Environment
| Test Environment | https://test.payu.in/info/linkAndPay/delinkInstrument |
| Production Environment | https://info.payu.in/linkAndPay/delinkInstrument |
Request Parameters
Header
The request header contains the following fields:
| Field | Description | Example |
|---|---|---|
| Date mandatory | The date and time should be in the GMT time conversion(not the IST). For example, current time in India is 18:00:00 IST, the time in the date header should be 12:30:00 GMT. | Thu, 17 Feb 2022 08:17:59 GMT |
| Digest mandatory | Base 64 encode of (sha256 hash of the JSON data (post to server). | vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0= |
| Authorization mandatory | This field is in the following format:hmac username="smsplus", algorithm="hmac-sha512", headers="date digest", signature="CkGfgbho69uTMMOGU0mHWf+1CUAlIp3AjvsON9n9/E4="Where the above format includes the following: - username: The merchant key of the merchant. - algorithm: This must have the value as hmac-sha512 that is used for this API - headers: This must have the value as date digest - signature: This must contain the hmacsha512 of (signing_string, merchant_secret), where: - signing_string: This is in the "Date"+"\n"+"Digest" format. Here, the Date and Digest is the same values in the fields listed in this table For example, "Thu, 17 Feb 2022 08:17:59 GMT""\n"+“vpGay5D/dmfoDupALPplYGucJAln9gS29g5Orn+8TC0=“ - merchant_secret: The merchant Salt of the merchant. For more information on getting the merchant Salt, refer to Generate Merchant Key and Salt on PayU Dashboard | hmac username="smsplus", algorithm="hmac-sha256", headers="date digest", signature="zGmP5Zeqm1pxNa+d68DWfQFXhxoqf3st353SkYvX8HI=" |
| platformId mandatory | This field contains the platform ID and include the value as 1. | 1 |
Required parameters for calculating authorization
- Date
- Authorization
The following sample Java code contains the logic used to encrypt as described in the above table:
package com.payu.apilayer.util;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class HmacAuth {
public static JsonObject getRequestBody(){
JsonObject requestJson = new JsonObject();
requestJson.addProperty("udf1","123");
return requestJson;
}
public static String getSha512Hash(String hashString) {
{
try {
MessageDigest md = MessageDigest.getInstance("SHA-512");
byte[] messageDigest = md.digest(hashString.getBytes());
BigInteger signumBytes = new BigInteger(1, messageDigest);
String hashtext = signumBytes.toString(16);
while (hashtext.length() < 32) {
hashtext = "0" + hashtext;
}
return hashtext;
}
catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
}
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
String key = "smsplus";
String secret = "admin";
Gson gson = new Gson();
String date = DateTimeFormat.forPattern("EEE, dd MMM yyyy HH:mm:ss 'GMT'").withZoneUTC().print(new DateTime());
System.out.println(date);
JsonObject requestJson = getRequestBody();
String hashString = new StringBuilder()
.append(gson.toJson(requestJson))
.append("|")
.append(date)
.append("|")
.append(secret).toString();
System.out.println("Hash String is " + hashString);
String hash = getSha512Hash(hashString);
String authorization = new StringBuilder()
.append("hmac username=\"")
.append(key)
.append("\", algorithm=\"sha512\", headers=\"date\", signature=\"")
.append(hash)
.append("\"").toString();
System.out.println(authorization);
}
}
Body parameters
| Field | Description | Example |
|---|---|---|
Key mandatory | String The merchant key provided by PayU. Reference: For more information on how to generate the Key and Salt, refer to any of the following: - Production: Generate Production Merchant Key and Sat. - Test: Generate Test Merchant Key and Salt. | Your Test Key |
requestId mandatory | String This parameter must contain the unique ID for making an eligibility request. | Test1234 |
amount mandatory | StringThe transaction amount for which the eligibility is checked is to be passed here | {"amount":"10000"} |
pg mandatory | StringIt defines the payment category using the Merchant Hosted Checkout integration. For a BNPL payment, "BNPL" must be specified in the pg parameter. | BNPL |
Bankcode mandatory | StringThe merchant must post this parameter with the corresponding payment option’s bank code value in it. For the list of bankcodes for BNPL, refer to BNPL Codes. In future, wallet options will also be added. | LAZYPAY |
phonemandatory | StringThis parameter must contain the customer’s phone number for which the eligibility is to be checked needs to be passed | “9999999999” |
payuTokenoptional | StringThis parameter must contain is the PayU instrument token for saved card. | Token12345 Note: One or multiple payu tokens can be passed and max 10 tokens supported in a request. |
user_credentialsoptional | StringThis parameter must contain an unique user credential mapped against each user, to be passed by the merchant for saved card. | abc:xyz |
Sample request
curl --location 'https://info.payu.in/linkAndPay/delinkInstrument' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'accept: application/json' \
--header 'Date: Date' \
--header 'Authorization: authorizationValue' \
--data-urlencode 'key=string' \
--data-urlencode 'user_credentials=abc:xyz' \
--data-urlencode 'pg=BNPL' \
--data-urlencode 'bankcode=LAZYPAY' \
--data-urlencode 'payuToken=Token12345' \
--data-urlencode 'phone=999999999' \
--data-urlencode 'amount=2000' \
--data-urlencode 'requestId=872sfsFsfd'
Sample response
Success scenario
{
"msg": "Instrument deleted",
"status": 1
}
Failure scenario
{
"msg": "Instrument couldn't be deleted",
"status": 0
“failureReason”: “xxxxx”
}