Complete Card Details

This scenario is applicable where a customer is providing the complete card number do the transaction (card number, card expiry, CVV, and name on card) 

HTTP Method: POST

Applicable scenarios

  • It is a guest checkout  
  • It is a standard checkout request where there is no need to save the card 
📘

Note

Plain card details coming from the merchant, so no changes are applicable in the request & response.

Request and response elements will remain intact as it is.

Environment

Request headers

ParameterDescription
dateThe current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorizationThe actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

FieldDescription
usernameRepresents the username or identifier for the client or merchant, for example smsplus.
algorithmUse SHA512 algorithm for hashing and send this as header value.
headersSpecifies which headers have been used in generating the hash, for example date.
signatureThe HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request body

Parameter Description Example

accountId
mandatory

String The merchant key provided by PayU during onboarding.

MERCHANT123

referenceId
mandatory

String Reference ID for transaction tracking and this must be unique for every transaction.

REF123456

amount
optional

String Amount of the transaction.
Note: This value will not be considered as the transaction. Only the details in the order.paymentChargeSpecificationparameter.pricefield will be considered.

1000

currency
mandatory

String Currency of the transaction. By default, INR is posted.

INR

paymentSource optional

StringContains the payment source.

WEB

paymentMethod
mandatory

Object Details about the payment method used. For more information, refer to paymentMethod object fields description target="_blank" .

{
"name": "NetBanking",
"bankCode": "TESTNB"
}

order
mandatory

Object Details about the transaction order including product information, ordered items, user-defined fields, and payment charge specifications. For more information, refer to order object fields description target="_blank"

additionalInfo
mandatory

Object Additional information including enforced payment methods, single instalment, virtual payment address (VPA), and various options for user preferences during the transaction. For more information, refer to additionalInfo object fields description target="_blank"

callBackActions
mandatory

Object Actions to perform on the payment server in different scenarios. For example, success, failure, cancellation, cash on delivery, etc. For more information, refer to callbackActions object fields description target="_blank"

billingDetails
mandatory

Object Billing details of the customer including name, address, phone number, email, etc. For more information, refer to billingDetails object field descriptions target="_blank".

paymentMethod JSON object Fields

Field Description Example
name
mandatory for seamless
string Payment method name (e.g., CreditCard, DebitCard, NetBanking, UPI). This replaces the 'pg' parameter from v1.
Character limit: 10

Possible values:
• CreditCard
• DebitCard
• NetBanking
• UPI
• Wallet
• EMI
• BNPL
CreditCard
bankCode
mandatory for seamless
string Bank code or payment gateway code. This replaces the 'bankcode' parameter from v1.
Character limit: 10

Common values:
• CC (Credit Card)
• DC (Debit Card)
• NB (Net Banking)
• UPI (UPI payments)
• WALLET (Wallet payments)
CC
paymentCard object fields description
Field Description

cardNumber
mandatory for physical card

StringThis field must contain the card number. For validating the card number, refer to Card Number Formats.

validThrough
mandatory for physical card

StringThis field must contain the card expiry in MM/YYYY format.

ownerName
mandatory for physical card

StringThis field must contain the name of the card holder as printed on card.

cvv
mandatory for physical card

StringThis field must contain the CVV printed on the back of the card.

tavv
mandatory for saved card

StringThis field must contain the cryptogram of card.

last4Digits
mandatory for saved card

StringThis field must contain the last four digits of card.

cardTokenType
mandatory for saved card

StringThis field must contain the any of the following based on the:

  • PAYU
  • NETWORK
  • ISSUER"

cardToken
mandatory for saved card

StringThis field must contain the card token of stored card.

❗️

Error Handling

If any error message is displayed with an error code, refer to the Error Codes section to understand the reason for these error codes.

Sample request

curl --location 'https://apitest.payu.in/v2/payments' \
--header 'date: Thu, 27 Mar 2025 10:12:27 GMT' \
--header 'authorization: hmac username="smsplus", algorithm="sha512", headers="date", signature="ec84843a663143bb89391f6fa2d4b9404bab1543a3eee81263b4a507ebf5d289d8fad1fbcdd59da820951e3e0f9b0b0b3d1bad9b41338804e7c42a8a6197c6e9"' \
--header 'Content-Type: application/json' \
--header 'Cookie: PHPSESSID=sclorpmpb4ngion5e996os22ao' \
--data-raw '{
    "accountId": "smsplus",
    "txnId": "b5f2d8785768087678fn4",
    "paymentMethod": {
        "name": "CreditCard",
        "bankCode": "CC",
        "paymentCard": {
            "cardNumber": 5497774415170603,
            "validThrough": "05/2025",
            "cvv": 123,
            "cardToken": "29850879bf39848ca078727b8e1a95165a41cea1",
            "ownerName": "Ashish",
            "issuer": "ICICI",
            "bin": "500446",
            "last4Digits": "0000",
            "cardHash": null,
            "cardTokenType": "NETWORK",
            "tavv": "/wAAAAAAPtP+g6IAmbSeg1gAAAA="
        }
    },
    "order": {
        "productInfo": "qwertyuiopasdfghjkl",
        "orderedItem": [
            {
                "itemId": "1",
                "description": "string",
                "quantity": 1
            }
        ],
        "userDefinedFields": {
            "udf1": "",
            "udf2": "",
            "udf3": "",
            "udf4": "",
            "udf5": "",
            "udf6": "",
            "udf7": "",
            "udf8": "",
            "udf9": "",
            "udf10": ""
        },
        }
    },
    "callBackActions": {
        "successAction": "https://pp78admin.payu.in/test_response",
        "failureAction": "https://pp78admin.payu.in/test_response",
        "cancelAction": "https://pp78admin.payu.in/test_response"
    },
    "billingDetails": {
        "firstName": "sartaj",
        "lastName": "",
        "phone": "9876543210",
        "email": "[email protected]",
        "city": "Bharatpur",
        "state": "Rajasthan",
        "country": "India",
        "zipCode": "321028"
    },
    "authorization": {
        "eci": "05",
        "cavv": "AAABAWFlmQAAAABjRWWZEEFgFz",
        "flowType": "Frictionless",
        "threeDSTransID": "67b4c71f-19bf-4d97-bd09-4e3687dc9e42",
        "threeDSServerTransID": "eea30d14-71cf-41af-b961-f95b7d67dc93",
        "threeDSTransStatus": "Y",
        "threeDSTransStatusReason": "01",
        "aquirer_bin": "401200",
        "additionalInfo": {
            "authUdf1": "string",
            "authUdf2": "string"
        }
    },
    "threeDS2RequestData": {
        "threeDSVersion": "2.2.0",
        "deviceChannel": "APP"
    }
}'

Response parameters

Parameter Description

referenceId

This parameter contains the reference ID of the transaction.
statusCode

paymentId

This parameter contains the payment ID of the transaction.
statusCode

message

This parameter contains the status message of the transaction.

Sample response

Array
(
    [referenceId] => b5f2d8785768087678fm9
    [paymentId] => 1999110000001769
    [message] => Please call verify api to get the transaction status
)
📘

Reference:

To check the transaction status, refer toVerify Payment API.

Response

In addition to the parameters in the response of a Merchant Hosted Checkout transaction with a card, PayU returns network token, network token expiry for PCI complied or PayU token & its expiry for non-PCI complied merchants.