UPI Intent OTM - PayU Hosted
The preauthorize parameter is used to pre-authorize payments using the PayU Hosted Checkout integration with the payment API.
You need to activate the Pre-authorize payments before you start using the functionality. Contact your PayU KAM to enable this functionality.
Automatically generate code including hashing for your eCommerce website to integrate UPI OTM - PayU Hosted Checkout with zero coding knowledge:
Step 1: Post the Pre-Authorization Request
Environment
Environment
| Test Environment | https://test.payu.in/_payment |
| Production Environment | https://secure.payu.in/_payment |
Request parameters
<th style={{ textAlign: "left" }}>
Description
</th>
<th style={{ textAlign: "left" }}>
Example
</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{ textAlign: "left" }}>
key `mandatory`
</td>
<td style={{ textAlign: "left" }}>
`varchar` This parameter is the unique Merchant Key provided by PayU for your merchant account.
</td>
<td style={{ textAlign: "left" }}>
Your Test Key
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
txnid `mandatory`
</td>
<td style={{ textAlign: "left" }}>
`varchar` This parameter is known as Transaction ID (or Order ID). It is the order reference number generated at your (Merchant's) end. It is an identifier that you (merchant) would use to track a particular order. If a transaction using a particular transaction ID has already been successful at PayU, the usage of the same Transaction ID again would fail. Hence, you must post us a unique transaction ID for every new transaction.
`Character limit`: 25
* **Note**: Ensure that the transaction ID sent to us has not been successful earlier. In case of this duplication, the customer would get an error of 'duplicate Order ID.'
</td>
<td style={{ textAlign: "left" }}>
fd3e847h2
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
amount `mandatory`
</td>
<td style={{ textAlign: "left" }}>
`float` This parameter should contain the payment amount of the particular transaction. \* **Note**: Type-cast the amount to float type
</td>
<td style={{ textAlign: "left" }}>
1000
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
productinfo `mandatory`
</td>
<td style={{ textAlign: "left" }}>
`varchar` This parameter should contain a brief product description. It should be a string describing the product. `Character limit`: 100
</td>
<td style={{ textAlign: "left" }}>
Time Magazine Subscription
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
firstname `mandatory`
</td>
<td style={{ textAlign: "left" }}>
`varchar` Must contain the first name of the customer. `Character limit`: 60
</td>
<td style={{ textAlign: "left" }}>
Ashish
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
email `mandatory`
</td>
<td style={{ textAlign: "left" }}>
`varchar` Must contain the email of the customer. This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is a must to provide the correct information. Also, MIS reporting is shared with few issuing banks where email and mobile number is used to keep track of users using SI transactions. Character limit: 50
</td>
<td style={{ textAlign: "left" }}>
[[email protected]](mailto:[email protected])
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
phone `mandatory`
</td>
<td style={{ textAlign: "left" }}>
`varchar` Must contain the phone number of the customer. This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information Also, MIS reporting is shared with few issuing banks where email and mobile number is used to keep track of users using SI transactions. Character limit: 50
</td>
<td style={{ textAlign: "left" }}>
9843176540
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
surl `mandatory`
</td>
<td style={{ textAlign: "left" }}>
surl is the acronym for Success URL. This parameter must contain the URL on which PayU will redirect the final response if the transaction is successful.
</td>
<td style={{ textAlign: "left" }}></td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
furl `mandatory`
</td>
<td style={{ textAlign: "left" }}>
furl is the acronym for for Failure URL. This parameter must contain the URL on which PayU will redirect the final response if the transaction is failed.
</td>
<td style={{ textAlign: "left" }}></td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
pg `mandatory`
</td>
<td style={{ textAlign: "left" }}>
It defines the payment category for which you wish to perform UPI One-Time Mandate. For UPI, **pg= UPI**
</td>
<td style={{ textAlign: "left" }}>
UPI
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
bankcode `mandatory`
</td>
<td style={{ textAlign: "left" }}>
It defines the bank with which you wish to perform UPI using the bank code. Use **UPI** or **INTENT** according to the use case.
</td>
<td style={{ textAlign: "left" }}>
* **UPI**: Used for UPI Collect
* **INTENT**: Used for UPI Intent
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
vpa `mandatory for UPI Collect`
</td>
<td style={{ textAlign: "left" }}>
This parameter contains the customer's VPA handle. For the list UPI handles supported, refer to UPI Handles The merchant is advised to check the validity of the VPA through using the VPA Validation API. PayU extends support for the same if required. For more information on using VPA Validation API, refer to
[Validate VPA API](ref:validate_vpa_api)
.
</td>
<td style={{ textAlign: "left" }}>
abc\@payu
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
pre\_authorize `mandatory for Pre-Auth`
</td>
<td style={{ textAlign: "left" }}>
This parameter is set to **1** to pre-authorize payment.
</td>
<td style={{ textAlign: "left" }}></td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
si\_Details
</td>
<td style={{ textAlign: "left" }}>
This parameter contains the following information in JSON format: \* paymentStartDate \* paymentEndDate
**Example**: `{"paymentStartDate":"2024-07-24","paymentEndDate":"2024-07-28"}`
</td>
<td style={{ textAlign: "left" }}>
`{"paymentStartDate":"2024-07-24","paymentEndDate":"2024-07-28"}`
</td>
</tr>
<tr>
<td style={{ textAlign: "left" }}>
hash `mandatory`
</td>
<td style={{ textAlign: "left" }}>
Hash is a crucial parameter used to ensure that any date is not tampered while redirecting customer from the merchant website to PayU's payment interface while registration transactions. It is SHA512 hash generated by encrypting values of merchant key, txnid, amount, productinfo, firstname, email, udf and si\_details by merchant salt. In the case of registration transaction, the formula is used to calculate this hash is similar to the following:
SHA512(sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|||SALT))
</td>
<td style={{ textAlign: "left" }}>
txnid
</td>
</tr>
</tbody>Sample request
curl --request POST
--url https://test.payu.in/_payment
--header 'accept: text/plain'
--header 'content-type: application/x-www-form-urlencoded'
--data key=JPM7Fg
--data txnid=aso6787
--data siDetails='{"paymentStartDate": "2019-09-01","paymentEndDate": "2019-12-01"}'
--data pre_authorize=1
--data amount=100.00
--data productinfo=iPhone
--data firstname=Ashish
--data [email protected]
--data phone=9876543210
--data surl=https://apiplayground-response.herokuapp.com/
--data furl=https://apiplayground-response.herokuapp.com/
--data hash=8e8de8a3cf2ba999e16c0ffdb63a645074af4ad1aa0a8d66d81555a119c004e1791173fe6199084f256623664b250d3aeb50fc2c4cfc155e729d8811a157c98bStep 2: Check PayU Responses
When you initiate a pre-auth transaction request:
- The PayU response contains the intentURIData parameter
- For success cases, this provides a URL to invoke the intent
Sample response
Success scenario
{
"metaData": {
"message": null,
"referenceId": "c5161bae370de1bd4fb886c6c66567a8",
"statusCode": null,
"txnId": "a7440cc636e747b635df",
"txnStatus": "pending",
"unmappedStatus": "pending"
},
"result": {
"paymentId": "99900000000001875",
"merchantName": "Name409208872",
"merchantVpa": "paytmqr@icici",
"amount": "10000.00",
"acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vcHA3OHNlY3VyZS5wYXl1LmluLzY1OWFjNWRhNWUyZjlmNzM1NzhkZWYwYzVjNDM2MWFmOWJhMGVkYmExYjk3NDg2Mjg3ZDI2MzBjZDg1YmU3NWEvaW50ZW50U2VhbWxlc3NIYW5kbGVyLnBocCIgbWV0aG9kPSJwb3N0Ij48aW5..."
},
"otpPostUrl": "https://pp78secure.payu.in/ResponseHandler.php"
}
}Failure scenario
For Intent, as part of response, Intent URL is returned. Now merchant needs to use data received in intentURIData parameter, JSON decode the response and use URL to invoke intent at their end
Once the transaction is authorised by the customer, PayU will receive confirmation. Same will be passed to the merchant as webhook
{
"metaData": {
"message": "Transaction failed due to invalid params shared by the merchant",
"referenceId": "dde7096af9db932a9fd09b9b4383d8be",
"statusCode": "E1101",
"txnId": "0c4931ddee7a4f69227f",
"txnStatus": "failed",
"intentURIData": "upi://mandate?pa=payu24@icici&pn=Payu&tr=EZM2024042211452400151942&am=10000.00&cu=INR&orgid=400011&mc=6012&purpose=01&tn=Upi%20Mandate&validitystart=22042024&validityend=21052024&amrule=MAX&Recur=ONETIME&Rev=N&Share=Y&Block=Y&txnType=CREATE&mode=13",
"unmappedStatus": "failure"
},
"result": {}
}Step 3: Capture a pre-authorized payment
To capture a pre-authorized payment, use the following command. After the API command is successful, the transaction would be captured and settled to you.
Request parameters
| Parameter | Description | Example |
|---|---|---|
key mandatory |
This parameter is the unique Merchant Key provided by PayU for your merchant account. The Merchant Key acts as the unique identifier (primary key) to identify a Merchant Account in our database. | YbfVda |
command mandatory |
For initiating a capture transaction, the value of the parameter will be passed as capture_transaction | capture_transaction |
hash mandatory |
This parameter must contain the hash value to be calculated at merchant end. Hash logic for this API is:sha512(key|command|var1|salt) |
5fcf2d7c2b... |
var1 mandatory |
This parameter must contain the payuId that was generated by PayU as part of pre-authorize operation. | 403993715523409521 |
var2 mandatory |
This parameter contains the token, that is, merchant unique reference number. | TXN123456789 |
var3 mandatory |
This parameter must contain the amount to be captured. | 100.00 |
Sample request
curl --location --request POST 'https://info.payu.in/merchant/postservice.php?form=2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--form 'key="JF***g"' \
--form 'command="capture_transaction"' \
--form 'hash="67411736ab98c59522492a12751a6015c41b87764019f9dc14052690c2c7af9095d31002fc109dcf3596c2f38792d56db6f6207b1989010f2adf51c144fa3019"' \
--form 'var1="15246574846"' \
--form 'var2="authorizeTransaction123"' \
--form 'var3="1"'
Sample response
{
"msg": "Transaction Processed successfully",
"status": 1,
"result": {
"payuid": 613345678912399031,
"txnId": "upiAuthCapture_12",
"amount": 10000.00,
"merchantId": 3,
"authpayuid": "3975",
"status": "in progress",
"mode": "UPIOTM",
"bankRefNumber": "410700457030",
"payerVpa": "surya@icici",
"field5": "3159219e58ed45eda39e8914b998401a@icici",
"field9": "0|Transaction Successful"
}
}Step 4: Verify the payment
Upon receiving the response, PayU recommends you performing a reconciliation step to validate all transaction details.
You can verify your payments using either of the following methods:
Configure the webhooks to monitor the status of payments.
Webhooks enable a server to communicate with another server by sending an HTTP callback or message.
These callbacks are triggered by specific events or instances and operate at the server-to-server (S2S) level.
Know how to manage Webhooks for Payments.
Notes:
- The unamappedstatus to auth can be checked using thje Verify Payment API and in callback response in the Transaction callback.
- To check the status of the Auth Request and then Capture Request sent, use the check_action_status API. For more information, refer to Check Refund Status API with Request ID.
- If you want to cancel or refund a pre-authorized payment, refer to Cancel a Pre-Authorized Payment.
Reference: For cancelling pre-auth payments, refer to Cancel a Pre-Authorized Transaction API.
Updated 5 months ago