Classic Integration for Cards

This is server-to-server integration over the Redirect experience for cards involves the following steps:

Steps to Integrate

Initiate payment request with PayU
Redirect the customer
Check the response from PayU

👍
Before you begin:
Register for an account with PayU before you start integration. For more information, refer to Register for a Merchant Account.

Step 1: Initiate payment request with PayU

The merchant initiates PayU with the required transaction mandatory or optional parameters. This needs to be a server-to-server cURL call request. URL, parameters, and descriptions. For more information, refer to Cards Classic Integration. Collect the response in the Cards Classic Integration under API Reference. The response for the S2S payment request is not similar to Merchant Hosted or PayU Hosted Checkout. For description of response parameters, refer to Additional Info for Payment APIs.

Environment


Test Environment	https://test.payu.in/_payment
Production Environment	https://secure.payu.in/_payment

Hashing

You must hash the request parameters using the following hash logic:

sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)

For more information, refer to Generate Hash.

Request parameters

Parameter	Description	Example
key `mandatory`	`String`Merchant key provided by PayU during onboarding.
txnid `mandatory`	`String`The transaction ID is a reference number for a specific order that is generated by the merchant.
amount `mandatory`	`String`The payment amount for the transaction.
productinfo `mandatory`	`String`A brief description of the product.
firstname `mandatory`	`String` The first name of the customer.	Ashish
email `mandatory`	`String`The email address of the customer.
phone `mandatory`	`String`The phone number of the customer.
pg `mandatory`	`String` The pg parameter determines which payment tabs will be displayed on the PayU page. For cards, 'CC' will be the value.	CC
bankcode `mandatory`	`String` Each payment option is identified with a unique bank code at PayU. The merchant must post this parameter with the corresponding payment option’s bank code value in it. For more information, refer to Card Type Codes and Supported Banks for Cards	AMEX
ccnum `mandatory`	`String` Use 13-19 digit card number for credit/debit cards (15 digits for AMEX, 13-19 for Maestro) and validate with LUHN algorithm. Refer to Card Number Formats and display error message on invalid input.	5123456789012346
ccname `mandatory`	`String` This parameter must contain the name on card – as entered by the customer for the transaction.	Ashish Kumar
ccvv `mandatory`	`String` Use 3-digit CVV number for credit/debit cards and 4-digit security code (4DBC/CID) for AMEX cards. Validate with BIN API.	123
ccexpmon `mandatory`	`String` This parameter must contain the card’s expiry month – as entered by the user for the transaction. It must always be in 2 digits or in MM format. For months 1-9, this parameter must be appended with 0 – like 01, 02…09. For months 10-12, this parameter must not be appended – It should be 10,11 and 12 respectively.	10
ccexpyr `mandatory`	`String` This parameter must contain the card’s expiry year – as entered by the customer for the transaction. It must be of four digits.	2021
furl `mandatory`	`String`The success URL, which is the page PayU will redirect to if the transaction is successful.
surl `mandatory`	`String`The Failure URL, which is the page PayU will redirect to if the transaction is failed.
hash `mandatory`	`String`It is the hash calculated by the merchant. The hash calculation logic is: `sha512(key\\|txnid\\|amount\\|productinfo\\|firstname\\|email\\|udf1\\|udf2\\|udf3\\|udf4\\|udf5\\|\|\\|\|\\|\|SALT)`
txn_s2s_flow `mandatory`	`String`This parameter must be passed with the value as: 4for Legacy Decoupled flow. 3 for Direct Authorization.
s2s_client_ip `mandatory`	`String`This parameter must have the source IP of the customer.
s2s_device_info `mandatory`	`String`This parameter must have the customer agent's device.
address1 `optional`	`String` The first line of the billing address. For Fraud Detection*: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information.
address2 `optional`	`String` The second line of the billing address.
city `optional`	`String` The city where your customer resides as part of the billing address.
state `optional`	`String` The state where your customer resides as part of the billing address,
country `optional`	`String` The country where your customer resides.
zipcode `optional`	`String` Billing address zip code is mandatory for the cardless EMI option. `Character Limit`-20
udf1 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.
udf2 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.
udf3 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction.
udf4 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction.
udf5 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction.

Sample request

curl --location \
 --request \
 POST 'https://secure.payu.in/_payment' --header 'Content-Type: application/x-www-form-urlencoded' \
 --header 'Cookie: PHPSESSID=mj185cifujktpv1igu9tmuoaal; PAYUID=eac5648ac59712238883a78e71f35717; PHPSESSID=638b1b5173542' \
 --data \
-urlencode 'hash=d89e7d88863617baf01e504c50aa58e94d6ff3371c2ed409ca1f139cfee75d67e85ce7e91c4224790b6cc1b59bb149fc98b0272e27b335225a9d288a34290e42' --data \
-urlencode 'key=s*****s' --data \
-urlencode 'txnid=payuTestTransaction3818940' --data \
-urlencode 'amount=1.0' --data \
-urlencode 'firstname=Ashish' --data \
-urlencode '[email protected]' --data \
-urlencode 'phone=9988776655' --data \
-urlencode 'productinfo=Product Info' --data \
-urlencode 'surl=https://admin.payu.in/test_response' --data \
-urlencode 'furl=https://admin.payu.in/test_response' --data \
-urlencode 'notifyurl=https://admin.payu.in/test_response' --data \
-urlencode 'codurl=https://admin.payu.in/test_response' --data \
-urlencode 'ipurl=https://admin.payu.in/test_response' --data \
-urlencode 'lastname=' --data \
-urlencode 'udf1=' --data \
-urlencode 'udf2=' --data \
-urlencode 'udf3=' --data \
-urlencode 'udf4=' --data \
-urlencode 'udf5=' --data \
-urlencode 'pg=CC' --data \
-urlencode 'bankcode=DC' --data \
-urlencode 'ccnum=XXXXXXXXXXX8811' --data \
-urlencode 'ccname=Ashish' --data \
-urlencode 'ccvv=XXX' --data \
-urlencode 'ccexpmon=12' --data \
-urlencode 'ccexpyr=2023' --data \
-urlencode 'txn_s2s_flow=4' --data \
-urlencode 'authentication_flow=REDIRECT'

Sample response

{
   "metaData": {
      "message": null,
      "referenceId": "a74a67e965537b0f817e925e45321194",
      "statusCode": null,
      "txnId": "payuTestTransaction3818940",
      "txnStatus": "Enrolled",
      "unmappedStatus": "pending"
   },
   "result": {
      "otpPostUrl": "",
      "acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vYWNzLmZzc25ldC5jby5pbi9hY3NhdXRoc2VydmVyL1VCSS9WL3BhcmVxLmh0bSIgbWV0aG9kPSJwb3N0Ij48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJQYVJlcSIgdmFsdWU9ImVKeFVVdUZ1c2pBVWZSWGpBOUNXaWdaemJjTEViR1JEaVp2NWZuZHdveVFDV3NwRW4zNnRnTzRqSWJubjlIQTRQUzE4SFJSaStJbHBvMUJBakhVdDl6aktzOFdZY3NyWnpQVTVHd3RJZ2kyZUJmeWdxdk9xRk15aGpndGtnT1k3bFI1a3FRWEk5UHdTcmNXRVRiazdCZEpES0ZCRm9lQitzcVBkWTh3NWtJNkdVaFlvRW5uZGpWNGJ0WmRWQ2VST1FWbzFwVlpYd1Qzak5RQm8xRkVjdEQ3TkNibGNMbzdHV2hkOUFDZXRDZ0xFS29BOFV5V05uV3JqMk9hWmlKYkIvdkdHd1MwTzQzWjlpN3o0dGxvQXNRcklwRWJoVXRkbEx1VWo2czhuc3ptblFPNDh5TUpHRWR2YVlRNHpiSS9oWkg4VGRJRFpoYjhFbUlvVmx1bXdtd0VCdHFlcVJLTXdqVDVtSU0vTXl6ZmJhNnBOVlZQNTdudmZiWVBOZXZZdnE0cGp2ZHA4S085cnRiSFJlNUYxekUxUkxtZWRwUVZBckEzcEQ5SjBjejlwTS8xM0EzNEJBQUQvL3dYQWdRQUFBQUFBa1A5ckFHTkhyZkk9Ij48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJUZXJtVXJsIiB2YWx1ZT0iaHR0cHM6Ly9zZWN1cmUucGF5dS5pbi83OGIxN2YyZWJkYmUyNjgwNjMzNDY3NzA0MjAzMzgyYS9Db21tb25QZ1Jlc3BvbnNlSGFuZGxlci5waHAiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Ik1EIiB2YWx1ZT0iMDMwMzE3MzA1NSI+PC9mb3JtPjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpbmRvdy5vbmxvYWQ9ZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N1bWVudC5mb3Jtc1sncGF5bWVudF9wb3N0J10uc3VibWl0KCk7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgICAgIDwvc2NyaXB0PjwvYm9keT48L2h0bWw+"
   },
   "binData": {
      "pureS2SSupported": false,
      "issuingBank": "UBI",
      "category": "debitcard",
      "cardType": "VISA",
      "isDomestic": true
   }
}

Step 2: Redirect the customer

Redirect the customer to the bank page using the acsTemplate as received in Step 1.

Step 3: Check response from PayU

This will be a call back on the URL provided by you.

Hash validation logic for payment response (Reverse Hashing)

While sending the response, PayU takes the exact same parameters that were sent in the request (in reverse order) to calculate the hash and returns it to you. You must verify the hash and then mark a transaction as a success or failure. This is to make sure the transaction has not tampered within the response.

The order of the parameters is similar to the following code block:

sha512(SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key)

Response parameters

The parameters in the response for similar for all the S2S flows. For more information, refer to Classic Integrationfor response and Additional Info for Payment APIs for response parameter description.

Sample response

{ 
    "mihpayid" :  "403993715524046125" 
    "mode" :  "DC" 
    "status" :  "success" 
    "unmappedstatus" :  "captured" 
    "key" :  "smsplus" 
    "txnid" :  "payuTestTransaction5700849" 
    "amount" :  "1.00" 
    "cardCategory" :  "domestic" 
    "discount" :  "0.00" 
    "net_amount_debit" :  "1.00" 
    "addedon" :  "2022-12-03 15:03:08" 
    "productinfo" :  "Product Info" 
    "firstname" :  "Ashish" 
    "lastname" :  "" 
    "address1" :  "" 
    "address2" :  "" 
    "city" :  "" 
    "state" :  "" 
    "country" : ""  
    "zipcode" :  "" 
    "email" :  "[email protected]" 
    "phone" :  "9876543210" 
    "udf1" :  "" 
    "udf2" :  "" 
    "udf3" :  "" 
    "udf4" :  "" 
    "udf5" :  "" 
    "udf6" :  "" 
    "udf7" :  "" 
    "udf8" :  "" 
    "udf9" :  "" 
    "udf10" :  "" 
    "hash" :  "6586bb33ed936d07f866cfeb42b9af99e9408270bd31c722ab3a11e61f6b6581cee3cd4f1b8b4aec3a6695c764e5cd76597832735e1e924f2ac0defbd6b3b68f" 
    "field1" :  "" 
    "field2" :  "" 
    "field3" :  "" 
    "field4" :  "" 
    "field5" :  "" 
    "field6" :  "" 
    "field7" :  "AUTHPOSITIVE" 
    "field8" :  "" 
    "field9" :  "Success Transaction" 
    "payment_source" :  "payuS2S" 
    "PG_TYPE" :  "DC-PG" 
    "bank_ref_num" :   
    "bankcode" :  "VISA" 
    "error" :  "E000" 
    "error_Message" : "success"  
    "cardnum" :  XXXXXXXXXXXX8811 
    "cardhash" :  "This field is no longer supported in postback params." 
    "issuing_bank" :  "UBI" 
    "card_type" :  "VISA" 
}

Updated 6 days ago

Steps to Integrate

👍Before you begin:

Step 1: Initiate payment request with PayU

Hashing

Request parameters

Sample request

Sample response

Step 2: Redirect the customer

Step 3: Check response from PayU

Hash validation logic for payment response (Reverse Hashing)

Response parameters

Sample response

👍
Before you begin: