Direct Authentication Integration

This section describes direct authentication flow with seamless integration over the Redirect experience for cards involves the following steps:

Steps to Integrate

  1. Post the transaction to PayU
  2. Check Response from PayU
👍

Before you begin:

PayU recommends you to integrate with Test environment initially. For more information, contact you PayU Key Account Manager (KAM) or PayU Support.

Step 1: Post the transaction to PayU

Initiate an authorization request with the payment details provided post a successful authentication via the MPI/3DSS.  For the request parameters, refer to Cards Direct Authorization Flow.

Environment

📘

Reference:

For the Try It experience and response, refer to Cards Classic Integration under API Reference.

Request header

ParameterDescription
dateThe current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorizationThe actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

FieldDescription
usernameRepresents the username or identifier for the client or merchant, for example smsplus.
algorithmUse SHA512 algorithm for hashing and send this as header value.
headersSpecifies which headers have been used in generating the hash, for example date.
signatureThe HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request body

The following table describes the request body parameters:

Parameter Description Example

accountId
mandatory

String The merchant key provided by PayU during onboarding.

MERCHANT123

txnId
mandatory

String Transaction ID for transaction tracking and this must be unique for every transaction.

REF123456

paymentMethod
mandatory

Object Details about the payment method used. For more information, refer to paymentMethod object fields description.

order
mandatory

Object Details about the transaction order including product information, ordered items, user-defined fields, and payment charge specifications. For more information, refer to order object fields description

additionalInfo
mandatory

Object Additional information including enforced payment methods, single instalment, virtual payment address (VPA), and various options for user preferences during the transaction. For more information, refer to additionalInfo object fields description

callBackActions
mandatory

Object Actions to perform on the payment server in different scenarios. For example, success, failure, cancellation, cash on delivery, etc. For more information, refer to callbackActions object fields description

billingDetails mandatory

Object Billing details of the customer including name, address, phone number, email, etc. For more information, refer to billingDetails object field descriptions.

paymentMethod object fields description
paymentMethod object
Field Description Example

name
mandatory

String This field must contain the payment mode code. For Classic Integration, use "CreditCard" or "DebitCard". For more information, refer to Payment Mode Codes.

CreditCard

bankCode
mandatory

String This field must contain the card type code. For more information, refer to Card Type Codes and Supported Banks for Cards.

CC

paymentCard
mandatory for cards

Object This object contains the physical card or saved card token details. For more information, refer to paymentCard object fields description.

paymentCard object fields description

paymentCard object
Parameter Description Example
cardNumber
mandatory for physical card
Card number. 5497774415170603
validThrough
mandatory for physical card
Expiry date in MM/YYYY format. 05/2025
ownerName
optional
Name of the card owner. Ashish
cvv
mandatory for physical card
CVV number of the card. 123
tavv
mandatory for saved card
Cryptogram of the card for tokenized payments. AAABAWFlmQAAAABjRWWZEEFgFz
last4Digits
mandatory for saved card
Last four digits of the card. 0603
cardTokenType
mandatory for saved card
Card token type. Valid values: PAYU, NETWORK, ISSUER. PAYU
cardToken
mandatory for saved card
Card token of the stored card. b5f2d8785768087678fm9

order object fields description

order object
Parameter Description Example
productInfo
mandatory
Product details. Product details
orderedItem
optional
Details about the items ordered. Array of Objects
userDefinedFields
optional
Custom fields for additional information. Fields: udf1, udf2, udf3, udf4, udf5, udf6, udf7, udf8, udf9, udf10. For more information, refer to Object
paymentChargeSpecification
mandatory
Includes amount and charges. For more information, refer to paymentChargeSpecification object fields description Object
paymentChargeSpecification object fields description
Parameter Description Example
price
mandatory
The transaction amount. 1000
netAmountDebit
optional
Net amount to be debited. 1000
taxSpecification
optional
Tax details of the product/order. Object
convenienceFee
optional
Fees format (e.g., CC:12). CC:12
offers
optional
Offers applied or available for the payment. Object
userDefinedFields object fields description
FieldDescription
udf1User defined field.
udf2User defined field.
udf3User defined field.
udf4User defined field.
udf5User defined field.
udf6User defined field.
udf7User defined field.
udf8User defined field.
udf9User defined field.
udf10User defined field.

additionalInfo object fields description

Parameter Description Example
enforcePaymethod
optional
Force a transaction with a specified method (e.g., CC, DC). CC
forcePgid
optional
Forces identification for payment gateway. PG123
partnerHoldTime
optional
Time held by the partner for the transaction. 60
userCredentials
optional
Credentials for user authentication. string
userToken
optional
Token for the customer. user_token_123
subventionAmount
optional
Amount paid through EMI subvention payments. 100
authOnly
optional
Initiates an authentication-only payment (true/false). false
createOrder
optional
A flag to store the order details (true/false). true
txnS2sFlow
optional
For defining seamless/non-seamless flows in handling payments. seamless
AdditionalInfo object
Field Description Example

txnFlow
mandatory for S2S

String Indicates the transaction S2S flow type and must be set to "3" for Direct Authorization Flow.

3

authenticationFlow
mandatory for S2S

String Indicates the authentication flow type and must be set to "REDIRECT" for Direct Authorization Integration.

REDIRECT

createOrder
optional

Boolean Whether to create an order during the payment process.

false

callBackActions object fields description

callBackActions object
Parameter Description Example
successAction
mandatory
URL to be called on payment success. https://example.com/success
failureAction
mandatory
URL to be called on payment failure. https://example.com/failure
cancelAction
mandatory
URL to be called if user cancels the payment. https://example.com/cancel
codAction
optional
URL for Cash on Delivery (COD) action. https://example.com/cod

billingDetails object fields description

billingDetails object
Parameter Description Example
firstName
mandatory
First name of the billing contact. Ashish
lastName
optional
Last name of the billing contact. Kumar
address1
mandatory
Primary billing address. 123 Main Street
address2
optional
Secondary billing address. Apt 4B
phone
optional
Phone number of the billing contact. 9123456789
email
mandatory
Email address of the billing contact. [email protected]
city
optional
City of the billing address. Bharatpur
state
optional
State of the billing address. Rajasthan
country
optional
Country of the billing address. India
zipCode
optional
Postal/Zip code of the billing address. 321028

authorization object fields description

authorization object
Parameter Description Example
eci
optional
Electronic Commerce Indicator. 05
cavv
optional
Cardholder Authentication Verification Value. AAABAWFlmQAAAABjRWWZEEFgFz
pares
optional
Payer Authentication Response for 3D Secure 1.0. eJzVWFmTokoWfrMABXXOtgSL...
bankData
optional
Additional bank data for processing the payment. fGpDiuSMy8FjxQHDla5kFwVr
messageDigest
optional
Security hash value for message verification. 3a4df2b5c8e7f9a1d6b0c3e9
xid
optional
Transaction identifier for 3D Secure authentication. MDAwMDAwMDAwMDAwMDAwMDEyMzQ=
threeDSenrolled
optional
Indicates if the card is enrolled in 3D Secure. Y
threeDSstatus
optional
Status of the 3D Secure authentication. SUCCESS
flowType
optional
Flow type for 3D Secure. Frictionless
threeDSTransID
optional
3DS Transaction ID. 67b4c71f-19bf-4d97-bd09-4e3687dc9e42
threeDSServerTransID
optional
3DS Server Transaction ID. eea30d14-71cf-41af-b961-f95b7d67dc93
threeDSTransStatus
optional
3DS transaction status. Y
threeDSTransStatusReason
optional
Reason for 3DS transaction status. 01
aquirer_bin
optional
Bank Identification Number of the acquirer. 401200
additionalInfo
optional
Object containing additional authorization information including payment gateway identifier, authentication flow, 3DS2 request data, and user-defined fields. Object
additionalInfo.paymentGatewayIdentifier
optional
Identifier for the payment gateway. gateway_123
additionalInfo.authenticationFlow
optional
Type of authentication flow used. 3DS2
additionalInfo.threeDS2RequestData
optional
Object containing 3DS2 request data. {}
additionalInfo.authUdf1
optional
User-defined field 1 for additional authorization data. custom_value_1
additionalInfo.authUdf2
optional
User-defined field 2 for additional authorization data. custom_value_2
additionalInfo.authUdf3
optional
User-defined field 3 for additional authorization data. custom_value_3
additionalInfo.authUdf4
optional
User-defined field 4 for additional authorization data. custom_value_4
additionalInfo.authUdf5
optional
User-defined field 5 for additional authorization data. custom_value_5
additionalInfo.authUdf6
optional
User-defined field 6 for additional authorization data. custom_value_6
additionalInfo.authUdf7
optional
User-defined field 7 for additional authorization data. custom_value_7
additionalInfo.authUdf8
optional
User-defined field 8 for additional authorization data. custom_value_8
additionalInfo.authUdf9
optional
User-defined field 9 for additional authorization data. custom_value_9
additionalInfo.authUdf10
optional
User-defined field 10 for additional authorization data. custom_value_10

threeDS2RequestData object fields description

threeDS2RequestData object
Parameter Description Example
threeDSVersion
optional
The version of 3D Secure used. 2.2.0
deviceChannel
optional
The device used for the transaction channel. APP
❗️

Error Handling

If any error message is displayed with an error code, refer to the Error Codes section to understand the reason for these error codes.

Sample request

curl --location 'https://apitest.payu.in/v2/payments' \
--header 'date: Thu, 27 Mar 2025 10:12:27 GMT' \
--header 'authorization: hmac username="smsplus", algorithm="sha512", headers="date", signature="ec84843a663143bb89391f6fa2d4b9404bab1543a3eee81263b4a507ebf5d289d8fad1fbcdd59da820951e3e0f9b0b0b3d1bad9b41338804e7c42a8a6197c6e9"' \
--header 'Content-Type: application/json' \
--header 'Cookie: PHPSESSID=sclorpmpb4ngion5e996os22ao' \
--data-raw '{
    "accountId": "smsplus",
    "referenceId": "b5f2d8785768087678fn4",
    "amount": 10,
    "currency": "INR",
    "paymentSource": "WEB",
    "paymentMethod": {
        "name": "CreditCard",
        "bankCode": "CC",
        "paymentCard": {
            "cardNumber": 5497774415170603,
            "validThrough": "05/2025",
            "cvv": 123,
            "cardToken": "29850879bf39848ca078727b8e1a95165a41cea1",
            "ownerName": "Ashish",
            "issuer": "ICICI",
            "bin": "500446",
            "last4Digits": "0000",
            "cardHash": null,
            "cardTokenType": "NETWORK",
            "tavv": "/wAAAAAAPtP+g6IAmbSeg1gAAAA="
        }
    },
    "order": {
        "productInfo": "qwertyuiopasdfghjkl",
        "orderedItem": [
            {
                "itemId": "1",
                "description": "string",
                "quantity": 1
            }
        ],
        "userDefinedFields": {
            "udf1": "",
            "udf2": "",
            "udf3": "",
            "udf4": "",
            "udf5": "",
            "udf6": "",
            "udf7": "",
            "udf8": "",
            "udf9": "",
            "udf10": ""
        },
        "paymentChargeSpecification": {
            "price": 10,
            "convenienceFee": "CC:12,AMEX:19,SBIB:98,DINR:2,DC:25,NB:55",
            "offers": {
                "applied": [
                    {
                        "offerId": "no_offer",
                        "amount": null
                    }
                ]
            }
        }
    },
    "additionalInfo": {
        "txnS2sFlow": "3",
        "createOrder": "false"
    },
    "callBackActions": {
        "successAction": "https://apitest.payu.in/test_response",
        "failureAction": "https://apitest.payu.in/test_response",
        "cancelAction": "https://apitest.payu.in/test_response"
    },
    "billingDetails": {
        "firstName": "sartaj",
        "lastName": "",
        "phone": "9876543210",
        "email": "[email protected]",
        "city": "Bharatpur",
        "state": "Rajasthan",
        "country": "India",
        "zipCode": "321028"
    },
    "authorization": {
        "eci": "05",
        "cavv": "AAABAWFlmQAAAABjRWWZEEFgFz",
        "flowType": "Frictionless",
        "threeDSTransID": "67b4c71f-19bf-4d97-bd09-4e3687dc9e42",
        "threeDSServerTransID": "eea30d14-71cf-41af-b961-f95b7d67dc93",
        "threeDSTransStatus": "Y",
        "threeDSTransStatusReason": "01",
        "aquirer_bin": "401200",
        "additionalInfo": {
            "authUdf1": "string",
            "authUdf2": "string"
        }
    },
    "threeDS2RequestData": {
        "threeDSVersion": "2.2.0",
        "deviceChannel": "APP"
    }
}'

Sample response

{
  "result": {
    "redirectUrl": "https://secure.payu.in/ResponseHandler.php",
    "authAction": "https://api.payu.in/payments/21667772394/otps",
    "paymentId": "21667772394",
    "redirectTemplate": "PGh0bWw+PGJvZHk+PGZvcm0gbmFtZT0icGF5bWVudF9wb3N0IiBpZD0icGF5bWVudF9wb3N0IiBhY3Rpb249Imh0dHBzOi8vbmV0YmFua2luZy5oZGZjYmFuay5jb20vbmV0YmFua2luZy9tZXJjaGFudD9DbGllbnRDb2RlPTE1NDkxMyZNZXJjaGFudENvZGU9UEFZVUZBQ0VCT09LJlR4bkN1cnJlbmN5PUlOUiZUeG5BbW91bnQ9MjUwMDAuMDAmVHhuU2NBbW91bnQ9MCZNZXJjaGFudFJlZk5vPWs0cWh3NGVsYXY2MmxwNjJjbSZTdWNjZXNzU3RhdGljRmxhZz1OJkZhaWx1cmVTdGF0aWNGbGFnPU4mRGF0ZT0yNi8xMS8yMDI0IDAwOjAwOjAwJlJlZjE9JlJlZjI9NDAzYmIzODkxY2Y5NGEzNmI0ZGQxOTlkOWNjZWVjNmUmUmVmMz0mUmVmND0mUmVmNT0mRHluYW1pY1VybD1odHRwczovL3NlY3VyZS5wYXl1LmluL2I0NDdmZmViZDg4NDNjZTEzYzlmODVhZjhlOTA0ZmQyL0NvbW1vblBnUmVzcG9uc2VIYW5kbGVyLnBocCZDaGVja1N1bT0zMTAxMzgyNDM2IiBtZXRob2Q9InBvc3QiPjwvZm9ybT48c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aW5kb3cub25sb2FkPWZ1bmN0aW9uKCl7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuZm9ybXNbJ3BheW1lbnRfcG9zdCddLnN1Ym1pdCgpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICA8L3NjcmlwdD48L2JvZHk+PC9odG1sPg==",
    "card": {
      "binData": {
        "pureS2SSupported": false,
        "issuingBank": "INDUSIND",
        "category": "debitcard",
        "cardType": "MAST",
        "isDomestic": true
      }
    }
  },
  "status": "PENDING"
}

Step 2: Verify the payment

📘

Note:

This API is backward compatible and you can continue to the existing integration parameters to process the 3DS 1.0.2 transactions.

Sample response

The sample response after the customer makes payment will be similar to v2 merchant hosted checkout payments.

📘

Note:

Reverse hashing of the response is not required with that of v2/payment API.

Array
(
    [referenceId] => b5f2d8785768087678fm9
    [paymentId] => 1999110000001769
    [message] => Please call verify api to get the transaction status
)

Verify the transaction details using the Verification APIs. For API reference, refer to Verify Payment API under API Reference.

📘

Tip

The transaction ID that you posted in Step 1 with PayU must be used here.