Webhooks are a way for one server to communicate with another server by sending an HTTP callback or message. These callbacks are triggered by specific events or instances and they operate at the server-to-server (S2S) level.

PayU utilizes webhooks technology to establish a secure and accountable architecture for payment processing between the merchant’s server and our own. When certain events occur within the payment workflow, such as a successful transaction or a change in order status, webhooks are used to send real-time updates between the servers.

It is important to note that in order to receive webhooks, the merchant will need to set up a listener on their server to handle the incoming requests. Additionally, proper security measures, such as SSL/TLS encryption, should be implemented to ensure the confidentiality and integrity of the information being sent via webhooks.

PayU Webhooks

PayU offers Hosted and Merchant Hosted integration options that operate at the browser level. It involves switching the customer between the merchant, PayU, and the bank’s website, redirecting to success or failure URLs. Using browser redirection may be technically challenging to ensure the integrity of responses, affecting customer experience. To overcome this, PayU also offers Webhooks which is a server-to-server callback where PayU will send an additional S2S response. PayU recommends using S2S response to ensure optimum transaction outcomes instead of browser redirection, responses every time, affecting the customer experience.

Why PayU uses Webhook?

When integrating with PayU, the server-to-server (S2S) callback feature is a highly recommended option. PayU will typically send the final transaction response to the merchant through browser redirection. However, in cases where network issues or other technical difficulties cause the browser redirection to fail, the transaction may be dropped between PayU and the merchant. This can make it difficult for the merchant to complete the processing of the order.

To address this potential issue, the S2S callback feature can be utilized effectively. With this feature enabled, PayU will send the final transaction response to the merchant’s server directly, rather than relying on browser redirection. This ensures that the merchant will receive the response regardless of any issues with the browser redirection.

Configure Webhooks in PayU

Using Dashboard

You can configure webhooks using PayU Dashboard quickly. For more information, refer to Manage Webhooks using Dashboard.


To use Webhooks during integration with PayU:

  1. Create a server URL from your business server landscape and share it with PayU, along with its server IP address. It is the URL at which the transaction response from PayU will hit. For example, www.test.payu.in/success/response
  2. PayU will configure the merchant’s server URL at its backend, mapping it against the MID and key of that particular merchant.
  3. PayU will whitelist the webhook URL provided by the merchant in its systems. For more information, contact the PayU Integration Team by email: [email protected].
  4. Whitelist the following IP address in your Firewall to receive a response from the PayU servers:
  1. PayU will send an S2S response to the merchant’s server URL. The merchant’s server URL should be capable of handling the following content types:
    • FormData
    • application/x-www-form-urlencode



While creating the server URL, ensure that it can accept the data in the above content formats.

Sample response from PayU to the merchant:


The parameters used in generating the above response block are similar to those you shared with PayU while triggering the transaction.



  • In case a parameter has not been consumed, PayU sends it back to you with an empty string.
  • For reverse hashing the response, refer to Generate Hash.
  1. Confirm (your server) the receipt with the success status response code: 200 OK after the PayU response hits the merchant’s server URL.

PayU will retry 3 times to get a 200 OK response from the merchant’s servers before flagging it as a timeout. Ensure correct configuration of the merchant’s server URL that accepts key-value pairs or hashmap formats and handles the content types mentioned in the documentation.