QR Generation API

Suggest Edits

The QR Generation API generates a dynamic storefront QR code, a payment link, or both. The merchant can pass all the invoice or bill details & enforce one or multiple modes of payment while generating the QR.

Endpoints

	URL
Production	https://api.payu.in/omni/invoice/seamless
Test	https://apitest.payu.in/omni/invoice/seamless

Request header

Field	Description	Example
Date  `mandatory`	This field includes the date and time that should be in the GMT conversion (not the IST). For example, the current time in India is 18:00:00 IST, and the time in the date header should be 12:30:00 GMT.	Thu, 17 Feb 2022 08:17:59 GMT
Digest  `mandatory`	This field includes the Base 64 encoding of (sha56 hash of the JSON data (post to server).	vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0=
Authorization  `mandatory`	This field contains the authorization details that includes the following: 1. username 2. algorithm 3. headers 4. signatureFor more information, refer to the Authorization Field Description subsection.	hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="zGmP5Zeqm1pxNa+d68DWfQFXhxoqf3st353SkYvX8HI="

Authorization field description

This field is in the following format:

hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="CkGfgbho69uTMMOGU0mHWf+1CUAlIp3AjvsON9n9/E4

Where the above authorization format includes the following:

username: The merchant key of the merchant
algorithm: This must have the value as hmac-sha256 that is used for this API
headers: This must have the value as date digest
signature: This must contain the hmacsha256 of (signing_string, merchant_secret), where:
- signing_string: This is in the “Date”+”\n”+”Digest” format. Here, the Date and Digest is the same values in the fields listed in this table For example, “Thu, 17 Feb 2022 08:17:59 GMT”+“vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0=“
- merchant_secret: The merchant Salt of the merchant is provided by PayU. For more information on getting the merchant Salt, refer to Generate Merchant Key and Salt.

The following sample Java code snippet contains the logic used to encrypt as described above:

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class HmacAuth {

    public static String getSha256(String input) {
        try {
            MessageDigest md = MessageDigest.getInstance("SHA-256");
            byte[] digest = md.digest(input.getBytes());
            return Base64.encodeBase64String(digest);
        } catch (NoSuchAlgorithmException ignored) {}
        return null;
    }

    public static JsonObject getRequestBody(){
        JsonObject requestJson = new JsonObject();
        requestJson.addProperty("firstname","John");
        requestJson.addProperty("lastname","Doe");
        return requestJson;
    }

    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
        String key = "smsplus";
        String secret = "admin";
        Gson gson = new Gson();
        String date = DateTimeFormat.forPattern("EEE, dd MMM yyyy HH:mm:ss 'GMT'").withZoneUTC().print(new DateTime());
        System.out.println(date);
        JsonObject requestJson = getRequestBody();
        String digest = getSha256(gson.toJson(requestJson));
        System.out.println(digest);
        String signingString = new StringBuilder()
            .append("date: " + date)
            .append("\ndigest: " + digest).toString();
        Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
        SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
        sha256_HMAC.init(secret_key);
        String signature = Base64.encodeBase64String(sha256_HMAC.doFinal(signingString.getBytes()));
        String authorization = new StringBuilder()
            .append("hmac username=\"")
            .append(key)
            .append("\", algorithm=\"hmac-sha256\", headers=\"date digest\", signature=\"")
            .append(signature)
            .append("\"").toString();
        System.out.println(authorization);
    }
}

Request Parameters

Parameter	Description	Example
txnid `mandatory`	String (alphanumeric) Merchant transaction identifier - This parameter must be unique (after a successful transaction) & alphanumeric special (<= 50 characters & excluding >,<, =,:,&, ‘).	1234_abcdedf
amount `mandatory`	`Float` (rounded to two decimal places) This parameter must contain the amount for which QR needs to be generated. The amount should be greater than or equal to Rs.1.00.	1000
phone `mandatory`	`Numeric` This parameter must contain the customer phone number (10 characters).	9876786756
productinfo `optional`	`String` (alphanumeric) This field must contain the product name. By default, the value is 'storefront' (max. 100 characters).	iPhone 12
firstname `optional`	`String` This parameter must contain the customer's first name (max. 60 characters).	Sundar
email `optional`	`String` This parameter must contain the customer email ID.	[email protected]
lastname `optional`	`String` This parameter must contain the customer last name (maximum 20 characters).	Teja
address1 `optional`	`String` This parameter must contain the first line of customer address (up to 100 characters).	PayU, Bestech Business Tower, Gurgaon
address2 `optional`	`String` This parameter must contain the second line of the customer address (up to 100 characters).	Sohna Road
city `optional`	`String` This parameter must contain the customer city (max. 50 characters).	Gurgaon
country `optional`	`String` This parameter must contain the customer's country that is part of the address (max. 50 characters).	India
state `optional`	String This parameter must contain the customer state that is part of the address (max 50 characters).	Haryana
zipcode `optional`	`Numeric` This parameter must contain the customer's PIN code (6 digits).	122018
udf1 `optional`	`String` This parameter can include any custom information in request (up to 255 characters).	Website order
udf2 `optional`	`String` This parameter can include any custom information in request (up to 255 characters.).
udf3 `optional`	`String` This parameter can include any custom information in request. (up to 255 characters.)
udf4 optional	`String` This parameter can include any custom information in request. (up to 255 characters.)
udf5 `optional`	`String` This parameter can include any custom information in request. (up to 255 characters.)
enforce_paymethod `optional`	String If the merchant does not pass any value for this parameter, all the active payment options will be visible to a customer on the Checkout page. For more information, refer to the Enforce Payment Customization sub-section.	HDFCD06 \|BOBD03
expiryTime `optional`	`Numeric` This parameter is used to define the expiry time(seconds) for the dynamic QR or link; in case this param value is not passed, merchant level value will be picked; in case merchant level value is not configured, 30 mins (1800 secs) will be the default. (60 secs is the min. value.
outputType `optional`	`String` This parameter is used to indicate whether output is required in base64 string or plain string or image format; default output format will be image format; string format will return a payment link, whereas base64 format will return base64 encoded string of QR image & also payment link	image; string; base64
storeName `optional`	`String` If merchant wants to filter transactions on the PayU Dashboard using outlets, storename should be passed. Stores will be configured by PayU operations team & can be mapped to one or more outlets basis the requirement.	Lower Parel Counter 1
displayFields `optional`	`JSON` key-value pairs This parameter contains key-value pairs of all parameters & their values in a JSON format, which needs to be displayed on customer order summary page whenever the customer scans the dynamic QR or clicks on payment link.	{“product”: “iphone”, “model”:”series12”}
send_sms `optional`	`Binary` This parameter can contain any of the following values: 1: The merchant wants PayU to send the SMS to the customer's mobile. 0: The merchant wants PayU not to send the SMS to the customer's mobile.	1
cart_details `mandatory for SKU`	`JSON` The cart details is specified in this parameter in a JSON format. If SKU based offers are configured, they will be available for the customer only if the cart_details are passed. Note: If given null, no cart will be created for the transaction. For more information, on configuring the SKU-based Offers, refer to Offers Integration > Collect Payments with SKU-Based Offer using PayU Hosted Checkout	"""cart_details"": { ""amount"": ""1"", ""items"": ""1"", ""sku_details"": [ { ""sku_id"": ""sampleSkutyhgId"", ""sku_name"": ""Iphone11"", ""amount_per_sku"": ""1"", ""quantity"": ""1"" } ] }
user_token `mandatory for SKU`	The use for this param is to allow the offer engine to apply velocity rules at a user level. Card Based Offers (CC, DC, EMI): In case of card payment mode offers, if this parameter is passed the velocity rules would be applied on this token, if not passed the same would be applied on the card number. UPI, NB, Wallet: It is mandatory for UPI, NB, and Wallet payment modes. If not passed the validation rules would not apply. For more information, on configuring the SKU-based Offers, refer to Offers Integration > Collect Payments with SKU-Based Offer using PayU Hosted Checkout

Enforce payemnt customization

This parameter allows you to customize the payment options for each transaction. Using this method, you can enforce specific payment modes, card schemes, and banks under Net Banking.

You must include the necessary payment options in this parameter and POST them to PayU at the transaction time. All the categories and sub-categories have specific values that need to be included in this string.

The categories and sub-categories are as follows:

Payment Mode	Category	Sub-category
Credit Card	CC	Use the card type codes as listed in the Card Type Codes section.
Debit Card	DC	Use the card type codes as listed in the `Card Type Codes` section.
Net Banking	NB	Use the Net Banking codes as listed in the Net Banking Codes section.
EMI	EMI	Use the EMI codes as listed in the EMI Codes section.
Cash or Wallet	CASH	Use the Wallet codes as listed in the Wallet Codes section.
UPI	UPI	Use the UPI handles as listed in the UPI Handles section.

Note: Ensure that you are using the delimiter is a pipe (|) character between the values in these examples.

Usage examples:

VISA|MAST|AXIB

Only the VISA & Mastercard cards (Credit/Debit) and Axis Bank Net Banking are displayed (as the whole category is enforced). The rest of the categories will not be displayed.

All the AMEX cards and their EMI options, along with IDFC Net Banking, are supported.

🚧
Warning
Ensure you use this parameter only after testing properly, as an incorrect string will lead to undesirable payment options being displayed.

Sample request

curl --location --request POST 'https://sandbox.payu.in/api/v1/invoice/seamless' \ --header 'date: Wed, 01 Jun 2022 13:35:16 GMT' \ --header 'digest: AgeDjE/vWQI8GHZPNwJHH4ugppwl0TEaTLe+aIwTU2Q=' \ --header 'authorization: hmac username="smmsplus", algorithm="hmac-sha256", headers="date digest", signature="BumCt753bJvr1GaJZmfuhu8XIDQNSBirj07dVQuaPJI="' \ --header 'Content-Type: application/json' \ --data-raw '{ "txnid": "sl-0199104", "amount": "120", "productinfo": "iphone", "firstname": "Ayush", "lastname": "Agarwal", "email": "[email protected]", "phone": "8087667676", "address1": "sec-24", "address2": "Big Road", "city": "Gurgaon", "state": "Haryana", "country": "India", "zipcode": 123456, "udf1": "udf1value", "udf2": "udf2value", "udf3": "udf3value", "udf4": "udf4value", "udf5": "udf5value", "enforce_paymethod": "UPI", "expiryTime": "120", "outputType": "base64", "displayFields": { "DF1": "DF1Value", "DF2": "DF2Value", "DF3": "DF3Value", "DF4": "DF4Value" }, "send_sms": 1 }'

Sample response

Success resposne

{     "invoiceUrl": “https://reliance-testwebfront.payu.in/iv/00twqu”,  "qrString": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEsAQAAAABRBrPYAAABXUlEQVR4Xu3QUZJCIQxEUXbG1t+S3IHD7QRGKfL0c2qqo4aQnPhBe34Tj7Z3jmG2hdkWZluYbfH32dUUfVSdC0lFds0KRilCMcera1ayS+2AL+fEZrcshurEmtn3rI1yZC5mn9jMGjQK7cyZ2Zk1Rb/eP9k1q9gMvenV8vsyMDuy8ZBdj9mpKaPQolnJuI4GSUO9M1ZNs4rFDaGHzlk+ulnN1KAXKWaxp8rszH67QWgEIptVrOl5VxGHWPyFWcHoElDxILltdmarzWSM+LADQ5kV7DlRZ0VDjiccZ1ay6MovPRIbZgW7uFzvjpcNaFaxHAVkOn5NqySzitGINhDFAdWfmBVsRo5ZYHX8uJlVbFyIbDLUN0+zklEyztH4qIfRzKxgPKyma6YnT2V2z1YF0EJWZrcsMwvawVCYVWzhptHQceTI7Mw0jllqEne1zM7sY5htYbaF2RZmW/wH9gNRTqlXRYV/xQAAAABJRU5ErkJggg==" }

{ "invoiceUrl": " https://reliance-testwebfront.payu.in/iv/00twqu" }

Failed response

{     "status": “0”, “code”:400,     "message": "txnid is empty" }

{     "status": “0”, “code”:400,     "message": "Amount is less than 1" }

Updated 3 days ago

Endpoints

Request header

Authorization field description

Request Parameters

Enforce payemnt customization

🚧Warning

Sample request

Sample response

🚧
Warning