1. API Integration
To integrate with PayU Hosted Checkout, you need to send a request and check the response. This will redirect the customer from the merchant’s website to PayU’s payment page to complete the payment. You can use the sample request and response in the provided documentation to get started.
Before you begin:
- PayU recommends you to integrate with Test environment initially. For merchants registered before August 3rd, 2023, use the following URL to sign up for the Test environment:
https://uat-onepayuonboarding.payu.in/app/account/signup- Later, register for a production account with PayU. For more information, refer to Register for a Merchant Account.
The steps involved in PayU Hosted Checkout integration are:
Step 1: Make the transaction request to PayU
Make the transaction request to the PayU Test server.
Tip
When the customer is redirected to the PayU payment page, you can enforce certain payment modes or drop categories. For more information on customizing the payment codes and categories, refer to Enforce refer to Enforce Pay Method or Remove Category .
Post request syntax & composition
The code block is a sample post request that you need to send to PayU:
<body>
<form action='https://test.payu.in/_payment' method='post'>
<input type="hidden" name="key" value="JP***g" />
<input type="hidden" name="txnid" value="t6svtqtjRdl4ws" />
<input type="hidden" name="productinfo" value="iPhone" />
<input type="hidden" name="amount" value="10" />
<input type="hidden" name="email" value="[email protected]" />
<input type="hidden" name="firstname" value="Ashish" />
<input type="hidden" name="lastname" value="Kumar" />
<input type="hidden" name="surl" value="https://apiplayground-response.herokuapp.com/" />
<input type="hidden" name="furl" value="https://apiplayground-response.herokuapp.com/" />
<input type="hidden" name="phone" value="9988776655” />
<input type="hidden" name="hash" value="eabec285da28fd0e3054d41a4d24fe9f7599c9d0b66646f7a9984303fd6124044b6206daf831e9a8bda28a6200d318293a13d6c193109b60bd4b4f8b09c90972" />
<input type="submit" value="submit"> </form>
</body>
</html>
Request and response
The Collect Payment (_payment) API is used for collecting payments in Web Checkout integration. For request and response, refer to Collect Payments API under API Reference.
Environment
Test Environment | https://test.payu.in/_payment |
Production Environment | https://secure.payu.in/_payment |
Error Handling
If any error message is displayed with an error code, refer to Error Codes for Refund Initiation to understand the reason for these error codes.
Reference
For an example of how to submit a payment request on your website, refer to Integrating on your Website. To handle redirect URLs (surl and furl), refer to Handling the Redirect URLs .
Request parameters
Parameter | Description | Example |
---|---|---|
keymandatory | String Merchant key provided by PayU during onboarding. | JPG****.k |
txnidmandatory | String The transaction ID is a reference number for a specific order that is generated by the merchant. | ypl938459435 |
amountmandatory | String The payment amount for the transaction. | 10.00 |
productinfomandatory | String A brief description of the product. | iPhone |
firstnamemandatory | String The first name of the customer. | Ashish |
emailmandatory | String The email address of the customer. | [email protected] |
phonemandatory | String The phone number of the customer. | |
lastnameoptional | String The last name of the customer. | Kumar |
surlmandatory | String The success URL, which is the page PayU will redirect to if the transaction is successful. | https://test-payment-middleware.payu.in/simulatorResponse |
furlmandatory | String The Failure URL, which is the page PayU will redirect to if the transaction is failed. | https://test-payment-middleware.payu.in/simulatorResponse |
hashmandatory | String It is the hash calculated by the merchant. The hash calculation logic is: sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT) Reference: For detailed information on hashing, refer to Generate Hash . | |
address1optional | String The first line of the billing address.Fraud Detection: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information. | H.No- 17, Block C, Kalyan Bldg, Khardilkar Road, Mumbai |
address2optional | String The second line of the billing address. | 34 Saikripa-Estate, Tilak Nagar |
cityoptional | String The city where your customer resides as part of the billing address. | Mumbai |
stateoptional | String The state where your customer resides as part of the billing address, | Maharashtra |
countryoptional | String The country where your customer resides. | India |
zipcodeoptional | String Billing address zip code is mandatory for the cardless EMI option. Character Limit-20 | 400004 |
enforced_paymentoptional | String This parameter is to customize the payment options for each transaction. You can enforce specific payment modes, cards scheme, and specific banks under Net Banking using this method. | creditcard|debitcard |
drop_categoryoptional | String This parameter is used if you want to hide one or multiple payment options. For example, if you consider the payment options such as credit card, debit card, and net banking, you can hide the credit card mode of payment. | CC |
udf1optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5. | AELPR****E |
udf2optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5. | |
udf3optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. | 02-02-1980 |
udf4optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. | XYZ Pvt. Ltd. |
udf5optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. | 098450845 |
Sample request
curl -X POST "https://test.payu.in/_payment"
-H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d
"key=JP***g&txnid=PQI6MqpYrjEefU&amount=10.00
&firstname=PayU User&[email protected]&phone=9876543210
&productinfo=iPhone&surl=
https://apiplayground-response.herokuapp.com/
&furl=https://apiplayground-response.herokuapp.com
&hash=05a397501918ec5c36ae52daa3b3e49b43e986b86940e109d060076e467c3ea7536617df7420e0e6863dced8c5b45f9fff15c13bdf0335512c05f0210b31b072"
import requests
url = "https://test.payu.in/_payment"
payload = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56"
headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
<?php
$url = "https://test.payu.in/_payment";
$req = req_init($url);
req_setopt($req, CURLOPT_URL, $url);
req_setopt($req, CURLOPT_POST, true);
req_setopt($req, CURLOPT_RETURNTRANSFER, true);
$headers = array(
"Content-Type: application/x-www-form-urlencoded",
);
req_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$data = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56";
req_setopt($curl, CURLOPT_POSTFIELDS, $data);
$resp = req_exec($req);
req_close($req);
var_dump($resp);
?>
import org.apache.http.HttpResponse;
import org.apache.http.client.fluent.Request;
import org.apache.http.entity.ContentType;
import org.apache.http.util.EntityUtils;
public class Main {
public static void main(String[] args) throws Exception {
Request request = Request.Post("https://test.payu.in/_payment -H");
String body = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56";
request.bodyString(body, ContentType.APPLICATION_FORM_URLENCODED);
request.setHeader("Content-Type", "application/x-www-form-urlencoded");
HttpResponse httpResponse = request.execute().returnResponse();
System.out.println(httpResponse.getStatusLine());
if (httpResponse.getEntity() != null) {
String html = EntityUtils.toString(httpResponse.getEntity());
System.out.println(html);
}
}
}
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
namespace PayUExample
{
class Program
{
static async Task Main(string[] args)
{
// Set the API endpoint URL
string apiUrl = "https://test.payu.in/_payment";
// Create an HttpClient instance
using (HttpClient client = new HttpClient())
{
// Set request headers
client.DefaultRequestHeaders.Add("accept", "application/json");
client.DefaultRequestHeaders.Add("Content-Type", "application/x-www-form-urlencoded");
// Set request parameters
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("key", "JP***g"),
new KeyValuePair<string, string>("txnid", "PQI6MqpYrjEefU"),
new KeyValuePair<string, string>("amount", "10.00"),
new KeyValuePair<string, string>("firstname", "PayU User"),
new KeyValuePair<string, string>("email", "[email protected]"),
new KeyValuePair<string, string>("phone", "9876543210"),
new KeyValuePair<string, string>("productinfo", "iPhone"),
new KeyValuePair<string, string>("surl", "https://apiplayground-response.herokuapp.com/"),
new KeyValuePair<string, string>("furl", "https://apiplayground-response.herokuapp.com"),
new KeyValuePair<string, string>("hash", "05a397501918ec5c36ae52daa3b3e49b43e986b86940e109d060076e467c3ea7536617df7420e0e6863dced8c5b45f9fff15c13bdf0335512c05f0210b31b072")
});
// Send the POST request
HttpResponseMessage response = await client.PostAsync(apiUrl, content);
// Read the response content
string responseContent = await response.Content.ReadAsStringAsync();
// Print the response
Console.WriteLine(responseContent);
}
}
}
}
Sample response
The response URL returned from PayU is similar to the following:
mihpayid=403993715523615328&mode=CC&status=success&unmappedstatus=captured&key=JPM7Fg&txnid=50QJq6lBJBmx14&amount=10.00&cardCategory=domestic&discount=0.00&net_amount_debit=10&addedon=2021-07-28+15%3A11%3A37&productinfo=iPhone&firstname=PayU+User&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test%40gmail.com&phone=9876543210&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa&field1=&field2=&field3=&field4=&field5=&field6=&field7=&field8=&field9=Transaction+Completed+Successfully&payment_source=payu&PG_TYPE=CC-PG&bank_ref_num=7f0d5ada-59bb-41d7-9e41-20a6af2406c9&bankcode=CC&error=E000&error_Message=No+Error&name_on_card=test&cardnum=411111XXXXXX1111&cardhash=This+field+is+no+longer+supported+in+postback+params.
The response mentioned earlier looks like the following when parsed:
mihpayid: 403993715523615328
mode: CC
status: success
unmappedstatus: captured
key: JPM7Fg
txnid: 50QJq6lBJBmx14
amount: 10.00
cardCategory: domestic
discount: 0.00
net_amount_debit: 10
addedon: 2021-07-28 15:11:37
productinfo: iPhone
firstname: PayU User
lastname:
address1:
address2:
city:
state:
country:
zipcode:
email: [email protected]
phone: 9876543210
udf1:
udf2:
udf3:
udf4:
udf5:
udf6:
udf7:
udf8:
udf9:
udf10:
hash: afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa
field1:
field2:
field3:
field4:
field5:
field6:
field7:
field8:
field9: Transaction Completed Successfully
payment_source: payu
PG_TYPE: CC-PG
bank_ref_num: 7f0d5ada-59bb-41d7-9e41-20a6af2406c9
bankcode: CC
error: E000
error_message: No Error
name_on_card: test
cardnum: 411111XXXXXX1111
cardhash: This field is no longer supported in postback params.
Integration security
After receiving a response from PayU, you must calculate the hash again and validate it against the hash that you sent in the request to ensure the transaction is secure. PayU recommends implementing the transaction details APIs and webhook/callback as an extra security measure. For more information on this process, refer to Get Transaction Details API APIs and Webhooks documentation.
You need to ensure that sensitive information related to the integration is not part of the payment request to PayU. The details including — but are not limited to — the following are considered sensitive information:
- salt value
- plain text hash string
Along with the request, the sensitive information should not be a part of any merchant-level URL. The following are considered sources for the merchant-level URL:
- The last web address accessed by a browser before loading PayU’s checkout page.
- URLs shared as part of payment request to PayU in the parameters: surl, furl, curl, nurl, and termUrl.
- Notification URLs configured with the merchant account.
- Invoice Completion URLs configured with the merchant account.
Important
Compare the parameters sent by PayU in the response with the ones you sent in the request to make sure none of them have been changed. You should verify specific parameters such as the transaction ID and amount. PayU is not responsible for any security breaches or loss resulting from your failure to implement the necessary security measures.
Step 2: Verify the payment
PayU recommends this step to reconcile with PayU’s database after you receive the response. Verify the transaction details using the Verification APIs. For API reference, refer to Verify Payment API under API Reference.
Tip
The Transaction ID (txnid) value that you passed in request of Step 1 with PayU must be used here.
Updated 24 days ago