The QR Generation API generates a dynamic storefront QR code, a payment link, or both. The merchant can pass all the invoice or bill details & enforce one or multiple modes of payment while generating the QR.
Environment
Request header
| Field | Description | Example |
|---|---|---|
Date
mandatory | This field includes the date and time that should be in the GMT conversion (not the IST). For example, the current time in India is 18:00:00 IST, and the time in the date header should be 12:30:00 GMT. | Thu, 17 Feb 2022 08:17:59 GMT |
Digest
mandatory | This field includes the Base 64 encoding of (sha56 hash of the JSON data (post to server). | vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0= |
Authorization
mandatory | This field contains the authorization details that includes the following: 1. username 2. algorithm 3. headers 4. signatureFor more information, refer to the Authorization Field Description subsection. | hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="zGmP5Zeqm1pxNa+d68DWfQFXhxoqf3st353SkYvX8HI=" |
Authorization field description
This field is in the following format:
hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="CkGfgbho69uTMMOGU0mHWf+1CUAlIp3AjvsON9n9/E4
Where the above authorization format includes the following:
- username: The merchant key of the merchant
- algorithm: This must have the value as hmac-sha256 that is used for this API
- headers: This must have the value as date digest
- signature: This must contain the hmacsha256 of (signing_string, merchant_secret), where:
- signing_string: This is in the “Date”+”\n”+”Digest” format. Here, the Date and Digest is the same values in the fields listed in this table For example, “Thu, 17 Feb 2022 08:17:59 GMT”+“vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0=“
- merchant_secret: The merchant Salt of the merchant is provided by PayU. For more information on getting the merchant Salt, refer to Generate Merchant Key and Salt.
The following sample Java code snippet contains the logic used to encrypt as described above:
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class HmacAuth {
public static String getSha256(String input) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] digest = md.digest(input.getBytes());
return Base64.encodeBase64String(digest);
} catch (NoSuchAlgorithmException ignored) {}
return null;
}
public static JsonObject getRequestBody(){
JsonObject requestJson = new JsonObject();
requestJson.addProperty("firstname","John");
requestJson.addProperty("lastname","Doe");
return requestJson;
}
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
String key = "smsplus";
String secret = "admin";
Gson gson = new Gson();
String date = DateTimeFormat.forPattern("EEE, dd MMM yyyy HH:mm:ss 'GMT'").withZoneUTC().print(new DateTime());
System.out.println(date);
JsonObject requestJson = getRequestBody();
String digest = getSha256(gson.toJson(requestJson));
System.out.println(digest);
String signingString = new StringBuilder()
.append("date: " + date)
.append("\ndigest: " + digest).toString();
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key);
String signature = Base64.encodeBase64String(sha256_HMAC.doFinal(signingString.getBytes()));
String authorization = new StringBuilder()
.append("hmac username=\"")
.append(key)
.append("\", algorithm=\"hmac-sha256\", headers=\"date digest\", signature=\"")
.append(signature)
.append("\"").toString();
System.out.println(authorization);
}
}
Request parameters
| Parameter | Description | Example |
|---|---|---|
txnidmandatory | String (alphanumeric) Merchant transaction identifier - This parameter must be unique (after a successful transaction) & alphanumeric special (<= 50 characters & excluding >,<, =,:,&, ‘). | 1234_abcdedf |
amountmandatory | Float (rounded to two decimal places) This parameter must contain the amount for which QR needs to be generated. The amount should be greater than or equal to Rs.1.00. | 1000 |
phonemandatory | Numeric This parameter must contain the customer phone number (10 characters). | 9876786756 |
productinfooptional | String (alphanumeric) This field must contain the product name. By default, the value is 'storefront' (max. 100 characters). | iPhone 12 |
firstnameoptional | String This parameter must contain the customer's first name (max. 60 characters). | Sundar |
emailoptional | String This parameter must contain the customer email ID. | [email protected] |
lastnameoptional | String This parameter must contain the customer last name (maximum 20 characters). | Teja |
address1optional | String This parameter must contain the first line of customer address (up to 100 characters). | PayU, Bestech Business Tower, Gurgaon |
address2optional | String This parameter must contain the second line of the customer address (up to 100 characters). | Sohna Road |
cityoptional | String This parameter must contain the customer city (max. 50 characters). | Gurgaon |
countryoptional | String This parameter must contain the customer's country that is part of the address (max. 50 characters). | India |
stateoptional | String This parameter must contain the customer state that is part of the address (max 50 characters). | Haryana |
zipcodeoptional | Numeric This parameter must contain the customer's PIN code (6 digits). | 122018 |
udf1optional | String This parameter can include any custom information in request (up to 255 characters). | Website order |
udf2optional | String This parameter can include any custom information in request (up to 255 characters.). | |
udf3optional | String This parameter can include any custom information in request.(up to 255 characters.) | |
| udf4 optional | String This parameter can include any custom information in request.(up to 255 characters.) | |
udf5optional | String This parameter can include any custom information in request.(up to 255 characters.) | |
enforce_paymethodoptional | String If the merchant does not pass any value for this parameter, all the active payment options will be visible to a customer on the Checkout page. For more information, refer to the Enforce Payment Customization sub-section. | HDFCD06 |BOBD03 |
expiryTimeoptional | Numeric This parameter is used to define the expiry time(seconds) for the dynamic QR or link; in case this param value is not passed, merchant level value will be picked; in case merchant level value is not configured, 30 mins (1800 secs) will be the default. (60 secs is the min. value. | |
outputTypeoptional | String This parameter is used to indicate whether output is required in base64 string or plain string or image format; default output format will be image format; string format will return a payment link, whereas base64 format will return base64 encoded string of QR image & also payment link | image; string; base64 |
storeNameoptional | String If merchant wants to filter transactions on the PayU Dashboard using outlets, storename should be passed. Stores will be configured by PayU operations team & can be mapped to one or more outlets basis the requirement. | Lower Parel Counter 1 |
displayFieldsoptional | JSON key-value pairs This parameter contains key-value pairs of all parameters & their values in a JSON format, which needs to be displayed on customer order summary page whenever the customer scans the dynamic QR or clicks on payment link. | {“product”: “iphone”, “model”:”series12”} |
send_smsoptional | Binary This parameter can contain any of the following values:1: The merchant wants PayU to send the SMS to the customer's mobile. 0: The merchant wants PayU not to send the SMS to the customer's mobile. | 1 |
cart_detailsmandatory for SKU | JSON The cart details is specified in this parameter in a JSON format. If SKU based offers are configured, they will be available for the customer only if the cart_details are passed.Note: If given null, no cart will be created for the transaction. For more information, on configuring the SKU-based Offers, refer to Offers Integration > Collect Payments with SKU-Based Offer using PayU Hosted Checkout | """cart_details"": { ""amount"": ""1"", ""items"": ""1"", ""sku_details"": [ { ""sku_id"": ""sampleSkutyhgId"", ""sku_name"": ""Iphone11"", ""amount_per_sku"": ""1"", ""quantity"": ""1"" } ] } |
user_tokenmandatory for SKU | The use for this param is to allow the offer engine to apply velocity rules at a user level. Card Based Offers (CC, DC, EMI): In case of card payment mode offers, if this parameter is passed the velocity rules would be applied on this token, if not passed the same would be applied on the card number. UPI, NB, Wallet: It is mandatory for UPI, NB, and Wallet payment modes. If not passed the validation rules would not apply. For more information, on configuring the SKU-based Offers, refer to Offers Integration > Collect Payments with SKU-Based Offer using PayU Hosted Checkout |
Enforce payemnt customization
This parameter allows you to customize the payment options for each transaction. Using this method, you can enforce specific payment modes, card schemes, and banks under Net Banking.
You must include the necessary payment options in this parameter and POST them to PayU at the transaction time. All the categories and sub-categories have specific values that need to be included in this string.
The categories and sub-categories are as follows:
| Payment Mode | Category | Sub-category |
|---|---|---|
| Credit Card | CC | Use the card type codes as listed in the Card Type Codes section. |
| Debit Card | DC | Use the card type codes as listed in the Card Type Codes section. |
| Net Banking | NB | Use the Net Banking codes as listed in the Net Banking Codes section. |
| EMI | EMI | Use the EMI codes as listed in the EMI Codes section. |
| Cash or Wallet | CASH | Use the Wallet codes as listed in the Wallet Codes section. |
| UPI | UPI | Use the UPI handles as listed in the UPI Handles section. |
Note: Ensure that you are using the delimiter is a pipe (|) character between the values in these examples.
Usage examples:
VISA|MAST|AXIB
Only the VISA & Mastercard cards (Credit/Debit) and Axis Bank Net Banking are displayed (as the whole category is enforced). The rest of the categories will not be displayed.
IDFCNB|AMEX|EMIAMEX12|EMIAMEX3|EMIAMEX6|EMIAMEX9
All the AMEX cards and their EMI options, along with IDFC Net Banking, are supported.
Warning
Ensure you use this parameter only after testing properly, as an incorrect string will lead to undesirable payment options being displayed.
Sample request
curl --location --request POST 'https://sandbox.payu.in/api/v1/invoice/seamless' \
--header 'date: Wed, 01 Jun 2022 13:35:16 GMT' \
--header 'digest: AgeDjE/vWQI8GHZPNwJHH4ugppwl0TEaTLe+aIwTU2Q=' \
--header 'authorization: hmac username="smmsplus", algorithm="hmac-sha256", headers="date digest", signature="BumCt753bJvr1GaJZmfuhu8XIDQNSBirj07dVQuaPJI="' \
--header 'Content-Type: application/json' \
--data-raw '{
"txnid": "sl-0199104",
"amount": "120",
"productinfo": "iphone",
"firstname": "Ayush",
"lastname": "Agarwal",
"email": "[email protected]",
"phone": "8087667676",
"address1": "sec-24",
"address2": "Big Road",
"city": "Gurgaon",
"state": "Haryana",
"country": "India",
"zipcode": 123456,
"udf1": "udf1value",
"udf2": "udf2value",
"udf3": "udf3value",
"udf4": "udf4value",
"udf5": "udf5value",
"enforce_paymethod": "UPI",
"expiryTime": "120",
"outputType": "base64",
"displayFields": {
"DF1": "DF1Value",
"DF2": "DF2Value",
"DF3": "DF3Value",
"DF4": "DF4Value"
},
"send_sms": 1
}'
Sample response
Success resposne
{
"invoiceUrl": “https://reliance-testwebfront.payu.in/iv/00twqu”,
"qrString": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEsAQAAAABRBrPYAAABXUlEQVR4Xu3QUZJCIQxEUXbG1t+S3IHD7QRGKfL0c2qqo4aQnPhBe34Tj7Z3jmG2hdkWZluYbfH32dUUfVSdC0lFds0KRilCMcera1ayS+2AL+fEZrcshurEmtn3rI1yZC5mn9jMGjQK7cyZ2Zk1Rb/eP9k1q9gMvenV8vsyMDuy8ZBdj9mpKaPQolnJuI4GSUO9M1ZNs4rFDaGHzlk+ulnN1KAXKWaxp8rszH67QWgEIptVrOl5VxGHWPyFWcHoElDxILltdmarzWSM+LADQ5kV7DlRZ0VDjiccZ1ay6MovPRIbZgW7uFzvjpcNaFaxHAVkOn5NqySzitGINhDFAdWfmBVsRo5ZYHX8uJlVbFyIbDLUN0+zklEyztH4qIfRzKxgPKyma6YnT2V2z1YF0EJWZrcsMwvawVCYVWzhptHQceTI7Mw0jllqEne1zM7sY5htYbaF2RZmW/wH9gNRTqlXRYV/xQAAAABJRU5ErkJggg=="
}
{
"invoiceUrl": " https://reliance-testwebfront.payu.in/iv/00twqu"
}
Failed response
{
"status": “0”, “code”:400,
"message": "txnid is empty"
}
{
"status": “0”, “code”:400,
"message": "Amount is less than 1"
}