Complete Card Details

This scenario is applicable where a customer is providing the complete card number do the transaction (card number, card expiry, CVV, and name on card)

HTTP Method: POST

Applicable scenarios

It is a guest checkout
It is a standard checkout request where there is no need to save the card

📘
Note
Plain card details coming from the merchant, so no changes are applicable in the request & response.

Request and response elements will remain intact as it is.

Environment


Test Environment	https://apitest.payu.in/v2/payments
Production Environment	https://api.payu.in/v2/payments

Request headers

Parameter	Description
date	The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorization	The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

Field	Description
username	Represents the username or identifier for the client or merchant, for example smsplus.
algorithm	Use SHA512 algorithm for hashing and send this as header value.
headers	Specifies which headers have been used in generating the hash, for example date.
signature	The HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code

var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request body

Parameter	Description	Example
accountId `mandatory`	`String` The merchant key provided by PayU during onboarding.	MERCHANT123
referenceId `mandatory`	`String` Reference ID for transaction tracking and this must be unique for every transaction.	REF123456
amount `optional`	`String` Amount of the transaction. Note: This value will not be considered as the transaction. Only the details in the `order.paymentChargeSpecificationparameter.price`field will be considered.	1000
currency `mandatory`	`String` Currency of the transaction. By default, `INR` is posted.	INR
paymentSource `optional`	`String`Contains the payment source.	WEB
paymentMethod `mandatory`	`Object` Details about the payment method used. For more information, refer to paymentMethod object fields description target="_blank" .	{ "name": "NetBanking", "bankCode": "TESTNB" }
order `mandatory`	`Object` Details about the transaction order including product information, ordered items, user-defined fields, and payment charge specifications. For more information, refer to order object fields description target="_blank"
additionalInfo `mandatory`	`Object` Additional information including enforced payment methods, single instalment, virtual payment address (VPA), and various options for user preferences during the transaction. For more information, refer to additionalInfo object fields description target="_blank"
callBackActions `mandatory`	`Object` Actions to perform on the payment server in different scenarios. For example, success, failure, cancellation, cash on delivery, etc. For more information, refer to callbackActions object fields description target="_blank"
billingDetails `mandatory`	`Object` Billing details of the customer including name, address, phone number, email, etc. For more information, refer to billingDetails object field descriptions target="_blank".

paymentMethod JSON object Fields

Field	Description	Example
name `mandatory for seamless`	`string` Payment method name (e.g., CreditCard, DebitCard, NetBanking, UPI). This replaces the 'pg' parameter from v1. `Character limit`: 10 Possible values: • CreditCard • DebitCard • NetBanking • UPI • Wallet • EMI • BNPL	CreditCard
bankCode `mandatory for seamless`	`string` Bank code or payment gateway code. This replaces the 'bankcode' parameter from v1. `Character limit`: 10 Common values: • CC (Credit Card) • DC (Debit Card) • NB (Net Banking) • UPI (UPI payments) • WALLET (Wallet payments)	CC

paymentCard object fields description

Field	Description
cardNumber `mandatory for physical card`	`String`This field must contain the card number. For validating the card number, refer to Card Number Formats.
validThrough `mandatory for physical card`	`String`This field must contain the card expiry in MM/YYYY format.
ownerName `mandatory for physical card`	`String`This field must contain the name of the card holder as printed on card.
cvv `mandatory for physical card`	`String`This field must contain the CVV printed on the back of the card.
tavv `mandatory for saved card`	`String`This field must contain the cryptogram of card.
last4Digits `mandatory for saved card`	`String`This field must contain the last four digits of card.
cardTokenType `mandatory for saved card`	`String`This field must contain the any of the following based on the: PAYU NETWORK ISSUER"
cardToken `mandatory for saved card`	`String`This field must contain the card token of stored card.

❗️
Error Handling
If any error message is displayed with an error code, refer to the Error Codes section to understand the reason for these error codes.

Sample request

curl --location 'https://apitest.payu.in/v2/payments' \
--header 'date: Thu, 27 Mar 2025 10:12:27 GMT' \
--header 'authorization: hmac username="smsplus", algorithm="sha512", headers="date", signature="ec84843a663143bb89391f6fa2d4b9404bab1543a3eee81263b4a507ebf5d289d8fad1fbcdd59da820951e3e0f9b0b0b3d1bad9b41338804e7c42a8a6197c6e9"' \
--header 'Content-Type: application/json' \
--header 'Cookie: PHPSESSID=sclorpmpb4ngion5e996os22ao' \
--data-raw '{
    "accountId": "smsplus",
    "txnId": "b5f2d8785768087678fn4",
    "paymentMethod": {
        "name": "CreditCard",
        "bankCode": "CC",
        "paymentCard": {
            "cardNumber": 5497774415170603,
            "validThrough": "05/2025",
            "cvv": 123,
            "cardToken": "29850879bf39848ca078727b8e1a95165a41cea1",
            "ownerName": "Ashish",
            "issuer": "ICICI",
            "bin": "500446",
            "last4Digits": "0000",
            "cardHash": null,
            "cardTokenType": "NETWORK",
            "tavv": "/wAAAAAAPtP+g6IAmbSeg1gAAAA="
        }
    },
    "order": {
        "productInfo": "qwertyuiopasdfghjkl",
        "orderedItem": [
            {
                "itemId": "1",
                "description": "string",
                "quantity": 1
            }
        ],
        "userDefinedFields": {
            "udf1": "",
            "udf2": "",
            "udf3": "",
            "udf4": "",
            "udf5": "",
            "udf6": "",
            "udf7": "",
            "udf8": "",
            "udf9": "",
            "udf10": ""
        },
        }
    },
    "callBackActions": {
        "successAction": "https://pp78admin.payu.in/test_response",
        "failureAction": "https://pp78admin.payu.in/test_response",
        "cancelAction": "https://pp78admin.payu.in/test_response"
    },
    "billingDetails": {
        "firstName": "sartaj",
        "lastName": "",
        "phone": "9876543210",
        "email": "[email protected]",
        "city": "Bharatpur",
        "state": "Rajasthan",
        "country": "India",
        "zipCode": "321028"
    },
    "authorization": {
        "eci": "05",
        "cavv": "AAABAWFlmQAAAABjRWWZEEFgFz",
        "flowType": "Frictionless",
        "threeDSTransID": "67b4c71f-19bf-4d97-bd09-4e3687dc9e42",
        "threeDSServerTransID": "eea30d14-71cf-41af-b961-f95b7d67dc93",
        "threeDSTransStatus": "Y",
        "threeDSTransStatusReason": "01",
        "aquirer_bin": "401200",
        "additionalInfo": {
            "authUdf1": "string",
            "authUdf2": "string"
        }
    },
    "threeDS2RequestData": {
        "threeDSVersion": "2.2.0",
        "deviceChannel": "APP"
    }
}'

Response parameters

Parameter	Description
referenceId	This parameter contains the reference ID of the transaction. statusCode
paymentId	This parameter contains the payment ID of the transaction. statusCode
message	This parameter contains the status message of the transaction.

Sample response

Array
(
    [referenceId] => b5f2d8785768087678fm9
    [paymentId] => 1999110000001769
    [message] => Please call verify api to get the transaction status
)

📘
Reference:
To check the transaction status, refer toVerify Payment API.

Response

In addition to the parameters in the response of a Merchant Hosted Checkout transaction with a card, PayU returns network token, network token expiry for PCI complied or PayU token & its expiry for non-PCI complied merchants.