In order to initiate payments, Whatsapp needs to use the access token instead of key/salt.
The following steps allow you to integrate the server-to-server UPI intent:
- Initiate payment request
- Invoke UPI Intent on customer’s device
- Verify payment
- PayU sends Server-to-Server callback response
Step 1: Initiate payment request
Environment
| UAT Host | https://test-partnerapilayer.payu.in/apilayer |
| PROD Host | https://api.payu.in |
Request headers
| Parameter | Value |
|---|---|
| Content-Type | application/json |
| Authorization | Bearer Where, <token> must be substituted with 039e0d1d70f467f946e2d73bd43868df856cfaa352ea54591a76bfc4a08d3487 |
Request parameters
| Parameter | Description | Example |
|---|---|---|
| merchant_id mandatory | String This parameter is the unique Merchant id provided by PayU for your merchant account. The Merchant id acts as the unique identifier (primary key) to identify a particular Merchant Account in our database. | 8488225 |
| txnid mandatory | varchar This parameter is known as Transaction ID (or OrderID). It is the order reference number generated at your (Merchant’s) end. It is an identifier which you(merchant) would use to track a particular order. If a transaction using a particular transaction ID has already been successful at PayU, the usage of same Transaction ID again would fail. Hence, it is essential that you post us a unique transaction ID for every new transaction (Please make sure that the transaction ID being sent to us hasn’t been successful earlier. In case of this duplication, the customer would get an error of ‘duplicate Order ID’). | fd3e847h2 |
| amount mandatory | float This parameter should contain the payment amount of the particular transaction. Note: Type-cast the amount to float type | 10 |
| productinfo mandatory | varchar This parameter should contain a brief product description. It should be a string describing the product (The description type is entirely your choice). | T-shirt |
| firstname mandatory | varchar This parameter must contain the first name of the customer. | Ankit |
| email mandatory | varchar This parameter must contain the email of the customer) | [email protected] |
| phone mandatory | integer Merchant needs to take the customer’s GPay registered phone number and pass in this field. This field will be used for further mapping the customer VPA and initiate a collect request. | |
| txn_s2s_flow mandatory | integer This parameter is to indicate the transaction is S2S flow. Pass this parameter value as 4. | 4 |
| hash mandatory | varchar varchar Hash is a crucial parameter – used specifically to avoid any tampering during the transaction. There are two different methods to calculate hash. Please follow method 1 only. Method 2 is just there for the documentation and is not to be used This is the simplest way of calculating the hash value. Here, please make sure that the api_version parameter is NOT POSTED from your end. For hash calculation, you need to generate a string using certain parameters and apply the sha512 algorithm to this string.Note: You have to use pipe (|) character in between these parameters as mentioned below. The parameter order is mentioned below: sha512(merchant_id|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|u df5||||||CLIENT_SECRET) All these parameters (and their descriptions) have already been mentioned earlier in this table. Here, SALT (to be provided by PayU), key, txnid, amount productinfo, firstname, email are mandatory parameters and hence can’t b empty in hash calculation above. But, udf1-udf5 are optional and hence you nee to calculate the hash based upon the fact that whether you are posting a particular udf or not. For example, if you are NOT posting udf1. Then, in the has calculation, udf1 field will be left empty. The following examples will clarify various scenarios of hash calculation: - Case 1: If all the udf parameters (udf1-udf5) are posted by the merchant. Then, hash=sha512(merchant_id|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3| udf4|udf5||||||CLIENT_SECRET) - Case 2: If only some of the udf parameters are posted and others are not. For example, if udf2 and udf4 are posted and udf1, udf3, udf5 are not. Then, hash=sha512(merchant_id|txnid|amount|productinfo|firstname|email||udf2||udf4|||||||CLIENT_SECRET) Case 3: If NONE of the udf parameters (udf1-udf5) are posted. Then, hash=sha512(merchant_id|txnid|amount|productinfo|firstname|email|||||||||||CLIENT_SECRET) Example: If merchant_id=6631711, txnid=12345, amount=10, productinfo=Shopping, firstname=Test, email=[email protected], udf2=abc, udf4=15, CLIENT_SECRET=3sf0jURk91319391949941414195821851313 and udf1, udf3, udf5 are not posted. Then, the hash would be calculated as Case 2 above: sha512(6631711|12345|10|Shopping|Test|[email protected]||abc||15|||||||3sf0jURk91319391949941414195821851313) (This value comes out to be 7a83339ccf2dde9d31569b00eea70a60174b3af3ceaa773d17a84b90c9eedad5f744ba02f95a572d8fe8592346ebb537bede49ad1ec786469b4bd77531d19b87) IMPORTANT: For details related to hash at the time of postback from PayU to the merchant, please refer to the later section. This is also absolutely mandatory to avoid any tampering. | |
| s2s_client_ip mandatory | varchar This parameter must have the source IP of the user | |
| s2s_device_info mandatory | varchar This parameter must have the user agent of the device | |
| reseller_id mandatory | varchar This parameter is the unique Partner Identifier provided by PayU for your partner account. The Partner Identifier acts as the unique identifier to identify a particular Partner Account in our database. | 83fe-eb64-021844d8-9397-26535b1bf0c2 |
| udf5 mandatory | string This parameter has been made for you to keep any information corresponding to the transaction. Pass whatsapp in this field | |
| address1 optional | string The first line of the billing address. | |
| address2 optional | string The second line of the billing address. | |
| city optional | string The city where your customer resides as part of the billing address. | |
| state optional | string The state where your customer resides as part of the billing address. | |
| country optional | string The country where your customer resides. | |
| zipcode optional | string Billing address zip code is mandatory for the cardless EMI option. | |
| shipping_firstname optional | string The first name of shipping person. | |
| shipping_lastname optional | string The last name of shipping person. | |
| shipping_address1 optional | string The first line of the shipping address. | |
| shipping_address2 optional | string The second line of the shipping address. | |
| shipping_city optional | string The city where your customer resides as part of the shipping address. | |
| shipping_state optional | string The state where your customer resides as part of the shipping address. | |
| shipping_country optional | string The country where your customer resides as part of the shipping address. | |
| shipping_zipcode optional | string Shipping address zip code. | |
| shipping_phone optional | string The phone no your customer resides as part of the shipping address. | |
| drop_category optional | string This parameter can be used if you want to hide one or multiple payment options. For example, if you want to collect the payment using debit card and Net Banking, you can hide the credit card mode of payment. | |
| enforce_paymethod optional | string This parameter allows you to customize the payment options for each transaction. You can enforce specific payment modes, cards scheme, and specific banks under Net Banking using this method. | |
| user_token optional | stringThis parameter is used to uniquely identify a user for a merchant. | |
| offer_key optional | string List of keys to filter the offer. | |
| offer_auto_apply | stringThis parameter contains a flag to specify whether the offer can be automatically applied. | |
| additional_charges optional | stringThe additional amount that needs to be charged. The additional amount will be added to the amount of the product by PayU |
Sample request
curl --location --request POST 'https://test-partnerapilayer.payu.in/apilayer/partner/payments' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer 9d2ab8e1b99aa02f6b827af5b5000b277d9cb1cd037acb7cb31436a5b0da4f74' \
--data-raw '{
"txnid": "nY3tkz3vciHFGTjblyFeycL2Zn1m",
"amount": 1090.33,
"productinfo": "whatsapp",
"firstname": "Manikanta",
"reseller_id": "83fe-eb64-021844d8-9397-26535b1bf0c2",
"merchant_id": 8238480,
"phone": 7036722360,
"hash": "5aadceaf6bec9158ccba8ec0dab32debcacbfd50e3587c077fa11107a5be0ac26712fae230522afb8908d068122c02f2d5c733a46c33ace0f66e5cc9d2ae4714",
"lastname": "CHeruku",
"email": "[email protected]",
"curl": "https://www.google.com",
"furl": "https://www.google.com",
"surl": "https://www.youtube.com",
"txn_s2s_flow": "4",
"s2s_device_info": "ewew",
"s2s_client_ip": "ewew"
}'
Sample response
{
"metaData": {
"message": null,
"referenceId": "024d9afbdbf85bd35b25649ccf983e16ee3d4646c2cdcffada88bd2df371fd43",
"statusCode": null,
"txnId": "nY3tkz3vciHFGTjblyFeycL2Zn1m",
"txnStatus": "pending",
"unmappedStatus": "pending"
},
"result": {
"paymentId": 403993715529028543,
"merchantName": "Merchant",
"merchantVpa": null,
"amount": "1090.33",
"intentURIData": "pa=&pn=&tr=403993715529028543&tid=PPPL403993715529028543290523133325&am=1090.33&cu=INR&tn=UPI Transaction for PPPL403993715529028543290523133325",
"acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vdGVzdC5wYXl1LmluLzAyNGQ5YWZiZGJmODViZDM1YjI1NjQ5Y2NmOTgzZTE2NGQ0YTUxYzYzNjcyODAxNjRkMDlkNDg2YjRkYWI1ZmEvaW50ZW50U2VhbWxlc3NIYW5kbGVyLnBocCIgbWV0aG9kPSJwb3N0Ij48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJ0b2tlbiIgdmFsdWU9IjE2NTIyQTgxLTUwMjYtMUUyRi0zNDFCLTJFQ0MyQ0Y5RTE1QyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYW1vdW50IiB2YWx1ZT0iMTA5MC4zMyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0ibWlocGF5aWQiIHZhbHVlPSIwMjRkOWFmYmRiZjg1YmQzNWIyNTY0OWNjZjk4M2UxNmVlM2Q0NjQ2YzJjZGNmZmFkYTg4YmQyZGYzNzFmZDQzIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkaXNhYmxlSW50ZW50U2VhbWxlc3NGYWlsdXJlIiB2YWx1ZT0iMSI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0icGF5ZWVWcGEiIHZhbHVlPSIiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBheWVlTmFtZSIgdmFsdWU9Ik1lcmNoYW50Ij48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhZGRpdGlvbmFsQ2hhcmdlcyIgdmFsdWU9IjAiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InRyYW5zYWN0aW9uRmVlIiB2YWx1ZT0iMTA5MC4zMyI+PC9mb3JtPjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpbmRvdy5vbmxvYWQ9ZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N1bWVudC5mb3Jtc1sncGF5bWVudF9wb3N0J10uc3VibWl0KCk7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgICAgIDwvc2NyaXB0PjwvYm9keT48L2h0bWw+",
"otpPostUrl": "https://test.payu.in/ResponseHandler.php"
}
}
Step 2: Invoke UPI Intent on Customer’s Device
Partner to open the UPI Intent as per the NPCI Guidelines. This URL can then be fired using an Intent or a hyperlink which would open an Intent tray with a list of available supporting apps in the user’s mobile device. Below is a sample UPI deep link URL and the format used for creating the URL:
Sample URL (with values from above sample JSON):
upi://pay?<IntentURIData>
Format for UPI Deep Linking URL (as per NPCI guidelines):
"upi://pay"+ <intentURIData>
After the response is received from the transacting app (BHIM/Google Pay/PhonePe/AxisPay/Any other app), a merchant can check the status of the transaction using the verify_payment API.
Failed responses
| Code | Reason | Response |
|---|---|---|
| 401 | with invalid token | { “message”: “Invalid Auth token” } |
| 403 | with invalid hash | { “message”: “Invalid Hash” } |
| 400 | without reseller_id | { “errors”: [ “reseller_id is mandatory.” ] } |
| 400 | without amount | { “errors”: [ “amount is mandatory param” ] } |
| 400 | without merchant_id | { “errors”: [ “merchant_id is mandatory param” ] } |
| 400 | without hash | { “errors”: [ “hash is mandatory param” ] } |
| 400 | without product_info | { “errors”: [ “product_info is mandatory param” ] } |
Step 3: Verify Payment API
Check the UPI transaction status using the Verify Payment API (check_upi_txn_status) API.
After the response is received from your customer’s app (BHIM, Google Pay, PhonePe, AxisPay, or any other app), you can check the status of the transaction using the Verify Payment API. Web services can be accessed by making a server-to-server call using the following PayU URLs.
Environment
| UAT Host | https://test-partnerapilayer.payu.in/apilayer |
| PROD Host | https://api.payu.in |
Request headers
| Parameter | Value |
|---|---|
| Content-Type | application/json |
| Authorization | 039e0d1d70f467f946e2d73bd43868df856cfaa352ea54591a76bfc4a08d3487 |
Request parameters
| Parameter | Description | Example |
|---|---|---|
| txnid | In this parameter, you can include the txnid (Your transaction ID/order ID). | 100123 |
| merchant_id | It is the merchant id that PayU provided you. | 8238480 |
| hash | This parameter must contain the hash value to be calculated at your end. The string used for calculating the hash is mentioned below:sha512(merchant_id|command|txnid|client_secret) sha512 is the encryption method used here.- client_secret– These credentials are only accessible to a partner(WhatsApp). - command has constant value as verify_payment. | |
| resseler_id | varchar This parameter is the unique Partner Identifier provided by PayU for your partner account. The Partner Identifier acts as the unique identifier to identify a particular Partner Account in our database. | 83fe-eb64-021844d8-9397-26535b1bf0c3 |
Sample Request
curl --location --request POST 'https://test-partnerapilayer.payu.in/apilayer/partner/verifyPayment' \
--header 'Authorization: Bearer 9d2ab8e1b99aa02f6b827af5b5000b277d9cb1cd037acb7cb31436a5b0da4f74' \
--header 'Content-Type: application/json' \
--header 'Cookie: PHPSESSID=p576r3mrpdm29sersr0emhmc53' \
--data-raw '{
"txnid": "nY3tkz3vciHFGTjblyFeycL2Zn2c",
"merchant_id": "8238480",
"reseller_id": "83fe-eb64-021844d8-9397-26535b1bf0c2",
"hash": "0dd9057a6575f2f5531880b83f2f119356b9a841df18fc4487c1ab0fee8477d15d15cf43e37656b55a8bde0dbe048f0ef93b62420864ecbd7d7a5965300a4399"
}'
Response parameters
| JSON Field | Description |
|---|---|
| mihpayid | This field contains a unique reference number created for each transaction at PayU’s end. You must note this transaction ID as this will be used as a reference for all the future actions on this transaction like Inquiry or Refund. |
| request_id | This field would contain the request ID value posted by the merchant during the transaction request. |
| bankrefnum | For each successful transaction – this field would contain the bank reference number generated by the bank. |
| amt | This field contains the net amount debited from the customer’s account for this transaction. |
| transaction_amount | This field contains the original amount which was sent in the transaction request by the merchant |
| productinfo | This field contains the same value of product information which was sent in the transaction request from the merchant’s end to PayU. |
| firstname | This field contains the same value of first name which was sent in the transaction request from the merchant’s end to PayU. |
| bankcode | This field contains the code indicating the payment option used for the transaction. For example, in the Debit Card mode, there are different options like Visa Debit Card, Mastercard, Maestro etc. For each option, a unique bank code exists. It would be returned in this bank code parameter. For example, Visa Debit Card – VISA, Master Debit Card – MAST. |
| udf1 | This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5. |
| udf3 | This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5. |
| udf4 | This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5. |
| udf5 | This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5. |
| field2, field3 | The auth code from the bank is displayed in this field. |
| field9 | This field contains the failure reason if the transaction has failed. |
| error_code | This field contains the error code for the transaction. |
| net_amount_debit | This field contains the net amount debited from the customer’s account for this transaction. It is calculated as:transaction\_fee= actual\_discount + additional\_charges |
| added_on | This field contains the transaction timestamp returned in this parameter. |
| payment_source | This field contains the payment source. PayU is returned for the transactions made with PayU. |
| card_type | This field contains the card type used for the transaction if the cards are used. |
| error_Message | This field contains the error message for the transaction (if any). |
| net_amount_debit | This field contains the net amount debited from the customer’s account for this transaction. |
| disc | This field contains the discount amount for the customer. Note: For Cashback type offers, the discount amount will always be sent as zero(**0**) by PayU. |
| Mode | This field contains the mode of payment. |
| PG_TYPE | This field contains the information on the payment gateway used for the transaction. For example, if CC PG was used, it would contain the value CC-PG. Similarly, it would have a unique value for all different types of payment gateways. |
| card_no | This field contains the card number for card transactions. |
| name_on_card | This field contains the name on card for card transactions. |
| udf2 | This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5. |
| field5 | This field contains the UPI VPA ID for UPI transactions. |
| status | This field contains the status of the transaction. For detailed information on the statuses, refer to Payment State Explanations |
| unmappedstatus | This field contains the status of a transaction as per the internal database of PayU. PayU’s system has several intermediate statuses which are used for tracking various activities internal to the system. Hence, this status contains intermediate statuses of a transaction also – and hence is known as unmappedstatus. For detailed information on the statuses, refer to Payment State Explanations. |
| Merchant_UTR | This field contains the merchant Unique Transaction Reference (UTR) number. |
| Settled_at | This field contains the time stamp of card settlement if the transaction is using credit cards. |
Sample response
{
"msg": "1 out of 1 Transactions Fetched Successfully",
"transaction_details": {
"wtsapp_txn_id5": {
"mihpayid": "403993715529051451",
"request_id": null,
"bank_ref_num": null,
"amt": "2.00",
"transaction_amount": "2.00",
"txnid": "wtsapp_txn_id5",
"additional_charges": "0.00",
"productinfo": "WA productinfo",
"firstname": "WAfirstname",
"bankcode": "INTENT",
"udf1": null,
"udf3": null,
"udf4": null,
"udf5": "",
"field2": null,
"field9": null,
"error_code": null,
"addedon": "2023-05-31 18:56:08",
"payment_source": "payuPureS2S",
"card_type": null,
"error_Message": "",
"meCode": "{\"pgMerchantId\":\"HDFC000000000106\",\"payu_aggregator\":\"1\",\"merchantVpa\":\"payu@axisbank\"}",
"net_amount_debit": "0.00",
"disc": "0.00",
"mode": "UPI",
"PG_TYPE": "UPI-PG",
"card_no": "",
"udf2": null,
"status": "pending",
"unmappedstatus": "in progress",
"Merchant_UTR": null,
"Settled_At": null,
"App_Name": null
}
},
"status": 1.0
}
Failed Responses
| Code | Reason | Response |
|---|---|---|
| 401 | with invalid token | { “message”: “Invalid Auth token” } |
| 403 | with invalid hash | { “message”: “Invalid Hash” } |
| 400 | without reseller_id | { “errors”: [ “reseller_id is mandatory.” ] } |
| 400 | without merchant_id | { “errors”: [ “merchant_id is mandatory param” ] } |
| 400 | without hash | { “errors”: [ “hash is mandatory param” ] } |
Step 4: PayU sends Server-to-Server call-back response
PayU can also send a server-to-server call-back response whenever the transaction status gets updated.
Implementation
The server-to-server response would be sent by PayU on a pre-set URL, which has to be provided by you. PayU will configure it at your back end. This response would be sent in key/value pair separated by the ampersand (&) character. In case any parameter is not used, we would send it back to you with an empty string. The sample response is similar to the following:
mihpayid: 403993715523615328
mode: CC
status: success
unmappedstatus: captured
key: JPM7Fg
txnid: 50QJq6lBJBmx14
amount: 10.00
cardCategory: domestic
discount: 0.00
net_amount_debit: 10
addedon: 2021-07-28 15:11:37
productinfo: iPhone
firstname: PayU User
lastname:
address1:
address2:
city:
state:
country:
zipcode:
email: [email protected]
phone: 9876543210
udf1:
udf2:
udf3:
udf4:
udf5:
udf6:
udf7:
udf8:
udf9:
udf10:
hash: afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa
field1:
field2:
field3:
field4:
field5:
field6:
field7:
field8:
field9: Transaction Completed Successfully
payment_source: payu
PG_TYPE: CC-PG
bank_ref_num: 7f0d5ada-59bb-41d7-9e41-20a6af2406c9
bankcode: CC
error: E000
error_message: No Error
name_on_card: test
cardnum: 411111XXXXXX1111