4wMCIswqDCoMKgwqAib2ZmZXJfa2V5IjogIiIswqDCoMKgwqAib2ZmZXJfYXZhaWxlZCI6ICIiLMKgwqDCoMKgInVubWFwcGVkc3RhdHVzIjogImNhcHR1cmVkIizCoMKgwqDCoCJoYXNoIjogIjNmOGZjZGQ2NzY0MmI0NDJkYjA0MjAxYzFmNTNmYmU2ZTdjMjQ5MTE1ZmQ3MThkN2NjZjU4Yjc4ZmVhOTAzOWJmYWFmYWYxYzMyZmZhNDM4NjVkOTVhODVhMDgzMjk1YzgyODZiMGFmNDc2Y2M1ZmE5OGJjNTEyNDQ2MjlhOWQyIizCoMKgwqDCoCJiYW5rX3JlZl9ubyI6ICIyMjExMzAxMjcwNTUiLMKgwqDCoMKgImJhbmtfcmVmX251bSI6ICIyMjExMzAxMjcwNTUiLMKgwqDCoMKgImJhbmtjb2RlIjogIkFNRVgiLMKgwqDCoMKgInN1cmwiOiAiaHR0cHM6Ly90ZXN0LnBheXUuY29tLyIswqDCoMKgwqAiY3VybCI6ICJodHRwczovL3Rlc3QucGF5dS5jb20vIizCoMKgwqDCoCJmdXJsIjogImh0dHBzOi8vdGVzdC5wYXl1LmNvbS8iLMKgwqDCoMKgImNhcmRfaGFzaCI6ICJmZmI0NTZiMmRhYTExM2YzNzc0ZTI3ODFmMWRhYmZhZjk3YTY4ZDgxMThhOTY4ZTJiMjBmZDc5OTY3ZDdmOWJhIsKgwqB9Cn0=

The formatted response is similar to the following:

{
  "status": "success",
  "result": {
    "mihpayid": "16313939584",
    "mode": "CC",
    "status": "success",
    "key": "JPM7Fg",
    "txnid": "TP7BQ55VDF2MPPG2",
    "amount": "199.00",
    "addedon": "2022-11-30 18:12:30",
    "productinfo": "0Ai872ppprnrxeA11dy9w73iyhcm",
    "firstname": "0Ai872ppprnrxeA11dy9w73iyhcm",
    "lastname": "",
    "address1": "",
    "address2": "",
    "city": "",
    "state": "",
    "country": "",
    "zipcode": "",
    "email": "[email protected]",
    "phone": "11111111111",
    "udf1": "",
    "udf2": "6686207962514537",
    "udf3": "",
    "udf4": "",
    "udf5": "",
    "udf6": "",
    "udf7": "",
    "udf8": "",
    "udf9": "",
    "udf10": "",
    "card_token": "",
    "card_no": "XXXXXXXXXXXX2346",
    "field0": "",
    "field1": "",
    "field2": "204145",
    "field3": "",
    "field4": "",
    "field5": "",
    "field6": "000",
    "field7": "AUTHPOSITIVE",
    "field8": "APPROVED",
    "field9": "Transaction is Successful",
    "payment_source": "dirAuthS2S",
    "PG_TYPE": "CC-PG",
    "error": "E000",
    "error_Message": "No Error",
    "cardToken": "",
    "net_amount_debit": "199",
    "discount": "0.00",
    "offer_key": "",
    "offer_availed": "",
    "unmappedstatus": "captured",
    "hash": "3f8fcdd67642b442db04201c1f53fbe6e7c249115fd718d7ccf58b78fea9039bfaafaf1c32ffa43865d95a85a083295c8286b0af476cc5fa98bc51244629a9d2",
    "bank_ref_no": "221130127055",
    "bank_ref_num": "221130127055",
    "bankcode": "AMEX",
    "surl": "https://test.payu.com/",
    "curl": "https://test.payu.com/",
    "furl": "https://test.payu.com/",
    "card_hash": "ffb456b2daa113f3774e2781f1dabfaf97a68d8118a968e2b20fd79967d7f9ba"
  }
}

3DS Secure 2.0 Transaction

Request Parameter for 3DS Secure 2.0 Transaction

Along with the parameters mentioned in the Request Parameters section, you must include the threeDS2RequestData parameter in the following JSON format for 3DS Secure 2.0 support for cards:

{
browserInfo": {
        "userAgent": "Mozilla\/5.0 (X11 Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) HeadlessChrome\/93.0.4577.0 Safari\/537.36",
        "acceptHeader": "*\/*",
        "language": "en-US",
        "colorDepth": "24",
        "screenHeight": "600",
        "screenWidth": "800",
        "timeZone": "-300",
        "javaEnabled": true,
        "ip": "10.248.2.71"
    }
}

3DS Secure 2.0 browserDetails JSON Fields Description

FieldDescriptionExample
userAgentThis field must include user agent of the device browser. 
acceptHeaderThis field contains the format of the header.application/json
languageThis field contains the language for the 3D Secure Challenge.en-US
colorDepthThis field contains the color depth of the screen.24
screenHeightThis field contains the screen height of the device displaying the 3D Secure Challenge.640
screenWidthThis field contains the screen width of the device displaying the 3D Secure Challenge.480
javaEnabledThis field contains whether Java is enabled for the device. It can be any of the following:true
timeZoneThis field contains the time zone code where the payment is accepted.273
ipThis should include the IP address of the device from which the browser is accessed.10.248.2.71

Sample cURL Request with 3DS Secure 2.0

The sample cURL request with 3DS Secure 2.0:

curl --location 'https://test.payu.in/_payment' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: PHPSESSID=nbn8otc350bsv6u5fqvhcbo73b; PHPSESSID=63a0499eaf13e' \
--data-urlencode 'key=JF****g' \
--data-urlencode 'firstname=Ashish' \
--data-urlencode '[email protected]' \
--data-urlencode 'amount=10' \
--data-urlencode 'phone= 9876543210' \
--data-urlencode 'productinfo=Product_info' \
--data-urlencode 'surl=http://pp30admin.payu.in/test_response' \
--data-urlencode 'furl=http://pp30admin.payu.in/test_response' \
--data-urlencode 'pg=CC' \
--data-urlencode 'bankcode=CC' \
--data-urlencode 'lastname=Test' \
--data-urlencode 'ccname=Test User' \
--data-urlencode 'ccvv=123' \
--data-urlencode 'ccexpmon=06' \
--data-urlencode 'ccexpyr=2024' \
--data-urlencode 'txnid=jYhbOYH9o4' \
--data-urlencode 'hash=e5b286a9c8545038de9d4e4ee4d8a2fd02e821015aff7e0323807ba174997d8643f9aa174981385e3e4dfe60b918650806ccb97b3e8e3471e1985ecadefd0184' \
--data-urlencode 'ccnum=4012000000002004' \
--data-urlencode 'txn_s2s_flow=4' \
--data-urlencode 'threeDS2RequestData={
    "browserInfo": {
        "userAgent": "Mozilla\/5.0 (X11 Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) HeadlessChrome\/93.0.4577.0 Safari\/537.36",
        "acceptHeader": "*\/*",
        "language": "en-US",
        "colorDepth": "24",
        "screenHeight": "600",
        "screenWidth": "800",
        "timeZone": "-300",
        "javaEnabled": true,
        "ip": "10.248.2.71"
    }
}'