UPI Collection S2S Integration
In UPI Collect, the sequence of APIs is called to follow for redirection less experience.
Steps to Integrate
Before you begin:
Register for a account with PayU before you start integration. For more information, refer to Register for a Merchant Account.
UPI Content Flow
The following diagram illustrates the UPI content process flow from the initiation of the transaction by the customer to the success of payment.
UPI Collect Process Steps
-
Customer selectsβ―UPIβ―from the website or mobile app to make payment through.Β
-
PayUβ―βpre-fills theβ―VPA address issuerβ―to reduceβ―customer input.β―βΒ
-
PayU verifies theβ―customerβs VPA and sharesβ―the customerβs name.β―Β
-
Customerβ―proceeds with the transactionΒ after confirmationΒ
The customer sees aβ―payment screen pre-filled withβ―the amount andΒ yourβ―name.β―Β
-
Customer accepts the payment toβ―complete the transaction.β―βΒ
Step 1: Validate VPA
This web service will let you validate VPA if it is a valid VPA or not.
After the customer enters VPA on your website, you need to call this API to check for VPA validation. If VPA is valid, you need to proceed with the next step. For a sample request or response, refer to Validate VPA.
Collect the response in the UPI Collection under API Reference. The response for the S2S payment request is not similar to Merchant Hosted or PayU Hosted Checkout. For description of response parameters, refer to Additional Info for Payment APIs.
Step 2: Initiate the payment to PayU
To start with, the request is raised from the Merchant to PayU with the required transaction mandatory/optional parameters. This needs to be a server-to-server curl call request. This API is used for both Cards and UPI for generating a new transaction. Parameters and their descriptions are mentioned below.
For the "Try It" experience, refer to UPI Collection.
PayU URL Endpoint:
Post parameters
Some of the parameters are mandatory for S2S integration, and a few are optional. You need to include the following parameters.
Request parameters
| Parameter | Description | Example |
|---|---|---|
keymandatory | String The merchant key provided by PayU must be included.Reference: For more information on how to generate the Key and Salt, refer to any of the following: - Production: Access Production Key and Salt - Test: Access Test Merchant Key and Salt | |
txnidmandatory | String (alphanumeric) Merchant transaction identifier - This parameter must be unique (after a successful transaction) & alphanumeric special (<= 50 characters & excluding >,<, =,:,&, β). | 1234_abcdedf |
amountmandatory | String (rounded to two decimal places) This parameter must contain the amount for which QR needs to be generated. The amount should be greater than or equal to Rs.1.00. | 1000 |
phonemandatory | String This parameter must contain the customer phone number (10 characters). | 9876786756 |
productinfomandatory | String (alphanumeric) This field must contain the product name. By default, the value is 'storefront' (max. 100 characters). | iPhone 12 |
firstnamemandatory | String This parameter must contain the customer's first name (max. 60 characters). | Sundar |
emailmandatory | String This parameter must contain the customer email ID. | [email protected] |
pgmandatory | String It must be set as UPI for this transaction. | UPI |
bankcodemandatory | String Value should be "UPI": for UPI collect transaction"INTENT": for initiating the UPI Intent transaction | UPI |
lastnameoptional | String This parameter must contain the customer last name (maximum 20 characters). | Teja |
address1optional | String This parameter must contain the first line of customer address (up to 100 characters). | PayU, Bestech Business Tower, Gurgaon |
address2optional | String This parameter must contain the second line of the customer address (up to 100 characters). | Sohna Road |
cityoptional | String This parameter must contain the customer city (max. 50 characters). | Gurgaon |
countryoptional | String This parameter must contain the customer's country that is part of the address (max. 50 characters). | India |
stateoptional | String This parameter must contain the customer state that is part of the address (max 50 characters). | Haryana |
zipcodeoptional | Numeric This parameter must contain the customer's PIN code (6 digits). | 122018 |
udf1optional | String This parameter can include any custom information in request (up to 255 characters). | Website order |
udf2optional | String This parameter can include any custom information in request (up to 255 characters.). | |
udf3optional | String This parameter can include any custom information in request.(up to 255 characters.) | |
| udf4 optional | String This parameter can include any custom information in request.(up to 255 characters.) | |
udf5optional | String This parameter can include any custom information in request.(up to 255 characters.) | |
s2s_client_ipmandatory | Sting This parameter must have the source IP of the user's device.Note: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information. | |
s2s_device_infomandatory | String This parameter must have the user agent of device.Note: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information. | |
txn_s2s_flowmandatory | StringThis parameter must be posted with the values a 4 for transaction flow. | 4 |
upiAppNamemandatory | String For Specific Intent, merchant should share the app name which is selected by customer on the merchant check-out page. The following are the enumβs expected for major apps:- phonepe - googlepay - paytm - bhim - cred - amazonpay - genericintent β For any other app apart from above | phonepe |
vpamandatory | String Virtual Private Address. VPA can first be validated using VPA validate web service. Also, add regex where β@β exists. Example: 8800411088@upi This needs to be passed in case of collect flow of UPI only. | 8800411088@upi |
hashmandatory | String Hash is a crucial parameter β used specifically to avoid any tampering during the transaction. For more information, refer to Generate Hash. |
Hashing
You must hash the request parameters using the following hash logic:
sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)
For more information, refer to Generate Hash.
Step 3: Check UPI transaction status
Check the UPI transaction status using theΒ Verify Payment APIΒ (verify_payment) API. For more information, refer toΒ Verify Payment API
Step 4: Check the S2S callback response
The response to this call would be a base64 encoded JSON containing transaction ID and other transaction details.
Hash validation logic for payment response (Reverse Hashing)
While sending the response, PayU takes the exact same parameters that were sent in the request (in reverse order) to calculate the hash and returns it to you. You must verify the hash and then mark a transaction as a success or failure. This is to make sure the transaction has not tampered within the response.
The order of the parameters is similar to the following code block:
sha512(SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key)
Sample response
eyJzdGF0dXMiOiJzdWNjZXNzIiwicmVzdWx0Ijp7Im1paHBheWlkIjoiNzYwMTI2NTU4NSIsIm1vZGUiOiJVUEkiLCJzdGF0dXMiOiJwZW5kaW5nIiwia2V5IjoiTWVyY2hhbnRLZXkiLCJ0eG5pZCI6IjZiMmYzZDY4NWVjMWJiYTdkZDRiIiwiYW1vdW50IjoiMTAuMDAiLCJhZGRlZG9uIjoiMjAxOC0xMS0wMSAxOTo1NjozMiIsInByb2R1Y3RpbmZvIjoiUHJvZHVjdCBJbmZvIiwiZmlyc3RuYW1lIjoiUGF5dS1Vc2VyIiwibGFzdG5hbWUiOiIiLCJhZGRyZXNzMSI6IiIsImFkZHJlc3MyIjoiIiwiY2l0eSI6IiIsInN0YXRlIjoiIiwiY291bnRyeSI6IiIsInppcGNvZGUiOiIiLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20iLCJwaG9uZSI6IjEyMzQ1Njc4OTAiLCJ1ZGYxIjoiIiwidWRmMiI6IiIsInVkZjMiOiIiLCJ1ZGY0IjoiIiwidWRmNSI6IiIsInVkZjYiOiIiLCJ1ZGY3IjoiIiwidWRmOCI6IiIsInVkZjkiOiIiLCJ1ZGYxMCI6IiIsImNhcmRfdG9rZW4iOiIiLCJjYXJkX25vIjoiIiwiZmllbGQwIjoiIiwiZmllbGQxIjoiYWJjZEB1cGkiLCJmaWVsZDIiOiIiLCJmaWVsZDMiOiIiLCJmaWVsZDQiOiIiLCJmaWVsZDUiOiIiLCJmaWVsZDYiOiIiLCJmaWVsZDciOiIiLCJmaWVsZDgiOiIiLCJmaWVsZDkiOiIiLCJwYXltZW50X3NvdXJjZSI6InBheXVQdXJlUzJTIiwiUEdfVFlQRSI6IkFYSVNVIiwiZXJyb3IiOiJFMDAwIiwiZXJyb3JfTWVzc2FnZSI6Ik5vIEVycm9yIiwibmV0X2Ftb3VudF9kZWJpdCI6IjAiLCJhZGRpdGlvbmFsQ2hhcmdlcyI6IjI5LjUiLCJ1bm1hcHBlZHN0YXR1cyI6ImluIHByb2dyZXNzIiwiaGFzaCI6IjU2NzQ3OGE5ZDUyMzhlZTIyZGFhMDM2ZWMwMjAxMzk0OGY2YjgwNGUzMWNhYzNkYmQyMDc1NmU5ZjFkNDFlMjI4ZTQxYzJkYjcwZmU4ZWRlZmMyNDBiOTQwODZlN2QzN2Y4ZDQ2OTA4MzU4Y2NjNzA4Y2JjNWVlNTJjMjlkYWEwIiwiYmFua19yZWZfbm8iOiJBWEk5MTEwMDAwMDAwMDQ5MTg0NzY2MTU0MTc5OTcwNTY5OCIsImJhbmtfcmVmX251bSI6IkFYSTkxMTAwMDAwMDAwNDkxODQ3NjYxNTQxNzk5NzA1Njk4IiwiYmFua2NvZGUiOiJVUEkiLCJzdXJsIjoiaHR0cHM6XC9cL2FkbWluLnBheXUuaW5cL3Rlc3RfcmVzcG9uc2UiLCJjdXJsIjoiaHR0cHM6XC9cL2FkbWluLnBheXUuaW5cL3Rlc3RfcmVzcG9uc2UiLCJmdXJsIjoiaHR0cHM6XC9cL2FkbWluLnBheXUuaW5cL3Rlc3RfcmVzcG9uc2UifX0
Base64 decoded response:
{"status":"success","result":{"mihpayid":"7601265585","mode":"UPI","status":"pending","key":"MerchantKey","txnid":"6b2f3d685ec1bba7dd4b","amount":"10.00","addedon":"2018-11-01
19:56:32","productinfo":"ProductInfo","firstname":"PayuUser","lastname":"","address1":"","address2":"","city":"","state":"","country":"","zipcode":"","email":"[email protected]","phone":"1234567890","udf1":"","udf2":"","udf3":"","udf4":"","udf5":"","udf6":"","udf7":"","udf8":"","udf9":"","udf10":"","card_token":"","card_no":"","field0":"","field1":"abcd@upi","field2":"","field3":"","field4":"","field5":"","field6":"","field7":"","field8":"","field9":"","payment_source":"payuPureS2S","PG_TYPE":"AXISU","error":"E000","error_Message":"NoError","net_amount_debit":"0","additionalCharges":"29.5","unmappedstatus":"inprogress","hash":"567478a9d5238ee22daa036ec02013948f6b804e31cac3dbd20756e9f1d41e228e41c2db70fe8edefc240b94086e7d37f8d46908358ccc708cbc5ee52c29daa0","bank_ref_no":"AXI91100000000491847661541799705698","bank_ref_num":"AXI91100000000491847661541799705698","bankcode":"UPI","surl":"https:\/\/admin.payu.in\/test_response","curl":"https:\/\/admin.payu.in\/test_response","furl":"https:\/\/admin.payu.in\/test_response"}}
Note:
In case of an invalid VPA, the final result will be a JSON in plain text as follows.
{"result":null,"status":"failed","error":"E1617","message":"Invalid vpa"}
Updated about 1 month ago