Direct Authentication Integration
This section describes direct authentication flow with seamless integration over the Redirect experience for cards involves the following steps:
Steps to Integrate
Before you begin:PayU recommends you to integrate with Test environment initially. For more information, contact you PayU Key Account Manager (KAM) or PayU Support.
Step 1: Post the transaction to PayU
Initiate an authorization request with the payment details provided post a successful authentication via the MPI/3DSS. For the request parameters, refer to Cards Direct Authorization Flow.
Environment
Test Environment | https://apitest.payu.in/v2/payments |
Production Environment | https://api.payu.in/v2/payments> |
Reference:For the Try It experience and response, refer to Cards Classic Integration under API Reference.
Request header
Parameter | Description |
---|---|
date | The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT. |
authorization | The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description. |
authorization fields description
Field | Description |
---|---|
username | Represents the username or identifier for the client or merchant, for example smsplus. |
algorithm | Use SHA512 algorithm for hashing and send this as header value. |
headers | Specifies which headers have been used in generating the hash, for example date. |
signature | The HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm. |
hashing algorithm
You must hash the request parameters using the following hash logic:
Hash logic: sha512(<Body data>
+ '|' + date + '|' + merchant_secret)
Where <Body data>
contains the request body posted with the request.
Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();
// authorization
var authorization = getAuthHeader(date);
function getAuthHeader(date) {
var AUTH_TYPE = 'sha512';
var data = isEmpty(request['data']) ? "" : request['data'];
var hash_string = data + '|' + date + '|' + merchant_secret;
var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}
Request body
The following table describes the request body parameters:
Parameter | Description | Example |
---|---|---|
accountId |
|
MERCHANT123 |
txnId |
|
REF123456 |
paymentMethod |
|
|
order |
|
|
additionalInfo |
|
|
callBackActions |
|
|
billingDetails |
|
paymentMethod object fields description
paymentMethod object
Field | Description | Example |
---|---|---|
name |
|
CreditCard |
bankCode |
|
CC |
paymentCard |
|
paymentCard object fields description
paymentCard object
Parameter | Description | Example |
---|---|---|
cardNumbermandatory for physical card |
Card number. | 5497774415170603 |
validThroughmandatory for physical card |
Expiry date in MM/YYYY format. | 05/2025 |
ownerNameoptional |
Name of the card owner. | Ashish |
cvvmandatory for physical card |
CVV number of the card. | 123 |
tavvmandatory for saved card |
Cryptogram of the card for tokenized payments. | AAABAWFlmQAAAABjRWWZEEFgFz |
last4Digitsmandatory for saved card |
Last four digits of the card. | 0603 |
cardTokenTypemandatory for saved card |
Card token type. Valid values: PAYU, NETWORK, ISSUER. | PAYU |
cardTokenmandatory for saved card |
Card token of the stored card. | b5f2d8785768087678fm9 |
order object fields description
order object
Parameter | Description | Example |
---|---|---|
productInfomandatory |
Product details. | Product details |
orderedItemoptional |
Details about the items ordered. | Array of Objects |
userDefinedFieldsoptional |
Custom fields for additional information. Fields: udf1, udf2, udf3, udf4, udf5, udf6, udf7, udf8, udf9, udf10. For more information, refer to | Object |
paymentChargeSpecificationmandatory |
Includes amount and charges. For more information, refer to paymentChargeSpecification object fields description | Object |
paymentChargeSpecification object fields description
Parameter | Description | Example |
---|---|---|
pricemandatory |
The transaction amount. | 1000 |
netAmountDebitoptional |
Net amount to be debited. | 1000 |
taxSpecificationoptional |
Tax details of the product/order. | Object |
convenienceFeeoptional |
Fees format (e.g., CC:12). | CC:12 |
offersoptional |
Offers applied or available for the payment. | Object |
userDefinedFields object fields description
Field | Description |
---|---|
udf1 | User defined field. |
udf2 | User defined field. |
udf3 | User defined field. |
udf4 | User defined field. |
udf5 | User defined field. |
udf6 | User defined field. |
udf7 | User defined field. |
udf8 | User defined field. |
udf9 | User defined field. |
udf10 | User defined field. |
additionalInfo object fields description
Parameter | Description | Example |
---|---|---|
enforcePaymethodoptional |
Force a transaction with a specified method (e.g., CC, DC). | CC |
forcePgidoptional |
Forces identification for payment gateway. | PG123 |
partnerHoldTimeoptional |
Time held by the partner for the transaction. | 60 |
userCredentialsoptional |
Credentials for user authentication. | string |
userTokenoptional |
Token for the customer. | user_token_123 |
subventionAmountoptional |
Amount paid through EMI subvention payments. | 100 |
authOnlyoptional |
Initiates an authentication-only payment (true/false). | false |
createOrderoptional |
A flag to store the order details (true/false). | true |
txnS2sFlowoptional |
For defining seamless/non-seamless flows in handling payments. | seamless |
AdditionalInfo object
Field | Description | Example |
---|---|---|
txnFlow |
|
3 |
authenticationFlow |
|
REDIRECT |
createOrder |
|
false |
callBackActions object fields description
callBackActions object
Parameter | Description | Example |
---|---|---|
successActionmandatory |
URL to be called on payment success. | https://example.com/success |
failureActionmandatory |
URL to be called on payment failure. | https://example.com/failure |
cancelActionmandatory |
URL to be called if user cancels the payment. | https://example.com/cancel |
codActionoptional |
URL for Cash on Delivery (COD) action. | https://example.com/cod |
billingDetails object fields description
billingDetails object
Parameter | Description | Example |
---|---|---|
firstNamemandatory |
First name of the billing contact. | Ashish |
lastNameoptional |
Last name of the billing contact. | Kumar |
address1mandatory |
Primary billing address. | 123 Main Street |
address2optional |
Secondary billing address. | Apt 4B |
phoneoptional |
Phone number of the billing contact. | 9123456789 |
emailmandatory |
Email address of the billing contact. | [email protected] |
cityoptional |
City of the billing address. | Bharatpur |
stateoptional |
State of the billing address. | Rajasthan |
countryoptional |
Country of the billing address. | India |
zipCodeoptional |
Postal/Zip code of the billing address. | 321028 |
authorization object fields description
authorization object
Parameter | Description | Example |
---|---|---|
ecioptional |
Electronic Commerce Indicator. | 05 |
cavvoptional |
Cardholder Authentication Verification Value. | AAABAWFlmQAAAABjRWWZEEFgFz |
paresoptional |
Payer Authentication Response for 3D Secure 1.0. | eJzVWFmTokoWfrMABXXOtgSL... |
bankDataoptional |
Additional bank data for processing the payment. | fGpDiuSMy8FjxQHDla5kFwVr |
messageDigestoptional |
Security hash value for message verification. | 3a4df2b5c8e7f9a1d6b0c3e9 |
xidoptional |
Transaction identifier for 3D Secure authentication. | MDAwMDAwMDAwMDAwMDAwMDEyMzQ= |
threeDSenrolledoptional |
Indicates if the card is enrolled in 3D Secure. | Y |
threeDSstatusoptional |
Status of the 3D Secure authentication. | SUCCESS |
flowTypeoptional |
Flow type for 3D Secure. | Frictionless |
threeDSTransIDoptional |
3DS Transaction ID. | 67b4c71f-19bf-4d97-bd09-4e3687dc9e42 |
threeDSServerTransIDoptional |
3DS Server Transaction ID. | eea30d14-71cf-41af-b961-f95b7d67dc93 |
threeDSTransStatusoptional |
3DS transaction status. | Y |
threeDSTransStatusReasonoptional |
Reason for 3DS transaction status. | 01 |
aquirer_binoptional |
Bank Identification Number of the acquirer. | 401200 |
additionalInfooptional |
Object containing additional authorization information including payment gateway identifier, authentication flow, 3DS2 request data, and user-defined fields. | Object |
additionalInfo.paymentGatewayIdentifieroptional |
Identifier for the payment gateway. | gateway_123 |
additionalInfo.authenticationFlowoptional |
Type of authentication flow used. | 3DS2 |
additionalInfo.threeDS2RequestDataoptional |
Object containing 3DS2 request data. | {} |
additionalInfo.authUdf1optional |
User-defined field 1 for additional authorization data. | custom_value_1 |
additionalInfo.authUdf2optional |
User-defined field 2 for additional authorization data. | custom_value_2 |
additionalInfo.authUdf3optional |
User-defined field 3 for additional authorization data. | custom_value_3 |
additionalInfo.authUdf4optional |
User-defined field 4 for additional authorization data. | custom_value_4 |
additionalInfo.authUdf5optional |
User-defined field 5 for additional authorization data. | custom_value_5 |
additionalInfo.authUdf6optional |
User-defined field 6 for additional authorization data. | custom_value_6 |
additionalInfo.authUdf7optional |
User-defined field 7 for additional authorization data. | custom_value_7 |
additionalInfo.authUdf8optional |
User-defined field 8 for additional authorization data. | custom_value_8 |
additionalInfo.authUdf9optional |
User-defined field 9 for additional authorization data. | custom_value_9 |
additionalInfo.authUdf10optional |
User-defined field 10 for additional authorization data. | custom_value_10 |
threeDS2RequestData object fields description
threeDS2RequestData object
Parameter | Description | Example |
---|---|---|
threeDSVersionoptional |
The version of 3D Secure used. | 2.2.0 |
deviceChanneloptional |
The device used for the transaction channel. | APP |
Error HandlingIf any error message is displayed with an error code, refer to the Error Codes section to understand the reason for these error codes.
Sample request
curl --location 'https://apitest.payu.in/v2/payments' \
--header 'date: Thu, 27 Mar 2025 10:12:27 GMT' \
--header 'authorization: hmac username="smsplus", algorithm="sha512", headers="date", signature="ec84843a663143bb89391f6fa2d4b9404bab1543a3eee81263b4a507ebf5d289d8fad1fbcdd59da820951e3e0f9b0b0b3d1bad9b41338804e7c42a8a6197c6e9"' \
--header 'Content-Type: application/json' \
--header 'Cookie: PHPSESSID=sclorpmpb4ngion5e996os22ao' \
--data-raw '{
"accountId": "smsplus",
"referenceId": "b5f2d8785768087678fn4",
"amount": 10,
"currency": "INR",
"paymentSource": "WEB",
"paymentMethod": {
"name": "CreditCard",
"bankCode": "CC",
"paymentCard": {
"cardNumber": 5497774415170603,
"validThrough": "05/2025",
"cvv": 123,
"cardToken": "29850879bf39848ca078727b8e1a95165a41cea1",
"ownerName": "Ashish",
"issuer": "ICICI",
"bin": "500446",
"last4Digits": "0000",
"cardHash": null,
"cardTokenType": "NETWORK",
"tavv": "/wAAAAAAPtP+g6IAmbSeg1gAAAA="
}
},
"order": {
"productInfo": "qwertyuiopasdfghjkl",
"orderedItem": [
{
"itemId": "1",
"description": "string",
"quantity": 1
}
],
"userDefinedFields": {
"udf1": "",
"udf2": "",
"udf3": "",
"udf4": "",
"udf5": "",
"udf6": "",
"udf7": "",
"udf8": "",
"udf9": "",
"udf10": ""
},
"paymentChargeSpecification": {
"price": 10,
"convenienceFee": "CC:12,AMEX:19,SBIB:98,DINR:2,DC:25,NB:55",
"offers": {
"applied": [
{
"offerId": "no_offer",
"amount": null
}
]
}
}
},
"additionalInfo": {
"txnS2sFlow": "3",
"createOrder": "false"
},
"callBackActions": {
"successAction": "https://apitest.payu.in/test_response",
"failureAction": "https://apitest.payu.in/test_response",
"cancelAction": "https://apitest.payu.in/test_response"
},
"billingDetails": {
"firstName": "sartaj",
"lastName": "",
"phone": "9876543210",
"email": "[email protected]",
"city": "Bharatpur",
"state": "Rajasthan",
"country": "India",
"zipCode": "321028"
},
"authorization": {
"eci": "05",
"cavv": "AAABAWFlmQAAAABjRWWZEEFgFz",
"flowType": "Frictionless",
"threeDSTransID": "67b4c71f-19bf-4d97-bd09-4e3687dc9e42",
"threeDSServerTransID": "eea30d14-71cf-41af-b961-f95b7d67dc93",
"threeDSTransStatus": "Y",
"threeDSTransStatusReason": "01",
"aquirer_bin": "401200",
"additionalInfo": {
"authUdf1": "string",
"authUdf2": "string"
}
},
"threeDS2RequestData": {
"threeDSVersion": "2.2.0",
"deviceChannel": "APP"
}
}'
Sample response
{
"result": {
"redirectUrl": "https://secure.payu.in/ResponseHandler.php",
"authAction": "https://api.payu.in/payments/21667772394/otps",
"paymentId": "21667772394",
"redirectTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vbmV0YmFua2luZy5oZGZjYmFuay5jb20vbmV0YmFua2luZy9tZXJjaGFudD9DbGllbnRDb2RlPTE1NDkxMyZNZXJjaGFudENvZGU9UEFZVUZBQ0VCT09LJlR4bkN1cnJlbmN5PUlOUiZUeG5BbW91bnQ9MjUwMDAuMDAmVHhuU2NBbW91bnQ9MCZNZXJjaGFudFJlZk5vPWs0cWh3NGVsYXY2MmxwNjJjbSZTdWNjZXNzU3RhdGljRmxhZz1OJkZhaWx1cmVTdGF0aWNGbGFnPU4mRGF0ZT0yNi8xMS8yMDI0IDAwOjAwOjAwJlJlZjE9JlJlZjI9NDAzYmIzODkxY2Y5NGEzNmI0ZGQxOTlkOWNjZWVjNmUmUmVmMz0mUmVmND0mUmVmNT0mRHluYW1pY1VybD1odHRwczovL3NlY3VyZS5wYXl1LmluL2I0NDdmZmViZDg4NDNjZTEzYzlmODVhZjhlOTA0ZmQyL0NvbW1vblBnUmVzcG9uc2VIYW5kbGVyLnBocCZDaGVja1N1bT0zMTAxMzgyNDM2IiBtZXRob2Q9InBvc3QiPjwvZm9ybT48c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cub25sb2FkPWZ1bmN0aW9uKCl7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbJ3BheW1lbnRfcG9zdCddLnN1Ym1pdCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICA8L3NjcmlwdD48L2JvZHk+PC9odG1sPg==",
"card": {
"binData": {
"pureS2SSupported": false,
"issuingBank": "INDUSIND",
"category": "debitcard",
"cardType": "MAST",
"isDomestic": true
}
}
},
"status": "PENDING"
}
Step 2: Verify the payment
Note:This API is backward compatible and you can continue to the existing integration parameters to process the 3DS 1.0.2 transactions.
Sample response
The sample response after the customer makes payment will be similar to v2 merchant hosted checkout payments.
Note:Reverse hashing of the response is not required with that of v2/payment API.
Array
(
[referenceId] => b5f2d8785768087678fm9
[paymentId] => 1999110000001769
[message] => Please call verify api to get the transaction status
)
Verify the transaction details using the Verification APIs. For API reference, refer to Verify Payment API under API Reference.
TipThe transaction ID that you posted in Step 1 with PayU must be used here.
Updated 5 days ago