Native OTP Flow

This section describes what is Native OTP flow with benefits and how to implement Native OTP flow when collecting payments using BNPL.

What is Native OTP flow

In general, the transaction OTP is captured on Bank pages through multiple hops. With Native OTP Flow, it will be triggered and captured on merchants or the PayU Payment page. The customer stays on the merchant’s (or PayU’s) website/app and completes the Card authentication process of entering OTP on the merchant’s (or PayU) website itself, rather than redirecting the user to a 3d-secure page to complete the transaction. This reduces hops, points of failure, or drops in the checkout process hence faster completion of transactions, better experience, and improved success rate so preferred over OTP on Bank’s Page.


What are the advantages and why should merchants integrate this flow with PayU?

  • Native OTP flow improves Success Rates of card transactions by 3-5% depending upon the source of transactions.
  • It improves the overall user experience since multiple redirections are removed. Also, the customer never leaves the merchant website, which helps in providing a seamless experience. It also reduces drop rates due to users’ fluctuating internet speed issues.
  • PayU supports all major banks – 15+ banks including HDFC, AXIS, ICICI, SBI, KOTAK, RBL, etc. – on this flow for Cards, cardless, CC EMI, DC EMI’s, and BNPLs.

The flow supports the latest native OTP generation flows through the Payment (_payment)API, followed by Submit OTP API, to initiate an S2S=4 transaction.



If you don’t have BNPL enabled, try requesting using Dashboard. For more information, refer to Checkout payment modes. If you could not request through Dashboard, contact your PayU Key Account Manager or PayU Support.

Steps to Integrate

  1. Check the BNPL eligibility
  2. Initiate the payment
  3. Check the payment response from Payu
  4. Submit the OTP

Step 1: Check the BNPL eligibility

For request parameters and response to perform BNPL Eligibility Check, refer to Get Checkout Details API.

Step 2: Initiate the payment

Along with the mandatory parameters mentioned in Collect Payments API - BNPL under API Reference, you must post the following parameters for the BNPL:

pgString It defines the payment category using the Merchant Hosted Checkout integration. For a BNPL payment, "BNPL" must be specified in the pg parameter.
bankcode_String_The merchant must post this parameter with the corresponding payment option’s bank code value in it. For the list of bankcodes for BNPL, refer to BNPL Codes.

Checked the response mentioned inCollect Payments API - BNPL under API Reference..

Step 3: Check the payment response from PayU

Sample payment response

  "metaData": { 
    "message": null, 
    "referenceId": "6a037a290af9253a1d300c8ad0b24c94",// mihpayencoded payuid 
    "statusCode": null, 
    "txnId": "5b7d06c6bf7d4dc2d3a8", 
    "txnStatus": "pending", 
    "unmappedStatus": "pending" 
  "result": { "acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVu 12 dF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vcHA5NHNlY3VyZS5wYXl1LmluL19wYXltZW50X29wdGlvbnM 13 /bWlocGF5aWQ9NzI0MGQ0OTE5NDJiYzg2NmE1ZTZiNDc2ZTNhZTVkODkmcmVzZW5kRWxpZ2liaWxpdHl 14 SZXM9MzU5NGM3M2IxOGY3Y2E5ZTgxNDZmMGJiM2QwYmQ4NDI5ZTVhMjBjMmY2MWQ3NzhiZmQwZmI0YjB 15 kNDMwZWJkMjFhOGQ4ZmYyMGU3Nzc1OGM5MDNhNzFmZTIyZDM5ZDE0OTQxMjcwMzRlZDdkNTA1MjM3Y2I 16 2ZjdiZjgwY2MzMTA3YTAyY2JkMjIyMTdjMTlmNjY2MmVmYWM4ZThmODNkY2E5MDI0NzBhOTgxYmRkMGE 17 wYzAzODQ3ZDU0NmY0MWFkOGYzMDY2YjJjY2M4YTM1OWUwMzAzMjk1M2YzNjExMmQwZTU1MWVjMTliYTc 18 xOTU0ZGZlNzg4ZDE4YTI4YWM3NjA5YmE1M2JkNzc1NDhjZmZiODE4ODIzNDdmYzhiOTczMTU1MDlhZmR 19 mOGEwODk0NDQzY2Y5MWUwYjFmZGU4NDU5NGJlZTZmYzlkMzlkYTg4NGYzMDIxZWIyMjI0NjE4ZTJjN2Y 20 xMTVhMDIwNTcwNTE5ODcyMjBlYzc4NjRlY2M0NGEwMTI0MTdlNDg4MGIxODdlZTFmMTIzNjNhMjVhNGJ 21 lYzYyZDgzMjJlYjFiMTg1MTk1YTcxNDEyNGI1ZGU5NDMwOWE2ZGNlNDJlZjQ0MTQ2NGQzNDYyZTc4MDk 22 2NzBjIiBtZXRob2Q9InBvc3QiPjwvZm9ybT48c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+CiA 23 gICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cub25sb2FkPWZ1bmN0aW9uKCl7CiAgICAgICA 24 gICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbJ3BheW1lbnRfcG9zdCddLnN1Ym1 25 pdCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICA 26 8L3NjcmlwdD48L2JvZHk+PC9odG1sPg==",// Base64 Encoded HTML 27 "otpPostUrl": "} 

Handling payment response

This sub-section describes the components of the payment response received with Native OTP or Zero Redirection flow. It contains the metaData and result JSON as described in this subsection:

metaData JSON fields description

messageThis field contains any additional message about the transaction.
referenceIdThis field contains the reference ID of the transaction.
statusCodeThis field contains the status code for the transaction.
txnIdThis field contains the transaction ID of the transaction that was posted in the request.
unmappedStatusThis field contains the unmapped status of the transaction. For more information, refer to Payment State Explanations.

result JSON fields description

The result JSON contains the acsTemplate with base64 encoding.

mihpayidIt is a unique reference number created for each transaction at PayU’s end. You must note this transaction ID as this will be used as a reference for all the future actions on this transaction like Inquiry or Refund.
modeThis parameter describes the payment category by which the transaction was completed or attempted by the customer. For the payment categories, refer to Payment Mode Codes.
statusThis parameter gives the status of the transaction as either success, failed or pending.
Possible values: success, failure, pending
If the value of the ‘status’ parameter is ’success’, the transaction is successful.
If the value of ‘status’ is ‘failure’ or ‘pending’, must be treated as a failed transaction only.
keyThis parameter contains the merchant key for the merchant’s account at PayU. It would be the same as the key used while the transaction request is being posted from the merchant’s end to PayU.
txnidThis parameter would contain the transaction ID value posted by the merchant during the transaction request.
amountThis parameter would contain the original amount which was sent in the transaction request by the merchant.
productinfoThis parameter would contain the same value of product information which was sent in the transaction request from the merchant’s end to PayU.
firstnameThis parameter would contain the same value of first name which was sent in the transaction request from the merchant’s end to PayU.
lastnameThis parameter would contain the same value of last name which was sent in the transaction request from the merchant’s end to PayU.
emailThis parameter would contain the same value of email which was sent.
phoneThis parameter would contain the same value of phone which was sent in the transaction request from the merchant’s end to PayU.
udfThis parameter would contain the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5.
hashPayU calculates the hash using a string of other parameters and returns it to the merchant. The merchant must verify the hash, and only then mark a transaction as success/failure. This is to make sure that the transaction hasn’t been tampered with.
errorFor the failed transactions, this parameter provides the reason for 

Note: The reason for failure depends upon the error codes provided by different banks and hence the detailing of error reasons may differ from one transaction to another. The merchant can use this parameter to retrieve the reason for failure for a particular transaction.
bankcodeThis parameter contains the code indicating the payment option used for the transaction. For example, in the Debit Card mode, there are different options like Visa Debit Card, Mastercard, Maestro etc. For each option, a unique bank code exists. It would be returned in this bank code parameter. For example, Visa Debit Card – VISA, Master Debit Card – MAST.
PG_TYPEThis parameter gives information on the payment gateway used for the transaction. For example, if CC PG was used, it would contain the value CC-PG. Similarly, it would have a unique value for all different types of payment gateways.
bank_ref_numFor each successful transaction – this parameter would contain the bank reference number generated by the bank.
unmappedstatusThis parameter contains the status of a transaction as per the internal database of PayU. PayU’s system has several intermediate status which are used for tracking various activities internal to the system. For more information, refer to Payment State Explanations.



To request OTP on a page, you can utilize the URLs in the response itself. There are two URLs to use:

  • otpPostUrl (Merchant Hosted OTP page)
  • acsTemplate (PayU Hosted OTP page) which acts as a fallback

If you are getting a URL in otpPostUrl, use otpPostUrl, otherwise, you can use acsTemplate, which acts as a fallback. In this scenario, use PayU (or WebView or Checkout) OTP page as this is a fallback case.

Hence, for cases where the above response is not successful, it could either be Failed or Pending. In the Pending state, you can send a fallback URL (as above) which can be shown to the customer.


acsTemplate is base64 encoded, after decoding we’ll get an HTML like below:

      <form name="payment_post" id="payment_post" action=" 
      _payment_options?mihpayid=1983a7cf520b567155ed95ca181e37e3&resendEligibilityRes       =3594c73b18f7ca9e8146f0bb3d0bd8429e5a20c2f61d778bfd0fb4b0d430ebd21a8d8ff20e7775       8c903a71fe22d39d1494127034ed7d505237cb6f7bf80cc3107a02cbd22217c19f6662efac8e8f8       3dca902470a981bdd0a0c03847d546f41ad8f3066b2ccc8a359e03032953f36112d0e551ec19ba7       1954dfe788d18a28ac7609ba53bd77548cffb81882347fc8b97315509afdf8a0894443cf91e0b1f       de84594bee6fc9d39da884f3021eb2224618e2c7f115a02057051987220ec7864ecc44a012417e4      880b187ee1f12363a25a4bec62d8322eb1b185195a714124b5de94309a6dce42ef441464d3462e7 
      809670c" method="post"></form> 
      <script type='text/javascript'> 

On opening the above HTML, you will get a PayU checkout OTP page similar to the following:

From here, the steps are as in PayU Hosted (non-seamless) or Merchant Hosted or Server-to-Server (seamless) transactions.

Handling Failure Response

This is a situation where the _payment API has a complete failure. Hence, you will be getting ‘failed’ in txnStatus and otpPostUrl is also not received in the result object.

    "message": "Transaction Failed at bank end.", 
    "referenceId": "ea68a970115a9d87c6ece8d0218e6c2a", 
    "statusCode": "E308", 
    "txnId": "54d2d883f8e4a3fff6ba", 
    "txnStatus": "failed", 
    "unmappedStatus": "failure" 
  "result": {} 

Step 4: Submit the OTP

After you have collected the OTP from the customer, the reference ID can be found in the Payment API (_payment) response. Submit the OTP that is entered by the customer is submitted along with the reference ID using the Submit OTP API.