Save a Card API

The Save Card API is used for saving a card to the vault. After successfully storing a card, it returns the cardToken.

📘
Note
As per RBI guidelines, taking consent from the customer and doing an additional factor of authentication is mandatory to tokenize the card. You must ensure this is done before using this API.

HTTP Method: POST

Environment


Test Environment	<https://apitest.payu.in/merchant/postservice.php?form=2>
Production Environment	<https://info.payu.in/merchant/postservice?form=2>

Request parameters

Parameter	Reference	Example
key `mandatory`	`String` The merchant key provided by PayU while onboarding. For more information on how to generate the Key and Salt, refer to any of the following: Production: Generate Merchant Key and Salt Test: Generate Test Merchant Key and Salt	JP*****g
command `mandatory`	`String`The command name for this REST API call must be included in this parameter. For getting user cards details, use save_payment_instrument here.	save_payment_instrument
hash `mandatory`	`String`The hash must be included in this parameter. Hash logic for this API is: `sha512(key\|command\|var1\|salt) sha512`
var1 `mandatory`	`String`The user credentials are posted in this parameter in the following format: MerchantKey:UserId	JP***G:abc
var2 `mandatory`	`String`The nickname of the card is specified in this parameter.	My_card
var3 mandatory	`String`The card mode is specified in this parameter. For more information on card mode codes, refer to Card Type Codes and Supported Banks for Cards.	CC
var4 `mandatory`	`String`The card type of the card is specified in this parameter. For more information on card type codes, refer to Card Type Codes and Supported Banks for Cards	AMEX
var5 `mandatory`	`String`The name on the card is specified in this parameter.	Ashish
var6 `mandatory`	`String`The card number is is specified in this parameter. For the test cards to do mock API calls, refer to Test Cards, UPI ID and Wallets.
var7 `mandatory`	`String`The card expiry month is specified in this parameter.	9
var8 `mandatory`	`String`The card expiry year is specified in this parameter.	2021
var9 `mandatory for Rupay and AMEX cards`	`String`This parameter can be any of the following based on the Rupay or AMEX card used: The authorization reference number received during authorization call of Rupay card transactions. The <<glossary:AEVV>> received during authorization call of Amex card transactions. Notes: This parameter is mandatory for Rupay cards. Authentication reference number will be sent by the PG in the authorization response. Currently, this check is skipped by Rupay. This parameter is mandatory for AMEX cards. American Express Verification Value will be sent by the PG in the authorization response.	6381242223626382106105
var10 `optional`	`String`This parameter must be set to true if the transaction authentication has been done for the tokenisation.	true
var11 `optional`	`String`This parameter must be set to true if the user has given consent to tokenise the card.	true

Sample request

curl --request POST \
     --url 'https://test.payu.in/merchant/postservice?form=2' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --header 'accept: text/html; charset=UTF-8' \
     --data key=JPM7Fg \
     --data command=save_payment_instrument \
     --data var1=JPM7Fg:abc \
     --data var2=visaraghu \
     --data var3=CC \
     --data var4=CC \
     --data var5=ashish \
     --data var6=4895370077346937 \
     --data var7=11 \
     --data var8=25 \
     --data var10=true \
     --data var11=true \
     --data hash=7487417efc1e8f1aadd72ac35b410d74c94dbc21b21e01d5ac7b91db0f0d01705986d2d2094ab12fab6e794a4b54bd9c7aaaca2648ce2916bb5c9365ff95f3a3

Sample response

Success scenarios

VISA

{
status: 1,
msg: "Card Stored Successfully.",
cardToken: "917757449926e57ff2662",
card_number: "XXXXXXXXXXXX1165",
card_label: "My_card",
network_token: "44173XXX1000XXX1",
issuer_token: QQ3LkzgZOnEjY428,
}

Mastercard

{
status: 1,
msg: "Card Stored Successfully.",
cardToken: "917e296b5b6da5d20fbfb",
card_number: "XXXXXXXXXXXX2346",
card_label: "Test_Card",
network_token: "3117328711111210",
issuer_token: AQ3LkzgBNyEjY213,
}

American Express

{
status: 1,
msg: "Card Stored Successfully.",
cardToken: "917e29XXX6da5XXCbfb",
card_number: "XXXXXXXXXXX1002",
card_label: "AMEX_Card",
network_token: "51273287XXX61215",
issuer_token: Va3RaqBNyPnY673,
}

Rupay

{
status: 1,
msg: "Card Stored Successfully.",
cardToken: "91XXX96b5b6da5dXXXbfb",
card_number: "XXXXXXXXXXXX0001",
card_label: "Rupay_Card",
network_token: "712XXX870976XX2",
issuer_token: Ya4HawKgbLmr312,
}

Diners

{
status: 1,
msg: "Card Stored Successfully.",
cardToken: "91XXX296b5b6da5XXXbfb",
card_number: "XXXXXXXXXXXX0009",
card_label: "Diner_Card",
"network_token": "8koNXXXC1bT0Hv5a",
"issuer_token": "LQ3QkzXXXnEjY428"
}

Failure scenario

If card Number is invalid

{
"status": 0
"msg": CardNumber is invalid
}

Response parameters for Save a Card API

The following table describes the parameters in the response:

Note: For every successful payment transactions, PayU returns the mihpayuid and cardToken parameters to the merchants, but networkToken and issuer_token are returned only if you are PCI-DSS compliant.

Parameter	Description	Example
status	The status of the response can be any of the following: _ 1: Success  _ 0: Failure	1
msg	The description of the response whether the card details were stored successfully or not stored.	Card Stored Successfully.
cardToken	The cardToken is sent by PayU for the successful response.	`74*2e2fd9b7e*24fef4e7ed7dac1fe624b7`
network_token	The network token is returned in this parameter.	`1234 5* 9* 3456`
issuer_token	The parameter contains the issuer token that is returned by issuer.	`3456 7* A* EFGH`

📘Note

Request parameters

Sample request

Sample response

Success scenarios

Failure scenario

Response parameters for Save a Card API

📘
Note