1. API Integration

To integrate with PayU Hosted Checkout, you need to send a request and check the response. This will redirect the customer from the merchant’s website to PayU’s payment page to complete the payment. You can use the sample request and response in the provided documentation to get started.

👍
Before you begin:

PayU recommends you to integrate with Test environment initially. For merchants registered before August 3rd, 2023, use the following URL to sign up for the Test environment: https://uat-onepayuonboarding.payu.in/app/account/signup

Later, register for a production account with PayU. For more information, refer to Register for a Merchant Account.

The steps involved in PayU Hosted Checkout integration are:

Make Transaction Request to PayU
Verify Payment

Step 1: Make the transaction request to PayU

Make the transaction request to the PayU Test server.

📘
Tip
When the customer is redirected to the PayU payment page, you can enforce certain payment modes or drop categories. For more information on customizing the payment codes and categories, refer to Enforce refer to Enforce Pay Method or Remove Category.

Post request syntax & composition

The code block is a sample post request that you need to send to PayU:

<body>
  <form action="https://test.payu.in/_payment" method="post">
    <input type="hidden" name="key" value="JP***g" />
    <input type="hidden" name="txnid" value="t6svtqtjRdl4ws" />
    <input type="hidden" name="productinfo" value="iPhone" />
    <input type="hidden" name="amount" value="10" />
    <input type="hidden" name="email" value="[email protected]" />
    <input type="hidden" name="firstname" value="Ashish" />
    <input type="hidden" name="lastname" value="Kumar" />
    <input type="hidden" name="surl" value="https://apiplayground-response.herokuapp.com/" />
    <input type="hidden" name="furl" value="https://apiplayground-response.herokuapp.com/" />
    <input type="hidden" name="phone" value="9988776655" />
    <input type="hidden" name="hash" value="eabec285da28fd0e3054d41a4d24fe9f7599c9d0b66646f7a9984303fd6124044b6206daf831e9a8bda28a6200d318293a13d6c193109b60bd4b4f8b09c90972" />
    <input type="submit" value="Submit" />
  </form>
</body>
</html>

Request and response

The Collect Payment (_payment) API is used for collecting payments in Web Checkout integration. For request and response, refer to Collect Payment API - Merchant Hosted Checkout under API Reference.

Environment


Test Environment	<https://test.payu.in/_payment>
Production Environment	<https://secure.payu.in/_payment>

❗️
Error Handling
If any error message is displayed with an error code, refer to Error Codes for Refund Initiation to understand the reason for these error codes.

📘
Reference
To handle redirect URLs (surl and furl), refer to Handling the Redirect URLs.

Request parameters

Parameter	Description	Example
key `mandatory`	`String` Merchant key provided by PayU during onboarding.	JPG****.k
txnid `mandatory`	`String` The transaction ID is a reference number for a specific order generated by the merchant.	ypl938459435
amount `mandatory`	`String` The payment amount for the transaction.	10.00
productinfo `mandatory`	`String` A brief description of the product.	iPhone
firstname `mandatory`	`String` The first name of the customer.	Ashish
email `mandatory`	`String` The email address of the customer.	[email protected]
phone `mandatory`	`String` The phone number of the customer.
lastname `optional`	`String` The last name of the customer.	Kumar
surl `mandatory`	`String` The success URL, which is the page PayU will redirect to if the transaction is successful.	https://test-payment-middleware.payu.in/simulatorResponse
furl `mandatory`	`String` The failure URL, which is the page PayU will redirect to if the transaction fails.	https://test-payment-middleware.payu.in/simulatorResponse
hash `mandatory`	`String` It is the hash calculated by the merchant. The hash calculation logic is: `sha512(key\|txnid\|amount\|productinfo\|firstname\|email\|udf1\|udf2\|udf3\|udf4\|udf5\|\|\|\|\|\|SALT)` Reference: For detailed information on hashing, refer to Generate Hash.
address1 `optional`	`String` The first line of the billing address. Fraud Detection: This information is helpful for fraud detection and chargebacks. Please provide the correct information.	H.No- 17, Block C, Kalyan Bldg, Khardilkar Road, Mumbai
address2 `optional`	`String` The second line of the billing address.	34 Saikripa-Estate, Tilak Nagar
city `optional`	`String` The city where your customer resides as part of the billing address.	Mumbai
state `optional`	`String` The state where your customer resides as part of the billing address.	Maharashtra
country `optional`	`String` The country where your customer resides.	India
zipcode `optional`	`String` Billing address zip code is mandatory for the cardless EMI option. Character Limit: 20	400004
enforced_payment `optional`	`String` This parameter is to customize the payment options for each transaction. You can enforce specific payment modes, card schemes, and specific banks under Net Banking using this method.	creditcard\|debitcard
drop_category `optional`	`String` This parameter is used if you want to hide one or multiple payment options. For example, if you consider the payment options such as credit card, debit card, and net banking, you can hide the credit card mode of payment.	CC
udf1 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.	AELPR****E
udf2 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.
udf3 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction.	02-02-1980
udf4 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction.	XYZ Pvt. Ltd.
udf5 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction.	098450845
custom_note `optional`	`String` This parameter allows you to display a message on the PayU Payment page. This can be useful if you want to provide additional information to your customers, such as an extra charge for a particular product. The message specified in the custom_note parameter will be displayed below the payment options.	You will be charged an extra amount of Rs 100 on this transaction
note_category `optional`	`String` This parameter allows you to specify which payment options the custom_note message will be displayed for. This parameter should contain a comma-separated list of the payment options that you want the custom_note displayed for. Example: "CC, NB" will show the custom_note for Credit Card & Net banking only.	CC, NB

Sample request

PayU Hosted Checkout cURL Request Walkthrough

Open Recipe

_payment Request Python Code Walkthrough

Open Recipe

_payment Request Java Code Walkthrough

Open Recipe

_payment Request PHP Code Walkthrough

Open Recipe

curl -X POST "https://test.payu.in/_payment"
-H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d
"key=JP***g&txnid=PQI6MqpYrjEefU&amount=10.00
&firstname=PayU User&[email protected]&phone=9876543210
&productinfo=iPhone&surl=
https://apiplayground-response.herokuapp.com/
&furl=https://apiplayground-response.herokuapp.com
&hash=05a397501918ec5c36ae52daa3b3e49b43e986b86940e109d060076e467c3ea7536617df7420e0e6863dced8c5b45f9fff15c13bdf0335512c05f0210b31b072"

import requests

url = "https://test.payu.in/_payment"
payload = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56"
headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

<?php

$url = "https://test.payu.in/_payment";

$req = req_init($url);

req_setopt($req, CURLOPT_URL, $url);
req_setopt($req, CURLOPT_POST, true); 
req_setopt($req, CURLOPT_RETURNTRANSFER, true);

$headers = array(
    "Content-Type: application/x-www-form-urlencoded",
); 

req_setopt($curl, CURLOPT_HTTPHEADER, $headers);

$data = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56";

req_setopt($curl, CURLOPT_POSTFIELDS, $data);

$resp = req_exec($req);

req_close($req);

var_dump($resp);

?>

import org.apache.http.HttpResponse;
import org.apache.http.client.fluent.Request;
import org.apache.http.entity.ContentType;
import org.apache.http.util.EntityUtils;

public class Main {
    public static void main(String[] args) throws Exception {
        Request request = Request.Post("https://test.payu.in/_payment -H");

        String body = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56";
        
        request.bodyString(body, ContentType.APPLICATION_FORM_URLENCODED);
        request.setHeader("Content-Type", "application/x-www-form-urlencoded");

        HttpResponse httpResponse = request.execute().returnResponse();

        System.out.println(httpResponse.getStatusLine());

        if (httpResponse.getEntity() != null) {
            String html = EntityUtils.toString(httpResponse.getEntity());
            System.out.println(html);
        }
    }
}

using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;

namespace PayUExample
{
    class Program
    {
        static async Task Main(string[] args)
        {
            // Set the API endpoint URL
            string apiUrl = "https://test.payu.in/_payment";

            // Create an HttpClient instance
            using (HttpClient client = new HttpClient())
            {
                // Set request headers
                client.DefaultRequestHeaders.Add("accept", "application/json");
                client.DefaultRequestHeaders.Add("Content-Type", "application/x-www-form-urlencoded");

                // Set request parameters
                var content = new FormUrlEncodedContent(new[]
                {
                    new KeyValuePair<string, string>("key", "JP***g"),
                    new KeyValuePair<string, string>("txnid", "PQI6MqpYrjEefU"),
                    new KeyValuePair<string, string>("amount", "10.00"),
                    new KeyValuePair<string, string>("firstname", "PayU User"),
                    new KeyValuePair<string, string>("email", "[email protected]"),
                    new KeyValuePair<string, string>("phone", "9876543210"),
                    new KeyValuePair<string, string>("productinfo", "iPhone"),
                    new KeyValuePair<string, string>("surl", "https://apiplayground-response.herokuapp.com/"),
                    new KeyValuePair<string, string>("furl", "https://apiplayground-response.herokuapp.com"),
                    new KeyValuePair<string, string>("hash", "05a397501918ec5c36ae52daa3b3e49b43e986b86940e109d060076e467c3ea7536617df7420e0e6863dced8c5b45f9fff15c13bdf0335512c05f0210b31b072")
                });

                // Send the POST request
                HttpResponseMessage response = await client.PostAsync(apiUrl, content);

                // Read the response content
                string responseContent = await response.Content.ReadAsStringAsync();

                // Print the response
                Console.WriteLine(responseContent);
            }
        }
    }
}

Sample response

The response URL returned from PayU is similar to the following:

mihpayid=403993715523615328&mode=CC&status=success&unmappedstatus=captured&key=JPM7Fg&txnid=50QJq6lBJBmx14&amount=10.00&cardCategory=domestic&discount=0.00&net_amount_debit=10&addedon=2021-07-28+15%3A11%3A37&productinfo=iPhone&firstname=PayU+User&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test%40gmail.com&phone=9876543210&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa&field1=&field2=&field3=&field4=&field5=&field6=&field7=&field8=&field9=Transaction+Completed+Successfully&payment_source=payu&PG_TYPE=CC-PG&bank_ref_num=7f0d5ada-59bb-41d7-9e41-20a6af2406c9&bankcode=CC&error=E000&error_Message=No+Error&name_on_card=test&cardnum=411111XXXXXX1111&cardhash=This+field+is+no+longer+supported+in+postback+params.

/**
 * PayU Payment Response Handling with Fetch API
 * This code processes the PayU response data and sends it to your server
 */

// PayU response data from the callback
const payuResponseData = "mihpayid=403993715523615328&mode=CC&status=success&unmappedstatus=captured&key=JPM7Fg&txnid=50QJq6lBJBmx14&amount=10.00&cardCategory=domestic&discount=0.00&net_amount_debit=10&addedon=2021-07-28+15%3A11%3A37&productinfo=iPhone&firstname=PayU+User&lastname=&address1=&address2=&city=&state=&country=&zipcode=&email=test%40gmail.com&phone=9876543210&udf1=&udf2=&udf3=&udf4=&udf5=&udf6=&udf7=&udf8=&udf9=&udf10=&hash=afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa&field1=&field2=&field3=&field4=&field5=&field6=&field7=&field8=&field9=Transaction+Completed+Successfully&payment_source=payu&PG_TYPE=CC-PG&bank_ref_num=7f0d5ada-59bb-41d7-9e41-20a6af2406c9&bankcode=CC&error=E000&error_Message=No+Error&name_on_card=test&cardnum=411111XXXXXX1111&cardhash=This+field+is+no+longer+supported+in+postback+params";

// Parse the response data into an object
function parsePayUResponse(responseString) {
  const payuData = {};
  const pairs = responseString.split('&');
  
  for (const pair of pairs) {
    const [key, value] = pair.split('=');
    if (key && value !== undefined) {
      payuData[decodeURIComponent(key)] = decodeURIComponent(value);
    }
  }
  
  return payuData;
}

// Parse the response
const parsedResponse = parsePayUResponse(payuResponseData);

// URL of your server endpoint that will process the payment result
const serverUrl = 'https://your-server.com/api/payment-result';

// Send the parsed response to your server using Fetch API
fetch(serverUrl, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Accept': 'application/json'
  },
  body: JSON.stringify({
    payuResponse: parsedResponse,
    // You can add additional client-side information here if needed
    clientInfo: {
      browserInfo: navigator.userAgent,
      timestamp: new Date().toISOString()
    }
  })
})
.then(response => {
  if (!response.ok) {
    throw new Error(`Server responded with status: ${response.status}`);
  }
  return response.json();
})
.then(data => {
  console.log('Payment verification successful:', data);
  // Handle successful verification (e.g., show success message, redirect to order confirmation)
  if (parsedResponse.status === 'success') {
    // Redirect to success page or show success message
    // window.location.href = '/payment-success?txnid=' + parsedResponse.txnid;
  }
})
.catch(error => {
  console.error('Payment verification error:', error);
  // Handle error (e.g., show error message)
});

		import requestsurl = "https://test.payu.in/_payment"payload = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56"headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded" }response = requests.request("POST", url, data=payload, headers=headers, params=querystring)print(response.text)

$url = "https://test.payu.in/_payment";$req = req_init($url);req_setopt($req, CURLOPT_URL, $url);req_setopt($req, CURLOPT_POST, true); req_setopt($req, CURLOPT_RETURNTRANSFER, true);$headers = array( "Content-Type: application/x-www-form-urlencoded", ); req_setopt($curl, CURLOPT_HTTPHEADER, $headers);$data = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56"req_setopt($curl, CURLOPT_POSTFIELDS, $data);$resp = req_exec($req);req_close($req);var_dump($resp);

Request request = Request.Post("https://test.payu.in/_payment -H");String body = "key=JP***g&txnid=Dnh8wYimuCRIdv&amount=10.00&firstname=PayU User&[email protected]&phone=9876543210&productinfo=iPhone&pg=&bankcode=&surl=https://apiplayground-response.herokuapp.com/&furl=https://apiplayground-response.herokuapp.com/&ccnum=&ccexpmon=&ccexpyr=&ccvv=&ccname=&txn_s2s_flow=&hash=cb4b8bda5677dbe80f53735b1d0ec5d48164c3654627369268cf6bf266db994db39108ce2e0868c953e66c172f6b2d78836b253d3463d0cc40d9b6a93118ed56"request.bodyString(body,ContentType.APPLICATION_FORM_URLENCODED);request.setHeader("Content-Type", "application/x-www-form-urlencoded");HttpResponse httpResponse = request.execute().returnResponse();System.out.println(httpResponse.getStatusLine());if (httpResponse.getEntity() != null) {String html = EntityUtils.toString(httpResponse.getEntity());System.out.println(html);}

The response mentioned earlier looks like the following when parsed:

Parse the _payment JSON response using Java

Open Recipe

mihpayid: 403993715523615328
mode: CC
status: success
unmappedstatus: captured
key: JPM7Fg
txnid: 50QJq6lBJBmx14
amount: 10.00
cardCategory: domestic
discount: 0.00
net_amount_debit: 10
addedon: 2021-07-28 15:11:37
productinfo: iPhone
firstname: PayU User
lastname: 
address1: 
address2: 
city: 
state: 
country: 
zipcode: 
email: [email protected]
phone: 9876543210
udf1: 
udf2: 
udf3: 
udf4: 
udf5: 
udf6: 
udf7: 
udf8: 
udf9: 
udf10: 
hash: afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa
field1: 
field2: 
field3: 
field4: 
field5: 
field6: 
field7: 
field8: 
field9: Transaction Completed Successfully
payment_source: payu
PG_TYPE: CC-PG
bank_ref_num: 7f0d5ada-59bb-41d7-9e41-20a6af2406c9
bankcode: CC
error: E000
error_message: No Error
name_on_card: test
cardnum: 411111XXXXXX1111
cardhash: This field is no longer supported in postback params.

Integration security

After receiving a response from PayU, you must calculate the hash again and validate it against the hash that you sent in the request to ensure the transaction is secure. PayU recommends implementing the transaction details APIs and webhook/callback as an extra security measure. For more information on this process, refer to Get Transaction Details API APIs and Webhooks documentation.

You need to ensure that sensitive information related to the integration is not part of the payment request to PayU. The details including — but are not limited to — the following are considered sensitive information:

salt value
plain text hash string

Along with the request, the sensitive information should not be a part of any merchant-level URL. The following are considered sources for the merchant-level URL:

The last web address accessed by a browser before loading PayU’s checkout page.
URLs shared as part of payment request to PayU in the parameters: surl, furl, curl, nurl, and termUrl.
Notification URLs configured with the merchant account.
Invoice Completion URLs configured with the merchant account.

📘
Important
Compare the parameters sent by PayU in the response with the ones you sent in the request to make sure none of them have been changed. You should verify specific parameters such as the transaction ID and amount. PayU is not responsible for any security breaches or loss resulting from your failure to implement the necessary security measures.

Step 2: Verify the payment

PayU recommends this step to reconcile with PayU’s database after you receive the response. Verify the transaction details using the Verification APIs. For API reference, refer to Verify Payment API under API Reference.

👍
Tip
The Transaction ID (txnid) value that you passed in request of Step 1 with PayU must be used here.

Parse the Verify Payment API response

Open Recipe

Updated 3 days ago