UPI S2S Integration API - Partner Integration

In order to initiate payments for partners, Whatsapp needs to use the access token instead of key/salt.

The following steps allow you to integrate the server-to-server UPI intent:

  1. Initiate payment request
  2. Invoke UPI Intent on customer’s device
  3. Verify payment
  4. PayU sends Server-to-Server callback response

Step 1: Initiate payment request

Environment

Request headers

ParameterValue
Content-Typeapplication/json
AuthorizationBearer
Where, <token> must be substituted with 039e0d1d70f467f946e2d73bd43868df856cfaa352ea54591a76bfc4a08d3487

Request parameters

The following table lists the request parameter descriptions for Partner Payment integration.

📘

Extra params for Partner integration:

The following params are the extra parameters (optional) used compared to the regular _payment API, but with a different endpoint: partner_udf_3, partner_udf_4, shipping_firstname, shipping_lastname, shipping_address1, shipping_address2, shipping_city, shipping_state, shipping_country, shipping_zipcode, shipping_phone

ParameterDescriptionExample
merchant_id mandatoryString This parameter is the unique Merchant id provided by PayU for your merchant account. The Merchant id acts as the unique identifier (primary key) to identify a particular Merchant Account in our database.8488225
txnid
mandatory
varchar This parameter is known as Transaction ID (or OrderID). It is the order reference number generated at your (Merchant’s) end. It is an identifier which you(merchant) would use to track a particular order. If a transaction using a particular transaction ID has already been successful at PayU, the usage of same Transaction ID again would fail. Hence, it is essential that you post us a unique transaction ID for every new transaction (Please make sure that the transaction ID being sent to us hasn’t been successful earlier. In case of this duplication, the customer would get an error of ‘duplicate Order ID’).fd3e847h2
amount mandatoryfloat This parameter should contain the payment amount of the particular transaction. Note: Type-cast the amount to float type10
productinfo mandatoryvarchar This parameter should contain a brief product description. It should be a string describing the product (The description type is entirely your choice). T-shirt
firstname mandatoryvarchar This parameter must contain the first name of the customer.Ankit
email
mandatory
varchar This parameter must contain the email of the customer)[email protected]
phone mandatoryinteger Merchant needs to take the customer’s GPay registered phone number and pass in this field. This field will be used for further mapping the customer VPA and initiate a collect request. 
txn_s2s_flow mandatoryinteger This parameter is to indicate the transaction is S2S flow. Pass this parameter value as 4.4
hash
mandatory
varchar varchar Hash is a crucial parameter – used specifically to avoid any tampering during the transaction. There are two different methods to calculate hash. Please follow method 1 only. Method 2 is just there for the documentation and is not to be used This is the simplest way of calculating the hash value. Here, please make sure that the api_version parameter is NOT POSTED from your end. For hash calculation, you need to generate a string using certain parameters and apply the sha512 algorithm to this string.
Note: You have to use pipe (|) character in between these parameters as mentioned below. The parameter order is mentioned below: sha512(merchant_id|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|u df5||||||CLIENT_SECRET) All these parameters (and their descriptions) have already been mentioned earlier in this table. Here, SALT (to be provided by PayU), key, txnid, amount productinfo, firstname, email are mandatory parameters and hence can’t b empty in hash calculation above. But, udf1-udf5 are optional and hence you nee to calculate the hash based upon the fact that whether you are posting a particular udf or not. For example, if you are NOT posting udf1. Then, in the has calculation, udf1 field will be left empty. The following examples will clarify various scenarios of hash calculation:

- Case 1: If all the udf parameters (udf1-udf5) are posted by the merchant. Then, hash=sha512(merchant_id|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3| udf4|udf5||||||CLIENT_SECRET)
- Case 2: If only some of the udf parameters are posted and others are not. For example, if udf2 and udf4 are posted and udf1, udf3, udf5 are not. Then, hash=sha512(merchant_id|txnid|amount|productinfo|firstname|email||udf2||udf4|||||||CLIENT_SECRET) Case 3: If NONE of the udf parameters (udf1-udf5) are posted. Then, hash=sha512(merchant_id|txnid|amount|productinfo|firstname|email|||||||||||CLIENT_SECRET) Example: If merchant_id=6631711, txnid=12345, amount=10, productinfo=Shopping, firstname=Test, email=[email protected], udf2=abc, udf4=15, CLIENT_SECRET=3sf0jURk91319391949941414195821851313 and udf1, udf3, udf5 are not posted. Then, the hash would be calculated as Case 2 above: sha512(6631711|12345|10|Shopping|Test|[email protected]||abc||15|||||||3sf0jURk91319391949941414195821851313) (This value comes out to be 7a83339ccf2dde9d31569b00eea70a60174b3af3ceaa773d17a84b90c9eedad5f744ba02f95a572d8fe8592346ebb537bede49ad1ec786469b4bd77531d19b87) IMPORTANT: For details related to hash at the time of postback from PayU to the merchant, please refer to the later section. This is also absolutely mandatory to avoid any tampering.
 
s2s_client_ip mandatoryvarchar This parameter must have the source IP of the user 
s2s_device_info mandatoryvarchar This parameter must have the user agent of the device 
reseller_id mandatoryvarchar This parameter is the unique Partner Identifier provided by PayU for your partner account. The Partner Identifier acts as the unique identifier to identify a particular Partner Account in our database. 83fe-eb64-021844d8-9397-26535b1bf0c2
udf5
mandatory
string This parameter has been made for you to keep any information corresponding to the transaction. Pass whatsapp in this fieldwhatsapp
address1 optionalstring The first line of the billing address. 
address2 optionalstring The second line of the billing address. 
city
optional
string The city where your customer resides as part of the billing address. 
state
optional
string The state where your customer resides as part of the billing address. 
country
optional
string The country where your customer resides. 
zipcode
optional
string Billing address zip code is mandatory for the cardless EMI option. 
partner_udf_3
optional
This parameter has been made for partner to pass any information corresponding to the transaction.
partner_udf_4
optional
This parameter has been made for partner to pass any information corresponding to the transaction.
shipping_firstname optionalstring The first name of shipping person. 
shipping_lastname optionalstring The last name of shipping person. 
shipping_address1 optionalstring The first line of the shipping address. 
shipping_address2 optionalstring The second line of the shipping address. 
shipping_city optionalstring The city where your customer resides as part of the shipping address. 
shipping_state optionalstring The state where your customer resides as part of the shipping address. 
shipping_country optionalstring The country where your customer resides as part of the shipping address. 
shipping_zipcode optionalstring Shipping address zip code. 
shipping_phone optionalstring The phone no your customer resides as part of the shipping address. 
drop_category optionalstring This parameter can be used if you want to hide one or multiple payment options. For example, if you want to collect the payment using debit card and Net Banking, you can hide the credit card mode of payment. 
enforce_paymethod optionalstring This parameter allows you to customize the payment options for each transaction. You can enforce specific payment modes, cards scheme, and specific banks under Net Banking using this method. 
user_token optionalstringThis parameter is used to uniquely identify a user for a merchant. 
offer_key optionalstring List of keys to filter the offer. 
offer_auto_applystringThis parameter contains a flag to specify whether the offer can be automatically applied. 
additional_charges optionalstringThe additional amount that needs to be charged. The additional amount will be added to the amount of the product by PayU 

Sample request

curl --location --request POST 'https://test-partnerapilayer.payu.in/apilayer/partner/payments' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer 9d2ab8e1b99aa02f6b827af5b5000b277d9cb1cd037acb7cb31436a5b0da4f74' \
--data-raw '{
    "txnid": "nY3tkz3vciHFGTjblyFeycL2Zn1m",
    "amount": 1090.33,
    "productinfo": "whatsapp",
    "firstname": "Manikanta",
    "reseller_id": "83fe-eb64-021844d8-9397-26535b1bf0c2",
    "merchant_id": 8238480,
    "phone": 7036722360,
    "hash": "5aadceaf6bec9158ccba8ec0dab32debcacbfd50e3587c077fa11107a5be0ac26712fae230522afb8908d068122c02f2d5c733a46c33ace0f66e5cc9d2ae4714",
    "lastname": "CHeruku",
    "email": "[email protected]",
    "curl": "https://www.google.com",
    "furl": "https://www.google.com",
    "surl": "https://www.youtube.com",
    "txn_s2s_flow": "4",
    "s2s_device_info": "ewew",
    "s2s_client_ip": "ewew"
}'

Sample response

{
    "metaData": {
        "message": null,
        "referenceId": "024d9afbdbf85bd35b25649ccf983e16ee3d4646c2cdcffada88bd2df371fd43",
        "statusCode": null,
        "txnId": "nY3tkz3vciHFGTjblyFeycL2Zn1m",
        "txnStatus": "pending",
        "unmappedStatus": "pending"
    },
    "result": {
        "paymentId": 403993715529028543,
        "merchantName": "Merchant",
        "merchantVpa": null,
        "amount": "1090.33",
        "intentURIData": "pa=&pn=&tr=403993715529028543&tid=PPPL403993715529028543290523133325&am=1090.33&cu=INR&tn=UPI Transaction for PPPL403993715529028543290523133325",
        "acsTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vdGVzdC5wYXl1LmluLzAyNGQ5YWZiZGJmODViZDM1YjI1NjQ5Y2NmOTgzZTE2NGQ0YTUxYzYzNjcyODAxNjRkMDlkNDg2YjRkYWI1ZmEvaW50ZW50U2VhbWxlc3NIYW5kbGVyLnBocCIgbWV0aG9kPSJwb3N0Ij48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJ0b2tlbiIgdmFsdWU9IjE2NTIyQTgxLTUwMjYtMUUyRi0zNDFCLTJFQ0MyQ0Y5RTE1QyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYW1vdW50IiB2YWx1ZT0iMTA5MC4zMyI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0ibWlocGF5aWQiIHZhbHVlPSIwMjRkOWFmYmRiZjg1YmQzNWIyNTY0OWNjZjk4M2UxNmVlM2Q0NjQ2YzJjZGNmZmFkYTg4YmQyZGYzNzFmZDQzIj48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkaXNhYmxlSW50ZW50U2VhbWxlc3NGYWlsdXJlIiB2YWx1ZT0iMSI+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0icGF5ZWVWcGEiIHZhbHVlPSIiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBheWVlTmFtZSIgdmFsdWU9Ik1lcmNoYW50Ij48aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhZGRpdGlvbmFsQ2hhcmdlcyIgdmFsdWU9IjAiPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InRyYW5zYWN0aW9uRmVlIiB2YWx1ZT0iMTA5MC4zMyI+PC9mb3JtPjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpbmRvdy5vbmxvYWQ9ZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N1bWVudC5mb3Jtc1sncGF5bWVudF9wb3N0J10uc3VibWl0KCk7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgICAgIDwvc2NyaXB0PjwvYm9keT48L2h0bWw+",
        "otpPostUrl": "https://test.payu.in/ResponseHandler.php"
    }
}

Step 2: Invoke UPI Intent on Customer’s Device

Partner to open the UPI Intent as per the NPCI Guidelines. This URL can then be fired using an Intent or a hyperlink which would open an Intent tray with a list of available supporting apps in the user’s mobile device. Below is a sample UPI deep link URL and the format used for creating the URL:

Sample URL (with values from above sample JSON): 

upi://pay?<IntentURIData>

Format for UPI Deep Linking URL (as per NPCI guidelines):

"upi://pay"+ <intentURIData>

After the response is received from the transacting app (BHIM/Google Pay/PhonePe/AxisPay/Any other app), a merchant can check the status of the transaction using the verify_payment API.

Failed responses

CodeReasonResponse
401with invalid token {
“message”: “Invalid Auth token”
}
403with invalid hash {
“message”: “Invalid Hash”
}
400without reseller_id {
“errors”: [
“reseller_id is mandatory.”
]
}
400without amount {
“errors”: [

“amount is mandatory param”
]
}
400without merchant_id {
“errors”: [
“merchant_id is mandatory param”
]
}
400without hash {
“errors”: [
“hash is mandatory param”
]
}
400without product_info {
“errors”: [
“product_info is mandatory param”
]
}

Step 3: Verify Payment API

Check the UPI transaction status using the Verify Payment API (check_upi_txn_status) API.

After the response is received from your customer’s app (BHIM, Google Pay, PhonePe, AxisPay, or any other app), you can check the status of the transaction using the Verify Payment API. Web services can be accessed by making a server-to-server call using the following PayU URLs.

Environment

Request headers

ParameterValue
Content-Typeapplication/json
Authorization039e0d1d70f467f946e2d73bd43868df856cfaa352ea54591a76bfc4a08d3487

Request parameters

ParameterDescription Example
txnidIn this parameter, you can include the txnid (Your transaction ID/order ID).100123
merchant_idIt is the merchant id that PayU provided you.8238480
hashThis parameter must contain the hash value to be calculated at your end. The string used for calculating the hash is mentioned below:
sha512(merchant_id|command|txnid|client_secret) sha512 is the encryption method used here.

- client_secret– These credentials are only accessible to a partner(WhatsApp).
- command has constant value as verify_payment.
resseler_idvarchar This parameter is the unique Partner Identifier provided by PayU for your partner account. The Partner Identifier acts as the unique identifier to identify a particular Partner Account in our database.83fe-eb64-021844d8-9397-26535b1bf0c3

Sample Request

curl --location --request POST 'https://test-partnerapilayer.payu.in/apilayer/partner/verifyPayment' \
--header 'Authorization: Bearer 9d2ab8e1b99aa02f6b827af5b5000b277d9cb1cd037acb7cb31436a5b0da4f74' \
--header 'Content-Type: application/json' \
--header 'Cookie: PHPSESSID=p576r3mrpdm29sersr0emhmc53' \
--data-raw '{
    "txnid": "nY3tkz3vciHFGTjblyFeycL2Zn2c",
    "merchant_id": "8238480",
    "reseller_id": "83fe-eb64-021844d8-9397-26535b1bf0c2",
    "hash": "0dd9057a6575f2f5531880b83f2f119356b9a841df18fc4487c1ab0fee8477d15d15cf43e37656b55a8bde0dbe048f0ef93b62420864ecbd7d7a5965300a4399"
}'

Response parameters

JSON FieldDescription
mihpayidThis field contains a unique reference number created for each transaction at PayU’s end. You must note this transaction ID as this will be used as a reference for all the future actions on this transaction like Inquiry or Refund.
request_idThis field would contain the request ID value posted by the merchant during the transaction request.
bankrefnumFor each successful transaction – this field would contain the bank reference number generated by the bank.
amtThis field contains the net amount debited from the customer’s account for this transaction.
transaction_amountThis field contains the original amount which was sent in the transaction request by the merchant
productinfoThis field contains the same value of product information which was sent in the transaction request from the merchant’s end to PayU.
firstnameThis field contains the same value of first name which was sent in the transaction request from the merchant’s end to PayU.
bankcodeThis field contains the code indicating the payment option used for the transaction. For example, in the Debit Card mode, there are different options like Visa Debit Card, Mastercard, Maestro etc. For each option, a unique bank code exists. It would be returned in this bank code parameter. For example, Visa Debit Card – VISA, Master Debit Card – MAST.
udf1This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5.
udf3This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5.
udf4This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5.
udf5This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5.
field2, field3The auth code from the bank is displayed in this field.
field9This field contains the failure reason if the transaction has failed.
error_codeThis field contains the error code for the transaction.
net_amount_debitThis field contains the net amount debited from the customer’s account for this transaction. It is calculated as:
transaction\_fee= actual\_discount + additional\_charges
added_onThis field contains the transaction timestamp returned in this parameter.
payment_sourceThis field contains the payment source. PayU is returned for the transactions made with PayU.
card_typeThis field contains the card type used for the transaction if the cards are used.
error_MessageThis field contains the error message for the transaction (if any).
net_amount_debitThis field contains the net amount debited from the customer’s account for this transaction.
discThis field contains the discount amount for the customer.
Note: For Cashback type offers, the discount amount will always be sent as zero(**0**) by PayU.
ModeThis field contains the mode of payment.
PG_TYPEThis field contains the information on the payment gateway used for the transaction. For example, if CC PG was used, it would contain the value CC-PG. Similarly, it would have a unique value for all different types of payment gateways.
card_noThis field contains the card number for card transactions.
name_on_cardThis field contains the name on card for card transactions.
udf2This field contains the same value of udf values that were sent in the transaction request from the merchant’s end to PayU. It ranges from udf1 to udf5.
field5This field contains the UPI VPA ID for UPI transactions.
statusThis field contains the status of the transaction. For detailed information on the statuses, refer to Payment State Explanations
unmappedstatusThis field contains the status of a transaction as per the internal database of PayU. PayU’s system has several intermediate statuses which are used for tracking various activities internal to the system. Hence, this status contains intermediate statuses of a transaction also – and hence is known as unmappedstatus. For detailed information on the statuses, refer to Payment State Explanations.
Merchant_UTRThis field contains the merchant Unique Transaction Reference (UTR) number.
Settled_atThis field contains the time stamp of card settlement if the transaction is using credit cards.

Sample response

{
    "msg": "1 out of 1 Transactions Fetched Successfully",
    "transaction_details": {
        "wtsapp_txn_id5": {
            "mihpayid": "403993715529051451",
            "request_id": null,
            "bank_ref_num": null,
            "amt": "2.00",
            "transaction_amount": "2.00",
            "txnid": "wtsapp_txn_id5",
            "additional_charges": "0.00",
            "productinfo": "WA productinfo",
            "firstname": "WAfirstname",
            "bankcode": "INTENT",
            "udf1": null,
            "udf3": null,
            "udf4": null,
            "udf5": "",
            "field2": null,
            "field9": null,
            "error_code": null,
            "addedon": "2023-05-31 18:56:08",
            "payment_source": "payuPureS2S",
            "card_type": null,
            "error_Message": "",
            "meCode": "{\"pgMerchantId\":\"HDFC000000000106\",\"payu_aggregator\":\"1\",\"merchantVpa\":\"payu@axisbank\"}",
            "net_amount_debit": "0.00",
            "disc": "0.00",
            "mode": "UPI",
            "PG_TYPE": "UPI-PG",
            "card_no": "",
            "udf2": null,
            "status": "pending",
            "unmappedstatus": "in progress",
            "Merchant_UTR": null,
            "Settled_At": null,
            "App_Name": null
        }
    },
    "status": 1.0
}

Failed Responses

CodeReasonResponse
401with invalid token {

“message”: “Invalid Auth token”

}
403with invalid hash {

“message”: “Invalid Hash”

}
400without reseller_id {

“errors”: [

“reseller_id is mandatory.”

]

}
400without merchant_id {

“errors”: [

“merchant_id is mandatory param”

]

}
400without hash {

“errors”: [

“hash is mandatory param”

]

}

Step 4: PayU sends Server-to-Server call-back response

PayU can also send a server-to-server call-back response whenever the transaction status gets updated.

Implementation

The server-to-server response would be sent by PayU on a pre-set URL, which has to be provided by you. PayU will configure it at your back end. This response would be sent in key/value pair separated by the ampersand (&) character. In case any parameter is not used, we would send it back to you with an empty string. The sample response is similar to the following:

mihpayid: 403993715523615328
mode: CC
status: success
unmappedstatus: captured
key: JPM7Fg
txnid: 50QJq6lBJBmx14
amount: 10.00
cardCategory: domestic
discount: 0.00
net_amount_debit: 10
addedon: 2021-07-28 15:11:37
productinfo: iPhone
firstname: PayU User
lastname: 
address1: 
address2: 
city: 
state: 
country: 
zipcode: 
email: [email protected]
phone: 9876543210
udf1: 
udf2: 
udf3: 
udf4: 
udf5: 
udf6: 
udf7: 
udf8: 
udf9: 
udf10: 
hash: afeab9dcf4e43d47f8fbf5a6838d393c70694a58e30ada08e6cb86ac943236c05717c5f5e4872d671fe81d0d9b2d9facd44e9a061ba621aff6f20c4343ea5dfa
field1: 
field2: 
field3: 
field4: 
field5: 
field6: 
field7: 
field8: 
field9: Transaction Completed Successfully
payment_source: payu
PG_TYPE: CC-PG
bank_ref_num: 7f0d5ada-59bb-41d7-9e41-20a6af2406c9
bankcode: CC
error: E000
error_message: No Error
name_on_card: test
cardnum: 411111XXXXXX1111