Integration Guide
Start typing to search…

UPI Collection S2S Integration

In UPI Collect, the sequence of APIs is called to follow for redirection less experience.

Steps to Integrate

  1. Validate VPA
  2. Initiate the payment to PayU
  3. Check UPI Transaction Status
  4. S2S Call Back Response

👍

Before you begin:

Register for an account with PayU before you start integration. For more information, refer to Register for a Merchant Account.

UPI Content Flow

The following diagram illustrates the UPI content process flow from the initiation of the transaction by the customer to the success of payment.

UPI Collect Process Steps

  1. Customer selects UPI from the website or mobile app to make payment through. 

  2. PayU ​pre-fills the VPA address issuer to reduce customer input. ​ 

  3. PayU verifies the customer’s VPA and shares the customer’s name.  

  4. Customer proceeds with the transaction after confirmation 

    The customer sees a payment screen pre-filled with the amount and your name.  

  5. Customer accepts the payment to complete the transaction. ​ 

Step 1: Validate VPA

This web service will let you validate VPA if it is a valid VPA or not.

After the customer enters VPA on your website, you need to call this API to check for VPA validation. If VPA is valid, you need to proceed with the next step. For a sample request or response, refer to Validate VPA.

Collect the response in the UPI Collection under API Reference. The response for the S2S payment request is not similar to Merchant Hosted or PayU Hosted Checkout. For description of response parameters, refer to Additional Info for Payment APIs.

Step 2: Initiate the payment to PayU

To start with, the request is raised from the Merchant to PayU with the required transaction mandatory/optional parameters. This needs to be a server-to-server curl call request. This API is used for both Cards and UPI for generating a new transaction. Parameters and their descriptions are mentioned below.

For the "Try It" experience, refer to UPI Collection.

PayU URL Endpoint:

Productionhttps://secure.payu.in/_payment
Testhttps://test.payu.in/_payment

Post parameters

Some of the parameters are mandatory for S2S integration, and a few are optional. You need to include the following parameters.

Request parameters

Parameter

Description

Example

key mandatory

String The merchant key provided by PayU must be included.

txnid
mandatory

String (alphanumeric) Merchant transaction identifier - This parameter must be unique (after a successful transaction) & alphanumeric special (<= 50 characters & excluding >,<, =,:,&, ‘).

1234_abcdedf

amount
mandatory

String (rounded to two decimal places) This parameter must contain the amount for which QR needs to be generated. The amount should be greater than or equal to Rs.1.00.

1000

phone
mandatory

String This parameter must contain the customer phone number (10 characters).

9876786756

productinfo
mandatory

String (alphanumeric) This field must contain the product name. By default, the value is 'storefront' (max. 100 characters).

iPhone 12

firstname
mandatory

String This parameter must contain the customer's first name (max. 60 characters).

Sundar

email
mandatory

String This parameter must contain the customer email ID.

[email protected]

pg
mandatory

String It must be set as UPI for this transaction.

UPI

bankcode
mandatory

String Value should be "UPI": for UPI collect transaction
"INTENT": for initiating the UPI Intent transaction

UPI

lastname
optional

String This parameter must contain the customer last name (maximum 20 characters).

Teja

address1
optional

String This parameter must contain the first line of customer address (up to 100 characters).

PayU, Bestech Business Tower, Gurgaon

address2
optional

String This parameter must contain the second line of the customer address (up to 100 characters).

Sohna Road

city
optional

String This parameter must contain the customer city (max. 50 characters).

Gurgaon

country
optional

String This parameter must contain the customer's country that is part of the address (max. 50 characters).

India

state
optional

String This parameter must contain the customer state that is part of the address (max 50 characters).

Haryana

zipcode
optional

Numeric This parameter must contain the customer's PIN code (6 digits).

122018

udf1
optional

String This parameter can include any custom information in request (up to 255 characters).

Website order

udf2
optional

String This parameter can include any custom information in request (up to 255 characters.).

udf3
optional

String This parameter can include any custom information in request.
(up to 255 characters.)

udf4
optional

String This parameter can include any custom information in request.
(up to 255 characters.)

udf5
optional

String This parameter can include any custom information in request.
(up to 255 characters.)

s2s_client_ip
mandatory

Sting This parameter must have the source IP of the user's device.

  • *Note**: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information.

s2s_device_info
mandatory

String This parameter must have the user agent of device.

  • *Note**: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information.

txn_s2s_flow
mandatory

StringThis parameter must be posted with the values a 4 for transaction flow.

4

upiAppName
mandatory

String For Specific Intent, merchant should share the app name which is selected by customer on the merchant check-out page. The following are the enum’s expected for major apps:

  • phonepe
  • googlepay
  • paytm
  • bhim
  • cred
  • amazonpay
  • whatsapp
  • genericintent – For any other app apart from
    above

phonepe

vpa
mandatory

String Virtual Private Address. VPA can first be validated using VPA validate web service. Also, add regex where ‘@’ exists. Example: 8800411088@upi This needs to be passed in case of collect flow of UPI only.

8800411088@upi

hash
mandatory

String Hash is a crucial parameter – used specifically to avoid any tampering during the transaction. For more information, refer to Generate Hash.

Hashing

You must hash the request parameters using the following hash logic:

sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)

For more information, refer to Generate Hash.

Step 3: Check UPI transaction status

Check the UPI transaction status using the Verify Payment API (verify_payment) API. For more information, refer to Verify Payment API

Step 4: Check the S2S callback response

The response to this call would be a base64 encoded JSON containing transaction ID and other transaction details.

Hash validation logic for payment response (Reverse Hashing)

While sending the response, PayU takes the exact same parameters that were sent in the request (in reverse order) to calculate the hash and returns it to you. You must verify the hash and then mark a transaction as a success or failure. This is to make sure the transaction has not tampered within the response.

The order of the parameters is similar to the following code block:

sha512(SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key)

Sample response

eyJzdGF0dXMiOiJzdWNjZXNzIiwicmVzdWx0Ijp7Im1paHBheWlkIjoiNzYwMTI2NTU4NSIsIm1vZGUiOiJVUEkiLCJzdGF0dXMiOiJwZW5kaW5nIiwia2V5IjoiTWVyY2hhbnRLZXkiLCJ0eG5pZCI6IjZiMmYzZDY4NWVjMWJiYTdkZDRiIiwiYW1vdW50IjoiMTAuMDAiLCJhZGRlZG9uIjoiMjAxOC0xMS0wMSAxOTo1NjozMiIsInByb2R1Y3RpbmZvIjoiUHJvZHVjdCBJbmZvIiwiZmlyc3RuYW1lIjoiUGF5dS1Vc2VyIiwibGFzdG5hbWUiOiIiLCJhZGRyZXNzMSI6IiIsImFkZHJlc3MyIjoiIiwiY2l0eSI6IiIsInN0YXRlIjoiIiwiY291bnRyeSI6IiIsInppcGNvZGUiOiIiLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20iLCJwaG9uZSI6IjEyMzQ1Njc4OTAiLCJ1ZGYxIjoiIiwidWRmMiI6IiIsInVkZjMiOiIiLCJ1ZGY0IjoiIiwidWRmNSI6IiIsInVkZjYiOiIiLCJ1ZGY3IjoiIiwidWRmOCI6IiIsInVkZjkiOiIiLCJ1ZGYxMCI6IiIsImNhcmRfdG9rZW4iOiIiLCJjYXJkX25vIjoiIiwiZmllbGQwIjoiIiwiZmllbGQxIjoiYWJjZEB1cGkiLCJmaWVsZDIiOiIiLCJmaWVsZDMiOiIiLCJmaWVsZDQiOiIiLCJmaWVsZDUiOiIiLCJmaWVsZDYiOiIiLCJmaWVsZDciOiIiLCJmaWVsZDgiOiIiLCJmaWVsZDkiOiIiLCJwYXltZW50X3NvdXJjZSI6InBheXVQdXJlUzJTIiwiUEdfVFlQRSI6IkFYSVNVIiwiZXJyb3IiOiJFMDAwIiwiZXJyb3JfTWVzc2FnZSI6Ik5vIEVycm9yIiwibmV0X2Ftb3VudF9kZWJpdCI6IjAiLCJhZGRpdGlvbmFsQ2hhcmdlcyI6IjI5LjUiLCJ1bm1hcHBlZHN0YXR1cyI6ImluIHByb2dyZXNzIiwiaGFzaCI6IjU2NzQ3OGE5ZDUyMzhlZTIyZGFhMDM2ZWMwMjAxMzk0OGY2YjgwNGUzMWNhYzNkYmQyMDc1NmU5ZjFkNDFlMjI4ZTQxYzJkYjcwZmU4ZWRlZmMyNDBiOTQwODZlN2QzN2Y4ZDQ2OTA4MzU4Y2NjNzA4Y2JjNWVlNTJjMjlkYWEwIiwiYmFua19yZWZfbm8iOiJBWEk5MTEwMDAwMDAwMDQ5MTg0NzY2MTU0MTc5OTcwNTY5OCIsImJhbmtfcmVmX251bSI6IkFYSTkxMTAwMDAwMDAwNDkxODQ3NjYxNTQxNzk5NzA1Njk4IiwiYmFua2NvZGUiOiJVUEkiLCJzdXJsIjoiaHR0cHM6XC9cL2FkbWluLnBheXUuaW5cL3Rlc3RfcmVzcG9uc2UiLCJjdXJsIjoiaHR0cHM6XC9cL2FkbWluLnBheXUuaW5cL3Rlc3RfcmVzcG9uc2UiLCJmdXJsIjoiaHR0cHM6XC9cL2FkbWluLnBheXUuaW5cL3Rlc3RfcmVzcG9uc2UifX0

Base64 decoded response:

{"status":"success","result":{"mihpayid":"7601265585","mode":"UPI","status":"pending","key":"MerchantKey","txnid":"6b2f3d685ec1bba7dd4b","amount":"10.00","addedon":"2018-11-01
19:56:32","productinfo":"ProductInfo","firstname":"PayuUser","lastname":"","address1":"","address2":"","city":"","state":"","country":"","zipcode":"","email":"[email protected]","phone":"1234567890","udf1":"","udf2":"","udf3":"","udf4":"","udf5":"","udf6":"","udf7":"","udf8":"","udf9":"","udf10":"","card_token":"","card_no":"","field0":"","field1":"abcd@upi","field2":"","field3":"","field4":"","field5":"","field6":"","field7":"","field8":"","field9":"","payment_source":"payuPureS2S","PG_TYPE":"AXISU","error":"E000","error_Message":"NoError","net_amount_debit":"0","additionalCharges":"29.5","unmappedstatus":"inprogress","hash":"567478a9d5238ee22daa036ec02013948f6b804e31cac3dbd20756e9f1d41e228e41c2db70fe8edefc240b94086e7d37f8d46908358ccc708cbc5ee52c29daa0","bank_ref_no":"AXI91100000000491847661541799705698","bank_ref_num":"AXI91100000000491847661541799705698","bankcode":"UPI","surl":"https:\/\/admin.payu.in\/test_response","curl":"https:\/\/admin.payu.in\/test_response","furl":"https:\/\/admin.payu.in\/test_response"}}

📘

Note:

In case of an invalid VPA, the final result will be a JSON in plain text as follows.

{"result":null,"status":"failed","error":"E1617","message":"Invalid vpa"}

Updated 13 days ago