UPI Collection S2S Integration

In UPI Collect, the sequence of APIs is called to follow for redirection less experience.

Steps to Integrate

  1. Validate VPA
  2. Initiate the payment to PayU
  3. Check UPI Transaction Status
  4. S2S Call Back Response

👍

Before you begin:

Register for a account with PayU before you start integration. For more information, refer to Register for a Merchant Account.

UPI Content Flow

The following diagram illustrates the UPI content process flow from the initiation of the transaction by the customer to the success of payment.

UPI Collect Process Steps

  1. Customer selects UPI from the website or mobile app to make payment through. 

  2. PayU ​pre-fills the VPA address issuer to reduce customer input. ​ 

  3. PayU verifies the customer’s VPA and shares the customer’s name.  

  4. Customer proceeds with the transaction after confirmation 

    The customer sees a payment screen pre-filled with the amount and your name.  

  5. Customer accepts the payment to complete the transaction. ​ 


Step 1: Validate VPA

This web service will let you validate VPA if it is a valid VPA or not.

After the customer enters VPA on your website, you need to call this API to check for VPA validation. If VPA is valid, you need to proceed with the next step. For a sample request or response, refer to Validate VPA.

Collect the response in the UPI Collection under API Reference. The response for the S2S payment request is not similar to Merchant Hosted or PayU Hosted Checkout. For description of response parameters, refer to Additional Info for Payment APIs.

Step 2: Initiate the payment to PayU

To start with, the request is raised from the Merchant to PayU with the required transaction mandatory/optional parameters. This needs to be a server-to-server curl call request. This API is used for both Cards and UPI for generating a new transaction. Parameters and their descriptions are mentioned below.

For the "Try It" experience, refer to UPI Collection.

PayU URL Endpoint:

Post parameters

Some of the parameters are mandatory for S2S integration, and a few are optional. You need to include the following parameters.

Request parameters

ParameterDescriptionExample
key
mandatory
String The merchant key provided by PayU must be included.
Reference: For more information on how to generate the Key and Salt, refer to any of the following:

- Production: Access Production Key and Salt
- Test: Access Test Merchant Key and Salt
txnid
mandatory
String (alphanumeric) Merchant transaction identifier - This parameter must be unique (after a successful transaction) & alphanumeric special (<= 50 characters & excluding >,<, =,:,&, ‘).1234_abcdedf
amount
mandatory
String (rounded to two decimal places) This parameter must contain the amount for which QR needs to be generated. The amount should be greater than or equal to Rs.1.00.1000
phone
mandatory
String This parameter must contain the customer phone number (10 characters).9876786756
productinfo
mandatory
String (alphanumeric) This field must contain the product name. By default, the value is 'storefront' (max. 100 characters).iPhone 12
firstname
mandatory
String This parameter must contain the customer's first name (max. 60 characters).Sundar
email
mandatory
String This parameter must contain the customer email ID.[email protected]
pg
mandatory
String It must be set as UPI for this transaction.UPI
bankcode
mandatory
String Value should be "UPI": for UPI collect transaction
"INTENT": for initiating the UPI Intent transaction
UPI
lastname
optional
String This parameter must contain the customer last name (maximum 20 characters).Teja
address1
optional
String This parameter must contain the first line of customer address (up to 100 characters).PayU, Bestech Business Tower, Gurgaon
address2
optional
String This parameter must contain the second line of the customer address (up to 100 characters).Sohna Road
city
optional
String This parameter must contain the customer city (max. 50 characters).Gurgaon
country
optional
String This parameter must contain the customer's country that is part of the address (max. 50 characters).India
state
optional
String This parameter must contain the customer state that is part of the address (max 50 characters).Haryana
zipcode
optional
Numeric This parameter must contain the customer's PIN code (6 digits).122018
udf1
optional
String This parameter can include any custom information in request (up to 255 characters).Website order
udf2
optional
String This parameter can include any custom information in request (up to 255 characters.).
udf3
optional
String This parameter can include any custom information in request.
(up to 255 characters.)
udf4
optional
String This parameter can include any custom information in request.
(up to 255 characters.)
udf5
optional
String This parameter can include any custom information in request.
(up to 255 characters.)
s2s_client_ip
mandatory
Sting This parameter must have the source IP of the user's device.
Note: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information.
s2s_device_info
mandatory
String This parameter must have the user agent of device.
Note: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information.
txn_s2s_flow
mandatory
StringThis parameter must be posted with the values a 4 for transaction flow.4
upiAppName
mandatory
String For Specific Intent, merchant should share the app name which is selected by customer on the merchant check-out page. The following are the enum’s expected for major apps:

- phonepe
- googlepay
- paytm
- bhim
- cred
- amazonpay
- whatsapp
- genericintent – For any other app apart from
above
phonepe
vpa
mandatory
String Virtual Private Address. VPA can first be validated using VPA validate web service. Also, add regex where ‘@’ exists. Example: 8800411088@upi This needs to be passed in case of collect flow of UPI only.8800411088@upi
hash
mandatory
String Hash is a crucial parameter – used specifically to avoid any tampering during the transaction. For more information, refer to Generate Hash.

Hashing

You must hash the request parameters using the following hash logic:

sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)

For more information, refer to Generate Hash.

Step 3: Check UPI transaction status

Check the UPI transaction status using the Verify Payment API (verify_payment) API. For more information, refer to Verify Payment API


Step 4: Check the S2S callback response

The response to this call would be a base64 encoded JSON containing transaction ID and other transaction details.

Hash validation logic for payment response (Reverse Hashing)

While sending the response, PayU takes the exact same parameters that were sent in the request (in reverse order) to calculate the hash and returns it to you. You must verify the hash and then mark a transaction as a success or failure. This is to make sure the transaction has not tampered within the response.

The order of the parameters is similar to the following code block:

sha512(SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key)

Sample response

eyJzdGF0dXMiOiJzdWNjZXNzIiwicmVzdWx0Ijp7Im1paHBheWlkIjoiNzYwMTI2NTU4NSIsIm1vZGUiOiJVUEkiLCJzdGF0dXMiOiJwZW5kaW5nIiwia2V5IjoiTWVyY2hhbnRLZXkiLCJ0eG5pZCI6IjZiMmYzZDY4NWVjMWJiYTdkZDRiIiwiYW1vdW50IjoiMTAuMDAiLCJhZGRlZG9uIjoiMjAxOC0xMS0wMSAxOTo1NjozMiIsInByb2R1Y3RpbmZvIjoiUHJvZHVjdCBJbmZvIiwiZmlyc3RuYW1lIjoiUGF5dS1Vc2VyIiwibGFzdG5hbWUiOiIiLCJhZGRyZXNzMSI6IiIsImFkZHJlc3MyIjoiIiwiY2l0eSI6IiIsInN0YXRlIjoiIiwiY291bnRyeSI6IiIsInppcGNvZGUiOiIiLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20iLCJwaG9uZSI6IjEyMzQ1Njc4OTAiLCJ1ZGYxIjoiIiwidWRmMiI6IiIsInVkZjMiOiIiLCJ1ZGY0IjoiIiwidWRmNSI6IiIsInVkZjYiOiIiLCJ1ZGY3IjoiIiwidWRmOCI6IiIsInVkZjkiOiIiLCJ1ZGYxMCI6IiIsImNhcmRfdG9rZW4iOiIiLCJjYXJkX25vIjoiIiwiZmllbGQwIjoiIiwiZmllbGQxIjoiYWJjZEB1cGkiLCJmaWVsZDIiOiIiLCJmaWVsZDMiOiIiLCJmaWVsZDQiOiIiLCJmaWVsZDUiOiIiLCJmaWVsZDYiOiIiLCJmaWVsZDciOiIiLCJmaWVsZDgiOiIiLCJmaWVsZDkiOiIiLCJwYXltZW50X3NvdXJjZSI6InBheXVQdXJlUzJTIiwiUEdfVFlQRSI6IkFYSVNVIiwiZXJyb3IiOiJFMDAwIiwiZXJyb3JfTWVzc2FnZSI6Ik5vIEVycm9yIiwibmV0X2Ftb3VudF9kZWJpdCI6IjAiLCJhZGRpdGlvbmFsQ2hhcmdlcyI6IjI5LjUiLCJ1bm1hcHBlZHN0YXR1cyI6ImluIHByb2dyZXNzIiwiaGFzaCI6IjU2NzQ3OGE5ZDUyMzhlZTIyZGFhMDM2ZWMwMjAxMzk0OGY2YjgwNGUzMWNhYzNkYmQyMDc1NmU5ZjFkNDFlMjI4ZTQxYzJkYjcwZmU4ZWRlZmMyNDBiOTQwODZlN2QzN2Y4ZDQ2OTA4MzU4Y2NjNzA4Y2JjNWVlNTJjMjlkYWEwIiwiYmFua19yZWZfbm8iOiJBWEk5MTEwMDAwMDAwMDQ5MTg0NzY2MTU0MTc5OTcwNTY5OCIsImJhbmtfcmVmX251bSI6IkFYSTkxMTAwMDAwMDAwNDkxODQ3NjYxNTQxNzk5NzA1Njk4IiwiYmFua2NvZGUiOiJVUEkiLCJzdXJsIjoiaHR0cHM6XC9cL2FkbWluLnBheXUuaW5cL3Rlc3RfcmVzcG9uc2UiLCJjdXJsIjoiaHR0cHM6XC9cL2FkbWluLnBheXUuaW5cL3Rlc3RfcmVzcG9uc2UiLCJmdXJsIjoiaHR0cHM6XC9cL2FkbWluLnBheXUuaW5cL3Rlc3RfcmVzcG9uc2UifX0

Base64 decoded response:

{"status":"success","result":{"mihpayid":"7601265585","mode":"UPI","status":"pending","key":"MerchantKey","txnid":"6b2f3d685ec1bba7dd4b","amount":"10.00","addedon":"2018-11-01
19:56:32","productinfo":"ProductInfo","firstname":"PayuUser","lastname":"","address1":"","address2":"","city":"","state":"","country":"","zipcode":"","email":"[email protected]","phone":"1234567890","udf1":"","udf2":"","udf3":"","udf4":"","udf5":"","udf6":"","udf7":"","udf8":"","udf9":"","udf10":"","card_token":"","card_no":"","field0":"","field1":"abcd@upi","field2":"","field3":"","field4":"","field5":"","field6":"","field7":"","field8":"","field9":"","payment_source":"payuPureS2S","PG_TYPE":"AXISU","error":"E000","error_Message":"NoError","net_amount_debit":"0","additionalCharges":"29.5","unmappedstatus":"inprogress","hash":"567478a9d5238ee22daa036ec02013948f6b804e31cac3dbd20756e9f1d41e228e41c2db70fe8edefc240b94086e7d37f8d46908358ccc708cbc5ee52c29daa0","bank_ref_no":"AXI91100000000491847661541799705698","bank_ref_num":"AXI91100000000491847661541799705698","bankcode":"UPI","surl":"https:\/\/admin.payu.in\/test_response","curl":"https:\/\/admin.payu.in\/test_response","furl":"https:\/\/admin.payu.in\/test_response"}}

📘

Note:

In case of an invalid VPA, the final result will be a JSON in plain text as follows.

{"result":null,"status":"failed","error":"E1617","message":"Invalid vpa"}