Using MOTO with Network Tokens

This scenario is applicable if you want to collect payments using MOTO (Mail Order Telephone Order) transactions with network tokens.

HTTP Method: POST

Environment


Test Environment	https://test.payu.in/_payment
Production Environment	https://secure.payu.in/_payment

Applicable scenarios

Processing MOTO payments for corporate cards in the Hotel and Travel Industry
Merchant has the card token, TAVV (Cryptogram), and the last four digits of the card
The token could be created by the merchant or through another partner
Transactions that are exempt from 2FA as per RBI guidelines for MOTO payments
For now, PayU is only supporting direct token cards in the request from the merchant

📘
Note
This scenario is applicable if you are PCI compliant and got the network token and TAVV from any other aggregator or schemes and then sending the card transaction request in the form of authentication. MOTO transactions must comply with RBI and PCI DSS guidelines and are restricted to corporate cards in specific industries.

Request Parameters

Parameter	Description	Example
key `mandatory`	`String` The merchant key is a unique identifier for a merchant account in PayU's database.	ZYOSqk
api_version `optional`	`String` The API version for this API.	1
txnid `mandatory`	`String` The transaction ID is a reference number for a specific order that is generated by the merchant. It is used to track the order and must be unique. PayU's system will not accept duplicate transaction IDs.	969317320FDIRj89uFPa
amount `mandatory`	`String` This field should contain the payment amount for the transaction. For MOTO transactions, this represents the authorization amount for the corporate card transaction.	1227.00
productinfo `mandatory`	`String` A brief description of the product. Character limit: 100.	Hotel Booking
firstname `mandatory`	`String` The customer's first name. Character limit: 60.	John
email `mandatory`	`String` The customer's email address. Character limit: 50.	[email protected]
phone `mandatory`	`String` The customer's phone number.	9876543210
lastname `mandatory`	`String` The customer's last name. Character limit: 60.	Doe
surl `mandatory`	`String` The success URL for redirection on successful payment.	https://apiplayground-response.herokuapp.com/
furl `mandatory`	`String` The failure URL for redirection on failed payment.	https://apiplayground-response.herokuapp.com/
hash `mandatory`	`String` Used for transaction tamper-proofing. For more information, refer to generate hash.	d18c71adca9d58b9db6b3c3c4 b05433cf2a6b24dfc26bbeb0dd c5ff6c86a8914c5d72c2b09c21c5a 3e3d47bfe31ba5aaea8b9f7e1b8 a6c8e2f5b4d0a7c3e9f8b2
pg `mandatory`	`String` For MOTO transactions, the value should be 'MOTO', denoting the payment gateway acronym for Mail Order Telephone Order payments.	MOTO
bankcode `mandatory`	`String` For MOTO transactions, this parameter can have any of the following values: MVISACC, MVISADC, MMASTCC, MMASTDC.	MVISACC
ccexpmon `mandatory`	`String` The expiry month of the tokenized card.	11
ccexpyr `mandatory`	`String` The expiry year of the tokenized card.	27
store_card_token `conditional`	`String` The network token generated at the merchant's end or received from the payment processor for MOTO transactions.	4VISAVISAVISAVI0
user_credentials `conditional`	`String` Used for authentication or identifying a specific user's data or account to process a transaction or request when using network tokens.	user123:password456
storecard_token_type `conditional`	`String` Specifies the type of token when processing transactions with a stored card or network token. For network tokens, the value must be set to 1.	1
additional_info `mandatory`	`JSON` A mandatory field that carries additional data in JSON format to facilitate the processing of transactions with network tokens. Contains fields such as last4Digits (mandatory), TAVV (Transaction Authorization Verification Value), trid (Token Requester ID), and tokenRefNo (Token Reference Number).	{"last4Digits": "0001", "tavv": "/wAAAAABaDazwwMAma6+gqUAAAA="}
address1 `optional`	`String` The billing address line 1. Character limit: 100.	123 Main Street
address2 `optional`	`String` The billing address line 2. Character limit: 100.	Apt 456
city `optional`	`String` The billing city.	Mumbai
state `optional`	`String` The billing state.	Maharashtra
country `optional`	`String` The billing country. Character limit: 50.	India
zipcode `optional`	`String` The billing address ZIP code. Character limit: 20.	400001
udf1 `optional`	`String` User-defined field 1 for additional transaction metadata.	MOTO_HOTEL_BOOKING
udf2 `optional`	`String` User-defined field 2 for additional transaction metadata.	CORPORATE_CARD
udf3 `optional`	`String` User-defined field 3 for additional transaction metadata.	Travel_Industry
udf4 `optional`	`String` User-defined field 4 for additional transaction metadata.	Customer_Reference
udf5 `optional`	`String` User-defined field 5 for additional transaction metadata.	Booking_ID_12345

📘
Notes for additional_info

last4Digits: The last 4 digits of the card. This parameter is mandatory for MOTO transactions to ensure proper card identification.

TAVV: Token Authentication Verification Value (also known as cryptogram). This is mandatory for MOTO transactions to ensure the authenticity of the tokenized card.

Sample Request

{
  "hash": "135e38baa5218605f1128342f9057e6c1585a4af7e8c85a2856fa27e8a42bace77c8c5e62aa586594329202dc5dfe762ae5ebdfd66253f2462b42a42995f7063",
  "key": "L43t1c",
  "txnid": "133e4fe03c40baac9351",
  "api_version": "1",
  "amount": "1",
  "firstname": "Payu-Admin",
  "email": "_emailid_",
  "phone": "_mobilenum_",
  "productinfo": "Product Info",
  "surl": "https://admin.payu.in/test_response",
  "txtid": "afb82b0dc86628a66f7fc4eb5b166786",
  "furl": "https://admin.payu.in/test_response",
  "pg": "MOTO",
  "bankcode": "MMASTCC",
  "storecard_token_type": "1",
  "additional_info": "{\"tavv\":\"AJw6hJIu5Sl7ABMHaVaWAAADFA==\",\"last4digits\":\"1289\"}",
  "ccexpmon": "_ccexpmon_",
  "ccexpyr": "_expiry_",
  "store_card_token": "5MASTERCARDMAST1"
}

Sample Response

{
  "mihpayid": "403993715533983091",
  "mode": "MOTO",
  "status": "success",
  "unmappedstatus": "captured",
  "key": "ZYOSqk",
  "txnid": "969317320FDIRj89uFPa", 
  "amount": "1227.00",
  "cardCategory": "domestic",
  "discount": "0.00",
  "net_amount_debit": "1227.00",
  "addedon": "2023-09-18 14:35:28",
  "productinfo": "Hotel Booking",
  "firstname": "John",
  "lastname": "Doe",
  "address1": "123 Main Street",
  "address2": "",
  "city": "Mumbai",
  "state": "Maharashtra",
  "country": "India",
  "zipcode": "400001",
  "email": "[email protected]",
  "phone": "9876543210",
  "udf1": "MOTO_HOTEL_BOOKING",
  "udf2": "CORPORATE_CARD",
  "udf3": "",
  "udf4": "",
  "udf5": "",
  "field2": "999999",
  "field3": "1227.00",
  "field4": "",
  "field5": "",
  "field6": "",
  "field7": "",
  "field8": "",
  "field9": "SUCCESS",
  "payment_source": "payu",
  "PG_TYPE": "MOTO",
  "bank_ref_num": "AUTHPOSITIVE",
  "bankcode": "MOTO",
  "error": "E000",
  "error_Message": "No Error",
  "name_on_card": "",
  "cardnum": "XXXXXXXXXXXX0001",
  "cardhash": "",
  "authCode": "AUTHPOSITIVE",
  "txnAmount": "1227.00",
  "transactionType": "SALE",
  "transactionStatus": "APPROVED",
  "paymentToken": {
    "reusable": true,
    "tokenType": "NETWORK_TOKEN"
  }
}

📘
Important Notes for MOTO Transactions

MOTO transactions are restricted to corporate cards in the Hotel and Travel Industry as per RBI guidelines

All MOTO transactions must be tokenized and comply with PCI DSS standards

The merchant must be pre-approved and KYC compliant to process MOTO transactions

RMS (Risk Management Service) will validate MOTO eligibility during transaction processing

MOTO transactions are exempt from 2FA but maintain other security measures like cryptogram validation

A separate Payment Gateway ID is used for MOTO transactions for reconciliation purposes