UPI Intent and Collect Autopay - TPV Integration
For recurring payment use-case, you can use UPI as a payment instrument. It requires, registration of the mandate and then doing the debit in the customer’s account. During registration, customer validates the billing details of the mandate on the respective application, enters their MPIN (Mobile PIN) and authorizes the mandate. After the registration transaction is successful, you can then use the Recurring Payment Transaction API to charge the customer without requiring further intervention. For more information on Recurring Payment API, refer to Recurring Payment Transaction API
The Third-Party Verification (TPV) functionality is now being added to the UPI Autopay too.
Notes:
- Currently, PayU supports UPI Autopay only with Seamless integration.
- Contact your PayU Key Account Manager (KAM) or PayU Support to activate this feature.
Use Cases
Merchants have use cases, which requires the transactions to be allowed only for selected accounts only. These accounts are provided by the customer before hand (during customer registration on merchant platform). Few merchant use cases are:
- Mutual Funds (SEBI guideines)
- Loan Repayment
However, as part of UPI, customer has the flexibility to link multiple accounts under the same VPA and on run-time, change the account for authorisation. So using TPV services, merchant makes sure that customer authorises the transaction using pre-registered accounts only.
Steps to Integrate
Refer any of the following tabs based on the Intent or Collect Autopay Flow integration:
Intent Autopay Workflow
The merchant initiates the call to PayU with SI details, bankcode as INTTPV, and account number + IFSC details. PayU then initiates a mandate call to the bank, including all the SI and account-related parameters. The bank responds to PayU with a reference-Id, which PayU passes to the merchant in an Intent URL. When the customer authorizes the transaction, the bank will validate the account. If the account details match, a success message will be sent to PayU. However, if the account details do not match, Bank will pass validation error to PayU. Internally, Bank will cancel the mandate that has been setup on customer’s account.
Note: Validation is done only in the registration step of the mandate. If the account matches, rest of the journey for UPI Autopay will remain as-is.
Prerequisites
S2S (Seamless) integration has to be done as per the standard kit. For more information, refer to UPI Integrations - S2S.
Supported only in Seamless integration: Currently, PayU supports UPI Intent Autopay only with Seamless integration.
Step 1: Validate VPA
When your customer makes payment through UPI, you can validate the customer's Virtual Payment Address (VPA) and then initiate payment. The validateVpa API is used to validate the UPI handle. Validate the VPA (UPI handle) using the validateVpa API. For Try-It experience of validateVpa API, refer to Validate VPA Handle API.
Environment
| Test Environment | <https://test.payu.in/merchant/postservice.php?form=2> |
| Production Environment | <https://info.payu.in/merchant/postservice.php?form=2> |
Sample request
Validate VPA
curl -X POST "https://test.payu.in/merchant/postservice?form=2" -H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "key=JP***g&command=validateVPA&var1=9999999999@upi&hash=75bb573dce34375a5fa2970afa21023d53e1cf5b8cd80a6472fff9b7c964c7a5da9146c9007df8b7391cbaf2d7d7d91dcaae8bf1d19d1837315a3376d6dc827e"</Accordion>
<Accordion title="Sample response" icon="fa-reply">
**Success scenario**
if successfully validated:
```plaintext
{
"status":"SUCCESS",
"vpa":"9999999999@upi",
"isVPAValid":1,
"isAutoPayVPAValid":1,
"isAutoPayBankValid":"NA",
"payerAccountName":"ABC"
}
Notes:
- The payerAccountName parameter can be empty or NA or will have a payer name based on the value given by the bank.
- If both isVPAValid and isAutoPayVPAValid is 1, you must initiate payment for Recurring Payments.
- Ignore the isAutoPayBankValid parameter in the response.
Failure scenarios
- If invalid VPA, the response is similar to the following:
{
"status":"SUCCESS","vpa":"abc@upi","isVPAValid":0,"payerAccountName":"NA"
} - Invalid VPA but handle supporting SI (Autopay):
{
"status":"SUCCESS","vpa":"abc@upi","isVPAValid":0,"isAutoPayVPAValid":1,"isAutoPayBankValid":"NA","payerAccountName":"NA"
}- Customer valid but handle not supporting SI (Autopay):
{
"status":"SUCCESS","vpa":"xyz@freecharge","isVPAValid":1,"isAutoPayVPAValid":0,"isAutoPayBankValid":"NA","payerAccountName":"XYZ"
}- Neither customer valid nor handle supporting Autopay:
{
"status":"SUCCESS","vpa":"xyz@freecharge","isVPAValid":0,"isAutoPayVPAValid":0,"isAutoPayBankValid":"NA","payerAccountName":"NA"
}Sample validation JS code
// JavaScript example for VPA validation before payment submission
// This should be run on your server, not client-side
async function validateVpa(vpa) {
try {
// Get hash from server endpoint
const hashResponse = await fetch('/generate-vpa-hash', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ vpa })
});
const { hash } = await hashResponse.json();
// Validate VPA with PayU
const response = await fetch('https://test.payu.in/merchant/postservice?form=2', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
key: 'YOUR_MERCHANT_KEY',
command: 'validateVPA',
var1: vpa, // VPA to validate
hash: hash
})
});
const result = await response.json();
// Sample response:
// {"status":1,"msg":"VPA is valid","isVPAValid":1,"isUPIBarredBank":0}
// OR
// {"status":0,"msg":"VPA is invalid","isVPAValid":0}
return {
isValid: result.isVPAValid === 1,
message: result.msg
};
} catch (error) {
console.error('VPA validation error:', error);
return { isValid: false, message: 'Validation service error' };
}
}
# Once you have the hash, make the API call
curl -X POST "https://test.payu.in/merchant/postservice?form=2" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "key=YOUR_MERCHANT_KEY" \
-d "command=validateVPA" \
-d "var1=customer@upi" \
-d "hash=$HASH"
Step 2: Post the parameters to PayU
With the following parameters, make the transaction request with the customer's bank account number to the PayU using the Collect Payment (_payment) API.
Environment
| Environment | URL |
|---|---|
| Test Environment | https://test.payu.in/_payment |
| Production Environment | https://secure.payu.in/_payment |
Request parameters
In the merchant-initiated POST REQUEST, Hash is a mandatory parameter. It is critical to calculate the hash correctly and post it to PayU in the request.
| Parameter | Description | Value |
|---|---|---|
key mandatory | String The merchant key is a unique identifier for a merchant account in PayU's database. | Your Test Key |
api_version optional | String The API version for this API. | 7 |
txnid mandatory | String The transaction ID is a reference number for a specific order that is generated by the merchant. It is used to track the order and must be unique. PayU's system will not accept duplicate transaction IDs. | s7hhDQVWvbhBdN |
amount mandatory | String This field should contain the payment amount for the transaction. The limit for recurring payments using UPI payment mode: * Auto-debit is Rs.15000 (the auto-debit limit is higher for below listed purpose) * With PIN is Rs.1,00,00 * Note: The auto-debit limit for the following UPI recurring payments is one lakh rupees (Rs.1,00,000): * Insurance premiums * Credit card bill payments * Insurance premium | 10.00 |
productinfo mandatory | String It should be a string containing a brief description of the product. Character Limit-100 | iPhone |
firstname mandatory | String The first name of the customer. Character Limit-60 | Ashish |
email mandatory | String The email of the customer. Character Limit-50 | [email protected] |
phone mandatory | String The phone number of the customer. | 9876543210 |
lastname mandatory | String The last name of the customer. Character Limit-60 | Verma |
address1 optional | String The first line of the billing address. Character Limit-100 | H.No- 17, Block C, Kalyan Bldg, Khardilkar Road, Mumbai |
address2 optional | String The second line of the billing address. Character Limit-100 | 34 Saikripa-Estate, Tilak Nagar |
city optional | String The city where your customer resides as part of the billing address. | Mumbai |
state optional | String The state where your customer resides as part of the billing address. | Maharashtra |
country optional | String The country where your customer resides. Character Limit-50 | India |
zipcode optional | String Billing address zip code is mandatory for the cardless EMI option. Character Limit-20 | 400004 |
surl mandatory | String The "surl" field is the success URL, which is the page PayU will redirect to if the transaction is successful. The merchant can handle the response at this URL after the customer is redirected there. | https://apiplayground-response.herokuapp.com/ |
furl mandatory | String The "furl" field is the Failure URL, which is the page PayU will redirect to if the transaction is failed. The merchant can handle the response at this URL after the customer is redirected there. | https://apiplayground-response.herokuapp.com/ |
hash mandatory | String It is used to avoid the possibility of transaction tampering. For the hash checksum logic, refer to Checksum Logic for Hash. | eabec285da28fd 0e3054d41a4d24fe 9f7599c9d0b6664 6f7a9984303fd612 4044b6206daf831 e9a8bda28a6200d 318293a13d6c193 109b60bd4b4f8b09 c90972 |
pg mandatory | varchar The pg parameter for UPI must be UPI. | UPI |
bankcode mandatory | varchar This parameter contains UPITPV for UPI TPV Collect. | UPITPV |
si mandatory | This parameter signifies a successful consent taken from the user by the merchant. This parameter must contain 1 for a successful consent. Without this parameter sent as 1, subscription cannot be set up. | |
si_details mandatory | This parameter represents mandatory details which need to be passed to during registration transaction from merchant system to PayU. * Note: It is mandatory as per the latest RBI guidelines to pass this information to the payment processor so that same can be forwarded to acquirers and issuers (for more details refer – https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11668&Mode=0) This is a JSON object and it includes a set of fields. For more information, refer to SI Parameter JSON Details | |
vpa mandatory | varchar This parameter contains the customer's VPA handle. For the list UPI handles supported, refer to UPI Handles The merchant is advised to check the validity of the VPA through using the VPA Validation API. PayU extends support for the same if required. For more information on using VPA Validation API, refer to Validate VPA Handle API. | abc@upi |
beneficiarydetail mandatory | This is a JSON format text and there should be key named beneficiaryAccountNumber with the list of account numbers and the ifscCode key with the list of corresponding IFSC codes (in the same order as provided in the beneficiaryAccountNumber key). You can post up to five account details in this parameter. | Refer to beneficiarydetail JSON Object Fields |
beneficiarydetail JSON Object Fields
It must contain the list of account numbers and the ifscCode key with the list of corresponding IFSC codes (in the same order as provided in the beneficiaryAccountNumber key). You can post up to five account details in this parameter. For example:
{"beneficiaryAccountNumber":"002001600674|00000031957292212|00000035955239352|00000035955239352",
"ifscCode":"KTKB0000046|KTKB0000023|KTKB0000035|KTKB0000035"}Checksum Logic for Hash
The following hash logic must be used for the parameters posted:
si_details parameter in Hashing:The si_details parameter value will be at last or the last value to be appended.
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3 |udf4|udf5||||||si_details|SALT
Step 3: Check the response from PayU
Hash Validation Logic for Payment Response (Reverse Hashing)
While sending the response, PayU takes the exact same parameters that were sent in the request (in reverse order) to calculate the hash and returns it to you. You must verify the hash and then mark a transaction as a success or failure. This is to make sure the transaction has not tampered within the response.
The order of the parameters is similar to the following code block:
sha512(SALT|si_details|status||||||udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key)Response parameters
For the response parameter description, refer to Additional Info for Payment APIs.
Store the mihpayid and txnid parameter values in response:PayU recommends you to make provisions to store the mihpayid and txnid parameter values (in the response) in your server as proof that TPV has been completed for a customer.
Sample response
- Success scenario
On receiving valid request over PayU's payment interface (_payment), PayU returns JSON object as response object similar to the following in COLLECT:
{
"metaData":{
"message":null,
"referenceId":"c5161bae370de1bd4fb886c6c66567a8",
"statusCode":null,
"txnId":"a7440cc636e747b635df",
"txnStatus":"pending",
"unmappedStatus":"pending"
},
"result":{
"postToBank":{
"useMethodGet":true
},
"issuerUrl":"https://api.payu.in/public/#/c5161bae370de1bd4fb886c6c66567a8/upiLoader"
}
}- Failure scenario
{
"metaData":{
"message":"Transaction failed due to invalid params shared by the merchant",
"referenceId":"dde7096af9db932a9fd09b9b4383d8be",
"statusCode":"E1101",
"txnId":"0c4931ddee7a4f69227f",
"txnStatus":"failed",
"unmappedStatus":"failure"
},
"result":{
}
}Updated 3 days ago