QR Generation API

The QR Generation API generates a dynamic storefront QR code, a payment link, or both. The merchant can pass all the invoice or bill details & enforce one or multiple modes of payment while generating the QR.

Environment

Request header

FieldDescriptionExample
Date

mandatory
This field includes the date and time that should be in the GMT conversion (not the IST). For example, the current time in India is 18:00:00 IST, and the time in the date header should be 12:30:00 GMT.Thu, 17 Feb 2022 08:17:59 GMT
Digest

mandatory
This field includes the Base 64 encoding of (sha56 hash of the JSON data (post to server).vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0=
Authorization

mandatory
This field contains the authorization details that includes the following:

1. username
2. algorithm
3. headers
4. signatureFor more information, refer to the Authorization Field Description subsection.
hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="zGmP5Zeqm1pxNa+d68DWfQFXhxoqf3st353SkYvX8HI="

Authorization field description

This field is in the following format:

hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="CkGfgbho69uTMMOGU0mHWf+1CUAlIp3AjvsON9n9/E4

Where the above authorization format includes the following:

  • username: The merchant key of the merchant
  • algorithm: This must have the value as hmac-sha256 that is used for this API
  • headers: This must have the value as date digest
  • signature: This must contain the hmacsha256 of (signing_string, merchant_secret), where:
    • signing_string: This is in the “Date”+”\n”+”Digest” format. Here, the Date and Digest is the same values in the fields listed in this table For example, “Thu, 17 Feb 2022 08:17:59 GMT”+“vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0=“
    • merchant_secret: The merchant Salt of the merchant is provided by PayU. For more information on getting the merchant Salt, refer to Generate Merchant Key and Salt.

The following sample Java code snippet contains the logic used to encrypt as described above:

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class HmacAuth {

    public static String getSha256(String input) {
        try {
            MessageDigest md = MessageDigest.getInstance("SHA-256");
            byte[] digest = md.digest(input.getBytes());
            return Base64.encodeBase64String(digest);
        } catch (NoSuchAlgorithmException ignored) {}
        return null;
    }

    public static JsonObject getRequestBody(){
        JsonObject requestJson = new JsonObject();
        requestJson.addProperty("firstname","John");
        requestJson.addProperty("lastname","Doe");
        return requestJson;
    }

    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
        String key = "smsplus";
        String secret = "admin";
        Gson gson = new Gson();
        String date = DateTimeFormat.forPattern("EEE, dd MMM yyyy HH:mm:ss 'GMT'").withZoneUTC().print(new DateTime());
        System.out.println(date);
        JsonObject requestJson = getRequestBody();
        String digest = getSha256(gson.toJson(requestJson));
        System.out.println(digest);
        String signingString = new StringBuilder()
            .append("date: " + date)
            .append("\ndigest: " + digest).toString();
        Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
        SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
        sha256_HMAC.init(secret_key);
        String signature = Base64.encodeBase64String(sha256_HMAC.doFinal(signingString.getBytes()));
        String authorization = new StringBuilder()
            .append("hmac username=\"")
            .append(key)
            .append("\", algorithm=\"hmac-sha256\", headers=\"date digest\", signature=\"")
            .append(signature)
            .append("\"").toString();
        System.out.println(authorization);
    }
}

Request parameters

ParameterDescriptionExample
txnid
mandatory
String (alphanumeric) Merchant transaction identifier - This parameter must be unique (after a successful transaction) & alphanumeric special (<= 50 characters & excluding >,<, =,:,&, ‘).1234_abcdedf
amount
mandatory
Float (rounded to two decimal places) This parameter must contain the amount for which QR needs to be generated. The amount should be greater than or equal to Rs.1.00.1000
phone
mandatory
Numeric This parameter must contain the customer phone number (10 characters).9876786756
productinfo
optional
String (alphanumeric) This field must contain the product name. By default, the value is 'storefront' (max. 100 characters).iPhone 12
firstname
optional
String This parameter must contain the customer's first name (max. 60 characters).Sundar
email
optional
String This parameter must contain the customer email ID.[email protected]
lastname
optional
String This parameter must contain the customer last name (maximum 20 characters).Teja
address1
optional
String This parameter must contain the first line of customer address (up to 100 characters).PayU, Bestech Business Tower, Gurgaon
address2
optional
String This parameter must contain the second line of the customer address (up to 100 characters).Sohna Road
city
optional
String This parameter must contain the customer city (max. 50 characters).Gurgaon
country
optional
String This parameter must contain the customer's country that is part of the address (max. 50 characters).India
state
optional
String This parameter must contain the customer state that is part of the address (max 50 characters).Haryana
zipcode
optional
Numeric This parameter must contain the customer's PIN code (6 digits).122018
udf1
optional
String This parameter can include any custom information in request (up to 255 characters).Website order
udf2
optional
String This parameter can include any custom information in request (up to 255 characters.).
udf3
optional
String This parameter can include any custom information in request.
(up to 255 characters.)
udf4
optional
String This parameter can include any custom information in request.
(up to 255 characters.)
udf5
optional
String This parameter can include any custom information in request.
(up to 255 characters.)
enforce_paymethod
optional
String If the merchant does not pass any value for this parameter, all the active payment options will be visible to a customer on the Checkout page. For more information, refer to the Enforce Payment Customization sub-section.HDFCD06
|BOBD03
expiryTime
optional
Numeric This parameter is used to define the expiry time(seconds) for the dynamic QR or link; in case this param value is not passed, merchant level value will be picked; in case merchant level value is not configured, 30 mins (1800 secs) will be the default. (60 secs is the min. value.
outputType
optional
String This parameter is used to indicate whether output is required in base64 string or plain string or image format; default output format will be image format; string format will return a payment link, whereas base64 format will return base64 encoded string of QR image & also payment linkimage; string; base64
storeName
optional
String If merchant wants to filter transactions on the PayU Dashboard using outlets, storename should be passed. Stores will be configured by PayU operations team & can be mapped to one or more outlets basis the requirement.Lower Parel Counter 1
displayFields
optional
JSON key-value pairs This parameter contains key-value pairs of all parameters & their values in a JSON format, which needs to be displayed on customer order summary page whenever the customer scans the dynamic QR or clicks on payment link.{“product”: “iphone”, “model”:”series12”}
send_sms
optional
Binary This parameter can contain any of the following values:

1: The merchant wants PayU to send the SMS to the customer's mobile.

0: The merchant wants PayU not to send the SMS to the customer's mobile.
1
cart_details
mandatory for SKU
JSON The cart details is specified in this parameter in a JSON format. If SKU based offers are configured, they will be available for the customer only if the cart_details are passed.
Note: If given null, no cart will be created for the transaction.
For more information, on configuring the SKU-based Offers, refer to Offers Integration > Collect Payments with SKU-Based Offer using PayU Hosted Checkout
"""cart_details"": {
""amount"": ""1"",
""items"": ""1"",
""sku_details"": [
{
""sku_id"": ""sampleSkutyhgId"",
""sku_name"": ""Iphone11"",
""amount_per_sku"": ""1"",
""quantity"": ""1""
}
]
}
user_token
mandatory for SKU
The use for this param is to allow the offer engine to apply velocity rules at a user level.

Card Based Offers (CC, DC, EMI): In case of card payment mode offers, if this parameter is passed the velocity rules would be applied on this token, if not passed the same would be applied on the card number.

UPI, NB, Wallet: It is mandatory for UPI, NB, and Wallet payment modes. If not passed the validation rules would not apply.

For more information, on configuring the SKU-based Offers, refer to Offers Integration > Collect Payments with SKU-Based Offer using PayU Hosted Checkout

Enforce payemnt customization

This parameter allows you to customize the payment options for each transaction. Using this method, you can enforce specific payment modes, card schemes, and banks under Net Banking.

You must include the necessary payment options in this parameter and POST them to PayU at the transaction time. All the categories and sub-categories have specific values that need to be included in this string.

The categories and sub-categories are as follows:

Payment ModeCategorySub-category
Credit CardCCUse the card type codes as listed in the Card Type Codes section.
Debit CardDCUse the card type codes as listed in the Card Type Codes section.
Net BankingNBUse the Net Banking codes as listed in the Net Banking Codes section.
EMIEMIUse the EMI codes as listed in the EMI Codes section.
Cash or WalletCASHUse the Wallet codes as listed in the Wallet Codes section.
UPIUPIUse the UPI handles as listed in the UPI Handles section.

Note: Ensure that you are using the delimiter is a pipe (|) character between the values in these examples.

Usage examples:

VISA|MAST|AXIB

Only the VISA & Mastercard cards (Credit/Debit) and Axis Bank Net Banking are displayed (as the whole category is enforced). The rest of the categories will not be displayed.

IDFCNB|AMEX|EMIAMEX12|EMIAMEX3|EMIAMEX6|EMIAMEX9

All the AMEX cards and their EMI options, along with IDFC Net Banking, are supported.

🚧

Warning

Ensure you use this parameter only after testing properly, as an incorrect string will lead to undesirable payment options being displayed.

Sample request

curl --location --request POST 'https://sandbox.payu.in/api/v1/invoice/seamless' \
--header 'date: Wed, 01 Jun 2022 13:35:16 GMT' \
--header 'digest: AgeDjE/vWQI8GHZPNwJHH4ugppwl0TEaTLe+aIwTU2Q=' \
--header 'authorization: hmac username="smmsplus", algorithm="hmac-sha256", headers="date digest", signature="BumCt753bJvr1GaJZmfuhu8XIDQNSBirj07dVQuaPJI="' \
--header 'Content-Type: application/json' \
--data-raw '{
"txnid": "sl-0199104",
"amount": "120",
"productinfo": "iphone",
"firstname": "Ayush",
"lastname": "Agarwal",
"email": "[email protected]",
"phone": "8087667676",
"address1": "sec-24",
"address2": "Big Road",
"city": "Gurgaon",
"state": "Haryana",
"country": "India",
"zipcode": 123456,
"udf1": "udf1value",
"udf2": "udf2value",
"udf3": "udf3value",
"udf4": "udf4value",
"udf5": "udf5value",
"enforce_paymethod": "UPI",
"expiryTime": "120",
"outputType": "base64",
"displayFields": {
"DF1": "DF1Value",
"DF2": "DF2Value",
"DF3": "DF3Value",
"DF4": "DF4Value"
},
"send_sms": 1
}'	

Sample response

Success resposne

{
    "invoiceUrl": “https://reliance-testwebfront.payu.in/iv/00twqu”, 
"qrString": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEsAQAAAABRBrPYAAABXUlEQVR4Xu3QUZJCIQxEUXbG1t+S3IHD7QRGKfL0c2qqo4aQnPhBe34Tj7Z3jmG2hdkWZluYbfH32dUUfVSdC0lFds0KRilCMcera1ayS+2AL+fEZrcshurEmtn3rI1yZC5mn9jMGjQK7cyZ2Zk1Rb/eP9k1q9gMvenV8vsyMDuy8ZBdj9mpKaPQolnJuI4GSUO9M1ZNs4rFDaGHzlk+ulnN1KAXKWaxp8rszH67QWgEIptVrOl5VxGHWPyFWcHoElDxILltdmarzWSM+LADQ5kV7DlRZ0VDjiccZ1ay6MovPRIbZgW7uFzvjpcNaFaxHAVkOn5NqySzitGINhDFAdWfmBVsRo5ZYHX8uJlVbFyIbDLUN0+zklEyztH4qIfRzKxgPKyma6YnT2V2z1YF0EJWZrcsMwvawVCYVWzhptHQceTI7Mw0jllqEne1zM7sY5htYbaF2RZmW/wH9gNRTqlXRYV/xQAAAABJRU5ErkJggg=="
}
{
"invoiceUrl": " https://reliance-testwebfront.payu.in/iv/00twqu"
}

Failed response

{
    "status": “0”, “code”:400,
    "message": "txnid is empty"
}
{
    "status": “0”, “code”:400,
    "message": "Amount is less than 1"
}