1. API Integration

To integrate with PayU Hosted Checkout, you need to send a request and check the response. This will redirect the customer from the merchant’s website to PayU’s payment page to complete the payment. You can use the sample request and response in the provided documentation to get started.

👍

Before you begin:

The steps involved in PayU Hosted Checkout integration are:

  1. Make Transaction Request to PayU
  2. Verify Payment

Step 1: Make the transaction request to PayU

Make the transaction request to the PayU Test server.

📘

Tip

When the customer is redirected to the PayU payment page, you can enforce certain payment modes or drop categories. For more information on customizing the payment codes and categories, refer to Enforce refer to Enforce Pay Method or Remove Category .

Post request syntax & composition

The code block is a sample post request that you need to send to PayU:

<body>
<form action='https://test.payu.in/_payment' method='post'>
<input type="hidden" name="key" value="JP***g" />
<input type="hidden" name="txnid" value="t6svtqtjRdl4ws" />
<input type="hidden" name="productinfo" value="iPhone" />
<input type="hidden" name="amount" value="10" />
<input type="hidden" name="email" value="[email protected]" />
<input type="hidden" name="firstname" value="Ashish" />
<input type="hidden" name="lastname" value="Kumar" />
<input type="hidden" name="surl" value="https://apiplayground-response.herokuapp.com/" />
<input type="hidden" name="furl" value="https://apiplayground-response.herokuapp.com/" />
<input type="hidden" name="phone" value="9988776655” />
<input type="hidden" name="hash" value="eabec285da28fd0e3054d41a4d24fe9f7599c9d0b66646f7a9984303fd6124044b6206daf831e9a8bda28a6200d318293a13d6c193109b60bd4b4f8b09c90972" />
<input type="submit" value="submit"> </form>
</body>
</html>

Request and response

The Collect Payment (_payment) API is used for collecting payments in Web Checkout integration. For request and response, refer to Collect Payments API under API Reference.

Environment

❗️

Error Handling

If any error message is displayed with an error code, refer to Error Codes for Refund Initiation to understand the reason for these error codes.

📘

Reference

For an example of how to submit a payment request on your website, refer to Integrating on your Website. To handle redirect URLs (surl and furl), refer to Handling the Redirect URLs .

Request parameters

ParameterDescriptionExample
key
mandatory
StringMerchant key provided by PayU during onboarding.JPG****.k
txnid
mandatory
StringThe transaction ID is a reference number for a specific order that is generated by the merchant.ypl938459435
amount
mandatory
StringThe payment amount for the transaction.10.00
productinfo
mandatory
StringA brief description of the product.iPhone
firstname
mandatory
String The first name of the customer.Ashish
email
mandatory
StringThe email address of the customer.[email protected]
phone
mandatory
StringThe phone number of the customer.
lastname
optional
String The last name of the customer.Kumar
surl
mandatory
StringThe success URL, which is the page PayU will redirect to if the transaction is successful.https://test-payment-middleware.payu.in/simulatorResponse
furl
mandatory
StringThe Failure URL, which is the page PayU will redirect to if the transaction is failed.https://test-payment-middleware.payu.in/simulatorResponse
hash
mandatory
StringIt is the hash calculated by the merchant. The hash calculation logic is: sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)
Reference: For detailed information on hashing, refer to Generate Hash .
address1
optional
String The first line of the billing address.
Fraud Detection: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information.
H.No- 17, Block C, Kalyan Bldg, Khardilkar Road, Mumbai
address2
optional
String The second line of the billing address.34 Saikripa-Estate, Tilak Nagar
city
optional
String The city where your customer resides as part of the billing address.Mumbai
state
optional
String The state where your customer resides as part of the billing address,Maharashtra
country
optional
String The country where your customer resides.India
zipcode
optional
String Billing address zip code is mandatory for the cardless EMI option.
Character Limit-20
400004
enforced_payment
optional
StringThis parameter is to customize the payment options for each transaction. You can enforce specific payment modes, cards scheme, and specific banks under Net Banking using this method.creditcard|debitcard
drop_category
optional
StringThis parameter is used if you want to hide one or multiple payment options. For example, if you consider the payment options such as credit card, debit card, and net banking, you can hide the credit card mode of payment.CC
udf1
optional
String User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.AELPR****E
udf2
optional
StringUser-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.
udf3
optional
String User-defined fields (udf) are used to store any information corresponding to a particular transaction.02-02-1980
udf4
optional
StringUser-defined fields (udf) are used to store any information corresponding to a particular transaction.XYZ Pvt. Ltd.
udf5
optional
StringUser-defined fields (udf) are used to store any information corresponding to a particular transaction.098450845

Sample request

curl -X POST "https://test.payu.in/_payment"
-H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d
"key=JP***g&txnid=PQI6MqpYrjEefU&amount=10.00
&firstname=PayU User&[email protected]&phone=9876543210
&productinfo=iPhone&surl=
https://apiplayground-response.herokuapp.com/
&furl=https://apiplayground-response.herokuapp.com
&hash=05a397501918ec5c36ae52daa3b3e49b43e986b86940e109d060076e467c3ea7536617df7420e0e6863dced8c5b45f9fff15c13bdf0335512c05f0210b31b072"
import requests

url = "https://test.payu.in/_payment"
payload = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56"
headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

<?php

$url = "https://test.payu.in/_payment";

$req = req_init($url);

req_setopt($req, CURLOPT_URL, $url);
req_setopt($req, CURLOPT_POST, true); 
req_setopt($req, CURLOPT_RETURNTRANSFER, true);

$headers = array(
    "Content-Type: application/x-www-form-urlencoded",
); 

req_setopt($curl, CURLOPT_HTTPHEADER, $headers);

$data = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56";

req_setopt($curl, CURLOPT_POSTFIELDS, $data);

$resp = req_exec($req);

req_close($req);

var_dump($resp);

?>

import org.apache.http.HttpResponse;
import org.apache.http.client.fluent.Request;
import org.apache.http.entity.ContentType;
import org.apache.http.util.EntityUtils;

public class Main {
    public static void main(String[] args) throws Exception {
        Request request = Request.Post("https://test.payu.in/_payment -H");

        String body = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56";
        
        request.bodyString(body, ContentType.APPLICATION_FORM_URLENCODED);
        request.setHeader("Content-Type", "application/x-www-form-urlencoded");

        HttpResponse httpResponse = request.execute().returnResponse();

        System.out.println(httpResponse.getStatusLine());

        if (httpResponse.getEntity() != null) {
            String html = EntityUtils.toString(httpResponse.getEntity());
            System.out.println(html);
        }
    }
}

using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;

namespace PayUExample
{
    class Program
    {
        static async Task Main(string[] args)
        {
            // Set the API endpoint URL
            string apiUrl = "https://test.payu.in/_payment";

            // Create an HttpClient instance
            using (HttpClient client = new HttpClient())
            {
                // Set request headers
                client.DefaultRequestHeaders.Add("accept", "application/json");
                client.DefaultRequestHeaders.Add("Content-Type", "application/x-www-form-urlencoded");

                // Set request parameters
                var content = new FormUrlEncodedContent(new[]
                {
                    new KeyValuePair<string, string>("key", "JP***g"),
                    new KeyValuePair<string, string>("txnid", "PQI6MqpYrjEefU"),
                    new KeyValuePair<string, string>("amount", "10.00"),
                    new KeyValuePair<string, string>("firstname", "PayU User"),
                    new KeyValuePair<string, string>("email", "[email protected]"),
                    new KeyValuePair<string, string>("phone", "9876543210"),
                    new KeyValuePair<string, string>("productinfo", "iPhone"),
                    new KeyValuePair<string, string>("surl", "https://apiplayground-response.herokuapp.com/"),
                    new KeyValuePair<string, string>("furl", "https://apiplayground-response.herokuapp.com"),
                    new KeyValuePair<string, string>("hash", "05a397501918ec5c36ae52daa3b3e49b43e986b86940e109d060076e467c3ea7536617df7420e0e6863dced8c5b45f9fff15c13bdf0335512c05f0210b31b072")
                });

                // Send the POST request
                HttpResponseMessage response = await client.PostAsync(apiUrl, content);

                // Read the response content
                string responseContent = await response.Content.ReadAsStringAsync();

                // Print the response
                Console.WriteLine(responseContent);
            }
        }
    }
}

Sample response

The response URL returned from PayU is similar to the following:

mihpayid=403993715523615328&mode=CC&status=success&unmappedstatus=captured&key=JPM7Fg&txnid=50QJq6lBJBmx14&amount=10.00&cardCategory=domestic&discount=0.00&net_amount_debit=10&addedon=2021-07-28+15%3A11%3A37&productinfo=iPhone&firstname=PayU+User&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test%40gmail.com&phone=9876543210&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa&field1=&field2=&field3=&field4=&field5=&field6=&field7=&field8=&field9=Transaction+Completed+Successfully&payment_source=payu&PG_TYPE=CC-PG&bank_ref_num=7f0d5ada-59bb-41d7-9e41-20a6af2406c9&bankcode=CC&error=E000&error_Message=No+Error&name_on_card=test&cardnum=411111XXXXXX1111&cardhash=This+field+is+no+longer+supported+in+postback+params.

The response mentioned earlier looks like the following when parsed:

mihpayid: 403993715523615328
mode: CC
status: success
unmappedstatus: captured
key: JPM7Fg
txnid: 50QJq6lBJBmx14
amount: 10.00
cardCategory: domestic
discount: 0.00
net_amount_debit: 10
addedon: 2021-07-28 15:11:37
productinfo: iPhone
firstname: PayU User
lastname: 
address1: 
address2: 
city: 
state: 
country: 
zipcode: 
email: [email protected]
phone: 9876543210
udf1: 
udf2: 
udf3: 
udf4: 
udf5: 
udf6: 
udf7: 
udf8: 
udf9: 
udf10: 
hash: afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa
field1: 
field2: 
field3: 
field4: 
field5: 
field6: 
field7: 
field8: 
field9: Transaction Completed Successfully
payment_source: payu
PG_TYPE: CC-PG
bank_ref_num: 7f0d5ada-59bb-41d7-9e41-20a6af2406c9
bankcode: CC
error: E000
error_message: No Error
name_on_card: test
cardnum: 411111XXXXXX1111
cardhash: This field is no longer supported in postback params.

Integration security

After receiving a response from PayU, you must calculate the hash again and validate it against the hash that you sent in the request to ensure the transaction is secure. PayU recommends implementing the transaction details APIs and webhook/callback as an extra security measure. For more information on this process, refer to Get Transaction Details API APIs and Webhooks documentation.

You need to ensure that sensitive information related to the integration is not part of the payment request to PayU. The details including — but are not limited to — the following are considered sensitive information:

  • salt value
  • plain text hash string

Along with the request, the sensitive information should not be a part of any merchant-level URL. The following are considered sources for the merchant-level URL:

  • The last web address accessed by a browser before loading PayU’s checkout page.
  • URLs shared as part of payment request to PayU in the parameters: surl, furl, curl, nurl, and termUrl.
  • Notification URLs configured with the merchant account.
  • Invoice Completion URLs configured with the merchant account.

📘

Important

Compare the parameters sent by PayU in the response with the ones you sent in the request to make sure none of them have been changed. You should verify specific parameters such as the transaction ID and amount. PayU is not responsible for any security breaches or loss resulting from your failure to implement the necessary security measures.

Step 2: Verify the payment

PayU recommends this step to reconcile with PayU’s database after you receive the response. Verify the transaction details using the Verification APIs. For API reference, refer to Verify Payment API under API Reference.

📘

Tip

The Transaction ID (txnid) value that you passed in request of Step 1 with PayU must be used here.