Cards Direct Authorization Flow

Resource: _payment

Log in to see full request history
timestatususer agent
Retrieving recent requests…
LoadingLoading…

PayU enables merchants to process direct authorization for pre-authenticated transactions (external MPI/3DSS). This section describes how to integrate with PayU’s direct authorization flow. Initiate an authorization request with the payment details provided post a successful authentication through the MPI/3DSS as explained in this API Reference. You can get the sample request and response when use the "Try It" experience. For more information remaining steps of integration, refer to Direct Authorization Integration.

📘

Note:

This API is backward compatible and you can continue to the existing integration parameters to process the 3DS 1.0.2 transactions.

Reference information for request parameters

📘

Reference

For the character limit of each parameter and detailed description, refer to Additional Info for Payment APIs.

ParameterReference
keyFor more information on how to generate the Key and Salt, refer to any of the following:

- Production: Access Production Key and Salt

- Test: Access Test Merchant Key and Salt
hashHash logic for _payment API is:
sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)
For more information about the hash generation process, refer to Generate Hash.
Note: Hash logic for _payment API version 19:

The following hash logic must be used for _payment API with api_version=19:
key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10|user_token|offer_key|offer_auto_apply|cart_details|extra_charges|phone

📘

Note:

The following parameters are mandatory for Cross-Border Payments in addition to user-defined parameters specified above: firstname, lastname, address1, city, state, country and zipcode.

📘

Note:

Collecting the information for the following parameters from customers is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information:

  • email
  • phone
  • address1
  • s2s_client_ip
  • s2s_device_info

Response parameters

For the response parameters, refer to Additional Info for Payment APIs.

Request parameters

🚧

Error Handling:

A list of error message with corresponding error code and reason for the error is listed in . PayU recommends you to handle these errors when you process the transactions. For more information, refer to Error Codes

🚧

Values to be used in Test environment

For values to be used in Test environment, refer to Test Cards.

Form Data
const
required

The merchant key is a unique identifier for a merchant account in PayU's database. It is provided by PayU and use your Test key here.

integer
required

The transaction ID is a reference number for a specific order that is generated by the merchant. It is used to track the order and must be unique. PayU's system will not accept duplicate transaction IDs.

number
required

This field should contain the payment amount for the transaction.

string
required

This field should be a string containing a brief description of the product.

string
required

The first name of the customer.

string
required

The email address of the customer.

integer
required

The phone number of the customer.

string
required

The "surl" field is the success URL, which is the page PayU will redirect to if the transaction is successful. The merchant can handle the response at this URL after the customer is redirected there.

string
required

The "furl" field is the Failure URL, which is the page PayU will redirect to if the transaction is failed. The merchant can handle the response at this URL after the customer is redirected there.

string
required

It is used to avoid the possibility of transaction tampering

Please regenerate hash at the end everytime you make a change to the request parameters

const
required

The pg parameter determines which payment tabs will be displayed on the PayU page. For example, if 'pg' = 'NB', the Net Banking tab will be displayed. If no value is specified for this parameter 'CC' will be takes as default value

const
required

Each payment option is identified with a unique bank code at PayU. The merchant must post this parameter with the corresponding payment option’s bank code value in it.

const
required

This parameter must be passed with the value as 4 for Legacy Decoupled flow and 3 for Direct Authorization...

string
required

Use 13-19 digit card number for credit/debit cards (15 digits for AMEX, 13-19 for Maestro) and validate with LUHN algorithm. Use only test cards as in the example or that is listed in Test Cards, UPI ID and Wallets section..

string
required

Use 3-digit CVV number for credit/debit cards and 4-digit security code (4DBC/CID) for AMEX cards. Validate with BIN API.

string
required

String This parameter must contain the name on card – as entered by the customer for the transaction.

string
required

This parameter must contain the card’s expiry month – as entered by the user for the transaction. It must always be in 2 digits or in MM format. For months 1-9, this parameter must be appended with 0 – like 01, 02…09. For months 10-12, this parameter must not be appended – It should be 10,11 and 12 respectively.

string
required

This parameter must contain the card’s expiry year – as entered by the customer for the transaction. It must be of four digits. Use 2025 in this field for Test environment.

string

Last name of the customer (must only contains alphabets).

string

The "curl" field is the Cancel URL, which is the page PayU will redirect to if the transaction is canceled by the customer. The merchant can handle the response at this URL after the customer is redirected there.

string

User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.

string

User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.

string

User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.

string

User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.

string

User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.

authentication_info
object
required

This parameter contains the authentication information in a JSON format for direct authorization. For more information refer to authentication_info JSON Fields Description.

threeDS2RequestData
array of objects
required

This parameter contains the threeDSVersion and deviceChannel fields in an array format:.

threeDS2RequestData*
Headers
const
required
Response
200
Language
URL
Click Try It! to start a request and see the response here!