Cards - v2 Payment API

You can collect payments from customers with leading wallets using the Merchant Hosted integration. You need to ensure that CreditCard or DebitCard for the paymentMethod.name parameter and card code based on the desired card provider for the paymentMethod.bankcode parameter is posted.

📘
Note: PayU accepts domestic and international transactions, but international transactions need to be enabled by writing to PayU Integration Team ([email protected]).

Environment


Test Environment	https://apitest.payu.in/v2/payments
Production Environment	https://api.payu.in/v2/payments>

Request header

Parameter	Description
date	The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorization	The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

Field	Description
username	Represents the username or identifier for the client or merchant, for example smsplus.
algorithm	Use SHA512 algorithm for hashing and send this as header value.
headers	Specifies which headers have been used in generating the hash, for example date.
signature	The HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(`<Body data>` + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code

    var merchant_key = 'smsplus';
    var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
    // date
    var date = new Date();
    date = date.toUTCString();

    // authorization
    var authorization = getAuthHeader(date);

    function getAuthHeader(date) {
        var AUTH_TYPE = 'sha512';
        var data = isEmpty(request['data']) ? "" : request['data'];
        var hash_string = data + '|' + date + '|' + merchant_secret;
        var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
        return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
    }

Request body

Parameter	Description	Example
accountId `mandatory`	Represents the merchant key provided by PayU during onboarding.	MERCHANT123
txnId `mandatory`	Transaction ID for transaction tracking. Must be unique for every transaction.	TXN123456
paymentMethod `mandatory`	Contains details of the payment method. For more information, refer to paymentMethod object fields description.	Object
order `mandatory`	Contains transaction order details such as product info, ordered items, user-defined fields, and payment charge details. For more information, refer to order Object.	Object
additionalInfo `mandatory`	Additional metadata for the transaction. For more information, refer to additionalInfo Object.	Object
callBackActions `mandatory`	URL actions for payments (e.g., success, failure, cancel). For more information, refer to callBackActions Object.	Object
billingDetails `mandatory`	Customer billing details including name, phone, and address. For more information, refer to billingDetails Object.	Object
authorization `mandatory`	Authorization details for the payment process, including 3DS metadata. For more information, refer to authorization Object.	Object

paymentMethod object fields description

Parameter	Description	Example
name `mandatory`	Represents the payment method used. For credit card, include CreditCard.	CreditCard
bankCode `mandatory`	Contains the bank code. Valid values: CC, MAST, VISA.	CC
paymentCard `mandatory for cards`	Contains physical card or saved card details. For more information, refer to	Object

paymentCard object fields description

Parameter	Description	Example
cardNumber `mandatory for physical card`	Card number.	5497774415170603
validThrough `mandatory for physical card`	Expiry date in MM/YYYY format.	05/2025
ownerName `optional`	Name of the card owner.	Ashish
cvv `mandatory for physical card`	CVV number of the card.	123
tavv `mandatory for saved card`	Cryptogram of the card for tokenized payments.	AAABAWFlmQAAAABjRWWZEEFgFz
last4Digits `mandatory for saved card`	Last four digits of the card.	0603
cardTokenType `mandatory for saved card`	Card token type. Valid values: PAYU, NETWORK, ISSUER.	PAYU
cardToken `mandatory for saved card`	Card token of the stored card.	b5f2d8785768087678fm9

order object fields description

Parameter	Description	Example
productInfo `mandatory`	Product details. Type: `String`	Product details
orderedItem `optional`	Details about the items ordered. Type: `Array of Objects`
userDefinedFields `optional`	Custom fields for additional information. Type: `Object`. Fields: udf1, udf2, udf3, udf4, udf5, udf6, udf7, udf8, udf9, udf10.
paymentChargeSpecification `mandatory`	Includes amount and charges. Type: `Object`. For more information, refer to paymentChargeSpecification object fields description

paymentChargeSpecification object fields description

Parameter	Description	Example
price `mandatory`	The transaction amount. Type: `Number`	1000
netAmountDebit `optional`	Net amount to be debited. Type: `Number`	1000
taxSpecification `optional`	Tax details of the product/order. Type: `Object`
convenienceFee `optional`	Fees format. Type: `String`	CC:12
offers `optional`	Offers applied or available for the payment. Type: `Object`

userDefinedFields object fields description

Field	Description
udf1	User defined field.
udf2	User defined field.
udf3	User defined field.
udf4	User defined field.
udf5	User defined field.
udf6	User defined field.
udf7	User defined field.
udf8	User defined field.
udf9	User defined field.
udf10	User defined field.

additionalInfo object fields description

Parameter	Description	Example
enforcePaymethod `optional`	Force a transaction with a specified method (e.g., CC, DC).	CC
forcePgid `optional`	Forces identification for payment gateway.	PG123
partnerHoldTime `optional`	Time held by the partner for the transaction.	60
userCredentials `optional`	Credentials for user authentication.	string
userToken `optional`	Token for the customer.	user_token_123
subventionAmount `optional`	Amount paid through EMI subvention payments.	100
authOnly `optional`	Initiates an authentication-only payment (true/false).	false
createOrder `optional`	A flag to store the order details (true/false).	true
txnS2sFlow `optional`	For defining seamless/non-seamless flows in handling payments.	seamless

callBackActions object fields description

Parameter	Description	Example
successAction `mandatory`	URL to be called on payment success.	https://example.com/success
failureAction `mandatory`	URL to be called on payment failure.	https://example.com/failure
cancelAction `mandatory`	URL to be called if user cancels the payment.	https://example.com/cancel
codAction `optional`	URL for Cash on Delivery (COD) action.	https://example.com/cod

billingDetails object fields description

Parameter	Description	Example
firstName `mandatory`	First name of the billing contact.	Ashish
lastName `optional`	Last name of the billing contact.	Kumar
address1 `mandatory`	Primary billing address.	123 Main Street
address2 `optional`	Secondary billing address.	Apt 4B
phone `optional`	Phone number of the billing contact.	9123456789
email `mandatory`	Email address of the billing contact.	[email protected]
city `optional`	City of the billing address.	Bharatpur
state `optional`	State of the billing address.	Rajasthan
country `optional`	Country of the billing address.	India
zipCode `optional`	Postal/Zip code of the billing address.	321028

authorization object fields description

Parameter	Description	Example
eci `optional`	Electronic Commerce Indicator.	05
cavv `optional`	Cardholder Authentication Verification Value.	AAABAWFlmQAAAABjRWWZEEFgFz
pares `optional`	Payer Authentication Response for 3D Secure 1.0.	eJzVWFmTokoWfrMABXXOtgSL...
bankData `optional`	Additional bank data for processing the payment.	fGpDiuSMy8FjxQHDla5kFwVr
messageDigest `optional`	Security hash value for message verification.	3a4df2b5c8e7f9a1d6b0c3e9
xid `optional`	Transaction identifier for 3D Secure authentication.	MDAwMDAwMDAwMDAwMDAwMDEyMzQ=
threeDSenrolled `optional`	Indicates if the card is enrolled in 3D Secure.	Y
threeDSstatus `optional`	Status of the 3D Secure authentication.	SUCCESS
flowType `optional`	Flow type for 3D Secure.	Frictionless
threeDSTransID `optional`	3DS Transaction ID.	67b4c71f-19bf-4d97-bd09-4e3687dc9e42
threeDSServerTransID `optional`	3DS Server Transaction ID.	eea30d14-71cf-41af-b961-f95b7d67dc93
threeDSTransStatus `optional`	3DS transaction status.	Y
threeDSTransStatusReason `optional`	Reason for 3DS transaction status.	01
aquirer_bin `optional`	Bank Identification Number of the acquirer.	401200
additionalInfo `optional`	Object containing additional authorization information including payment gateway identifier, authentication flow, 3DS2 request data, and user-defined fields.	Object
additionalInfo.paymentGatewayIdentifier `optional`	Identifier for the payment gateway.	gateway_123
additionalInfo.authenticationFlow `optional`	Type of authentication flow used.	3DS2
additionalInfo.threeDS2RequestData `optional`	Object containing 3DS2 request data.	{}
additionalInfo.authUdf1 `optional`	User-defined field 1 for additional authorization data.	custom_value_1
additionalInfo.authUdf2 `optional`	User-defined field 2 for additional authorization data.	custom_value_2
additionalInfo.authUdf3 `optional`	User-defined field 3 for additional authorization data.	custom_value_3
additionalInfo.authUdf4 `optional`	User-defined field 4 for additional authorization data.	custom_value_4
additionalInfo.authUdf5 `optional`	User-defined field 5 for additional authorization data.	custom_value_5
additionalInfo.authUdf6 `optional`	User-defined field 6 for additional authorization data.	custom_value_6
additionalInfo.authUdf7 `optional`	User-defined field 7 for additional authorization data.	custom_value_7
additionalInfo.authUdf8 `optional`	User-defined field 8 for additional authorization data.	custom_value_8
additionalInfo.authUdf9 `optional`	User-defined field 9 for additional authorization data.	custom_value_9
additionalInfo.authUdf10 `optional`	User-defined field 10 for additional authorization data.	custom_value_10

threeDS2RequestData

Parameter	Description	Example
threeDSVersion `optional`	The version of 3D Secure used.	2.2.0
deviceChannel `optional`	The device used for the transaction channel.	APP

Sample request

{
    "accountId": "smsplus",
    "txnId": "b5f2d8785768087678fm9",
    "amount": "1000",
    "paymentMethod": {
        "name": "CreditCard",
        "bankCode": "CC",
        "paymentCard": {
            "cardNumber": "5497774415170603",
            "validThrough": "05/2025",
            "cvv": "123",
            "ownerName": "Ashish"
        }
    },
    "order": {
        "productInfo": "Product details",
        "orderedItem": [
            {
                "itemId": "1",
                "description": "Product A",
                "quantity": 1,
                "amount": 1000
            }
        ],
        "userDefinedFields": {
            "udf1": "test1",
            "udf2": "test2",
            "udf3": "test3",
            "udf4": "test4",
            "udf5": "test5"
        },
        "paymentChargeSpecification": {
            "price": "1000"
        }
    },
    "additionalInfo": {
        "enforcePaymethod": "CC",
        "createOrder": true,
        "authOnly": false
    },
    "callBackActions": {
        "successAction": "https://checkout.payu.in/testCB/success",
        "failureAction": "https://checkout.payu.in/testCB/failure",
        "cancelAction": "https://checkout.payu.in/testCB/cancel"
    },
    "billingDetails": {
        "firstName": "Ashish",
        "lastName": "Kumar",
        "address1": "123 Main Street",
        "phone": "9123456789",
        "email": "[email protected]",
        "city": "Bharatpur",
        "state": "Rajasthan",
        "country": "India",
        "zipCode": "321028"
    },
    "authorization": {
        "eci": "05",
        "cavv": "AAABAWFlmQAAAABjRWWZEEFgFz",
        "flowType": "Frictionless",
        "threeDSTransID": "67b4c71f-19bf-4d97-bd09-4e3687dc9e42",
        "threeDSServerTransID": "eea30d14-71cf-41af-b961-f95b7d67dc93",
        "threeDSTransStatus": "Y",
        "threeDSTransStatusReason": "01",
        "aquirer_bin": "401200",
        "additionalInfo": {
            "authUdf1": "string",
            "authUdf2": "string"
        }
    },
    "threeDS2RequestData": {
        "threeDSVersion": "2.2.0",
        "deviceChannel": "APP"
    }
}

Response parameters

Parameter	Description
message	This parameter contains the status message of the transaction.
status	This parameter returns the status of web service call. The status can be any of the following: `0` - If web service call failed. `1` - If web service call succeeded.
result	This parameter contains the payment status details in a JSON format including payment ID of the transaction. For more detailes, refer to the result JSON Object fields description table (next accordion)

Sample response

Array
(
    [txnId] => b5f2d8785768087678fm9
    [paymentId] => 1999110000001769
    [message] => Please call verify api to get the transaction status
)

📘
Reference: To check the transaction status, refer toVerify Payment API.

Request header

authorization fields description

hashing algorithm

Request body

paymentMethod object fields description

paymentCard object fields description

order object fields description

paymentChargeSpecification object fields description

userDefinedFields object fields description

additionalInfo object fields description

callBackActions object fields description

billingDetails object fields description

authorization object fields description

threeDS2RequestData

Sample request

Response parameters

Sample response

EXAMPLE QUESTIONS