Native OTP Flow Integration
Native OTP Flow is a method of capturing transaction OTPs that happens on the merchant or PayU Payment page, rather than on a bank’s page through multiple hops. This means that customers stay on the merchant or PayU website to complete the card authentication process, entering the OTP on the same page where they are making the purchase, rather than being redirected to a 3D-secure page. This reduces the number of steps in the checkout process, resulting in a faster and smoother experience for customers and a higher success rate for merchants. As a result, Native OTP Flow is preferred over OTP on a bank’s page.
You can enable Native OTP flow in EMI payments and collect payments. Currently, Native OTP can be enabled for the following types of EMI payments:
Note: If you don’t have EMI enabled, try requesting using Dashboard. For more information, refer to Configure Checkout Settings. If you could not request through Dashboard, contact your PayU Key Account Manager or PayU Support.
Benefits
What are the advantages and why should merchants integrate this flow with PayU?
- Increase Success Rates — Native OTP flow improves Success Rates of card transactions by 3-5% depending upon the source of transactions.
- Less Redirection — It improves the overall user experience since multiple redirections are removed. Also, the customer never leaves the merchant website, which helps in providing a seamless experience. It also reduces drop rates due to users’ fluctuating internet speed issues.
- PayU supports all major banks — 15+ banks including HDFC, AXIS, ICICI, SBI, KOTAK, RBL, etc. – on this flow for Cards, cardless, CC EMI, DC EMI’s, and BNPLs.
This flow supports the latest native OTP generation flow (server-to-server) via Initiate Payment API, followed by the Submit OTP API, to initiate an S2S=4 transaction.
Debit Card EMI
The steps involved in debit card integration with native OTP flow:
Step 1: Check Pre-EMI Eligibility
Before initiating a payment request for a customer, it is necessary to check their eligibility using the Get Checkout Details API. For more information, refer to Get Checkout Details API.
Step 2: Initiate the payment request
Request parameters
Send the transaction information to PayU through a server-to-server curl request to initiate the transaction. As a result of this API call, the customer will receive the OTP. For more information, refer to Collect Payment API - Server-to-Server.
Request parameters
Parameter | Description | Example |
---|---|---|
s2s_device_info
|
| Mozilla |
s2s_client_ip
|
| 10.11.101.11' |
txn_s2s_flow
|
| 4 |
Sample request
Sample response
curl -X POST "https://test.payu.in/_payment" \
-H "accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "key=JP***g" \
-d "txnid=H6mUfE0ccAY94j" \
-d "amount=20000.00" \
-d "firstname=Ashish" \
-d "[email protected]" \
-d "phone=9876543210" \
-d "productinfo=iPhone" \
-d "pg=EMI" \
-d "bankcode=EMIA3" \
-d "surl=https://apiplayground-response.herokuapp.com/" \
-d "furl=https://apiplayground-response.herokuapp.com/" \
-d "ccnum=5123456789012346" \
-d "ccexpmon=05" \
-d "ccexpyr=2022" \
-d "ccvv=123" \
-d "ccname=" \
-d "s2s_device_info=Mozilla" \
-d "s2s_client_ip=10.11.101.11" \
-d "txn_s2s_flow=4" \
-d "hash=782057a8bb0288c858149b4805103befa22041bb3092bc45a813738b43742e31baeae92375be5286a98b44ed66c36121aba0fff6a3170339a4949bc880125d36"
/**
* PayU Credit Card EMI Payment with Native OTP Flow Integration
*
* IMPORTANT: This should only be executed server-side (e.g., in Node.js), never in the browser,
* as it contains sensitive payment information.
*/
// Form data parameters
const formData = new URLSearchParams();
formData.append('key', 'JP***g'); // Your merchant key
formData.append('txnid', 'H6mUfE0ccAY94j'); // Unique transaction ID
formData.append('amount', '20000.00'); // Payment amount
formData.append('firstname', 'Ashish'); // Customer's name
formData.append('email', '[email protected]'); // Customer's email
formData.append('phone', '9876543210'); // Customer's phone
formData.append('productinfo', 'iPhone'); // Product information
formData.append('pg', 'EMI'); // Payment gateway (EMI)
formData.append('bankcode', 'EMIA3'); // Bank code (Axis Bank EMI)
formData.append('surl', 'https://apiplayground-response.herokuapp.com/'); // Success URL
formData.append('furl', 'https://apiplayground-response.herokuapp.com/'); // Failure URL
// Card details - SENSITIVE DATA
formData.append('ccnum', '5123456789012346'); // Card number
formData.append('ccexpmon', '05'); // Expiry month
formData.append('ccexpyr', '2022'); // Expiry year
formData.append('ccvv', '123'); // CVV
formData.append('ccname', ''); // Cardholder name
// Native OTP flow parameters
formData.append('s2s_device_info', 'Mozilla'); // Customer's device info
formData.append('s2s_client_ip', '10.11.101.11'); // Customer's IP address
formData.append('txn_s2s_flow', '4'); // Native OTP flow identifier
// Security hash
formData.append('hash', '782057a8bb0288c858149b4805103befa22041bb3092bc45a813738b43742e31baeae92375be5286a98b44ed66c36121aba0fff6a3170339a4949bc880125d36');
// Request options
const requestOptions = {
method: 'POST',
headers: {
'accept': 'application/json',
'Content-Type': 'application/x-www-form-urlencoded'
},
body: formData
};
// Execute the request
fetch('https://test.payu.in/_payment', requestOptions)
.then(response => {
console.log('Status Code:', response.status);
return response.text(); // or response.json() if you're sure it returns JSON
})
.then(data => {
console.log('Response:', data);
// Process payment response here and handle OTP flow
// For Native OTP flow, you'll need to display OTP input to the user
// and submit it in a subsequent request
})
.catch(error => {
console.error('Error:', error);
});
import urllib.request
import urllib.parse
import json
from typing import Dict, Any
def process_emi_payment_with_native_otp() -> Dict[str, Any]:
"""
Process credit card EMI payment with Native OTP flow using PayU's S2S integration
IMPORTANT: This is a server-side function. Never expose payment details to client-side code.
Returns:
Dictionary with response from PayU API
"""
# API endpoint
url = "https://test.payu.in/_payment"
# Prepare the form data
payload = {
"key": "JP***g", # Your merchant key
"txnid": "H6mUfE0ccAY94j", # Unique transaction ID
"amount": "20000.00", # Payment amount
"firstname": "Ashish", # Customer's name
"email": "[email protected]", # Customer's email
"phone": "9876543210", # Customer's phone
"productinfo": "iPhone", # Product information
"pg": "EMI", # Payment gateway (EMI)
"bankcode": "EMIA3", # Bank code (Axis Bank EMI)
"surl": "https://apiplayground-response.herokuapp.com/", # Success URL
"furl": "https://apiplayground-response.herokuapp.com/", # Failure URL
# Card details - SENSITIVE DATA
"ccnum": "5123456789012346", # Card number
"ccexpmon": "05", # Expiry month
"ccexpyr": "2022", # Expiry year
"ccvv": "123", # CVV
"ccname": "", # Cardholder name
# Native OTP flow parameters
"s2s_device_info": "Mozilla", # Customer's device info
"s2s_client_ip": "10.11.101.11", # Customer's IP address
"txn_s2s_flow": "4", # Native OTP flow identifier
# Security hash
"hash": "782057a8bb0288c858149b4805103befa22041bb3092bc45a813738b43742e31baeae92375be5286a98b44ed66c36121aba0fff6a3170339a4949bc880125d36"
}
# Convert dictionary to URL-encoded form data
data = urllib.parse.urlencode(payload).encode('utf-8')
# Set headers
headers = {
"accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded"
}
# Create a request object
req = urllib.request.Request(url, data=data, headers=headers, method="POST")
try:
# Send the request and get the response
with urllib.request.urlopen(req) as response:
response_data = response.read().decode('utf-8')
# Process and return response
return {
"status_code": response.getcode(),
"response": response_data
}
except urllib.error.HTTPError as e:
# Handle HTTP errors
error_data = e.read().decode('utf-8')
return {
"status_code": e.code,
"error": e.reason,
"response": error_data
}
except Exception as e:
# Handle other exceptions
return {
"status_code": 500,
"error": str(e),
"response": "An error occurred during payment processing"
}
# Example usage
if __name__ == "__main__":
result = process_emi_payment_with_native_otp()
print(f"Status Code: {result['status_code']}")
if 'error' in result:
print(f"Error: {result['error']}")
print(f"Response: {result['response']}")
# For Native OTP flow, you'll need to display OTP input to the user
# and submit it in a subsequent request
<?php
/**
* Process credit card EMI payment with Native OTP flow using PayU's S2S integration
*
* IMPORTANT: This is a server-side function. Never expose payment details to client-side code.
*
* @return array Response from PayU API
*/
function processEmiPaymentWithNativeOtp() {
// API endpoint
$url = "https://test.payu.in/_payment";
// Prepare the form data
$payload = [
"key" => "JP***g", // Your merchant key
"txnid" => "H6mUfE0ccAY94j", // Unique transaction ID
"amount" => "20000.00", // Payment amount
"firstname" => "Ashish", // Customer's name
"email" => "[email protected]", // Customer's email
"phone" => "9876543210", // Customer's phone
"productinfo" => "iPhone", // Product information
"pg" => "EMI", // Payment gateway (EMI)
"bankcode" => "EMIA3", // Bank code (Axis Bank EMI)
"surl" => "https://apiplayground-response.herokuapp.com/", // Success URL
"furl" => "https://apiplayground-response.herokuapp.com/", // Failure URL
// Card details - SENSITIVE DATA
"ccnum" => "5123456789012346", // Card number
"ccexpmon" => "05", // Expiry month
"ccexpyr" => "2022", // Expiry year
"ccvv" => "123", // CVV
"ccname" => "", // Cardholder name
// Native OTP flow parameters
"s2s_device_info" => "Mozilla", // Customer's device info
"s2s_client_ip" => "10.11.101.11", // Customer's IP address
"txn_s2s_flow" => "4", // Native OTP flow identifier
// Security hash
"hash" => "782057a8bb0288c858149b4805103befa22041bb3092bc45a813738b43742e31baeae92375be5286a98b44ed66c36121aba0fff6a3170339a4949bc880125d36"
];
// Initialize cURL session
$ch = curl_init($url);
// Set cURL options
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($payload));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"accept: application/json",
"Content-Type: application/x-www-form-urlencoded"
]);
// For additional security in production
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
// Execute the request
$response = curl_exec($ch);
$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error = curl_error($ch);
$errno = curl_errno($ch);
// Close cURL session
curl_close($ch);
// Handle response
if ($errno) {
return [
"status_code" => 500,
"error" => $error,
"response" => "cURL Error: " . $error
];
}
// Process the response
// For Native OTP flow, you'll need to display OTP input to the user
// and submit it in a subsequent request
return [
"status_code" => $statusCode,
"response" => $response
];
}
// Example usage
$result = processEmiPaymentWithNativeOtp();
echo "Status Code: " . $result["status_code"] . "\n";
if (isset($result["error"])) {
echo "Error: " . $result["error"] . "\n";
}
echo "Response: " . $result["response"] . "\n";
?>
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.StringJoiner;
/**
* PayU Credit Card EMI Payment with Native OTP Flow Integration
*
* IMPORTANT: This is a server-side implementation. Never expose payment details to client-side code.
*/
public class PayUEmiPaymentWithNativeOtpProcessor {
// API endpoint
private static final String PAYU_TEST_URL = "https://test.payu.in/_payment";
/**
* Process credit card EMI payment with Native OTP flow through PayU
* @return PaymentResponse containing status and response data
*/
public PaymentResponse processEmiPaymentWithNativeOtp() {
try {
// Initialize URL
URL url = new URL(PAYU_TEST_URL);
// Prepare form parameters
Map<String, String> params = new HashMap<>();
params.put("key", "JP***g"); // Your merchant key
params.put("txnid", "H6mUfE0ccAY94j"); // Unique transaction ID
params.put("amount", "20000.00"); // Payment amount
params.put("firstname", "Ashish"); // Customer's name
params.put("email", "[email protected]"); // Customer's email
params.put("phone", "9876543210"); // Customer's phone
params.put("productinfo", "iPhone"); // Product information
params.put("pg", "EMI"); // Payment gateway (EMI)
params.put("bankcode", "EMIA3"); // Bank code (Axis Bank EMI)
params.put("surl", "https://apiplayground-response.herokuapp.com/"); // Success URL
params.put("furl", "https://apiplayground-response.herokuapp.com/"); // Failure URL
// Card details - SENSITIVE DATA
params.put("ccnum", "5123456789012346"); // Card number
params.put("ccexpmon", "05"); // Expiry month
params.put("ccexpyr", "2022"); // Expiry year
params.put("ccvv", "123"); // CVV
params.put("ccname", ""); // Cardholder name
// Native OTP flow parameters
params.put("s2s_device_info", "Mozilla"); // Customer's device info
params.put("s2s_client_ip", "10.11.101.11"); // Customer's IP address
params.put("txn_s2s_flow", "4"); // Native OTP flow identifier
// Security hash
params.put("hash", "782057a8bb0288c858149b4805103befa22041bb3092bc45a813738b43742e31baeae92375be5286a98b44ed66c36121aba0fff6a3170339a4949bc880125d36");
// Convert parameters to URL-encoded form data
StringJoiner formData = new StringJoiner("&");
for (Map.Entry<String, String> entry : params.entrySet()) {
formData.add(URLEncoder.encode(entry.getKey(), "UTF-8") + "=" +
URLEncoder.encode(entry.getValue(), "UTF-8"));
}
byte[] postData = formData.toString().getBytes(StandardCharsets.UTF_8);
// Configure connection
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("accept", "application/json");
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setRequestProperty("Content-Length", String.valueOf(postData.length));
conn.setDoOutput(true);
conn.setConnectTimeout(5000);
conn.setReadTimeout(15000);
// Send request
try (DataOutputStream dos = new DataOutputStream(conn.getOutputStream())) {
dos.write(postData);
dos.flush();
}
// Get response
int responseCode = conn.getResponseCode();
// Read response data
StringBuilder response = new StringBuilder();
try (BufferedReader reader = new BufferedReader(
new InputStreamReader(
responseCode >= 400 ? conn.getErrorStream() : conn.getInputStream(),
StandardCharsets.UTF_8))) {
String line;
while ((line = reader.readLine()) != null) {
response.append(line);
}
}
// Process the response
// For Native OTP flow, you'll need to display OTP input to the user
// and submit it in a subsequent request
return new PaymentResponse(responseCode, response.toString(), null);
} catch (IOException e) {
// Handle exception
return new PaymentResponse(500, null, "Error: " + e.getMessage());
}
}
/**
* Payment response wrapper class
*/
public static class PaymentResponse {
private final int statusCode;
private final String response;
private final String error;
public PaymentResponse(int statusCode, String response, String error) {
this.statusCode = statusCode;
this.response = response;
this.error = error;
}
public int getStatusCode() {
return statusCode;
}
public String getResponse() {
return response;
}
public String getError() {
return error;
}
public boolean isSuccess() {
return statusCode >= 200 && statusCode < 300;
}
}
// Example usage
public static void main(String[] args) {
PayUEmiPaymentWithNativeOtpProcessor processor = new PayUEmiPaymentWithNativeOtpProcessor();
PaymentResponse result = processor.processEmiPaymentWithNativeOtp();
System.out.println("Status Code: " + result.getStatusCode());
if (result.isSuccess()) {
System.out.println("Response: " + result.getResponse());
// Here you would extract OTP page details from the response
// and display the OTP input to the user
} else {
System.out.println("Error: " + result.getError());
}
}
}
using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Threading.Tasks;
using System.Text;
namespace PayUEmiNativeOtpIntegration
{
/// <summary>
/// PayU Credit Card EMI Payment with Native OTP Flow Processor
///
/// IMPORTANT: This is a server-side implementation. Never expose payment details to client-side code.
/// </summary>
public class PayUEmiPaymentWithNativeOtpProcessor
{
// API endpoint
private const string PayuTestUrl = "https://test.payu.in/_payment";
/// <summary>
/// Process credit card EMI payment with Native OTP flow through PayU
/// </summary>
/// <returns>PaymentResponse containing status and response data</returns>
public async Task<PaymentResponse> ProcessEmiPaymentWithNativeOtpAsync()
{
try
{
// Prepare form parameters
var formData = new Dictionary<string, string>
{
{ "key", "JP***g" }, // Your merchant key
{ "txnid", "H6mUfE0ccAY94j" }, // Unique transaction ID
{ "amount", "20000.00" }, // Payment amount
{ "firstname", "Ashish" }, // Customer's name
{ "email", "[email protected]" }, // Customer's email
{ "phone", "9876543210" }, // Customer's phone
{ "productinfo", "iPhone" }, // Product information
{ "pg", "EMI" }, // Payment gateway (EMI)
{ "bankcode", "EMIA3" }, // Bank code (Axis Bank EMI)
{ "surl", "https://apiplayground-response.herokuapp.com/" }, // Success URL
{ "furl", "https://apiplayground-response.herokuapp.com/" }, // Failure URL
// Card details - SENSITIVE DATA
{ "ccnum", "5123456789012346" }, // Card number
{ "ccexpmon", "05" }, // Expiry month
{ "ccexpyr", "2022" }, // Expiry year
{ "ccvv", "123" }, // CVV
{ "ccname", "" }, // Cardholder name
// Native OTP flow parameters
{ "s2s_device_info", "Mozilla" }, // Customer's device info
{ "s2s_client_ip", "10.11.101.11" }, // Customer's IP address
{ "txn_s2s_flow", "4" }, // Native OTP flow identifier
// Security hash
{ "hash", "782057a8bb0288c858149b4805103befa22041bb3092bc45a813738b43742e31baeae92375be5286a98b44ed66c36121aba0fff6a3170339a4949bc880125d36" }
};
// Create HttpClient with timeout
using (var httpClient = new HttpClient())
{
httpClient.Timeout = TimeSpan.FromSeconds(30);
// Convert form data to content
var content = new FormUrlEncodedContent(formData);
// Add headers
content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("application/x-www-form-urlencoded");
httpClient.DefaultRequestHeaders.Add("accept", "application/json");
// Send POST request
var response = await httpClient.PostAsync(PayuTestUrl, content);
// Get response content
var responseContent = await response.Content.ReadAsStringAsync();
// Process the response
// For Native OTP flow, you'll need to display OTP input to the user
// and submit it in a subsequent request
return new PaymentResponse(
(int)response.StatusCode,
responseContent,
null
);
}
}
catch (Exception ex)
{
// Handle exception
return new PaymentResponse(
500,
null,
$"Error: {ex.Message}"
);
}
}
/// <summary>
/// Payment response wrapper class
/// </summary>
public class PaymentResponse
{
public int StatusCode { get; }
public string Response { get; }
public string Error { get; }
public PaymentResponse(int statusCode, string response, string error)
{
StatusCode = statusCode;
Response = response;
Error = error;
}
public bool IsSuccess => StatusCode >= 200 && StatusCode < 300;
}
}
// Example usage
class Program
{
static async Task Main(string[] args)
{
var processor = new PayUEmiPaymentWithNativeOtpProcessor();
var result = await processor.ProcessEmiPaymentWithNativeOtpAsync();
Console.WriteLine($"Status Code: {result.StatusCode}");
if (result.IsSuccess)
{
Console.WriteLine($"Response: {result.Response}");
// Here you would extract OTP page details from the response
// and display the OTP input to the user
}
else
{
Console.WriteLine($"Error: {result.Error}");
}
}
}
}
Sample response
{
"metaData": {
"message": "No Error",
"referenceId": "b6035f64240b1862295bc571952cf984",
"statusCode": "E000",
"txnId": "payuTestTransaction2746829",
"unmappedStatus": "success",
"submitOtp": {
"status": "success"
}
},
"result": {
"mihpayid": "15270336226",
"mode": "CC",
"status": "success",
"key": "4wvMqy",
"txnid": "payuTestTransaction2746829",
"amount": "1.10",
"addedon": "2022-06-01 17:39:29",
"productinfo": "Product Info",
"firstname": "Postman",
"lastname": "",
"address1": "",
"address2": "",
"city": "",
"state": "",
"country": "",
"zipcode": "",
"email": "[email protected]",
"phone": "9988776655",
"udf1": "",
"udf2": "",
"udf3": "",
"udf4": "",
"udf5": "",
"udf6": "",
"udf7": "",
"udf8": "",
"udf9": "",
"udf10": "",
"card_token": "",
"card_no": "XXXXXXXXXXXX8006",
"field0": "",
"field1": "6540854745166970506094",
"field2": "947167",
"field3": "1.10",
"field4": "15270336226",
"field5": "100",
"field6": "",
"field7": "AUTHPOSITIVE",
"field8": "",
"field9": "Transaction is Successful",
"payment_source": "payuPureS2SAuth",
"PG_TYPE": "DC-PG",
"error": "E000",
"error_Message": "No Error",
"cardToken": "",
"net_amount_debit": "1.1",
"discount": "0.00",
"offer_key": "",
"offer_availed": "",
"unmappedstatus": "captured",
"hash": "cdc409dfd15a842b8d15d6627d0027619882ed800773fa413cef491ae8ff2ef0cdfa654680ba4c8f3567313c6a6b00b94cb3bb5e16bad21d26be01216a69af41",
"bank_ref_no": "6540854745166970506094",
"bank_ref_num": "6540854745166970506094",
"bankcode": "CC",
"surl": "",
"curl": "",
"furl": "",
"card_hash": "fdb59253e36daf8b3969525ae3799ccb4bb41993a5d2fcaf22737ec3ac8b90ab"
}
}
Step 3: Submit the OTP
Once your customer enters the OTP on the payment page (postUrl/acsTemplate), pass the OTP using the Submit OTP API. For more information, refer to Submit OTP API.
Resend OTP
If the customer enters the incorrect OTP or an expired OTP, use Resend OTP API to handle the Resend OTP request made by a customer.
Cardless EMI
The steps involved in cardless EMI with Native OTP:
Step 1: Check pre-EMI eligibility
Before initiating a payment request for a customer, it is necessary to check their eligibility using the Get Checkout Details API. For more information, refer to Get Checkout Details API.
Step 2: Initiate the payment request
Request parameters
Send the following additional parameters to PayU through a server-to-server curl request to initiate the payment. As a result of this API call, the customer will receive the OTP. For sample request and response, refer to Collect Payment API - Server-to-Server.
Parameter | Description | Example |
---|---|---|
panNumber
|
| ABCDE1234A |
s2s_device_info
|
| Mozilla |
s2s_client_ip
|
| 10.11.101.11 |
txn_s2s_flow
|
| 4 |
Notes for panNumber:
- Only 4-digit number of the PAN: Pass the 4-digit numeral in a sequential order as in the PAN.
- This parameter is mandatory for ICICI Bank and HDFC Bank Cardless EMI. Not mandatory for other banks
- The data validation performed is either the whole PAN card number or 4-dig-t number of the PAN.
- Whole PAN card Number: For validating the whole PAN Card number:
- It should be ten characters long.
- The first five characters should be any upper case alphabets.
- The next four-characters should be any number from 0 to 9.
- The last(tenth) character should be any upper case alphabet. It should not contain any white spaces.
Sample request
curl -X POST "https://test.payu.in/_payment" \
-H "accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "key=JP***g" \
-d "txnid=EaE4ZO3vU4iPsp" \
-d "amount=10.00" \
-d "firstname=Ashish" \
-d "[email protected]" \
-d "phone=9876543210" \
-d "productinfo=iPhone" \
-d "pg=EMI" \
-d "bankcode=EMI03" \
-d "surl=https://apiplayground-response.herokuapp.com/" \
-d "furl=https://apiplayground-response.herokuapp.com/" \
-d "ccnum=1234" \
-d "ccexpmon=05" \
-d "ccexpyr=2022" \
-d "ccvv=123" \
-d "ccname=undefined" \
-d "store_card_token=1234 4567 2456 3566" \
-d "storecard_token_type=1" \
-d 'additional_info={"last4Digits": "1234", "tavv": "ABCDEFGH","trid":"1234567890", "tokenRefNo":"abcde123456"}' \
-d "panNumber=ABCDE1234A" \
-d "s2s_device_info=Mozilla" \
-d "s2s_client_ip=10.11.101.11" \
-d "txn_s2s_flow=4" \
-d "hash=fc3206829a6b4f8e300aeefb8f91add568b83dc90d01383a8e16553cc9600a3aefd4be2e370d32f0315ef1b9f28740515a9556b55abfefa7b54b434f894c9304"
/**
* PayU Cardless EMI Payment with Native OTP Flow Integration
*
* IMPORTANT: This should only be executed server-side (e.g., in Node.js), never in the browser,
* as it contains sensitive payment and PAN information.
*/
// Additional info as a JSON object
const additionalInfo = {
"last4Digits": "1234",
"tavv": "ABCDEFGH",
"trid": "1234567890",
"tokenRefNo": "abcde123456"
};
// Form data parameters
const formData = new URLSearchParams();
formData.append('key', 'JP***g'); // Your merchant key
formData.append('txnid', 'EaE4ZO3vU4iPsp'); // Unique transaction ID
formData.append('amount', '10.00'); // Payment amount
formData.append('firstname', 'Ashish'); // Customer's name
formData.append('email', '[email protected]'); // Customer's email
formData.append('phone', '9876543210'); // Customer's phone
formData.append('productinfo', 'iPhone'); // Product information
formData.append('pg', 'EMI'); // Payment gateway (EMI)
formData.append('bankcode', 'EMI03'); // Bank code (Cardless EMI provider)
formData.append('surl', 'https://apiplayground-response.herokuapp.com/'); // Success URL
formData.append('furl', 'https://apiplayground-response.herokuapp.com/'); // Failure URL
// Card and token details
formData.append('ccnum', '1234'); // Limited card details
formData.append('ccexpmon', '05'); // Expiry month
formData.append('ccexpyr', '2022'); // Expiry year
formData.append('ccvv', '123'); // CVV
formData.append('ccname', 'undefined'); // Cardholder name
formData.append('store_card_token', '1234 4567 2456 3566'); // Tokenized card
formData.append('storecard_token_type', '1'); // Token type
formData.append('additional_info', JSON.stringify(additionalInfo)); // Tokenization details
// Native OTP flow parameters
formData.append('panNumber', 'ABCDE1234A'); // Customer PAN number
formData.append('s2s_device_info', 'Mozilla'); // Customer device info
formData.append('s2s_client_ip', '10.11.101.11'); // Customer IP address
formData.append('txn_s2s_flow', '4'); // Server-to-server flow (4 for Native OTP)
// Security hash
formData.append('hash', 'fc3206829a6b4f8e300aeefb8f91add568b83dc90d01383a8e16553cc9600a3aefd4be2e370d32f0315ef1b9f28740515a9556b55abfefa7b54b434f894c9304');
// Request options
const requestOptions = {
method: 'POST',
headers: {
'accept': 'application/json',
'Content-Type': 'application/x-www-form-urlencoded'
},
body: formData
};
// Execute the request
fetch('https://test.payu.in/_payment', requestOptions)
.then(response => {
console.log('Status Code:', response.status);
return response.text(); // or response.json() if you're sure it returns JSON
})
.then(data => {
console.log('Response:', data);
// Process payment response here and handle OTP flow
})
.catch(error => {
console.error('Error:', error);
});
import urllib.request
import urllib.parse
import json
from typing import Dict, Any
def process_cardless_emi_with_native_otp() -> Dict[str, Any]:
"""
Process cardless EMI payment with Native OTP flow using PayU's S2S integration
IMPORTANT: This is a server-side function. Never expose payment details to client-side code.
Returns:
Dictionary with response from PayU API
"""
# API endpoint
url = "https://test.payu.in/_payment"
# Additional info as a dictionary
additional_info = {
"last4Digits": "1234",
"tavv": "ABCDEFGH",
"trid": "1234567890",
"tokenRefNo": "abcde123456"
}
# Prepare the form data
payload = {
"key": "JP***g", # Your merchant key
"txnid": "EaE4ZO3vU4iPsp", # Unique transaction ID
"amount": "10.00", # Payment amount
"firstname": "Ashish", # Customer's name
"email": "[email protected]", # Customer's email
"phone": "9876543210", # Customer's phone
"productinfo": "iPhone", # Product information
"pg": "EMI", # Payment gateway (EMI)
"bankcode": "EMI03", # Bank code (Cardless EMI provider)
"surl": "https://apiplayground-response.herokuapp.com/", # Success URL
"furl": "https://apiplayground-response.herokuapp.com/", # Failure URL
# Card and token details
"ccnum": "1234", # Limited card details
"ccexpmon": "05", # Expiry month
"ccexpyr": "2022", # Expiry year
"ccvv": "123", # CVV
"ccname": "undefined", # Cardholder name
"store_card_token": "1234 4567 2456 3566", # Tokenized card
"storecard_token_type": "1", # Token type
"additional_info": json.dumps(additional_info), # Tokenization details
# Native OTP flow parameters
"panNumber": "ABCDE1234A", # Customer PAN number
"s2s_device_info": "Mozilla", # Customer device info
"s2s_client_ip": "10.11.101.11", # Customer IP address
"txn_s2s_flow": "4", # Server-to-server flow (4 for Native OTP)
# Security hash
"hash": "fc3206829a6b4f8e300aeefb8f91add568b83dc90d01383a8e16553cc9600a3aefd4be2e370d32f0315ef1b9f28740515a9556b55abfefa7b54b434f894c9304"
}
# Convert dictionary to URL-encoded form data
data = urllib.parse.urlencode(payload).encode('utf-8')
# Set headers
headers = {
"accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded"
}
# Create a request object
req = urllib.request.Request(url, data=data, headers=headers, method="POST")
try:
# Send the request and get the response
with urllib.request.urlopen(req) as response:
response_data = response.read().decode('utf-8')
# Process and return response
return {
"status_code": response.getcode(),
"response": response_data
}
except urllib.error.HTTPError as e:
# Handle HTTP errors
error_data = e.read().decode('utf-8')
return {
"status_code": e.code,
"error": e.reason,
"response": error_data
}
except Exception as e:
# Handle other exceptions
return {
"status_code": 500,
"error": str(e),
"response": "An error occurred during payment processing"
}
# Example usage
if __name__ == "__main__":
result = process_cardless_emi_with_native_otp()
print(f"Status Code: {result['status_code']}")
if 'error' in result:
print(f"Error: {result['error']}")
print(f"Response: {result['response']}")
# Handle OTP flow based on the response
# In Native OTP flow, you'll need to handle OTP verification
<?php
/**
* Process cardless EMI payment with Native OTP flow using PayU's S2S integration
*
* IMPORTANT: This is a server-side function. Never expose payment details to client-side code.
*
* @return array Response from PayU API
*/
function processCardlessEmiWithNativeOtp() {
// API endpoint
$url = "https://test.payu.in/_payment";
// Additional info as an array
$additionalInfo = [
"last4Digits" => "1234",
"tavv" => "ABCDEFGH",
"trid" => "1234567890",
"tokenRefNo" => "abcde123456"
];
// Prepare the form data
$payload = [
"key" => "JP***g", // Your merchant key
"txnid" => "EaE4ZO3vU4iPsp", // Unique transaction ID
"amount" => "10.00", // Payment amount
"firstname" => "Ashish", // Customer's name
"email" => "[email protected]", // Customer's email
"phone" => "9876543210", // Customer's phone
"productinfo" => "iPhone", // Product information
"pg" => "EMI", // Payment gateway (EMI)
"bankcode" => "EMI03", // Bank code (Cardless EMI provider)
"surl" => "https://apiplayground-response.herokuapp.com/", // Success URL
"furl" => "https://apiplayground-response.herokuapp.com/", // Failure URL
// Card and token details
"ccnum" => "1234", // Limited card details
"ccexpmon" => "05", // Expiry month
"ccexpyr" => "2022", // Expiry year
"ccvv" => "123", // CVV
"ccname" => "undefined", // Cardholder name
"store_card_token" => "1234 4567 2456 3566", // Tokenized card
"storecard_token_type" => "1", // Token type
"additional_info" => json_encode($additionalInfo), // Tokenization details
// Native OTP flow parameters
"panNumber" => "ABCDE1234A", // Customer PAN number
"s2s_device_info" => "Mozilla", // Customer device info
"s2s_client_ip" => "10.11.101.11", // Customer IP address
"txn_s2s_flow" => "4", // Server-to-server flow (4 for Native OTP)
// Security hash
"hash" => "fc3206829a6b4f8e300aeefb8f91add568b83dc90d01383a8e16553cc9600a3aefd4be2e370d32f0315ef1b9f28740515a9556b55abfefa7b54b434f894c9304"
];
// Initialize cURL session
$ch = curl_init($url);
// Set cURL options
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($payload));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"accept: application/json",
"Content-Type: application/x-www-form-urlencoded"
]);
// For additional security in production
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
// Execute the request
$response = curl_exec($ch);
$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error = curl_error($ch);
$errno = curl_errno($ch);
// Close cURL session
curl_close($ch);
// Handle response
if ($errno) {
return [
"status_code" => 500,
"error" => $error,
"response" => "cURL Error: " . $error
];
}
// Process the response
// In Native OTP flow, you'll need to handle OTP verification
return [
"status_code" => $statusCode,
"response" => $response
];
}
// Example usage
$result = processCardlessEmiWithNativeOtp();
echo "Status Code: " . $result["status_code"] . "\n";
if (isset($result["error"])) {
echo "Error: " . $result["error"] . "\n";
}
echo "Response: " . $result["response"] . "\n";
?>
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.StringJoiner;
/**
* PayU Cardless EMI Payment with Native OTP Flow Integration
*
* IMPORTANT: This is a server-side implementation. Never expose payment details to client-side code.
*/
public class PayUCardlessEmiWithNativeOtpProcessor {
// API endpoint
private static final String PAYU_TEST_URL = "https://test.payu.in/_payment";
/**
* Process cardless EMI payment with Native OTP flow through PayU
* @return PaymentResponse containing status and response data
*/
public PaymentResponse processCardlessEmiWithNativeOtp() {
try {
// Initialize URL
URL url = new URL(PAYU_TEST_URL);
// Additional info JSON
String additionalInfo = "{"
+ "\"last4Digits\": \"1234\","
+ "\"tavv\": \"ABCDEFGH\","
+ "\"trid\": \"1234567890\","
+ "\"tokenRefNo\": \"abcde123456\""
+ "}";
// Prepare form parameters
Map<String, String> params = new HashMap<>();
params.put("key", "JP***g"); // Your merchant key
params.put("txnid", "EaE4ZO3vU4iPsp"); // Unique transaction ID
params.put("amount", "10.00"); // Payment amount
params.put("firstname", "Ashish"); // Customer's name
params.put("email", "[email protected]"); // Customer's email
params.put("phone", "9876543210"); // Customer's phone
params.put("productinfo", "iPhone"); // Product information
params.put("pg", "EMI"); // Payment gateway (EMI)
params.put("bankcode", "EMI03"); // Bank code (Cardless EMI provider)
params.put("surl", "https://apiplayground-response.herokuapp.com/"); // Success URL
params.put("furl", "https://apiplayground-response.herokuapp.com/"); // Failure URL
// Card and token details
params.put("ccnum", "1234"); // Limited card details
params.put("ccexpmon", "05"); // Expiry month
params.put("ccexpyr", "2022"); // Expiry year
params.put("ccvv", "123"); // CVV
params.put("ccname", "undefined"); // Cardholder name
params.put("store_card_token", "1234 4567 2456 3566"); // Tokenized card
params.put("storecard_token_type", "1"); // Token type
params.put("additional_info", additionalInfo); // Tokenization details
// Native OTP flow parameters
params.put("panNumber", "ABCDE1234A"); // Customer PAN number
params.put("s2s_device_info", "Mozilla"); // Customer device info
params.put("s2s_client_ip", "10.11.101.11"); // Customer IP address
params.put("txn_s2s_flow", "4"); // Server-to-server flow (4 for Native OTP)
// Security hash
params.put("hash", "fc3206829a6b4f8e300aeefb8f91add568b83dc90d01383a8e16553cc9600a3aefd4be2e370d32f0315ef1b9f28740515a9556b55abfefa7b54b434f894c9304");
// Convert parameters to URL-encoded form data
StringJoiner formData = new StringJoiner("&");
for (Map.Entry<String, String> entry : params.entrySet()) {
formData.add(URLEncoder.encode(entry.getKey(), "UTF-8") + "=" +
URLEncoder.encode(entry.getValue(), "UTF-8"));
}
byte[] postData = formData.toString().getBytes(StandardCharsets.UTF_8);
// Configure connection
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("accept", "application/json");
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setRequestProperty("Content-Length", String.valueOf(postData.length));
conn.setDoOutput(true);
conn.setConnectTimeout(5000);
conn.setReadTimeout(15000);
// Send request
try (DataOutputStream dos = new DataOutputStream(conn.getOutputStream())) {
dos.write(postData);
dos.flush();
}
// Get response
int responseCode = conn.getResponseCode();
// Read response data
StringBuilder response = new StringBuilder();
try (BufferedReader reader = new BufferedReader(
new InputStreamReader(
responseCode >= 400 ? conn.getErrorStream() : conn.getInputStream(),
StandardCharsets.UTF_8))) {
String line;
while ((line = reader.readLine()) != null) {
response.append(line);
}
}
// Process the response
// In Native OTP flow, you'll need to handle OTP verification
return new PaymentResponse(responseCode, response.toString(), null);
} catch (IOException e) {
// Handle exception
return new PaymentResponse(500, null, "Error: " + e.getMessage());
}
}
/**
* Payment response wrapper class
*/
public static class PaymentResponse {
private final int statusCode;
private final String response;
private final String error;
public PaymentResponse(int statusCode, String response, String error) {
this.statusCode = statusCode;
this.response = response;
this.error = error;
}
public int getStatusCode() {
return statusCode;
}
public String getResponse() {
return response;
}
public String getError() {
return error;
}
public boolean isSuccess() {
return statusCode >= 200 && statusCode < 300;
}
}
// Example usage
public static void main(String[] args) {
PayUCardlessEmiWithNativeOtpProcessor processor = new PayUCardlessEmiWithNativeOtpProcessor();
PaymentResponse result = processor.processCardlessEmiWithNativeOtp();
System.out.println("Status Code: " + result.getStatusCode());
if (result.isSuccess()) {
System.out.println("Response: " + result.getResponse());
} else {
System.out.println("Error: " + result.getError());
}
}
}
using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Threading.Tasks;
using System.Text;
using System.Text.Json;
namespace PayUCardlessEmiNativeOtpIntegration
{
/// <summary>
/// PayU Cardless EMI Payment with Native OTP Flow Processor
///
/// IMPORTANT: This is a server-side implementation. Never expose payment details to client-side code.
/// </summary>
public class PayUCardlessEmiWithNativeOtpProcessor
{
// API endpoint
private const string PayuTestUrl = "https://test.payu.in/_payment";
/// <summary>
/// Process cardless EMI payment with Native OTP flow through PayU
/// </summary>
/// <returns>PaymentResponse containing status and response data</returns>
public async Task<PaymentResponse> ProcessCardlessEmiWithNativeOtpAsync()
{
try
{
// Create additional info object
var additionalInfo = new
{
last4Digits = "1234",
tavv = "ABCDEFGH",
trid = "1234567890",
tokenRefNo = "abcde123456"
};
// Serialize additional info to JSON
string additionalInfoJson = JsonSerializer.Serialize(additionalInfo);
// Prepare form parameters
var formData = new Dictionary<string, string>
{
{ "key", "JP***g" }, // Your merchant key
{ "txnid", "EaE4ZO3vU4iPsp" }, // Unique transaction ID
{ "amount", "10.00" }, // Payment amount
{ "firstname", "Ashish" }, // Customer's name
{ "email", "[email protected]" }, // Customer's email
{ "phone", "9876543210" }, // Customer's phone
{ "productinfo", "iPhone" }, // Product information
{ "pg", "EMI" }, // Payment gateway (EMI)
{ "bankcode", "EMI03" }, // Bank code (Cardless EMI provider)
{ "surl", "https://apiplayground-response.herokuapp.com/" }, // Success URL
{ "furl", "https://apiplayground-response.herokuapp.com/" }, // Failure URL
// Card and token details
{ "ccnum", "1234" }, // Limited card details
{ "ccexpmon", "05" }, // Expiry month
{ "ccexpyr", "2022" }, // Expiry year
{ "ccvv", "123" }, // CVV
{ "ccname", "undefined" }, // Cardholder name
{ "store_card_token", "1234 4567 2456 3566" }, // Tokenized card
{ "storecard_token_type", "1" }, // Token type
{ "additional_info", additionalInfoJson }, // Tokenization details
// Native OTP flow parameters
{ "panNumber", "ABCDE1234A" }, // Customer PAN number
{ "s2s_device_info", "Mozilla" }, // Customer device info
{ "s2s_client_ip", "10.11.101.11" }, // Customer IP address
{ "txn_s2s_flow", "4" }, // Server-to-server flow (4 for Native OTP)
// Security hash
{ "hash", "fc3206829a6b4f8e300aeefb8f91add568b83dc90d01383a8e16553cc9600a3aefd4be2e370d32f0315ef1b9f28740515a9556b55abfefa7b54b434f894c9304" }
};
// Create HttpClient with timeout
using (var httpClient = new HttpClient())
{
httpClient.Timeout = TimeSpan.FromSeconds(30);
// Convert form data to content
var content = new FormUrlEncodedContent(formData);
// Add headers
content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("application/x-www-form-urlencoded");
httpClient.DefaultRequestHeaders.Add("accept", "application/json");
// Send POST request
var response = await httpClient.PostAsync(PayuTestUrl, content);
// Get response content
var responseContent = await response.Content.ReadAsStringAsync();
// Process the response
// In Native OTP flow, you'll need to handle OTP verification
return new PaymentResponse(
(int)response.StatusCode,
responseContent,
null
);
}
}
catch (Exception ex)
{
// Handle exception
return new PaymentResponse(
500,
null,
$"Error: {ex.Message}"
);
}
}
/// <summary>
/// Payment response wrapper class
/// </summary>
public class PaymentResponse
{
public int StatusCode { get; }
public string Response { get; }
public string Error { get; }
public PaymentResponse(int statusCode, string response, string error)
{
StatusCode = statusCode;
Response = response;
Error = error;
}
public bool IsSuccess => StatusCode >= 200 && StatusCode < 300;
}
}
// Example usage
class Program
{
static async Task Main(string[] args)
{
var processor = new PayUCardlessEmiWithNativeOtpProcessor();
var result = await processor.ProcessCardlessEmiWithNativeOtpAsync();
Console.WriteLine($"Status Code: {result.StatusCode}");
if (result.IsSuccess)
{
Console.WriteLine($"Response: {result.Response}");
// Handle OTP verification here
}
else
{
Console.WriteLine($"Error: {result.Error}");
}
}
}
}
Step 3: Submit the OTP
Once your customer enters the OTP on the payment page (postUrl/acsTemplate), pass the OTP using the Submit OTP API. For more information, refer to Submit OTP API.
Resend OTP
If the customer enters the incorrect OTP or an expired OTP, use Resend OTP API to handle the Resend OTP request made by a customer.
Step 4: Verify Payment
Verify the transaction details using the Verification APIs. For more information, refer to Verify Payment API under API Reference.
Tip: The transaction ID that you posted in Step 1 with PayU must be used here.
Environment
Test Environment | https://test.payu.in/merchant/postservice.php?form=2 |
Production Environment | https://info.payu.in/merchant/postservice.php?form=2 |
Sample request
curl --location 'https://test.payu.in/merchant/postservice.php?form=2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'key=JP***g' \
--data-urlencode 'command=verify_payment' \
--data-urlencode 'var1=IhfgcZnXR4o4nB' \
--data-urlencode 'hash=a0ae79fdd66c875af6e9b21c4a67f1822deb00f2df5e9f0b1948f3222f536a9bf741b24efbb1874ca0f84f76b036e6c0d641581d0100f7abe4aeed2f3264f5c9'
Sample response
- If credit card payment is made, the response is similar to the following:
{
"status": 1,
"msg": "1 out of 1 Transactions Fetched Successfully",
"transaction_details": {
"1733900931584": {
"mihpayid": "21820644083",
"request_id": null,
"bank_ref_num": null,
"amt": "1.00",
"transaction_amount": "1.00",
"txnid": "1733900931584",
"additional_charges": "0.00",
"productinfo": "Macbook Pro",
"firstname": "Abc",
"bankcode": "MAST",
"udf1": "udf1",
"udf2": "udf2",
"udf3": "udf3",
"udf4": "udf4",
"udf5": "udf5",
"field2": null,
"field9": "OTP/ATM page expired due to no user action",
"error_code": "E1602",
"addedon": "2024-12-11 12:43:03",
"payment_source": "payu",
"card_type": "MAST",
"error_Message": "Bank was unable to authenticate.",
"net_amount_debit": "0.00",
"disc": "0.00",
"mode": "DC",
"PG_TYPE": "DC-PG",
"card_no": "XXXXXXXXXXXX7596",
"status": "failure",
"unmappedstatus": "dropped",
"Merchant_UTR": null,
"Settled_At": null,
"cardhash": "095d184331be367bb92aa3eeecb57d0728de96cc598dd563d407982d75021149",
"name_on_card": null,
"card_token": "4e97156bc2d6320cdfe15",
"field4": null,
"threeDSVersion": "2.2.0",
"offerAvailed": null
}
}
}
Failure Responses
- If txnID is not found, the response is similar to the following:
{
"status":0,"msg":"0 out of 1 Transactions Fetched
Successfully","transaction_details":{"IhfgcZnXR4o4nB":{"mihpayid":"Not Found","status":"Not Found"}}
}
Response parameters
Parameter | Description | Example |
---|---|---|
status | This parameter returns the status of web service call. The status can be any of the following:
| 0 |
msg | This parameter returns the reason string. | For example, any of the following messages are displayed:
|
transaction_details | This parameter contains the response in a JSON format. For more information refer to JSON fields description for transaction_details parameter . | |
request_id | PayU Request ID for a request in a Transaction. For example, a transaction can have a refund request. | 7800456 |
bank_ref_num | This parameter returns the bank reference number. If the bank provides after a successful action. | 204519474956 |
To learn more about the possible error codes and their description, refer to Error Codes.
Updated 9 days ago