UPI Intent OTM - PayU Hosted
The pre_authorize parameter is used to pre-authorize payments using the PayU Hosted Checkout integration with the _payment API.
You need to activate the Pre-authorize payments before you start using the functionality. Contact your PayU KAM to enable this functionality.
Step 1: Post the Pre-Authorization Request
Environment
Environment
Test Environment | https://test.payu.in/_payment |
Production Environment | https://secure.payu.in/_payment |
Request parameters
Parameter | Description | Example |
---|---|---|
key |
| Your Test Key |
txnid |
| fd3e847h2 |
amount |
| 1000 |
productinfo |
| Time Magazine Subscription |
firstname |
| Ashish |
email |
| |
phone |
| 9843176540 |
surl | surl is the acronym for Success URL. This parameter must contain the URL on which PayU will redirect the final response if the transaction is successful. | |
furl | furl is the acronym for for Failure URL. This parameter must contain the URL on which PayU will redirect the final response if the transaction is failed. | |
pg | It defines the payment category for which you wish to perform UPI One-Time Mandate. For UPI, pg= UPI | UPI |
bankcode | It defines the bank with which you wish to perform UPI using the bank code. Use UPI or INTENT according to the use case. |
|
vpa | This parameter contains the customer's VPA handle. For the list UPI handles supported, refer to UPI Handles The merchant is advised to check the validity of the VPA through using the VPA Validation API. PayU extends support for the same if required. For more information on using VPA Validation API, refer to . | abc@payu |
pre_authorize | This parameter is set to 1 to pre-authorize payment. | |
si_Details | This parameter contains the following information in JSON format: * paymentStartDate * paymentEndDate
Example: |
|
hash | Hash is a crucial parameter used to ensure that any date is not tampered while redirecting customer from the merchant website to PayU's payment interface while registration transactions. It is SHA512 hash generated by encrypting values of merchant key, txnid, amount, productinfo, firstname, email, udf and si_details by merchant salt. In the case of registration transaction, the formula is used to calculate this hash is similar to the following: SHA512(sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|||SALT)) | txnid |
Sample request
curl --request POST
--url https://test.payu.in/_payment
--header 'accept: text/plain'
--header 'content-type: application/x-www-form-urlencoded'
--data key=JPM7Fg
--data txnid=aso6787
--data siDetails='{"paymentStartDate": "2019-09-01","paymentEndDate": "2019-12-01"}'
--data pre_authorize=1
--data amount=100.00
--data productinfo=iPhone
--data firstname=Ashish
--data [email protected]
--data phone=9876543210
--data surl=https://apiplayground-response.herokuapp.com/
--data furl=https://apiplayground-response.herokuapp.com/
--data hash=8e8de8a3cf2ba999e16c0ffdb63a645074af4ad1aa0a8d66d81555a119c004e1791173fe6199084f256623664b250d3aeb50fc2c4cfc155e729d8811a157c98b
Step 2: Check PayU Responses
When you initiate a pre-auth transaction request:
- The PayU response contains the intentURIData parameter
- For success cases, this provides a URL to invoke the intent
Sample response
Success scenario
{
"metaData": {
"message": null,
"referenceId": "c5161bae370de1bd4fb886c6c66567a8",
"statusCode": null,
"txnId": "a7440cc636e747b635df",
"txnStatus": "pending",
"unmappedStatus": "pending"
},
"result": {
"paymentId": "99900000000001875",
"merchantName": "Name409208872",
"merchantVpa": "paytmqr@icici",
"amount": "10000.00",
"acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vcHA3OHNlY3VyZS5wYXl1LmluLzY1OWFjNWRhNWUyZjlmNzM1NzhkZWYwYzVjNDM2MWFmOWJhMGVkYmExYjk3NDg2Mjg3ZDI2MzBjZDg1YmU3NWEvaW50ZW50U2VhbWxlc3NIYW5kbGVyLnBocCIgbWV0aG9kPSJwb3N0Ij48aW5..."
},
"otpPostUrl": "https://pp78secure.payu.in/ResponseHandler.php"
}
}
Failure scenario
For Intent, as part of response, Intent URL is returned. Now merchant needs to use data received in intentURIData parameter, JSON decode the response and use URL to invoke intent at their end
Once the transaction is authorised by the customer, PayU will receive confirmation. Same will be passed to the merchant as webhook
{
"metaData": {
"message": "Transaction failed due to invalid params shared by the merchant",
"referenceId": "dde7096af9db932a9fd09b9b4383d8be",
"statusCode": "E1101",
"txnId": "0c4931ddee7a4f69227f",
"txnStatus": "failed",
"intentURIData": "upi://mandate?pa=payu24@icici&pn=Payu&tr=EZM2024042211452400151942&am=10000.00&cu=INR&orgid=400011&mc=6012&purpose=01&tn=Upi%20Mandate&validitystart=22042024&validityend=21052024&amrule=MAX&Recur=ONETIME&Rev=N&Share=Y&Block=Y&txnType=CREATE&mode=13",
"unmappedStatus": "failure"
},
"result": {}
}
Step 3: Capture a pre-authorized payment
To capture a pre-authorized payment, use the following command. After the API command is successful, the transaction would be captured and settled to you.
Request parameters
Parameter | Description | Example |
---|---|---|
key mandatory |
This parameter is the unique Merchant Key provided by PayU for your merchant account. The Merchant Key acts as the unique identifier (primary key) to identify a Merchant Account in our database. | YbfVda |
command mandatory |
For initiating a capture transaction, the value of the parameter will be passed as capture_transaction | capture_transaction |
hash mandatory |
This parameter must contain the hash value to be calculated at merchant end. Hash logic for this API is:sha512(key|command|var1|salt) |
5fcf2d7c2b... |
var1 mandatory |
This parameter must contain the payuId that was generated by PayU as part of pre-authorize operation. | 403993715523409521 |
var2 mandatory |
This parameter contains the token, that is, merchant unique reference number. | TXN123456789 |
var3 mandatory |
This parameter must contain the amount to be captured. | 100.00 |
Sample request
curl --location --request POST 'https://info.payu.in/merchant/postservice.php?form=2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--form 'key="JF***g"' \
--form 'command="capture_transaction"' \
--form 'hash="67411736ab98c59522492a12751a6015c41b87764019f9dc14052690c2c7af9095d31002fc109dcf3596c2f38792d56db6f6207b1989010f2adf51c144fa3019"' \
--form 'var1="15246574846"' \
--form 'var2="authorizeTransaction123"' \
--form 'var3="1"'
Sample response
{
"msg": "Transaction Processed successfully",
"status": 1,
"result": {
"payuid": 613345678912399031,
"txnId": "upiAuthCapture_12",
"amount": 10000.00,
"merchantId": 3,
"authpayuid": "3975",
"status": "in progress",
"mode": "UPIOTM",
"bankRefNumber": "410700457030",
"payerVpa": "surya@icici",
"field5": "3159219e58ed45eda39e8914b998401a@icici",
"field9": "0|Transaction Successful"
}
}
Step 4: Verify the payment
Upon receiving the response, we recommend performing a reconciliation step to validate all transaction details.
You can verify your payments using either of the following methods:
Configure the webhooks to monitor the status of payments.
Webhooks enable a server to communicate with another server by sending an HTTP callback or message.
These callbacks are triggered by specific events or instances and operate at the server-to-server (S2S) level.
👉 For more details, refer to Webhooks for Payments.
Notes:
- The unamappedstatus to auth can be checked using thje Verify Payment API and in callback response in the Transaction callback.
- To check the status of the Auth Request and then Capture Request sent, use the check_action_status API. For more information, refer to Check Refund Status API with Request ID.
- If you want to cancel or refund a pre-authorized payment, refer to Cancel a Pre-Authorized Payment.
Reference: For cancelling pre-auth payments, refer to Cancel a Pre-Authorized Transaction API.
Updated 4 days ago