The Debit Enquiry API allows you to verify the transaction status.
| Environment | URL |
|---|
| Test | https://test.payu.in/_payment |
| Production | https://secure.payu.in/_payment |
HTTP Method: POST
| Parameter | Description |
|---|
Content-Type
mandatory | String application/x-www-form-urlencoded |
The request body is sent as form-encoded parameters.
| Parameter |
Description |
Example |
txnId
mandatory |
String Unique transaction ID generated by the merchant |
RAM1234 |
key
mandatory |
String Merchant's identifier key provided by PayU |
KOEfPI |
productinfo
mandatory |
String Information about the product or service |
iPhone |
customer_id
optional |
Numeric Unique customer ID from merchant's system |
89342546 |
walleturn
optional |
Numeric Wallet reference number (URN) |
70000000008 |
firstName
mandatory |
String Customer's first name |
Ravi |
lastName
optional |
String Customer's last name |
Kumar |
phone
mandatory |
Numeric Customer's mobile number with country code |
919988776655 |
email
mandatory |
String Customer's email address |
[email protected] |
ws_online_response
mandatory |
String Callback URL for successful transactions |
https://merchant.com/success |
ws_failure_response
mandatory |
String Callback URL for failed transactions |
https://merchant.com/failure |
amount
mandatory |
Numeric Amount to debit in implied decimals (₹41.00 → 4100) |
4100 |
pg
mandatory |
String Payment gateway constant (set to 'CLW') |
CLW |
hash
mandatory |
String SHA512 hash for request validation |
6e640b... |
📘Note: Either customer_id or walleturn must be provided to identify the wallet.
The hash is calculated using SHA512 with the following string:
key|txnId|amount|productinfo|firstName|email|||||||||||||{salt}
| Parameter | Description | Example |
|---|
| mihpayid | Unique PayU-generated transaction reference number | 1735903830180094 |
| mode | Payment method used | CLW |
| status | Transaction status (success, failure, pending) | success |
| key | Merchant's key (echoed back) | KOEfPI |
| txnid | Transaction ID (echoed back) | RAM1234 |
| amount | Transaction amount | 41.00 |
| net_amount_debit | Net amount debited from the wallet | 41.00 |
| productinfo | Product information (echoed back) | iPhone |
| firstname | Customer's first name | Ravi |
| lastname | Customer's last name | Kumar |
| email | Customer's email | [email protected] |
| phone | Customer's phone number | 919988776655 |
| addedon | Transaction date and time | 2025-01-13 18:24:06 |
| hash | Response hash for verification | abc123... |
| PG_TYPE | Payment gateway type | CLW |
| error | Error message (if transaction failed) | Insufficient balance |
| error_Message | Detailed error description | Wallet balance is insufficient |
curl --location --request POST 'https://test.payu.in/_payment' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'key=KOEfPI' \
--data-urlencode 'txnid=RAM1234' \
--data-urlencode 'amount=41.00' \
--data-urlencode 'productinfo=iPhone' \
--data-urlencode 'firstname=Ravi' \
--data-urlencode '[email protected]' \
--data-urlencode 'phone=919988776655' \
--data-urlencode 'ws_online_response=https://merchant.com/success' \
--data-urlencode 'ws_failure_response=https://merchant.com/failure' \
--data-urlencode 'pg=CLW' \
--data-urlencode 'walleturn=70000000008' \
--data-urlencode 'hash=6e640b...'
{
"mihpayid": "1735903830180094",
"mode": "CLW",
"status": "success",
"key": "KOEfPI",
"txnid": "RAM1234",
"amount": "41.00",
"net_amount_debit": "41.00",
"productinfo": "iPhone",
"firstname": "Ravi",
"lastname": "Kumar",
"email": "[email protected]",
"phone": "919988776655",
"addedon": "2025-01-13 18:24:06",
"hash": "def456ghi789...",
"PG_TYPE": "CLW"
}
{
"mihpayid": "1735903830180095",
"mode": "CLW",
"status": "failure",
"key": "KOEfPI",
"txnid": "RAM1235",
"amount": "41.00",
"productinfo": "iPhone",
"firstname": "Ravi",
"lastname": "Kumar",
"email": "[email protected]",
"phone": "919988776655",
"error": "Insufficient balance",
"error_Message": "Wallet balance is insufficient for this transaction",
"hash": "xyz789abc123..."
}
| Status Code | Description |
|---|
| 200 | OK - Request processed successfully |
| 400 | Bad Request - Invalid request parameters |
| 401 | Unauthorized - Authentication failed |
| 500 | Internal Server Error |
- Initiate Transaction: Send a POST request with all required parameters
- User Redirection: User is redirected to PayU's payment interface for authorization
- User Authorization: User confirms the transaction on the payment page
- Callback: PayU sends the result to either
ws_online_response or ws_failure_response
- Verification: Use the response hash to verify the authenticity of the callback
| Feature | Non-Seamless | Seamless |
|---|
| User Interaction | Requires redirection and user authorization | No user interaction required |
| Flow | Manual redirection through PayU interface | Direct server-to-server communication |
| Callback URLs | Uses ws_online_response and ws_failure_response | Uses different callback mechanism |
| User Experience | More friction due to redirection | Smoother, no redirection |
| Use Case | Consumer-facing transactions requiring authorization | Backend transactions or auto-debit scenarios |
- Hash Security: Protect your salt key and never expose it in client-side code
- Callback Handling: Implement proper callback URL handlers for success and failure scenarios
- Transaction Verification: Always verify the response hash for authenticity
- Error Handling: Implement comprehensive error handling for different failure scenarios
- User Experience: Provide clear messaging during the redirection flow
- Reconciliation: Use the enquiry API to verify final transaction status
| Error | Description | Solution |
|---|
| Insufficient balance | Wallet doesn't have enough funds | Ask customer to load wallet first |
| Invalid wallet | Customer ID or wallet URN not found | Verify customer details |
| Transaction limit exceeded | Amount exceeds allowed limits | Check transaction limits |
| Wallet blocked | Customer wallet is temporarily blocked | Contact support |
| Hash mismatch | Invalid hash in request | Verify hash calculation |
- Use HTTPS for all API communications
- Validate all input parameters before processing
- Implement rate limiting to prevent abuse
- Store sensitive data securely
- Monitor for suspicious transaction patterns
- Implement proper logging for audit trails
