Integration Steps

The Android Native OTP Assist SDK integration involves the following steps:

Integration Steps

1. Create PayU Account

2. Include SDK

Add the Native OTP Assist SDK dependency

3. Setup Hash & Post Data

Generate payment hash and prepare post data

4. Initiate Payment

Initialize SDK and handle callbacks

5. Verify Transaction

Verify payment using webhook or API

6. Test & Go-Live

Test your integration and go live

Step 1. SDK Integration

Before you start with the integration, enable the payment methods that you want to offer to your customers from Dashboard > Settings > Payment methods. Cards, UPI, and other payment methods are enabled by default, and PayU recommends you to enable other payment methods that are relevant to you.

Step 1: Create a PayU account

First, create a PayU account. For more information, refer to Register for a Merchant Account.

Step 2: Include the SDK in your application

Gradle Dependency

Include the SDK in your application's build.gradle:

implementation 'in.payu:native-otp-assist:1.6.3'

Step 3: Set up payment hash and post data

Generate Payment Hash

For more information on the generation of Payment Hash, refer to Generate Static Hash.

🚧
Generate hash on your server: Always generate the hashes on your server. Do not generate the hashes locally in your app, as it will compromise the security of the transactions.

Hash Formula: sha512(<key>|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||<Add Salt Value>)

Every transaction (payment or non-payment) needs a hash set up by you before sending the transaction details to PayU. Hash is required for PayU to validate the authenticity of the transaction. This hashing should be done on your server.

Payment Post Data

Use the Core SDK library to generate payment post data.

Example Post Data Format:

key=YOUR_MERCHANT_KEY
&txnid=TXN1234567890
&amount=100.0
&productinfo=Product Name
&firstname=John
&[email protected]
&phone=9999999999
&surl=https://yourdomain.com/success
&furl=https://yourdomain.com/failure
&hash=GENERATED_HASH
&ccnum=5123456789012346
&ccname=John Doe
&ccvv=123
&ccexpmon=12
&ccexpyr=2025
&bankcode=CC
&pg=CC

📘
Note: The post data must include all mandatory payment parameters along with card details for card payment processing.

Step 4: Initiate payment

Initialize Native OTP SDK

Initialize the Native OTP Assist SDK by providing the PayUOtpAssistConfig object having post data and reference to PayUOtpAssistCallback to listen to the SDK events similar to the following code block:

PayUOtpAssistConfig payUOtpAssistConfig = PayUOtpAssistConfig();
payUOtpAssistConfig.setPostData("POST_DATA_FOR_TRANSACTION");
PayUOtpAssist.open(
    Context context, 
    PayUOtpAssistCallback payUOtpAssistCallback, 
    PayUOtpAssistConfig payUOtpAssistConfig);

val payUOtpAssistConfig = PayUOtpAssistConfig()
payUOtpAssistConfig.postData = "POST_DATA_FOR_TRANSACTION"
PayUOtpAssist.open(
    context: Context, 
    payUOtpAssistCallback: PayUOtpAssistCallback,  
    payUOtpAssistConfig: PayUOtpAssistConfig
)

📘
Remember: This SDK will work only if the customer or the user provides consent for the app to read the SMS on their device.

PayU fetches the OTP through RECEIVE_SMS if the RECEIVE_SMS permission is granted. Otherwise, fetch the OTP using the Google Consent API. To understand the flow, refer to PayU OTP Parser.

Step 5: Implement Payment Callbacks

5.1: PayUOtpAssistCallback Interface

Implement the PayUOtpAssistCallback interface to handle payment responses and events.

PayUOtpAssistCallback payUOtpAssistCallback = new PayUOtpAssistCallback() {
    
    @Override
    public void onPaymentSuccess(@Nullable String merchantResponse, 
                                  @Nullable String payUResponse) {
        // Handle successful payment
    }

    @Override
    public void onPaymentFailure(@Nullable String merchantResponse, 
                                  @Nullable String payUResponse) {
        // Handle failed payment
    }

    @Override
    public void onError(@Nullable String errorCode, 
                        @Nullable String errorMessage) {
        // Handle errors
    }

    @Override
    public boolean shouldHandleFallback(PayUAcsRequest payUAcsRequest) {
        // Handle fallback to bank page
        return true;
    }
};

val payUOtpAssistCallback = object : PayUOtpAssistCallback {
    
    override fun onPaymentSuccess(merchantResponse: String?, 
                                   payUResponse: String?) {
        // Handle successful payment
    }

    override fun onPaymentFailure(merchantResponse: String?, 
                                   payUResponse: String?) {
        // Handle failed payment
    }

    override fun onError(errorCode: String?, 
                         errorMessage: String?) {
        // Handle errors
    }

    override fun shouldHandleFallback(payUAcsRequest: PayUAcsRequest): Boolean {
        // Handle fallback to bank page
        return true
    }
}

5.2: shouldHandleFallback - Handle Bank Page Redirection (Optional)

This is an optional callback to handle scenarios where the payment needs to be redirected to the bank's authentication page (3D Secure).

When to Use: Override this method when you want to handle the bank page redirection flow yourself using Custom Browser.

🚧
CustomBrowser Dependency Required: If you want to use CustomBrowser in the fallback scenario, you must add the CustomBrowser SDK dependency to your build.gradle:
implementation 'in.payu:payu-custom-browser:7.16.0'

@Override
public boolean shouldHandleFallback(PayUAcsRequest payUAcsRequest) {
    // Option 1: Let SDK handle fallback (default)
    // return true;
    
    // Option 2: Handle fallback yourself using CustomBrowser
    CustomBrowserConfig customBrowserConfig = new CustomBrowserConfig(merchantKey, txnId);
    
    // Set the issuerUrl and issuerPostData to open in WebView
    if (payUAcsRequest.getIssuerUrl() != null && 
        payUAcsRequest.getIssuerPostData() != null) {
        customBrowserConfig.setPostURL(payUAcsRequest.getIssuerUrl());
        customBrowserConfig.setPayuPostData(payUAcsRequest.getIssuerPostData());
    } else if (payUAcsRequest.getAcsTemplate() != null) {
        customBrowserConfig.setHtmlData(payUAcsRequest.getAcsTemplate());
    } else {
        // Set the first url to open in WebView
        customBrowserConfig.setPostURL(url);
        customBrowserConfig.setPayuPostData(payuConfig.getData());
    }
    
    // Launch CustomBrowser
    new CustomBrowser().addCustomBrowser(
        this,
        customBrowserConfig,
        customBrowserCallback
    );
    
    // Return false to indicate you're handling the fallback
    return false;
}

override fun shouldHandleFallback(payUAcsRequest: PayUAcsRequest): Boolean {
    // Option 1: Let SDK handle fallback (default)
    // return true
    
    // Option 2: Handle fallback yourself using CustomBrowser
    val customBrowserConfig = CustomBrowserConfig(merchantKey, txnId)
    
    // Set the issuerUrl and issuerPostData to open in WebView
    if (!payUAcsRequest.issuerUrl.isNullOrEmpty() && 
        !payUAcsRequest.issuerPostData.isNullOrEmpty()) {
        customBrowserConfig.postURL = payUAcsRequest.issuerUrl
        customBrowserConfig.payuPostData = payUAcsRequest.issuerPostData
    } else if (!payUAcsRequest.acsTemplate.isNullOrEmpty()) {
        customBrowserConfig.htmlData = payUAcsRequest.acsTemplate
    } else {
        // Set the first url to open in WebView
        customBrowserConfig.postURL = url
        customBrowserConfig.payuPostData = payuConfig.data
    }
    
    // Launch CustomBrowser
    CustomBrowser().addCustomBrowser(
        this,
        customBrowserConfig,
        customBrowserCallback
    )
    
    // Return false to indicate you're handling the fallback
    return false
}

Return Values:

true - SDK will handle the bank page redirection (default)
false - You will handle the bank page redirection using CustomBrowser

PayUAcsRequest Fields:

Field	Description
`issuerUrl`	Bank/ACS page URL for 3D Secure authentication
`issuerPostData`	POST data to be sent to the issuer URL. Use: `webView.postUrl(issuerUrl, issuerPostData.toByteArray())`
`acsTemplate`	HTML template to load if `issuerUrl` is empty. Use: `webView.loadData(acsTemplate, "text/html", "UTF-8")`

📘
When is this called? This callback is invoked when:

Card requires 3D Secure authentication

Bank needs additional verification

ACS (Access Control Server) page needs to be shown

Step 5: Verify the transaction using webhook

Webhook Verification

After you get the response from SDK, make sure to confirm it with the PayU server.

Note: It is recommended to implement the PayU Webhook or backend verifies calls from your backend.

Webhook is a server-to-server callback. Once this feature is activated for merchants, PayU would send an S2S response, in addition to an SDK callback, to the merchant. It is recommended for the merchant process the transaction order status – based on the S2S response and not via the Browser Redirection/SDK callback response to ensure optimum translation outcomes. For more information on the Webhook implementation, refer to Web Checkout Integration Documentation > Webhooks,

Also, you can verify payment through polling, the transaction status after the SDK callback from your backend. For more information, refer to Verify Payment API.

Test the Integration and Go-Live

Test the Integration

After the integration is complete, you must test the integration before you go live and start collecting payment. You can start accepting actual payments from your customers once the test is successful.

You can make test payments using one of the payment methods configured at the Checkout.

🚧
Callout
The Native-OTP flow is not available in the Test mode.

Go-live Checklists

Ensure these steps before you deploy the integration in a live environment.

Collect Live Payments

After testing the integration end-to-end, after you are sure that the integration is working as expected, you can switch to live mode to start accepting payments from your customers.

🚧
Watch Out!
Ensure that you are using the production merchant key and salt generated in the live mode.

Checklist 1: Update Production Key and Salt

To generate the live merchant key and salt:

Log in to the PayU Dashboard and switch to Live Mode on the menu.
Navigate to Developers → API Keys tab.
Copy the key and salt using the copy button.
Replace the Test key and salt with the Production key and salt in the payment integration code and start accepting actual payments.

Checklist 2: Configure environment() parameter

Set the value of the environment()to 0 in the payment integration code. This enables the integration to accept live payments.

Checklist 4:- Remove/comment meta -data code from manifest file :-

For Android

You must be comment/remove the below metadata code from the manifest file to use the UPI Collect flow on Production env:-

<application>
<meta-data android:name="payu_debug_mode_enabled" android:value="true" /> // set the value to false for production environment
<meta-data android:name="payu_web_service_url" android:value="https://test.payu.in" /> //Comment in case of Production-->
<meta-data android:name="payu_post_url" android:value="https://test.payu.in"/> //Comment in case of Production-->
</appliction>

Checklist 5: Configure verify payment method

Configure the Verify payment method to fetch the payment status. We strongly recommend that you use this as a back up method to handle scenarios where the payment callback is failed due to technical error.

Checklist 6: Configure Webhook

We recommend that you configure Webhook to receive payment responses on your server. For more information, refer to Webhooks.

Step 1. SDK Integration

Step 1: Create a PayU account

Step 2: Include the SDK in your application

Step 3: Set up payment hash and post data

Step 4: Initiate payment

Step 5: Implement Payment Callbacks

Step 5: Verify the transaction using webhook

Test the Integration and Go-Live

Test the Integration

Callout

Go-live Checklists

Watch Out!

Checklist 1: Update Production Key and Salt

For Android

EXAMPLE QUESTIONS