[Internal Review]NetBanking Integration for CB LRS
This section explains how to integrate NetBanking payments for cross-border transactions under LRS (Liberalised Remittance Scheme) using the Server-to-Server (S2S) flow.
Verify PAN card details for KYC compliance
Post the required parameters to PayU for NetBanking payment with LRS parameters
Verify the response hash and transaction status
Handle the response and redirect customer for bank authentication
Verify the payment status and ensure transaction completion
Step 1: Validate the PAN Card
The PAN Card Status Check API allows merchants to verify PAN (Permanent Account Number) card details. It validates whether a given PAN number is active, confirms if the provided name and date of birth match the official PAN records, and checks the seeding status of the PAN. This API is essential for KYC (Know Your Customer) processes, identity verification, and regulatory compliance.
Endpoint
https://test10-onboarding.payu.in/dvs/kyc/check_pan_card_status
Request parameters
| Parameter | Description | Example |
|---|---|---|
pan_numbermandatory | The PAN (Permanent Account Number) to be verified | "CYCPD2784G" |
namemandatory | The name of the PAN card holder as it appears on the PAN card | "AKASH DEEP" |
dobmandatory | Date of Birth of the PAN holder in DD/MM/YYYY format | "15/09/1993" |
Sample Request
curl --location 'https://test10-onboarding.payu.in/dvs/kyc/check_pan_card_status' \
--header 'Content-Type: application/json' \
--header 'Date: Thu, 17 Jun 2025 08:17:59 GMT' \
--header 'Digest: DFXmqI0rFnXlmHLlsRwdDMw9vUSVzyYQzGP+MKLo8f8=' \
--header 'Authorization: hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="7qjgpH9B4QALxDR0nVlHdEKEYMZ0XeJ0QpnvveSyqMo="' \
--header 'platformId: 1' \
--data '{
"pan_number": "CYCPD2784G",
"name": "AKASH DEEP",
"dob": "15/09/1993"
}'Sample Response
{
"id": 86235,
"api_name": "pan_status_check",
"identifier": "79c0d918a4f4661cb9cb17d96d24ac1cf04b6013d504cc766ac5235380bfc0d5",
"response": {
"result": {
"status": "Active",
"nameMatch": "Y",
"dobMatch": "Y",
"seedingStatus": "Y"
}
},
"status": "success",
"http_status": 200,
"client_id": "195ab95fa4700eeaaf38b7f5b538d2979f0f281e0a4eaedca1aa675b79b331a2",
"created_at": "2025-04-30T05:51:40.000Z",
"updated_at": "2025-04-30T05:51:40.000Z",
"client_name": "SignzyClient"
}Response Parameters
| Parameter | Description | Example |
|---|---|---|
| id | Unique identifier for the verification request | 86235 |
| api_name | Identifier of the API that was called | "pan_status_check" |
| identifier | A unique hash identifier for the verification request | "79c0d918a4f4661cb9cb17d96d24ac1cf04b6013d504cc766ac5235380bfc0d5" |
| response | Contains the verification results | See result table below |
| status | Overall status of the API call | "success" |
| http_status | HTTP status code of the response | 200 |
| client_id | Unique identifier of the client making the request | "195ab95fa4700eeaaf38b7f5b538d2979f0f281e0a4eaedca1aa675b79b331a2" |
| created_at | Timestamp when the verification record was created | "2025-04-30T05:51:40.000Z" |
| updated_at | Timestamp when the verification record was last updated | "2025-04-30T05:51:40.000Z" |
| client_name | Name of the client account | "SignzyClient" |
Response Result Object
| Parameter | Description | Example |
|---|---|---|
| status | Status of the PAN card | "Active" |
| nameMatch | Indicates if the provided name matches with PAN records (Y/N) | "Y" |
| dobMatch | Indicates if the provided DOB matches with PAN records (Y/N) | "Y" |
| seedingStatus | Indicates if the PAN is seeded with additional verifications (Y/N) | "Y" |
Step 2: Request Payment with PayU
Post the payment parameters to PayU's _payment API endpoint to initiate a NetBanking transaction with LRS parameters.
Environment
| Test Environment | <https://test.payu.in/_payment> |
| Production Environment | <https://secure.payu.in/_payment> |
Request Parameters
Standard Parameters
| Parameter | Description | Example |
|---|---|---|
keymandatory | String Merchant key provided by PayU during onboarding. | JPM7Fg |
txnidmandatory | String The transaction ID is a reference number for a specific order generated by the merchant. Must be unique. | payuTestTxn12345 |
amountmandatory | String The payment amount for the transaction. | 100.00 |
productinfomandatory | String Name or brief description of the goods/services being sold. In case of physical goods, please include name / description of all products. Character Limit: 100 | iPhone |
firstnamemandatory | String The first name of the customer as on their Permanent Account Number (PAN). This should be validated by PAN Status Check API. Character Limit: 60 | Ashish |
lastnamemandatory | String The last name of the customer as on their Permanent Account Number (PAN). This should be validated by PAN Status Check API. Character Limit: 60 | Kumar |
emailmandatory | String The email address of the customer. Character Limit: 50 | [email protected] |
phonemandatory | String The phone number of the customer. | 9876543210 |
surlmandatory | String The Success URL - page PayU will redirect to if the transaction is successful. | https://example.com/success |
furlmandatory | String The Failure URL - page PayU will redirect to if the transaction fails. | https://example.com/failure |
pgmandatory | String This parameter defined the payment gateway. For NetBanking, pg=NB. | NB |
bankcodemandatory | String The merchant must post this parameter with the corresponding payment option's bank code value in it. For the list of bank codes that can be used with the bankcode parameter, refer to Net Banking Codes.Reference: For the test Net Banking credentials, refer to Test Cards, UPI ID and Wallets. | TESTPGNB |
address1mandatory | String This parameter must contain the first line of customer address (up to 100 characters). | PayU, Bestech Business Tower, Gurgaon |
address2optional | String This parameter must contain the second line of the customer address (up to 100 characters). | Sohna Road |
citymandatory | String This parameter must contain the customer city (max. 50 characters). | Gurgaon |
countrymandatory | String This parameter must contain the customer's country that is part of the address (max. 50 characters). | India |
statemandatory | String This parameter must contain the customer state that is part of the address (max 50 characters). | Haryana |
zipcodemandatory | Numeric This parameter must contain the customer's PIN code (6 digits). | 122018 |
txn_s2s_flowmandatory | Integer Parameter to enable S2S flow. Set to 4 for S2S4 flow. | 4 |
s2s_client_ipmandatory | String Client IP captured by merchant in S2S flow. Required for fraud detection. | 10.200.12.12 |
s2s_device_infomandatory | String User Agent captured by merchant in S2S flow. | Mozilla/5.0 (Windows NT 10.0;<br/> Win64; x64) PayU-API-Test/1.0 |
udf1mandatory for LRS | String The Permanent Account Number (PAN) of the buyer must be collected in this field. | AELPR****E |
udf2optional | String User-defined field 2. Character Limit: 255 | - |
udf3mandatory for LRS | String Date of Birth (DOB) of buyer in DD-MM-YYYY format as on their PAN. This should be validated by PAN Status Check API. | 02-02-1980 |
udf4mandatory for payment aggregators | String End merchant legal entity name. Character limit: 255. | XYZ Pvt. Ltd. |
udf5mandatory | String Contains invoice ID for the transaction. Invoice ID / number should be the ID present on the invoice issued to the customer. Character limit: 255. | INV123456 |
udf_paramsoptional | String JSON UDF7 value to capture "Import or Export Code" of the buyer. UDF8 value to capture Airway Bill Number / Consignment Number (in case of goods imports). Note: This must be included in hash if posted. | {"udf7":"0100000029", "udf8":"99953729071"} |
hashmandatory | String Crucial security parameter using SHA512 hash encryption. Formula incorporates key, txnid, amount, productinfo, firstname, email, udf fields, si_details, and merchant salt. | <Generated Hash> |
buyer_type_businessconditional for cross-border transactions | This parameter is used to identify whether it is a business-to-business transaction. If 1 is posted, it is a B2B transaction. In case of B2B, no other LRS specific parameters (listed below) need to be sent, as B2B transactions are outside the scope of the regulation. | 0 |
lrs_mandatory_limit_declarationmandatory for LRS S2S transactions | String Mandatory declaration from buyer that they have remitted less than $250,000 USD under Liberalised Remittance Scheme.Note: The limit is as per RBI regulation and needs to be mandatorily collected on the checkout page. | 1 |
lrs_tncmandatory for LRS S2S transactions | String Mandatory declaration from buyer that they agree to PayU's terms & conditions.Note: The declaration needs to be taken mandatorily from the buyer on the checkout page. | 1 |
lrs_service_typemandatory for LRS S2S transactions | String The LRS service type describes the nature of service & decides the tax amount based on it. For more information, refer to the lrs_service_type parameter values table. | travel |
tcs_amountmandatory for LRS S2S transactions | String Amount of TCS (Tax Collected at Source) to be charged.Note: The amount needs to be captured as per guidance in the lrs_service_type parameter values table. | 2.00 |
lrs_tcs_declaration_under_limitmandatory for LRS S2S transactions | String Declaration from buyer that they are either under or over INR 1,00,000 based on which TCS will be collected.Values expected: 0 (in case of under the limit) 1 (in case of over the limit) Note: The declaration needs to be taken mandatorily from the buyer on the checkout page. Also, when user declares they are over the limit (i.e. when this param is sent as "1", the "tcs_amount" field to contain amount calculated as per the lrs_service_type parameter values table. | 0 / 1 |
lrs_service_type parameter values
| lrs_service_type | Txn Amount <= INR 10 lacs | Txn Amount > INR 10 lacs |
|---|---|---|
| education_loan | 0 | 0 |
| education_non_loan | 0 | 5% |
| medical | 0 | 5% |
| travel | 0 | 20% |
| others | 0 | 20% |
Hash Generation
Parameters in the below sequence needs to be checked before generating the hash, if these params are being posted, it needs to be added in the hash calculation:
|additional_charges|miles|base_payuid|base_merchantid|paisa_mecode|subvention_amount|subvention_eligibility|merchant_data|payoutdetails|loan_id|twid_customer_hash|splitrequest|percentage_additional_charges|force_pa|udf_params|buyer_type_business|tcs_amount
- Case1 example: Simple Hashing, if the merchant is not sending the api_version in the payment request, then it will be treated as hash sequence version 1.
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||si_details|salt
- Case2 example: if the merchant is passing the additional_charges in the payment request then they have to append the additional_charges value in the raw hash sequence as below.
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||si_details|salt|additional_charges
- Case3 example: If the merchant wants to pass additional_charges, buyer_type_business in the payment request, then hash formula for payment request will be:
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||si_details|salt|additional_charges|buyer_type_business
- Case4 example: if the merchant wants to pass the api_version = 7 and buyer_type_business, udf_params in the payment request.
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||si_details|salt|udf_params|buyer_type_businesskey|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10|salt|additional_charges|buyer_type_business- Case4 example: if the merchant wants to pass the api_version = 7 and buyer_type_business, udf_params in the payment request.
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10|si_details|salt|udf_params|buyer_type_businessSample Request
curl --location --request POST 'https://test.payu.in/_payment' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'key=JPM7Fg' \
--data-urlencode 'txnid=payuTestTransaction12345' \
--data-urlencode 'amount=100.00' \
--data-urlencode 'firstname=Ashish' \
--data-urlencode 'lastname=Kumar' \
--data-urlencode '[email protected]' \
--data-urlencode 'phone=9988776655' \
--data-urlencode 'productinfo=Product Info' \
--data-urlencode 'surl=https://test.payu.in/admin/test_response' \
--data-urlencode 'furl=https://test.payu.in/admin/test_response' \
--data-urlencode 'address1=308,third floor' \
--data-urlencode 'address2=testing' \
--data-urlencode 'city=Gurugram' \
--data-urlencode 'state=Haryana' \
--data-urlencode 'country=India' \
--data-urlencode 'zipcode=122018' \
--data-urlencode 'pg=NB' \
--data-urlencode 'bankcode=TESTPGNB' \
--data-urlencode 'txn_s2s_flow=4' \
--data-urlencode 's2s_client_ip=10.200.12.12' \
--data-urlencode 's2s_device_info=Mozilla/5.0 (Windows NT 10.0; Win64; x64) PayU-API-Test/1.0' \
--data-urlencode 'udf1=CYCPD2784G' \
--data-urlencode 'udf3=02-02-1980' \
--data-urlencode 'udf4=XYZ Pvt. Ltd.' \
--data-urlencode 'udf5=INV123456' \
--data-urlencode 'buyer_type_business=0' \
--data-urlencode 'lrs_mandatory_limit_declaration=1' \
--data-urlencode 'lrs_tnc=1' \
--data-urlencode 'lrs_service_type=travel' \
--data-urlencode 'tcs_amount=2.00' \
--data-urlencode 'lrs_tcs_declaration_under_limit=0' \
--data-urlencode 'hash=YOUR_CALCULATED_HASH'Step 3: Check Response from PayU
Hash validation logic for payment response (Reverse Hashing)
While sending the response, PayU takes the exact same parameters that were sent in the request (in reverse order) to calculate the hash and returns it to you. You must verify the hash and then mark a transaction as a success or failure. This is to make sure the transaction has not tampered within the response.
The order of the parameters is similar to the following code block:
sha512(SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key)Sample response [Parsed]
-
Success scenario
Array ( [mihpayid] => 403993715524069222 [mode] => NB [status] => success [unmappedstatus] => captured [key] => JF***g [txnid] => EaE4ZO3vU4iPsp [amount] => 100.00 [cardCategory] => domestic [discount] => 0.00 [net_amount_debit] => 102 [addedon] => 2021-09-08 19:37:19 [productinfo] => iPhone [firstname] => Ashish [lastname] => Kumar [address1] => 308,third floor [address2] => testing [city] => Gurugram [state] => Haryana [country] => India [zipcode] => 122018 [email] => [email protected] [phone] => 9876543210 [udf1] => CYCPD2784G [udf2] => [udf3] => 02-02-1980 [udf4] => XYZ Pvt. Ltd. [udf5] => INV123456 [udf6] => [udf7] => [udf8] => [udf9] => [udf10] => [hash] => ed99957adb08fea56c907b88e8d158a79c3562c67f96c298461509826f77a7ae9e88b2a176b3234c25f50bcd451271728719656f3bb59c13a52bebabc468615a [field1] => 0608273386032718000015 [field2] => 986987 [field3] => 100.00 [field4] => 403993715524069222 [field5] => 100 [field6] => 02 [field7] => AUTHPOSITIVE [field8] => [field9] => Transaction is Successful [payment_source] => payu [PG_TYPE] => NB-PG [bank_ref_num] => 0608273386032718000015 [bankcode] => TESTPGNB [error] => E000 [error_Message] => No Error [tcs_amount] => 2 )- Failure scenario
Array ( [mihpayid] => 20869277619 [mode] => NB [status] => failure [unmappedstatus] => failed [key] => L43t1c [txnid] => 26ba7cd6a67b0a010542 [amount] => 100.00 [cardCategory] => domestic [discount] => 0.00 [net_amount_debit] => 0.00 [addedon] => 2024-09-05 17:46:10 [productinfo] => Product Info [firstname] => Payu-Admin [lastname] => [address1] => [address2] => [city] => [state] => [country] => [zipcode] => [email] => [email protected] [phone] => 1234567890 [udf1] => CYCPD2784G [udf2] => [udf3] => 02-02-1980 [udf4] => XYZ Pvt. Ltd. [udf5] => INV123456 [udf6] => [udf7] => [udf8] => [udf9] => [udf10] => [hash] => ac7720e4bc33e5494bec6d37302e522171175a987f9d47286bfd29e8a7fc794f56433fcacf0bc120db781c4dc1d05a4857d71e83f00f6ed6aa9c97a1938b9467 [field1] => [field2] => [field3] => [field4] => [field5] => 05 [field6] => [field7] => AUTHNEGATIVE [field8] => [field9] => Authorization failed at Bank [payment_source] => payu [PG_TYPE] => NB-PG [bank_ref_num] => 2409052690 [bankcode] => TESTPGNB [error] => E1903 [error_Message] => Authorization failed at Bank [tcs_amount] => 2 )
Step 4: Handle the Initiate Response from PayU
After posting the payment request, PayU returns a response containing transaction status and next steps for bank authentication.
Response Parameters
| Parameter | Description | Example |
|---|---|---|
| metaData | ObjectJSON object containing transaction metadata. | - |
| metaData.referenceId | StringPayU reference ID to be sent back in subsequent calls. | 5a3e7cb9884e003dce1f28f965478a9a12fb9244fc15be91b0b3de48763a12e7 |
| metaData.txnId | StringMerchant's transaction ID. | payuTestTransaction12345 |
| metaData.txnStatus | StringTransaction status (e.g., "pending"). | pending |
| metaData.unmappedStatus | StringStatus for flow control: pending, captured, or failed. | pending |
| result.otpPostUrl | StringURL to post OTP for verification. | https://test.payu.in/ResponseHandler.php |
| result.acsTemplate | StringBase64 encoded HTML form for bank ACS redirect. | PGh0bWw+PGJvZHk+... |
Sample Response
{
"metaData": {
"message": null,
"referenceId": "e1bc7be8c52b8f269124e723b2d201800a629895299f5628fe168a9c8dc40f5e",
"statusCode": null,
"txnId": "my_order_89122",
"txnStatus": "pending",
"unmappedStatus": "pending"
},
"result": {
"acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vcGdzaW0wMS5wYXl1LmluL2luaXRpYXRlIiBtZXRob2Q9InBvc3QiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Im1lcmNoYW50TmFtZSIgdmFsdWU9IlBBWVUiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Im1lcmNoYW50Q29kZSIgdmFsdWU9IlNsRXNjdUpBOTgiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Im1lck5hbWUiIHZhbHVlPSJTdWRoYW5zaHUiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InR4bkFtb3VudCIgdmFsdWU9IjEuMDAiPjwvZm9ybT48L2JvZHk+PC9odG1sPg==",
"otpPostUrl": "https://test.payu.in/ResponseHandler.php"
}
}Handling the Response
Based on the unmappedStatus value, take the following actions:
| Status | Action |
|---|---|
pending | Redirect customer using the acsTemplate to bank's page for authentication |
captured | Transaction successful, no further action needed |
failed | Transaction failed, display error to customer |
Redirect the customer using the result.acsTemplate(base64encoded) to their bank's page for authentication. The final response will be posted to surl/furl and the configured Webhook.
Reference: PayU recommends you to use PayU Hash Verification Tool to verify the reverse hashing. For more information, refer to Using PayU Hash Verification Tool
Step 5: Verify the Payment
After the payment is complete, verify the transaction status using PayU's verification APIs.
Verification Methods
Use one of the following methods to verify the payment:
- Webhook/Callback: PayU sends a POST request to your
surlorfurlwith transaction details - Verify Payment API: Call the
verify_paymentAPI with the transaction ID
Verify Payment API
curl --location --request POST 'https://info.payu.in/merchant/postservice.php?form=2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'key=JPM7Fg' \
--data-urlencode 'command=verify_payment' \
--data-urlencode 'var1=payuTestTransaction12345' \
--data-urlencode 'hash=YOUR_CALCULATED_HASH'Use the webhooks to verify the payment. The following is the sample webhook payload in response. For more information, refer to Webhook Events and Sample Payloads.
Sample Webhook Response
mihpayid=27553369917
&mode=SBQR
&status=success
&key=rZ1fX4
&txnid=T2603041446091822117753
&amount=40.00
&addedon=2026-03-04+14%3A46%3A14
&productinfo=Static+QR
&firstname=
&lastname=
&address1=
&address2=
&city=Gurgaon
&state=
&country=
&zipcode=122001
&email=
&phone=##########
&udf1=
&udf2=
&udf3=
&udf4=SoftQR
&udf5=BFL0000006601446
&udf6=
&udf7=
&udf8=
&udf9=
&udf10=
&card_token=
&card_no=
&field0=STQ9IUFeqlafg78815827
&field1=PRIYA+SHANKAR+PUSNAKE
&field2=995486
&field3=_mobilenum_%40axl
&field4=bajajpay.6879729.d2m9cckd%40indus
&field5=AXLd36cfcd317f243b5b3a2d62bc71caf78
&field6=00000038683323284%7C_mobilenum_%7CSBIN0011418
&field7=APPROVED+OR+COMPLETED+SUCCESSFULLY%7C00
&field8=Payment+from+PhonePe
&field9=Transaction+is+Successful.+Bank+Sent%3ATransaction+success
&payment_source=payu
&cardToken=
&authenticaticationMethod=
&PG_TYPE=SBQR-PG
&error=E000
&error_Message=No+Error
&net_amount_debit=40
&discount=0.00
&offer_key=
&offer_availed=
&unmappedstatus=captured
&hash=aefe0213c4299c7ee2039d5430f7bee63711ee627e1b47d2605d0384abbbf828f3641dae3cb126c8b2f761084cbb0bebad27bb325696cc44ce3061157d7cd9ff
&bank_ref_no=793887773815
&bank_ref_num=793887773815
&bankcode=UPISBQR
&surl=
&curl=
&furl=
&psp_nUpdated about 2 months ago
