1. Integration Steps

To integrate with PayU Hosted Checkout, you need to send a request and check the response. This will redirect the customer from the merchant’s website to PayU’s payment page to complete the payment. You can use the sample request and response in the provided documentation to get started.


Before you begin:

The steps involved in PayU Hosted Checkout integration are:

  1. Make Transaction Request to PayU
  2. Verify Payment

Step 1: Make the transaction request to PayU

Make the transaction request to the PayU Test server.



When the customer is redirected to the PayU payment page, you can enforce certain payment modes or drop categories. For more information on customizing the payment codes and categories, refer to Enforce refer to Enforce Pay Method or Remove Category .

Post request syntax & composition

The code block is a sample post request that you need to send to PayU:

<form action='https://test.payu.in/_payment' method='post'>
<input type="hidden" name="key" value="JP***g" />
<input type="hidden" name="txnid" value="t6svtqtjRdl4ws" />
<input type="hidden" name="productinfo" value="iPhone" />
<input type="hidden" name="amount" value="10" />
<input type="hidden" name="email" value="[email protected]" />
<input type="hidden" name="firstname" value="Ashish" />
<input type="hidden" name="lastname" value="Kumar" />
<input type="hidden" name="surl" value="https://apiplayground-response.herokuapp.com/" />
<input type="hidden" name="furl" value="https://apiplayground-response.herokuapp.com/" />
<input type="hidden" name="phone" value="9988776655” />
<input type="hidden" name="hash" value="eabec285da28fd0e3054d41a4d24fe9f7599c9d0b66646f7a9984303fd6124044b6206daf831e9a8bda28a6200d318293a13d6c193109b60bd4b4f8b09c90972" />
<input type="submit" value="submit"> </form>

Request and response

The Collect Payment (_payment) API is used for collecting payments in Web Checkout integration. For request and response, refer to Collect Payments API under API Reference.




Error Handling

If any error message is displayed with an error code, refer to Error Codes for Refund Initiation to understand the reason for these error codes.



For an example of how to submit a payment request on your website, refer to Submitting Payment Request on your Website . To handle redirect URLs (surl and furl), refer to Handling the Redirect URLs .

Sample request

curl -X POST "https://test.payu.in/_payment"
-H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d
&firstname=PayU User&[email protected]&phone=9876543210
import requests

url = "https://test.payu.in/_payment"
payload = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56"
headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }

response = requests.request("POST", url, data=payload, headers=headers)



$url = "https://test.payu.in/_payment";

$req = req_init($url);

req_setopt($req, CURLOPT_URL, $url);
req_setopt($req, CURLOPT_POST, true); 
req_setopt($req, CURLOPT_RETURNTRANSFER, true);

$headers = array(
    "Content-Type: application/x-www-form-urlencoded",

req_setopt($curl, CURLOPT_HTTPHEADER, $headers);

$data = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56";

req_setopt($curl, CURLOPT_POSTFIELDS, $data);

$resp = req_exec($req);




import org.apache.http.HttpResponse;
import org.apache.http.client.fluent.Request;
import org.apache.http.entity.ContentType;
import org.apache.http.util.EntityUtils;

public class Main {
    public static void main(String[] args) throws Exception {
        Request request = Request.Post("https://test.payu.in/_payment -H");

        String body = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56";
        request.bodyString(body, ContentType.APPLICATION_FORM_URLENCODED);
        request.setHeader("Content-Type", "application/x-www-form-urlencoded");

        HttpResponse httpResponse = request.execute().returnResponse();


        if (httpResponse.getEntity() != null) {
            String html = EntityUtils.toString(httpResponse.getEntity());

Sample response

The response URL returned from PayU is similar to the following:


The response mentioned earlier looks like the following when parsed:

mihpayid: 403993715523615328
mode: CC
status: success
unmappedstatus: captured
key: JPM7Fg
txnid: 50QJq6lBJBmx14
amount: 10.00
cardCategory: domestic
discount: 0.00
net_amount_debit: 10
addedon: 2021-07-28 15:11:37
productinfo: iPhone
firstname: PayU User
email: [email protected]
phone: 9876543210
hash: afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa
field9: Transaction Completed Successfully
payment_source: payu
bank_ref_num: 7f0d5ada-59bb-41d7-9e41-20a6af2406c9
bankcode: CC
error: E000
error_message: No Error
name_on_card: test
cardnum: 411111XXXXXX1111
cardhash: This field is no longer supported in postback params.

Integration security

After receiving a response from PayU, you must calculate the hash again and validate it against the hash that you sent in the request to ensure the transaction is secure. PayU recommends implementing the transaction details APIs and webhook/callback as an extra security measure. For more information on this process, refer to Get Transaction Details API APIs and Webhooks documentation.

You need to ensure that sensitive information related to the integration is not part of the payment request to PayU. The details including — but are not limited to — the following are considered sensitive information:

  • salt value
  • plain text hash string

Along with the request, the sensitive information should not be a part of any merchant-level URL. The following are considered sources for the merchant-level URL:

  • The last web address accessed by a browser before loading PayU’s checkout page.
  • URLs shared as part of payment request to PayU in the parameters: surl, furl, curl, nurl, and termUrl.
  • Notification URLs configured with the merchant account.
  • Invoice Completion URLs configured with the merchant account.



Compare the parameters sent by PayU in the response with the ones you sent in the request to make sure none of them have been changed. You should verify specific parameters such as the transaction ID and amount. PayU is not responsible for any security breaches or loss resulting from your failure to implement the necessary security measures.

Step 2: Verify the payment

PayU recommends this step to reconcile with PayU’s database after you receive the response. Verify the transaction details using the Verification APIs. For API reference, refer to Verify Payment API under API Reference.



The Transaction ID (txnid) value that you passed in request of Step 1 with PayU must be used here.

Recommended integrations for PayU Hosted Checkout

  • Offers: Configure offers for cards on Dashboard and then collect payments with offers. For more information, refer to Create an Instant Discount or Cashback Offer and Offers .
  • Pre-authorize Credit Card Transactions: PayU’s pre-authorization (also card authorization, authorization hold or Auth and Capture) product allows merchants two-step card payments so you can temporarily block some amount of funds when a customer places an order (authorization) and then capture the amount later.. For more information, refer to Pre-authorize Credit Card Payments .
  • Sodexo Integration: Accept Sodexo payments by enabling Sodexo integration with PayU Hosted Checkout. For more information, refer to Enable Sodexo on Checkout .