Native OTP Flow for BNPL
This section describes what is Native OTP flow with benefits and how to implement Native OTP flow when collecting payments using BNPL.
What is Native OTP flow
In general, the transaction OTP is captured on Bank pages through multiple hops. With Native OTP Flow, it will be triggered and captured on merchants or the PayU Payment page. The customer stays on the merchant’s (or PayU’s) website/app and completes the Card authentication process of entering OTP on the merchant’s (or PayU) website itself, rather than redirecting the user to a 3d-secure page to complete the transaction. This reduces hops, points of failure, or drops in the checkout process hence faster completion of transactions, better experience, and improved success rate so preferred over OTP on Bank’s Page.
Benefits
What are the advantages and why should merchants integrate this flow with PayU?
- Native OTP flow improves Success Rates of card transactions by 3-5% depending upon the source of transactions.
- It improves the overall user experience since multiple redirections are removed. Also, the customer never leaves the merchant website, which helps in providing a seamless experience. It also reduces drop rates due to users’ fluctuating internet speed issues.
- PayU supports all major banks – 15+ banks including HDFC, AXIS, ICICI, SBI, KOTAK, RBL, etc. – on this flow for Cards, cardless, CC EMI, DC EMI’s, and BNPLs.
The flow supports the latest native OTP generation flows through the Payment (_payment)API, followed by Submit OTP API, to initiate an S2S=4 transaction.
Note:
If you don’t have BNPL enabled, try requesting using Dashboard. For more information, refer to Checkout payment modes. If you could not request through Dashboard, contact your PayU Key Account Manager or PayU Support.
Steps to Integrate
Step 1: Check the BNPL eligibility
For request parameters and response to perform BNPL Eligibility Check, refer to Get Checkout Details API.
Step 2: Initiate the payment
Reference:
For Try It experience, refer to Collect Payments API - BNPL under API Reference.
Request parameters
Parameter | Description | Example |
---|---|---|
keymandatory | String Merchant key provided by PayU during onboarding. | JPg***r |
txnidmandatory | String The transaction ID is a reference number for a specific order that is generated by the merchant. | ypl938459435 |
amount mandatory | String The payment amount for the transaction. | 10.00 |
productinfo mandatory | String A brief description of the product. | iPhone |
firstname mandatory | String The first name of the customer. | Ashish |
emailmandatory | String The email address of the customer. | [email protected] |
phonemandatory | String The phone number of the customer. | |
pg mandatory | String It defines the payment category using the Merchant Hosted Checkout integration. For a BNPL payment, "BNPL" must be specified in the pg parameter. | BNPL |
bankcode mandatory | String The merchant must post this parameter with the corresponding payment option’s bank code value in it. For the list of bankcodes for BNPL, refer to BNPL Codes . | LAZYPAY |
furlmandatory | String The success URL, which is the page PayU will redirect to if the transaction is successful. | |
surlmandatory | String The Failure URL, which is the page PayU will redirect to if the transaction is failed. | |
hashmandatory | String It is the hash calculated by the merchant. The hash calculation logic is:sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT) | |
address1optional | String The first line of the billing address.For Fraud Detection: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information. | |
address2optional | String The second line of the billing address. | |
cityoptional | String The city where your customer resides as part of the billing address. | |
stateoptional | String The state where your customer resides as part of the billing address, | |
countryoptional | String The country where your customer resides. | |
zipcodeoptional | String Billing address zip code is mandatory for the cardless EMI option.Character Limit -20 | |
udf1optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5. | |
udf2optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5. | |
udf3optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. | |
udf4optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. | |
udf5optional | String User-defined fields (udf) are used to store any information corresponding to a particular transaction. |
Checked the response mentioned inCollect Payments API - BNPL under API Reference..
Hashing
You must hash the request parameters using the following hash logic:
sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)
For more information, refer to Generate Hash.
Step 3: Check the response from PayU
Sample payment response
{
"metaData": {
"message": null,
"referenceId": "6a037a290af9253a1d300c8ad0b24c94",// mihpayencoded payuid
"statusCode": null,
"txnId": "5b7d06c6bf7d4dc2d3a8",
"txnStatus": "pending",
"unmappedStatus": "pending"
},
"result": { "acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVu 12 dF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vcHA5NHNlY3VyZS5wYXl1LmluL19wYXltZW50X29wdGlvbnM 13 /bWlocGF5aWQ9NzI0MGQ0OTE5NDJiYzg2NmE1ZTZiNDc2ZTNhZTVkODkmcmVzZW5kRWxpZ2liaWxpdHl 14 SZXM9MzU5NGM3M2IxOGY3Y2E5ZTgxNDZmMGJiM2QwYmQ4NDI5ZTVhMjBjMmY2MWQ3NzhiZmQwZmI0YjB 15 kNDMwZWJkMjFhOGQ4ZmYyMGU3Nzc1OGM5MDNhNzFmZTIyZDM5ZDE0OTQxMjcwMzRlZDdkNTA1MjM3Y2I 16 2ZjdiZjgwY2MzMTA3YTAyY2JkMjIyMTdjMTlmNjY2MmVmYWM4ZThmODNkY2E5MDI0NzBhOTgxYmRkMGE 17 wYzAzODQ3ZDU0NmY0MWFkOGYzMDY2YjJjY2M4YTM1OWUwMzAzMjk1M2YzNjExMmQwZTU1MWVjMTliYTc 18 xOTU0ZGZlNzg4ZDE4YTI4YWM3NjA5YmE1M2JkNzc1NDhjZmZiODE4ODIzNDdmYzhiOTczMTU1MDlhZmR 19 mOGEwODk0NDQzY2Y5MWUwYjFmZGU4NDU5NGJlZTZmYzlkMzlkYTg4NGYzMDIxZWIyMjI0NjE4ZTJjN2Y 20 xMTVhMDIwNTcwNTE5ODcyMjBlYzc4NjRlY2M0NGEwMTI0MTdlNDg4MGIxODdlZTFmMTIzNjNhMjVhNGJ 21 lYzYyZDgzMjJlYjFiMTg1MTk1YTcxNDEyNGI1ZGU5NDMwOWE2ZGNlNDJlZjQ0MTQ2NGQzNDYyZTc4MDk 22 2NzBjIiBtZXRob2Q9InBvc3QiPjwvZm9ybT48c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+CiA 23 gICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cub25sb2FkPWZ1bmN0aW9uKCl7CiAgICAgICA 24 gICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbJ3BheW1lbnRfcG9zdCddLnN1Ym1 25 pdCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICA 26 8L3NjcmlwdD48L2JvZHk+PC9odG1sPg==",// Base64 Encoded HTML 27 "otpPostUrl": "https://test.payu.in/ResponseHandler.php}
}
Handling payment response
This sub-section describes the components of the payment response received with Native OTP or Zero Redirection flow. It contains the metaData and result JSON as described in this subsection:
metaData JSON fields description
Field | Description |
---|---|
message | This field contains any additional message about the transaction. |
referenceId | This field contains the reference ID of the transaction. |
statusCode | This field contains the status code for the transaction. |
txnId | This field contains the transaction ID of the transaction that was posted in the request. |
unmappedStatus | This field contains the unmapped status of the transaction. For more information, refer to Payment State Explanations. |
result JSON fields description
The result JSON contains the acsTemplate with base64 encoding.
Field | Description |
---|---|
mihpayid | It is a unique reference number created for each transaction at PayU’s end. You must note this transaction ID as this will be used as a reference for all the future actions on this transaction like Inquiry or Refund. |
mode | This parameter describes the payment category by which the transaction was completed or attempted by the customer. For the payment categories, refer to Payment Mode Codes. |
status | This parameter gives the status of the transaction as either success, failed or pending. Possible values: success, failure, pending If the value of the ‘status’ parameter is ’success’, the transaction is successful. If the value of ‘status’ is ‘failure’ or ‘pending’, must be treated as a failed transaction only. |
key | This parameter contains the merchant key for the merchant’s account at PayU. It would be the same as the key used while the transaction request is being posted from the merchant’s end to PayU. |
txnid | This parameter would contain the transaction ID value posted by the merchant during the transaction request. |
amount | This parameter would contain the original amount which was sent in the transaction request by the merchant. |
productinfo | This parameter would contain the same value of product information which was sent in the transaction request from the merchant’s end to PayU. |
firstname | This parameter would contain the same value of first name which was sent in the transaction request from the merchant’s end to PayU. |
lastname | This parameter would contain the same value of last name which was sent in the transaction request from the merchant’s end to PayU. |
This parameter would contain the same value of email which was sent. | |
phone | This parameter would contain the same value of phone which was sent in the transaction request from the merchant’s end to PayU. |
udf | This parameter would contain the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5. |
hash | PayU calculates the hash using a string of other parameters and returns it to the merchant. The merchant must verify the hash, and only then mark a transaction as success/failure. This is to make sure that the transaction hasn’t been tampered with. |
error | For the failed transactions, this parameter provides the reason for
failure.
Note: The reason for failure depends upon the error codes provided by different banks and hence the detailing of error reasons may differ from one transaction to another. The merchant can use this parameter to retrieve the reason for failure for a particular transaction. |
bankcode | This parameter contains the code indicating the payment option used for the transaction. For example, in the Debit Card mode, there are different options like Visa Debit Card, Mastercard, Maestro etc. For each option, a unique bank code exists. It would be returned in this bank code parameter. For example, Visa Debit Card – VISA, Master Debit Card – MAST. |
PG_TYPE | This parameter gives information on the payment gateway used for the transaction. For example, if CC PG was used, it would contain the value CC-PG. Similarly, it would have a unique value for all different types of payment gateways. |
bank_ref_num | For each successful transaction – this parameter would contain the bank reference number generated by the bank. |
unmappedstatus | This parameter contains the status of a transaction as per the internal database of PayU. PayU’s system has several intermediate status which are used for tracking various activities internal to the system. For more information, refer to Payment State Explanations. |
Notes:
To request OTP on a page, you can utilize the URLs in the response itself. There are two URLs to use:
- otpPostUrl (Merchant Hosted OTP page)
- acsTemplate (PayU Hosted OTP page) which acts as a fallback
If you are getting a URL in otpPostUrl
, use otpPostUrl
, otherwise, you can use acsTemplate
, which acts as a fallback. In this scenario, use PayU (or WebView or Checkout) OTP page as this is a fallback case.
Hence, for cases where the above response is not successful, it could either be Failed or Pending. In the Pending state, you can send a fallback URL (as above) which can be shown to the customer.
acsTemplate
acsTemplate is base64 encoded, after decoding we’ll get an HTML like below:
<html>
<body>
<form name="payment_post" id="payment_post" action="https://test.payu.in/
_payment_options?mihpayid=1983a7cf520b567155ed95ca181e37e3&resendEligibilityRes =3594c73b18f7ca9e8146f0bb3d0bd8429e5a20c2f61d778bfd0fb4b0d430ebd21a8d8ff20e7775 8c903a71fe22d39d1494127034ed7d505237cb6f7bf80cc3107a02cbd22217c19f6662efac8e8f8 3dca902470a981bdd0a0c03847d546f41ad8f3066b2ccc8a359e03032953f36112d0e551ec19ba7 1954dfe788d18a28ac7609ba53bd77548cffb81882347fc8b97315509afdf8a0894443cf91e0b1f de84594bee6fc9d39da884f3021eb2224618e2c7f115a02057051987220ec7864ecc44a012417e4 880b187ee1f12363a25a4bec62d8322eb1b185195a714124b5de94309a6dce42ef441464d3462e7
809670c" method="post"></form>
<script type='text/javascript'>
window.onload=function(){
document.forms['payment_post'].submit();
}
</script>
</body>
</html>
On opening the above HTML, you will get a PayU checkout OTP page similar to the following:
From here, the steps are as in PayU Hosted (non-seamless) or Merchant Hosted or Server-to-Server (seamless) transactions.
Handling Failure Response
This is a situation where the _payment API has a complete failure. Hence, you will be getting ‘failed’ in txnStatus
and otpPostUrl
is also not received in the result object.
{
"metaData":
{
"message": "Transaction Failed at bank end.",
"referenceId": "ea68a970115a9d87c6ece8d0218e6c2a",
"statusCode": "E308",
"txnId": "54d2d883f8e4a3fff6ba",
"txnStatus": "failed",
"unmappedStatus": "failure"
},
"result": {}
}
Step 4: Submit the OTP
After you have collected the OTP from the customer, the reference ID can be found in the Payment API (_payment) response. Submit the OTP that is entered by the customer is submitted along with the reference ID using the Submit OTP API.
Updated 3 months ago