The Update SI API allows you to perform the following:

RBI Tokenization guideline for 30th June requires every subscription card to be tokenized. Hence, this API must be used to update the subscription with the network token.
This API updates subscriptions with network tokens when PayU is not the token requestor. Merchants must tokenize the card (within T+4 where T is the date of transaction) and share the token through this API after receiving the authorization response**.**
For cases where PayU is the token requestor, PayU will do the bulk migration on behalf of merchant. So, this API should not be implemented for such cases. PayU will share the migration result in an excel format to merchants.

📘
Notes:

This API is helpful for migrating mandates to achieve the 30th June deadline to update card numbers with tokens for subscription setups.

This API should be used where tokenizing the subscription card is not done by PayU but rather by a different token requestor.

Request Parameters

Parameter	Description	Example
key `mandatory`	This parameter is the unique Merchant Key provided by PayU for your merchant account. The Merchant Key acts as the unique identifier (primary key) to identify a Merchant Account in our database.	YbfVda
command `mandatory`	The value of the parameter will be passed as `update_SI`.	update_SI
var1 `mandatory`	This parameter is in a JSON format as described in the JSON Fields in var1 section.	Refer to the JSON Fields in var1 section.
hash `mandatory`	The 512 SHA hash strings generated by encrypting request parameters so that any tampering can be avoided. The format of the is similar to the following: hash = sha512(key\|command\|var1\|SALT)	`a6105d0e5c8726fd37713d02ace8f63652bfe1337f14e4a3652084ba9787e4ee601a503bcc42ba101fb1c378b910d5637e9806b92fc89322db01806 97ff906b3`

JSON Fields in var1

The sample JSON in the var1 parameter is similar to the following:

{
'authPayuId': '10731087875',
'requestId': '23123abut12123osd14',
'isExistingMandate':'1',
'token':{
'type': 'network',
'number':'5506900490467221',
'expiry_month':'10',
'expiry_year':'2022',
'tsp':'002'
}
}

The description for the fields in the JSON are:

Field	Description
authPayuId `mandatory for cards`	The value of mihpayid returned in the payment response of Registration transaction when transaction is successfully completed. As explained earlier in the document, merchant needs to map this value against consumer profile at his end so that correct authPayuid will be passed in the request.
requestId `mandatory for cards`	Unique request value generated at merchant’s end to distinguish independent request call.
isExistingMandate `mandatory for cards`	This field must be passed with value as 1.
token `mandatory for cards`	The value for this parameter is in a JSON format and includes the following: type: This must contain the token type of the token generated for the card earlier. Value should be network number: This is the network token returned at the time of tokenising the card post successful payment. expiry_month: This is the expiry month of the token. For example, 01, 02, 11, 12. expiry_year: This is the expiry year of the token. For example, 2022, 2023, 2028. tsp: This is the type of scheme/ network and you need to pass the values according to card network: VISA: Pass 001 for this card network Mastercard: Pass 002 for this card network Note*: The above fields are mandatory for cards.
siTokenRequestor `optional`	This field can include any of the following values: 1: PayU will tokenize the card and share it in same subscription setup call with issuers for subscription setup. 2: PayU will do the authorization on plain card. Then, the same response will be shared to merchant. Merchant will now use the update_SI API (link) to update the token.

Sample request

curl --location 'https://secure.payu.in/merchant/postservice' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: PHPSESSID=jp38t4gvop7ami1ksncksj398v; USERTXNINFO=68ed4df291d9b7.27710642; PHPSESSID=68edd726c95b4' \
--data-urlencode 'form=2' \
--data-urlencode 'key=BmTY3G' \
--data-urlencode 'command=update_SI' \
--data-urlencode 'var1={"authPayuId":"10731087875","requestId":"23123abut12123osd14","isExistingMandate":"1","token":{"type":"network","number":"5506900490467221","expiry_month":"10","expiry_year":"2022","tsp":"002"}}' \
--data-urlencode 'hash=67de5db43d30293e715969e6d7d849cea689b189509488c3a2b5615865f886559848bac2b1ddad5a53a5b38daaf48cd2bf9c06366c416c3da52ca47e96020cbb'

Response parameters

Parameter

Description

status

The status defines acknowledgement from PayU. The possible values are:

1: This value indicates that migration was successful.
0: This value indicates that migration was not successful.

authPayuId

This is the subscription registration id that is used as reference for subscription and was returned at the time of subscription setup.

message

The message will be listed here for successful and failure reason.

Sample response

Success scenario

Array
(
    [mihpayid] => 25599222315
    [mode] => CC
    [status] => success
    [unmappedstatus] => captured
    [key] => BmTY3G
    [txnid] => 181bfc5ac3d7ed7f79a3
    [amount] => 1.00
    [cardCategory] => signature_premium
    [discount] => 0.00
    [net_amount_debit] => 1
    [addedon] => 2025-10-14 09:33:15
    [productinfo] => Product Info
    [firstname] => Payu-Admin
    [lastname] => 
    [address1] => 
    [address2] => 
    [city] => 
    [state] => 
    [country] => 
    [zipcode] => 
    [email] => test@example.com
    [phone] => 1234567890
    [udf1] => 
    [udf2] => 
    [udf3] => 
    [udf4] => 
    [udf5] => 
    [udf6] => 
    [udf7] => 
    [udf8] => 
    [udf9] => 
    [udf10] => 
    [hash] => 0c70aea98b41c79bace6a959c8ad674915a98fbb457c0d13ce42a5636ebb5db861e3244761257261dcb4fd336653342a18592993e53f67a00b9509b1c37940ab
    [field1] => 7604146351426907605915
    [field2] => 180034
    [field3] => 1.00
    [field4] => 
    [field5] => 00
    [field6] => 05
    [field7] => AUTHPOSITIVE
    [field8] => AUTHORIZED
    [field9] => Transaction is Successful
    [payment_source] => sist
    [meCode] => {"MID":"hdfc_89051842","TKey":"0wMbyodmbgzwIOejqyUOpAkCJdBC01zQGwHS+Pm1rGGxBki5xPR60G948KUmnPR5l7xDpxYOWIOLfE1q0z5ezIA7dG/yVAkp4nZmbddhWyNpdLusIKmiJzXH6ASAMJKZJ0dH3NyQypy9w51PfUKAz80I4y4Udq8zCKB+yiDP3JqkOfz366Y5SjKI/BWNMXCMXOXIvzVNSinDVi4bVW+WtimdJ1BS9WACx8zkYjPjTkuGB6TMYeJGYt0JJ6oSQce4xk4yW3al+fFABVC26S+2wNuHYMMFvhd09AK4nUvFMh9SHjhWWw6T81miW2kqxi0o+rdvCCYEO3Aa3R5kH8kmIw=="}
    [PG_TYPE] => CC-PG
    [bank_ref_num] => 7604146351426907605915
    [bankcode] => CC
    [error] => E000
    [error_Message] => No Error
    [cardToken] => 69e986cc8579946a92262
    [card_token] => 69e986cc8579946a92262
    [cardnum] => XXXXXXXXXXXX4879
)

Failure scenarios

Failed to update network token

Failed to update network token

{ 
"status": 0, 
"authPayuId": "490490459", 
"message": "Failed to update network token" 
}

Mandate is not active

Mandate is not active

{ 
"status": 1, 
"authPayuId": "490490459", 
"message": "Mandate is not active" 
}

EXAMPLE QUESTIONS