S2S - Pre-Authorize Payment

The pre_authorize parameter is used to pre-authorize payments using the S2S integration with the _payment API.

Steps to Integrate

Send pre-authorization request with pre_authorize=1

Verify unmappedstatus=auth in response

Capture funds using capture_transaction API

📘
Note: You need to activate the Pre-Authorize Payments before you start using this integration. Contact your PayU Key Account Manager (KAM) to activate Pre-Authorize Payments.

Step 1: Post the Pre-Auth transaction request

Environment


Test Environment	https://test.payu.in/_payment
Production Environment	https://secure.payu.in/_payment

Request parameters

The pre_authorize parameter as specified is used to pre-authorize payments using the _payment API.

Parameter	Description	Example
key `mandatory`	`String` Merchant key provided by PayU during onboarding.
txnid `mandatory`	`String` The transaction ID is a reference number for a specific order that is generated by the merchant.
amount `mandatory`	`String` The payment amount for the transaction.
productinfo `mandatory`	`String` A brief description of the product.
firstname `mandatory`	`String` The first name of the customer.	Ashish
email `mandatory`	`String` The email address of the customer.
phone `mandatory`	`String` The phone number of the customer.
pg `mandatory`	`String` The pg parameter determines which payment tabs will be displayed on the PayU page. For cards, 'CC' will be the value.	CC
bankcode `mandatory`	`String` Each payment option is identified with a unique bank code at PayU. The merchant must post this parameter with the corresponding payment option's bank code value in it. For more information, refer to Card Type Codes and Supported Banks for Cards.	AMEX
ccnum `mandatory`	`String` Use 13-19 digit card number for credit/debit cards (15 digits for AMEX, 13-19 for Maestro) and validate with LUHN algorithm. Refer to Card Number Formats and display error message on invalid input.	5123456789012346
ccname `mandatory`	`String` This parameter must contain the name on card – as entered by the customer for the transaction.	Ashish Kumar
ccvv `mandatory`	`String` Use 3-digit CVV number for credit/debit cards and 4-digit security code (4DBC/CID) for AMEX cards. Validate with BIN API.	123
ccexpmon `mandatory`	`String` This parameter must contain the card's expiry month – as entered by the user for the transaction. It must always be in 2 digits or in MM format. For months 1-9, this parameter must be appended with 0 – like 01, 02…09. For months 10-12, this parameter must not be appended – It should be 10,11 and 12 respectively.	10
ccexpyr `mandatory`	`String` This parameter must contain the card's expiry year – as entered by the customer for the transaction. It must be of four digits.	2025
furl `mandatory`	`String` The success URL, which is the page PayU will redirect to if the transaction is successful.
surl `mandatory`	`String` The Failure URL, which is the page PayU will redirect to if the transaction is failed.
hash `mandatory`	`String` It is the hash calculated by the merchant. The hash calculation logic is: `sha512(key\|txnid\|amount\|productinfo\|firstname\|email\|udf1\|udf2\|udf3\|udf4\|udf5\|\|\|SALT)`
txn_s2s_flow `mandatory`	`String` This parameter must be passed with the value as 4 for Legacy Decoupled flow.	4
auth_only `mandatory`	`String` This parameter must be passed with the value as 2 for authentication-only flow. When set to 2, you must call the AuthData API to retrieve authentication results.	2
termUrl `mandatory`	`String` This parameter must contain the URL which will receive the authentication response from ACS.
s2s_client_ip `mandatory`	`String` This parameter must have the source IP of the customer.
s2s_device_info `mandatory`	`String` This parameter must have the customer agent's device.
notifyurl `optional`	`String` It is used to send response regarding current transaction to notify about the current transaction done in merchant site.
address1 `optional`	`String` The first line of the billing address. For Fraud Detection: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information.
address2 `optional`	`String` The second line of the billing address.
city `optional`	`String` The city where your customer resides as part of the billing address.
state `optional`	`String` The state where your customer resides as part of the billing address.
country `optional`	`String` The country where your customer resides.
zipcode `optional`	`String` Billing address zip code is mandatory for the cardless EMI option. `Character Limit`-20
udf1 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.
udf2 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.
udf3 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction.
udf4 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction.
udf5 `optional`	`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction.

Understanding Hashing and sample code

Hashing

You must hash the request parameters using the following hash logic:

sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)

For more information, refer to Generate Hash.

Hashing Sample Code

<?php
function generateHash($params, $salt) {
    // Extract parameters or use empty string if not provided
    $key = $params['key'];
    $txnid = $params['txnid'];
    $amount = $params['amount'];
    $productinfo = $params['productinfo'];
    $firstname = $params['firstname'];
    $email = $params['email'];
    $udf1 = isset($params['udf1']) ? $params['udf1'] : '';
    $udf2 = isset($params['udf2']) ? $params['udf2'] : '';
    $udf3 = isset($params['udf3']) ? $params['udf3'] : '';
    $udf4 = isset($params['udf4']) ? $params['udf4'] : '';
    $udf5 = isset($params['udf5']) ? $params['udf5'] : '';
    
    // Construct hash string with exact parameter sequence
    $hashString = $key . '|' . $txnid . '|' . $amount . '|' . $productinfo . '|' . 
                  $firstname . '|' . $email . '|' . $udf1 . '|' . $udf2 . '|' . 
                  $udf3 . '|' . $udf4 . '|' . $udf5 . '||||||' . $salt;
    
    // Generate hash and convert to lowercase
    return strtolower(hash('sha512', $hashString));
}

// Example usage
$params = [
    'key' => 'yourKey',
    'txnid' => 'yourTxnId',
    'amount' => 'yourAmount',
    'productinfo' => 'yourProductInfo',
    'firstname' => 'yourFirstName',
    'email' => 'yourEmail',
    'udf1' => 'optional_value1'
    // udf2, udf3, udf4, udf5 not provided - will be empty strings
];
$salt = 'yourSalt';

$hash = generateHash($params, $salt);
echo 'Generated Hash: ' . $hash;
?>

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;

public class ImprovedHashGenerator {

    public static String generateHash(Map<String, String> params, String salt) {
        // Extract parameters or use empty string if not provided
        String key = params.get("key");
        String txnid = params.get("txnid");
        String amount = params.get("amount");
        String productinfo = params.get("productinfo");
        String firstname = params.get("firstname");
        String email = params.get("email");
        String udf1 = params.getOrDefault("udf1", "");
        String udf2 = params.getOrDefault("udf2", "");
        String udf3 = params.getOrDefault("udf3", "");
        String udf4 = params.getOrDefault("udf4", "");
        String udf5 = params.getOrDefault("udf5", "");
        
        // Construct hash string with exact parameter sequence
        String hashString = key + "|" + txnid + "|" + amount + "|" + productinfo + "|" + 
                         firstname + "|" + email + "|" + udf1 + "|" + udf2 + "|" + 
                         udf3 + "|" + udf4 + "|" + udf5 + "||||||" + salt;
        
        return sha512(hashString);
    }

    private static String sha512(String input) {
        try {
            MessageDigest md = MessageDigest.getInstance("SHA-512");
            byte[] hashBytes = md.digest(input.getBytes(StandardCharsets.UTF_8));
            StringBuilder sb = new StringBuilder();
            for (byte b : hashBytes) {
                sb.append(String.format("%02x", b));
            }
            return sb.toString().toLowerCase();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static void main(String[] args) {
        // Example usage with parameters map
        Map<String, String> params = new HashMap<>();
        params.put("key", "yourKey");
        params.put("txnid", "yourTxnId");
        params.put("amount", "yourAmount");
        params.put("productinfo", "yourProductInfo");
        params.put("firstname", "yourFirstName");
        params.put("email", "yourEmail");
        params.put("udf1", "optional_value1");
        // udf2, udf3, udf4, udf5 not provided - will be empty strings
        
        String salt = "yourSalt";

        String hash = generateHash(params, salt);
        System.out.println("Generated Hash: " + hash);
    }
}

using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;

public class ImprovedHashGenerator
{
    public static string GenerateHash(Dictionary<string, string> parameters, string salt)
    {
        // Extract parameters or use empty string if not provided
        string key = parameters["key"];
        string txnid = parameters["txnid"];
        string amount = parameters["amount"];
        string productinfo = parameters["productinfo"];
        string firstname = parameters["firstname"];
        string email = parameters["email"];
        
        // Get UDF values if present, otherwise use empty string
        string udf1 = parameters.ContainsKey("udf1") ? parameters["udf1"] : "";
        string udf2 = parameters.ContainsKey("udf2") ? parameters["udf2"] : "";
        string udf3 = parameters.ContainsKey("udf3") ? parameters["udf3"] : "";
        string udf4 = parameters.ContainsKey("udf4") ? parameters["udf4"] : "";
        string udf5 = parameters.ContainsKey("udf5") ? parameters["udf5"] : "";
        
        // Construct hash string with exact parameter sequence
        string hashString = $"{key}|{txnid}|{amount}|{productinfo}|{firstname}|{email}|{udf1}|{udf2}|{udf3}|{udf4}|{udf5}||||||{salt}";
        
        return Sha512(hashString);
    }

    private static string Sha512(string input)
    {
        using (SHA512 sha512 = SHA512.Create())
        {
            byte[] bytes = sha512.ComputeHash(Encoding.UTF8.GetBytes(input));
            StringBuilder sb = new StringBuilder();
            foreach (byte b in bytes)
            {
                sb.Append(b.ToString("x2"));
            }
            return sb.ToString().ToLower();
        }
    }

    public static void Main(string[] args)
    {
        // Example usage with parameters dictionary
        Dictionary<string, string> parameters = new Dictionary<string, string>
        {
            ["key"] = "yourKey",
            ["txnid"] = "yourTxnId",
            ["amount"] = "yourAmount",
            ["productinfo"] = "yourProductInfo",
            ["firstname"] = "yourFirstName",
            ["email"] = "yourEmail",
            ["udf1"] = "optional_value1"
            // udf2, udf3, udf4, udf5 not provided - will be empty strings
        };
        
        string salt = "yourSalt";

        string hash = GenerateHash(parameters, salt);
        Console.WriteLine("Generated Hash: " + hash);
    }
}

import hashlib

def generate_hash(params, salt):
    # Extract parameters or use empty string if not provided
    key = params['key']
    txnid = params['txnid']
    amount = params['amount']
    productinfo = params['productinfo']
    firstname = params['firstname']
    email = params['email']
    udf1 = params.get('udf1', '')
    udf2 = params.get('udf2', '')
    udf3 = params.get('udf3', '')
    udf4 = params.get('udf4', '')
    udf5 = params.get('udf5', '')
    
    # Construct hash string with exact parameter sequence
    hash_string = f"{key}|{txnid}|{amount}|{productinfo}|{firstname}|{email}|{udf1}|{udf2}|{udf3}|{udf4}|{udf5}||||||{salt}"
    
    # Generate SHA-512 hash
    return hashlib.sha512(hash_string.encode('utf-8')).hexdigest()

# Example usage
params = {
    'key': 'yourKey',
    'txnid': 'yourTxnId',
    'amount': 'yourAmount',
    'productinfo': 'yourProductInfo',
    'firstname': 'yourFirstName',
    'email': 'yourEmail',
    'udf1': 'optional_value1'
    # udf2, udf3, udf4, udf5 not provided - will default to empty strings
}
salt = 'yourSalt'

hash_value = generate_hash(params, salt)
print("Generated Hash:", hash_value)

const crypto = require('crypto');

function generateHash(params, salt) {
    // Extract parameters or use empty string if not provided
    const key = params.key;
    const txnid = params.txnid;
    const amount = params.amount;
    const productinfo = params.productinfo;
    const firstname = params.firstname;
    const email = params.email;
    const udf1 = params.udf1 || '';
    const udf2 = params.udf2 || '';
    const udf3 = params.udf3 || '';
    const udf4 = params.udf4 || '';
    const udf5 = params.udf5 || '';
    
    // Construct hash string with exact parameter sequence
    const hashString = `${key}|${txnid}|${amount}|${productinfo}|${firstname}|${email}|${udf1}|${udf2}|${udf3}|${udf4}|${udf5}||||||${salt}`;
    
    // Generate SHA-512 hash
    return crypto.createHash('sha512').update(hashString).digest('hex');
}

// Example usage
const params = {
    key: 'yourKey',
    txnid: 'yourTxnId',
    amount: 'yourAmount',
    productinfo: 'yourProductInfo',
    firstname: 'yourFirstName',
    email: 'yourEmail',
    udf1: 'optional_value1'
    // udf2, udf3, udf4, udf5 not provided - will default to empty strings
};
const salt = 'yourSalt';

const hash = generateHash(params, salt);
console.log("Generated Hash:", hash);

Sample request

  curl --location \
   --request \
   POST 'https://secure.payu.in/_payment' --header 'Content-Type: application/x-www-form-urlencoded' \
   --header 'Cookie: PHPSESSID=mj185cifujktpv1igu9tmuoaal; PAYUID=6b0d4cbbe43702a8a938a4d4c546ae01; PHPSESSID=6388ab6306272' \
   --data \
  -urlencode 'hash=5e0f040fb08759d621caf04baab4bd893e1d9f5d3edfc2aa42bea00c2ac7140b14b7883028a3b7fc5df6fb728f7542d85c2930c3f3dc4bab6a8b3da1ff33d9fe' --data \
  -urlencode 'key=smsplus' --data \
  -urlencode 'txnid=payuTestTransaction8169502' --data \
  -urlencode 'amount=1.1' --data \
  -urlencode 'firstname=Postman' --data \
  -urlencode '[email protected]' --data \
  -urlencode 'phone=9988776655' --data \
  -urlencode 'productinfo=Product Info' --data \
  -urlencode 'surl=https://admin.payu.in/test_response' --data \
  -urlencode 'furl=https://admin.payu.in/test_response' --data \
  -urlencode 'notifyurl=https://admin.payu.in/test_response' --data \
  -urlencode 'codurl=https://admin.payu.in/test_response' --data \
  -urlencode 'ipurl=https://admin.payu.in/test_response' --data \
  -urlencode 'lastname=' --data \
  -urlencode 'udf1=' --data \
  -urlencode 'udf2=' --data \
  -urlencode 'udf3=' --data \
  -urlencode 'udf4=' --data \
  -urlencode 'udf5=' --data \
  -urlencode 'pg=CC' --data \
  -urlencode 'bankcode=CC' --data \
  -urlencode 'ccnum=XXXXXXXXXXX8006' --data \
  -urlencode 'ccname=ASHISH' --data \
  -urlencode 'ccvv=XXX' --data \
  -urlencode 'ccexpmon=05' --data \
  -urlencode 'ccexpyr=2025' --data \
  -urlencode 'txn_s2s_flow=4' --data \
  -urlencode 'auth_only=2' --data \
  -urlencode 'termUrl=https://admin.payu.in/test_response' --data \
  -urlencode 'pre_authorize=1' --data \

Sample response

📘
Understanding response parameters:
The response for the S2S payment request is not similar to Merchant Hosted or PayU Hosted Checkout. For description of response parameters, refer to Additional Info for Payment APIs.

{
   "metaData": {
      "message": null,
      "referenceId": "00c44a4c8306f9cbe5ecf6133afe08a7",
      "statusCode": null,
      "txnId": "payuTestTransaction447674",
      "txnStatus": "Enrolled",
      "unmappedStatus": "pending"
   },
   "result": {
      "otpPostUrl": "",
      "acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vd3d3LjNkc2VjdXJlMS5pY2ljaWJhbmsuY29tL0FDU1dlYi9FbnJvbGxXZWIvSUNJQ0lCYW5rL3NlcnZlci9BY2Nlc3NDb250cm9sU2VydmVyP2lkY3Q9ODExMi5WIiBtZXRob2Q9InBvc3QiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Ik1EIiB2YWx1ZT0iYzJlOWU0NTYwMzdmMDMzZTVjYzNkN2I2ZTU1NjE4OWFkZjQxZWVhYmY3MDY4NDRkZmY3MGFhYzkxZjZiOGU3M2JiMTg0NjI4NmM4Zjk5ZWE3NjhjZjM4ZjdjMTIzNjljfDUyMzcyNzQ5MzY0Nzk1MGYzMjY4NGJkNmYxYWIwN2FhNjQ3NDAxNmYiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9IlBhUmVxIiB2YWx1ZT0iZU5wVlVrMXYyekFNL1N0Qjc3RytyTW9PV0FGTkRhdzVKTTNTN3RLYmJER3hoL2lqbGowMCsvV1RIR2ZkVHVLamlFZStSOEpiMlNObXIxaU1QV3JZb25QbWhJdktQdHpsOFQzbE9lVkxMbzkyR1Z0TWxvbFE2VkpZeFRrMVZDcGw3elRzSHcvNG9lRVg5cTVxRzgwaUduRWdOK2daKzZJMHphREJGQi9yelU3SGlVaVZCREpEcUxIZlpKb3puc1lKbFFrVmd0SjdJTmMwTktaRzdXclhuVWNIWkVKUXRHTXo5QmN0cEsrN0FSajdzeTZIb1hNclF0d2tKK3JNWll5cWh1UW1UMWw4dElVNVdta1pUeFJGcTR4TUZVdXBORGw1YXV1NmJmYW5BN3F1YlJ3K204YWVzUWNTU0lGOGFkaVBJWEoraU0vSzZ2ZTMwL0NTYmNYTEsvMzluaFdYN2M5MXVjMStpQjMvL2dBa1ZJQTFBMnBPdWRkSDJZS0psVkFyNGYyWjhtRHFNTDNlN0E0TEZqSHFUYmttb0F0OUhxK0FoWTkvRStERjlkZ1VOd2R1Q1FEVFQ0Kyt3amY0RzRORlYzZ1I4L09sNE9rNTdLUVlndnZ6Z040T0pTU1RLc2wzL0xSVzViZXdwNmtra0ZmZVp5Nm9uTmdEQUJKSXlId0NaTDRlSC8xM1ZYOEFEOUxGSGc9PSI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iVGVybVVybCIgdmFsdWU9Imh0dHBzOi8vc2VjdXJlLnBheXUuaW4vYmFiOTE0ZmRjYWZkNWQxMjg3MGVkN2E1OTcxOTA1YWIvQ29tbW9uUGdSZXNwb25zZUhhbmRsZXIiPjwvZm9ybT48c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cub25sb2FkPWZ1bmN0aW9uKCl7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbJ3BheW1lbnRfcG9zdCddLnN1Ym1pdCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICA8L3NjcmlwdD48L2JvZHk+PC9odG1sPg=="
   },
   "binData": {
      "pureS2SSupported": false,
      "issuingBank": "ICICI",
      "category": "creditcard",
      "cardType": "VISA",
      "isDomestic": true
   }
}

Step 2: Check the PayU response

The formatted sample response body is similar to the following, and you need to look for the following parameters:

Key response parameters

Parameter	Expected Value	Description
`status`	`success`	Transaction status
`unmappedstatus`	`auth`	Indicates pre-authorization was successful
`PG_TYPE`	`CC-PG`	Payment gateway type
`bankcode`	`CC`	Bank code for credit card
`mihpayid`	Transaction ID	PayU's unique transaction identifier
`bank_ref_num`	Reference number	Bank reference number for the transaction

Sample response

  mihpayid: 403993715523615328
  mode: CC
  status: success
  unmappedstatus: auth
  key: JPM7Fg
  txnid: 50QJq6lBJBmx14
  amount: 10.00
  cardCategory: domestic
  discount: 0.00
  net_amount_debit: 10
  addedon: 2021-07-28 15:11:37
  productinfo: iPhone
  firstname: PayU User
  lastname: 
  address1: 
  address2: 
  city: 
  state: 
  country: 
  zipcode: 
  email: [email protected]
  phone: 9876543210
  udf1: 
  udf2: 
  udf3: 
  udf4: 
  udf5: 
  udf6: 
  udf7: 
  udf8: 
  udf9: 
  udf10: 
  hash: afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa
  field1: 
  field2: 
  field3: 
  field4: 
  field5: 
  field6: 
  field7: 
  field8: 
  field9: Transaction Completed Successfully
  payment_source: payu
  PG_TYPE: CC-PG
  bank_ref_num: 7f0d5ada-59bb-41d7-9e41-20a6af2406c9
  bankcode: CC
  error: E000
  error_Message: No Error
  name_on_card: test
  cardnum: 411111XXXXXX1111
  cardhash: This field is no longer supported in postback params.

Step 3: Capture a Pre-authorized payment

To capture a pre-authorized payment, use the following command. After the API command is successful, the transaction would be captured and settled to you.

Environment


Test Environment	https://test.payu.in/merchant/postservice.php?form=2
Production Environment	https://info.payu.in/merchant/postservice.php?form=2

Request parameters

Parameter	Description
`key`	Merchant key provided by PayU
`command`	Set to `capture_transaction` for capturing pre-authorized payments
`hash`	SHA-512 hash for security verification
`var1`	PayU Transaction ID (mihpayid) from the pre-authorize response
`var2`	Merchant Transaction ID (txnid)
`var3`	Amount to capture (can be equal to or less than pre-authorized amount)

Sample request

  curl --location --request POST 'https://info.payu.in/merchant/postservice.php?form=2' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'key=JF***g' \
    --data-urlencode 'command=capture_transaction' \
    --data-urlencode 'hash=67411736ab98c59522492a12751a6015c41b87764019f9dc14052690c2c7af9095d31002fc109dcf3596c2f38792d56db6f6207b1989010f2adf51c144fa3019' \
    --data-urlencode 'var1=15246574846' \
    --data-urlencode 'var2=authorizeTransaction123' \
    --data-urlencode 'var3=1'

import requests

url = "https://info.payu.in/merchant/postservice.php?form=2"

headers = {
    "Content-Type": "application/x-www-form-urlencoded"
}

data = {
    "key": "JF***g",
    "command": "capture_transaction",
    "hash": "67411736ab98c59522492a12751a6015c41b87764019f9dc14052690c2c7af9095d31002fc109dcf3596c2f38792d56db6f6207b1989010f2adf51c144fa3019",
    "var1": "15246574846",
    "var2": "authorizeTransaction123",
    "var3": "1"
}

response = requests.post(url, headers=headers, data=data)

print("Status Code:", response.status_code)
print("Response:", response.json())

import java.io.IOException;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.stream.Collectors;

public class CaptureTransaction {
    public static void main(String[] args) throws IOException, InterruptedException {
        String url = "https://info.payu.in/merchant/postservice.php?form=2";
        
        Map<String, String> formData = new LinkedHashMap<>();
        formData.put("key", "JF***g");
        formData.put("command", "capture_transaction");
        formData.put("hash", "67411736ab98c59522492a12751a6015c41b87764019f9dc14052690c2c7af9095d31002fc109dcf3596c2f38792d56db6f6207b1989010f2adf51c144fa3019");
        formData.put("var1", "15246574846");
        formData.put("var2", "authorizeTransaction123");
        formData.put("var3", "1");
        
        String formBody = formData.entrySet()
            .stream()
            .map(entry -> URLEncoder.encode(entry.getKey(), StandardCharsets.UTF_8) + "=" + 
                          URLEncoder.encode(entry.getValue(), StandardCharsets.UTF_8))
            .collect(Collectors.joining("&"));
        
        HttpClient client = HttpClient.newHttpClient();
        
        HttpRequest request = HttpRequest.newBuilder()
            .uri(URI.create(url))
            .header("Content-Type", "application/x-www-form-urlencoded")
            .POST(HttpRequest.BodyPublishers.ofString(formBody))
            .build();
        
        HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
        
        System.out.println("Status Code: " + response.statusCode());
        System.out.println("Response: " + response.body());
    }
}

<?php

$url = "https://info.payu.in/merchant/postservice.php?form=2";

$data = array(
    'key' => 'JF***g',
    'command' => 'capture_transaction',
    'hash' => '67411736ab98c59522492a12751a6015c41b87764019f9dc14052690c2c7af9095d31002fc109dcf3596c2f38792d56db6f6207b1989010f2adf51c144fa3019',
    'var1' => '15246574846',
    'var2' => 'authorizeTransaction123',
    'var3' => '1'
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/x-www-form-urlencoded'
));

$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

echo "Status Code: " . $httpCode . "\n";
echo "Response: " . $response . "\n";

// Parse JSON response
$jsonResponse = json_decode($response, true);
print_r($jsonResponse);
?>

#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common qw(POST);
use JSON;

my $url = "https://info.payu.in/merchant/postservice.php?form=2";

my $ua = LWP::UserAgent->new;
$ua->timeout(30);

my %data = (
    'key'     => 'JF***g',
    'command' => 'capture_transaction',
    'hash'    => '67411736ab98c59522492a12751a6015c41b87764019f9dc14052690c2c7af9095d31002fc109dcf3596c2f38792d56db6f6207b1989010f2adf51c144fa3019',
    'var1'    => '15246574846',
    'var2'    => 'authorizeTransaction123',
    'var3'    => '1'
);

my $response = $ua->request(POST $url,
    Content_Type => 'application/x-www-form-urlencoded',
    Content      => [%data]
);

if ($response->is_success) {
    print "Status Code: " . $response->code . "\n";
    print "Response: " . $response->decoded_content . "\n";
    
    my $json_response = decode_json($response->decoded_content);
    use Data::Dumper;
    print Dumper($json_response);
} else {
    print "Error: " . $response->status_line . "\n";
}

Sample response

  { 
      "status": 1, 
      "msg": "Capture Request Queued", 
      "request_id": "Request ID", 
      "bank_ref_num": "Bank Reference Number" 
  }

Response Field	Description
`status`	`1` indicates success
`msg`	Status message
`request_id`	Unique request identifier
`bank_ref_num`	Bank reference number for the captured transaction

Step 1: Post the Pre-Auth transaction request

Hashing

Hashing Sample Code

Understanding response parameters:

Step 2: Check the PayU response

Step 3: Capture a Pre-authorized payment

EXAMPLE QUESTIONS