If the merchant wants PayU to tokenize the card using a zero code change approach (Model 2), use the request parameters as described in this section.
HTTP Method: POST
Environment
| Test Environment | https://test.payu.in/_payment |
| Production Environment | https://secure.payu.in/_payment |
Applicable scenarios
- Merchant wants to create tokens without making any integration changes at their end
- Merchant is using PayU as a partner for tokenization
This scenario is applicable if any merchant sends the plain card request to PayU and shares the consent for saving the card details.
Request parameters
<th>
**Description**
</th>
<th>
**Example**
</th>
</tr>
<td>
`String` The merchant <Glossary>key</Glossary> is a unique identifier for a merchant account in PayU's database.
</td>
<td>
Your Test Key
</td>
</tr>
<tr>
<td>
api\_version\
**optional**
</td>
<td>
`String` The API version for this API.
</td>
<td>
1
</td>
</tr>
<tr>
<td>
txnid\
**mandatory**
</td>
<td>
`String` The transaction ID is a reference number for a specific order that is generated by the merchant. It is used to track the order and must be unique. PayU's system will not accept duplicate transaction IDs.
</td>
<td>
s7hhDQVWvbhBdN
</td>
</tr>
<tr>
<td>
amount\
**mandatory**
</td>
<td>
`String` This field should contain the payment amount for the transaction. If you want to use the cardless EMI option, the amount must be at least Rs. 8000
</td>
<td>
10.00
</td>
</tr>
<tr>
<td>
productinfo\
**mandatory**
</td>
<td>
`String` It should be a string containing a brief description of the product.```
Character Limit-100
```
</td>
<td>
iPhone
</td>
</tr>
<tr>
<td>
firstname\
**mandatory**
</td>
<td>
`String` The first name of the customer.```
Character Limit-60
```
</td>
<td>
Ashish
</td>
</tr>
<tr>
<td>
email\
**mandatory**
</td>
<td>
`String` The email of the customer.```
Character Limit-50
```
</td>
<td>
[[email protected]](mailto:[email protected])
</td>
</tr>
<tr>
<td>
phone\
**mandatory**
</td>
<td>
`String` The phone number of the customer.
* \*Note\*\*: This information is helpful when it comes to issues related to fraud detection and chargebacks. Hence, it is must to provide the correct information.
</td>
<td>
9876543210
</td>
</tr>
<tr>
<td>
lastname\
**mandatory**
</td>
<td>
`String` The last name of the customer.```
Character Limit-60
```
</td>
<td>
Verma
</td>
</tr>
<tr>
<td>
address1\
**optional**
</td>
<td>
`String` The first line of the billing address.```
Character Limit-100
```
</td>
<td>
H.No- 17, Block C, Kalyan Bldg, Khardilkar Road, Mumbai
</td>
</tr>
<tr>
<td>
address2\
**optional**
</td>
<td>
`String` The second line of the billing address.`Character Limit-100`
</td>
<td>
34 Saikripa-Estate, Tilak Nagar
</td>
</tr>
<tr>
<td>
city\
**optional**
</td>
<td>
`String` The city where your customer resides as part of the billing address.
</td>
<td>
Mumbai
</td>
</tr>
<tr>
<td>
state\
**optional**
</td>
<td>
`String` The state where your customer resides as part of the billing address,
</td>
<td>
Maharashtra
</td>
</tr>
<tr>
<td>
country\
**optional**
</td>
<td>
`String` The country where your customer resides.`Character Limit-50`
</td>
<td>
India
</td>
</tr>
<tr>
<td>
zipcode\
**optional**
</td>
<td>
`String` Billing address zip code is mandatory for the cardless EMI option.```
Character Limit-20
```
</td>
<td>
400004
</td>
</tr>
<tr>
<td>
surl\
**mandatory**
</td>
<td>
`String` The "surl" field is the success URL, which is the page PayU will redirect to if the transaction is successful. The merchant can handle the response at this URL after the customer is redirected there.
</td>
<td>
[https://apiplayground-response.herokuapp.com/](https://apiplayground-response.herokuapp.com/)
</td>
</tr>
<tr>
<td>
furl\
**mandatory**
</td>
<td>
`String` The "furl" field is the Failure URL, which is the page PayU will redirect to if the transaction is failed. The merchant can handle the response at this URL after the customer is redirected there.
</td>
<td>
[https://apiplayground-response.herokuapp.com/](https://apiplayground-response.herokuapp.com/)
</td>
</tr>
<tr>
<td>
hash\
**mandatory**
</td>
<td>
`String` It is used to avoid the possibility of transaction tampering. For more information on hash generation process, refer to [Generate Hash](doc:generate-hash-merchant-hosted).
</td>
<td>
`eabec285da28fd
0e3054d41a4d24fe
9f7599c9d0b6664
6f7a9984303fd612
4044b6206daf831
e9a8bda28a6200d
318293a13d6c193
109b60bd4b4f8b09
c90972`
</td>
</tr>
<tr>
<td>
<Glossary>pg</Glossary>\
**mandatory**
</td>
<td>
`String` The pg parameter determines which payment tabs will be displayed. Here, use 'CC' as the value.
</td>
<td>
CC
</td>
</tr>
<tr>
<td>
<Glossary>bankcode</Glossary>\
**mandatory**
</td>
<td>
`String` Each payment option is identified with a unique bank code at PayU. The merchant must post this parameter with the corresponding payment option’s bank code value in it.
</td>
<td>
AMEX
</td>
</tr>
<tr>
<td>
udf1 - udf5\
**optional**
</td>
<td>
`String` User-defined fields (udf) are used to store any information corresponding to a particular transaction. You can use up to five udfs in the post designated as udf1, udf2, udf3, udf4, udf5.\
`Character Limit-255`
</td>
<td>
Payment Preference, Shipping Method, Shipping Address1, Shipping City, Shipping Zip Code, etc.
</td>
</tr>
<tr>
<td>
ccnum\
**optional**
</td>
<td>
`varchar` This parameter must contain the 13 to 19-digit card number for credit or debit cards in general.
</td>
<td>
512\*\*\*6789012346
</td>
</tr>
<tr>
<td>
ccname\
**optional**
</td>
<td>
`varchar` It is the customer's name on card.
</td>
<td>
Ashish
</td>
</tr>
<tr>
<td>
ccvv\
**optional**
</td>
<td>
`varchar` This parameter must contain the CVV number of the card – as entered by the customer for the transaction.
</td>
<td>
123
</td>
</tr>
<tr>
<td>
ccexpmon\
**mandatory**
</td>
<td>
`integer` This parameter must contain the Expiry month that is mentioned under card validity.
</td>
<td>
10
</td>
</tr>
<tr>
<td>
ccexpyr\
**mandatory**
</td>
<td>
`integer` This parameter must contain the Expiry year that is mentioned under card validity.
</td>
<td>
2022
</td>
</tr>
<tr>
<td>
store\_card\
**mandatory**
</td>
<td>
`integer` This must include the flag if PayU must tokenize the card. For this scenario, specify 1.
</td>
<td>
1
</td>
</tr>
<tr>
<td>
user\_credentials\
**mandatory**
</td>
<td>
`varchar` This parameter must contain the user credentials.
</td>
<td>
a:b
</td>
</tr>
| **Parameter** |
|---|
| key **mandatory** |
Response
PayU returns PayU token in response (the existing field card_token in current response). If the merchant needs network and issuer token, they may call get_payment_instument with PayU token as input. For more information on get_payment_instument, refer to Get User Cards API.
Sample response
Success scenario
PayU will return the response (unformatted) similar to the following on the surl specified using _payment API in JSON format:
{
"mihpayid": "999000000001268",
"mode": "CC",
"status": "success",
"unmappedstatus": "captured",
"key": "J****g",
"txnid": "2b019fa0976d7480cf5",
"amount": "10.00",
"cardCategory": "domestic",
"discount": "0.00",
"net_amount_debit": "10",
"addedon": "2021-11-29 11:51:35",
"productinfo": "Product Info",
"firstname": "Payu-Admin",
"lastname": "",
"address1": "",
"address2": "",
"city": "",
"state": "",
"country": "",
"zipcode": "",
"email": "[email protected]",
"phone": "1234567890",
"udf1": "",
"udf2": "",
"udf3": "",
"udf4": "",
"udf5": "",
"udf6": "",
"udf7": "",
"udf8": "",
"udf9": "",
"udf10": "",
"hash": "82df12630b4e4083a90b314534872dfb22e97aaa191b1b93db2a76351561bd612a0b321609b0e31a3b7b62d1928c8e67e9fed5b2b5209deba4366c58706c1ffe",
"field1": "3245029356632939671830",
"field2": "302404",
"field3": "10.00",
"field4": "999000000001268",
"field5": "100",
"field6": "02",
"field7": "AUTHPOSITIVE",
"field8": "",
"field9": "Transaction is Successful",
"payment_source": "payu",
"PG_TYPE": "CC-PG",
"bank_ref_num": "3245029356632939671830",
"bankcode": "CC",
"error": "E000",
"error_Message": "No Error",
"cardToken": "28b99d39e83e8031caa7ad",
"name_on_card": "Test User",
"cardnum": "XXXXXXXXXXXX2346",
"cardhash": "This field is no longer supported in postback params."
}
Failure scenario
PayU will return the response (unformatted) similar to the following on the furl specified using _payment API in JSON format:
{
"mihpayid": "412345678912344659",
"mode": "",
"status": "failure",
"unmappedstatus": "userCancelled",
"key": "J****g",
"txnid": "4ed74a05e1220e885f70",
"amount": "10.00",
"discount": "0.00",
"net_amount_debit": "0.00",
"addedon": "2019-12-20 11:58:49",
"productinfo": "Product Info",
"firstname": "Payu-Admin",
"lastname": "",
"address1": "",
"address2": "",
"city": "",
"state": "",
"country": "",
"zipcode": "",
"email": "[email protected]",
"phone": "1234567890",
"udf1": "",
"udf2": "",
"udf3": "",
"udf4": "",
"udf5": "",
"udf6": "",
"udf7": "",
"udf8": "",
"udf9": "",
"udf10": "",
"hash": "159e1935d6a8e80c3fd2170bdc7397e1fac48be772f3515be0d728cd402b3420734944de45f8f70a4329dfafe2327200f41bc580d6c96fc0c2ce986ce3a67162",
"field1": "",
"field2": "",
"field3": "",
"field4": "",
"field5": "",
"field6": "",
"field7": "",
"field8": "",
"field9": "Cancelled by user",
"payment_source": "payu",
"PG_TYPE": "",
"bank_ref_num": "",
"bankcode": "",
"error": "E1605",
"error_Message": "Transaction failed due to customer pressing cancel button.",
"card_token": ""
}