Process Transaction with a Saved Card

Process payments using previously saved card tokens through PayU's v2 API. This method allows merchants to charge customers without requiring them to re-enter their card details, providing a seamless payment experience.

The v2 saved card transaction API enables merchants to process payments using card tokens that were previously stored through PayU's tokenization service. This integration follows the same structure as the standard v2 cards integration but uses a cardToken instead of sensitive card details.

📘

Reference

To use saved card transactions, you must first have stored the card using PayU's card tokenization service and obtained a cardToken. You can get the cards stored by a customer using the Get User Cards API. For more information on get user cards, refer to Get User Cards API.

Environment

Request Headers

ParameterDescription
dateThe current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorizationThe actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

FieldDescription
usernameRepresents the username or identifier for the client or merchant, for example smsplus.
algorithmUse SHA512 algorithm for hashing and send this as header value.
headersSpecifies which headers have been used in generating the hash, for example date.
signatureThe HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request Body

The request body structure for saved card transactions follows the v2 payments API format with specific parameters for tokenized cards:

Parameter Description Example
accountId
mandatory
Merchant account identifier provided by PayU during onboarding smsplus
txnId
mandatory
Unique transaction identifier generated by the merchant txn_saved_card_001
amount
mandatory
Transaction amount in the smallest currency unit 1000
userCredentials
mandatory
Format: merchantId:uniqueCustomerId to link the saved card to the customer merchant123:customer456
paymentMethod
mandatory
Payment method details for saved card transaction Refer to paymentMethod object
order
mandatory
Order details including product information Refer to order object
additionalInfo
optional
Additional transaction metadata Refer to additionalInfo object
callBackActions
mandatory
Callback URLs for transaction outcomes Refer to callBackActions object
billingDetails
mandatory
Customer billing information Refer to billingDetails object

paymentMethod object fields description

Parameter Description Example
name
mandatory
Payment method type. Use CreditCard or DebitCard CreditCard
bankCode
mandatory
Bank/Card type code. Use CC for credit cards, DC for debit cards CC
paymentCard
mandatory
Saved card details using token Refer to paymentCard object

paymentCard object fields description (Saved Card)

Parameter Description Example
cardNumber
mandatory for physical card
Card number. 5497774415170603
validThrough
mandatory for physical card
Expiry date in MM/YYYY format. 05/2025
ownerName
optional
Name of the card owner. Ashish
cvv
mandatory for physical card
CVV number of the card. 123
tavv
mandatory for saved card
Cryptogram of the card for tokenized payments. AAABAWFlmQAAAABjRWWZEEFgFz
last4Digits
mandatory for saved card
Last four digits of the card. 0603
cardTokenType
mandatory for saved card
Card token type. Valid values: PAYU, NETWORK, ISSUER. PAYU
cardToken
mandatory for saved card
Card token of the stored card. b5f2d8785768087678fm9
📘

Note

For saved card transactions, the cardToken replaces sensitive card details like cardNumber, validThrough, and ownerName. CVV may be optional depending on your merchant configuration.

order object fields description

Parameter Description Example
productInfo
mandatory
Product details. Product details
orderedItem
optional
Details about the items ordered. Array of Objects
userDefinedFields
optional
Custom fields for additional information. Fields: udf1, udf2, udf3, udf4, udf5, udf6, udf7, udf8, udf9, udf10. For more information, refer to Object
paymentChargeSpecification
mandatory
Includes amount and charges. For more information, refer to paymentChargeSpecification object fields description Object
paymentChargeSpecification object fields description
Parameter Description Example
price
mandatory
The transaction amount. 1000
netAmountDebit
optional
Net amount to be debited. 1000
taxSpecification
optional
Tax details of the product/order. Object
convenienceFee
optional
Fees format (e.g., CC:12). CC:12
offers
optional
Offers applied or available for the payment. Object
userDefinedFields object fields description
FieldDescription
udf1User defined field.
udf2User defined field.
udf3User defined field.
udf4User defined field.
udf5User defined field.
udf6User defined field.
udf7User defined field.
udf8User defined field.
udf9User defined field.
udf10User defined field.

additionalInfo object fields description

Parameter Description Example
enforcePaymethod
optional
Force a transaction with a specified method (e.g., CC, DC). CC
forcePgid
optional
Forces identification for payment gateway. PG123
partnerHoldTime
optional
Time held by the partner for the transaction. 60
userCredentials
optional
Credentials for user authentication. string
userToken
optional
Token for the customer. user_token_123
subventionAmount
optional
Amount paid through EMI subvention payments. 100
authOnly
optional
Initiates an authentication-only payment (true/false). false
createOrder
optional
A flag to store the order details (true/false). true
txnS2sFlow
optional
For defining seamless/non-seamless flows in handling payments. seamless

callBackActions object fields description

Parameter Description Example
successAction
mandatory
URL to be called on payment success. https://example.com/success
failureAction
mandatory
URL to be called on payment failure. https://example.com/failure
cancelAction
mandatory
URL to be called if user cancels the payment. https://example.com/cancel
codAction
optional
URL for Cash on Delivery (COD) action. https://example.com/cod

billingDetails object fields description

Parameter Description Example
firstName
mandatory
First name of the billing contact. Ashish
lastName
optional
Last name of the billing contact. Kumar
address1
mandatory
Primary billing address. 123 Main Street
address2
optional
Secondary billing address. Apt 4B
phone
optional
Phone number of the billing contact. 9123456789
email
mandatory
Email address of the billing contact. [email protected]
city
optional
City of the billing address. Bharatpur
state
optional
State of the billing address. Rajasthan
country
optional
Country of the billing address. India
zipCode
optional
Postal/Zip code of the billing address. 321028

Sample request

{
    "accountId": "smsplus",
    "txnId": "txn_saved_card_001",
    "amount": "1000",
    "userCredentials": "merchant123:customer456",
    "paymentMethod": {
        "name": "CreditCard",
        "bankCode": "CC",
        "paymentCard": {
            "cardToken": "57cb996f2eaeee525765a",
            "cvv": "123"
        }
    },
    "order": {
        "productInfo": "Premium Subscription",
        "orderedItem": [
            {
                "itemId": "SUB001",
                "description": "Monthly Premium Plan",
                "quantity": 1,
                "amount": 1000
            }
        ],
        "userDefinedFields": {
            "udf1": "recurring_payment",
            "udf2": "monthly",
            "udf3": "premium",
            "udf4": "auto_renewal",
            "udf5": "customer456"
        },
        "paymentChargeSpecification": {
            "price": "1000"
        }
    },
    "additionalInfo": {
        "enforcePaymethod": "CC",
        "createOrder": true,
        "authOnly": false
    },
    "callBackActions": {
        "successAction": "https://yoursite.com/payment/success",
        "failureAction": "https://yoursite.com/payment/failure",
        "cancelAction": "https://yoursite.com/payment/cancel"
    },
    "billingDetails": {
        "firstName": "John",
        "lastName": "Doe",
        "address1": "123 Business Street",
        "phone": "9876543210",
        "email": "[email protected]",
        "city": "Mumbai",
        "state": "Maharashtra",
        "country": "India",
        "zipCode": "400001"
    }
}

Response Parameters

Parameter Description
txnId This parameter contains the transaction ID of the transaction.
paymentId This parameter contains the payment ID of the transaction.
message This parameter contains the status message of the transaction.

Sample Response

{
    "txnId": "txn_saved_card_001",
    "paymentId": "1999110000001770",
    "message": "Please call verify api to get the transaction status",
    "status": "pending",
    "cardDetails": {
        "cardToken": "57cb996f2eaeee525765a",
        "cardNumber": "XXXX-XXXX-XXXX-5603",
        "cardType": "VISA"
    }
}

Key Benefits of Saved Card Transactions

  • Enhanced Security: Sensitive card data is tokenized and stored securely by PayU
  • Improved User Experience: Customers don't need to re-enter card details
  • Faster Checkout: Reduced form fields and processing time
  • PCI Compliance: Reduced PCI scope as card data is handled by PayU's tokenization service
  • Reduced Cart Abandonment: Simplified payment flow increases conversion rates

Important Considerations

📘

Security Notes

  • Card tokens are unique to each merchant-customer combination
  • Tokens cannot be used across different merchant accounts
  • CVV collection is configurable based on your security requirements
📘

Token Management

  • Card tokens remain valid until explicitly deleted or the card expires
  • Expired card tokens will need to be replaced with new tokens
  • Use the Get User Cards API to retrieve available tokens for a customer

Error Handling

Common error scenarios for saved card transactions:

Error Type Description Resolution
Invalid Token Card token not found or expired Verify token validity or obtain a new token
Token Mismatch Token doesn't belong to the specified customer Ensure userCredentials match the token owner
Insufficient Funds Card has insufficient balance Request customer to use alternative payment method
Card Expired Physical card associated with token has expired Customer needs to update card details

Reference

After initiating a saved card payment, use the Verify Payment API to check the final transaction status.