To integrate with PayU Hosted Checkout, you need to send a request and check the response. This will redirect the customer from the merchant’s website to PayU’s payment page to complete the payment. You can use the sample request and response in the provided documentation to get started.
Before you begin:
Register for a account with PayU before you start integration. For more information, refer to Register for a Merchant Account.
The steps involved in PayU Hosted Checkout integration are:
Make the transaction request to the PayU Test server.
When the customer is redirected to the PayU payment page, you can enforce certain payment modes or drop categories. For more information on customizing the payment codes and categories, refer to Enforce refer to Enforce Pay Method or Remove Category .
The code block is a sample post request that you need to send to PayU:
<body> <form action='https://test.payu.in/_payment' method='post'> <input type="hidden" name="key" value="JP***g" /> <input type="hidden" name="txnid" value="t6svtqtjRdl4ws" /> <input type="hidden" name="productinfo" value="iPhone" /> <input type="hidden" name="amount" value="10" /> <input type="hidden" name="email" value="[email protected]" /> <input type="hidden" name="firstname" value="Ashish" /> <input type="hidden" name="lastname" value="Kumar" /> <input type="hidden" name="surl" value="https://apiplayground-response.herokuapp.com/" /> <input type="hidden" name="furl" value="https://apiplayground-response.herokuapp.com/" /> <input type="hidden" name="phone" value="9988776655” /> <input type="hidden" name="hash" value="eabec285da28fd0e3054d41a4d24fe9f7599c9d0b66646f7a9984303fd6124044b6206daf831e9a8bda28a6200d318293a13d6c193109b60bd4b4f8b09c90972" /> <input type="submit" value="submit"> </form> </body> </html>
The Collect Payment (_payment) API is used for collecting payments in Web Checkout integration. For request and response, refer to Collect Payments API under API Reference.
If any error message is displayed with an error code, refer to Error Codes for Refund Initiation to understand the reason for these error codes.
curl -X POST "https://test.payu.in/_payment" -H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "key=JP***g&txnid=PQI6MqpYrjEefU&amount=10.00 &firstname=PayU User&[email protected]&phone=9876543210 &productinfo=iPhone&surl= https://apiplayground-response.herokuapp.com/ &furl=https://apiplayground-response.herokuapp.com/ &hash=05a397501918ec5c36ae52daa3b3e49b43e986b86940e109d060076e467c3ea7536617df7420e0e6863dced8c5b45f9fff15c13bdf0335512c05f0210b31b072"
The response URL returned from PayU is similar to the following:
The response mentioned earlier looks like the following when parsed:
mihpayid: 403993715523615328 mode: CC status: success unmappedstatus: captured key: JPM7Fg txnid: 50QJq6lBJBmx14 amount: 10.00 cardCategory: domestic discount: 0.00 net_amount_debit: 10 addedon: 2021-07-28 15:11:37 productinfo: iPhone firstname: PayU User lastname: address1: address2: city: state: country: zipcode: email: [email protected] phone: 9876543210 udf1: udf2: udf3: udf4: udf5: udf6: udf7: udf8: udf9: udf10: hash: afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa field1: field2: field3: field4: field5: field6: field7: field8: field9: Transaction Completed Successfully payment_source: payu PG_TYPE: CC-PG bank_ref_num: 7f0d5ada-59bb-41d7-9e41-20a6af2406c9 bankcode: CC error: E000 error_message: No Error name_on_card: test cardnum: 411111XXXXXX1111 cardhash: This field is no longer supported in postback params.
After receiving a response from PayU, you must calculate the hash again and validate it against the hash that you sent in the request to ensure the transaction is secure. PayU recommends implementing the transaction details APIs and webhook/callback as an extra security measure. For more information on this process, refer to Get Transaction Details API APIs and Webhooks documentation.
You need to ensure that sensitive information related to the integration is not part of the payment request to PayU. The details including — but are not limited to — the following are considered sensitive information:
- salt value
- plain text hash string
Along with the request, the sensitive information should not be a part of any merchant-level URL. The following are considered sources for the merchant-level URL:
- The last web address accessed by a browser before loading PayU’s checkout page.
- URLs shared as part of payment request to PayU in the parameters: surl, furl, curl, nurl, and termUrl.
- Notification URLs configured with the merchant account.
- Invoice Completion URLs configured with the merchant account.
Compare the parameters sent by PayU in the response with the ones you sent in the request to make sure none of them have been changed. You should verify specific parameters such as the transaction ID and amount. PayU is not responsible for any security breaches or loss resulting from your failure to implement the necessary security measures.
PayU recommends this step to reconcile with PayU’s database after you receive the response. Verify the transaction details using the Verification APIs. For API reference, refer to Verify Payment API under API Reference.
The Transaction ID (txnid) value that you passed in request of Step 1 with PayU must be used here.
- Offers: Configure offers for cards on Dashboard and then collect payments with offers. For more information, refer to Create an Instant Discount or Cashback Offer and Offers .
- Pre-authorize Credit Card Transactions: PayU’s pre-authorization (also card authorization, authorization hold or Auth and Capture) product allows merchants two-step card payments so you can temporarily block some amount of funds when a customer places an order (authorization) and then capture the amount later.. For more information, refer to Pre-authorize Credit Card Payments .
- Sodexo Integration: Accept Sodexo payments by enabling Sodexo integration with PayU Hosted Checkout. For more information, refer to Enable Sodexo on Checkout .
Updated 2 days ago