UPI Flow - v2 Payment API

The UPI Seamless Integration allows merchants to process UPI payments directly through a server-to-server (S2S) flow without redirecting customers to external payment pages. This integration provides a smooth payment experience by handling UPI transactions programmatically using the customer's Virtual Payment Address (VPA).

When to Use UPI Seamless Integration

Use this integration when:

  • You want to accept UPI payments without redirecting customers away from your platform
  • Your customers prefer to stay on your application during the payment process
  • You need to integrate UPI payments into mobile apps or web applications seamlessly
  • You want to provide a faster checkout experience for UPI users

Environment

Request header

ParameterDescription
dateThe current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorizationThe actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

FieldDescription
usernameRepresents the username or identifier for the client or merchant, for example smsplus.
algorithmUse SHA512 algorithm for hashing and send this as header value.
headersSpecifies which headers have been used in generating the hash, for example date.
signatureThe HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request parameters

Parameter Description Example

accountId
mandatory

String The merchant key provided by PayU during onboarding.

UMXDPA

txnId
mandatory

String Transaction ID provided by the merchant and this must be unique for every transaction.

ZP6267f0d2996ce

order
mandatory

Object Details about the transaction order including product information, ordered items, user-defined fields, and payment charge specifications. For more information, refer to order object fields description.

additionalInfo
mandatory

Object Additional information including S2S flow configuration and redirect flow settings. For more information, refer to additionalInfo object fields description.

callBackActions
mandatory

Object Actions to perform on the payment server in different scenarios. For more information, refer to callBackActions object fields description.

billingDetails
mandatory

Object Billing details of the customer including name, address, phone number, email, etc. For more information, refer to billingDetails object fields description.

paymentMethod object fields description

Field Description Example

name
mandatory

String This field must contain the payment mode code. For UPI, use "UPI."

UPI

bankCode
mandatory

String This field must contain the card type code. For more information, refer to Card Type Codes and Supported Banks for Cards.

CC

order object fields description

Parameter Description Example
productInfo
mandatory
Product details. Product details
orderedItem
optional
Details about the items ordered. Array of Objects
userDefinedFields
optional
Custom fields for additional information. Fields: udf1, udf2, udf3, udf4, udf5, udf6, udf7, udf8, udf9, udf10. For more information, refer to Object
paymentChargeSpecification
mandatory
Includes amount and charges. For more information, refer to paymentChargeSpecification object fields description Object
paymentChargeSpecification object fields description
Parameter Description Example
price
mandatory
The transaction amount. 1000
netAmountDebit
optional
Net amount to be debited. 1000
taxSpecification
optional
Tax details of the product/order. Object
convenienceFee
optional
Fees format (e.g., CC:12). CC:12
offers
optional
Offers applied or available for the payment. Object
userDefinedFields object fields description
FieldDescription
udf1User defined field.
udf2User defined field.
udf3User defined field.
udf4User defined field.
udf5User defined field.
udf6User defined field.
udf7User defined field.
udf8User defined field.
udf9User defined field.
udf10User defined field.

additionalInfo object fields description

Parameter Description Example
enforcePaymethod
optional
Force a transaction with a specified method (e.g., CC, DC). CC
forcePgid
optional
Forces identification for payment gateway. PG123
partnerHoldTime
optional
Time held by the partner for the transaction. 60
userCredentials
optional
Credentials for user authentication. string
userToken
optional
Token for the customer. user_token_123
subventionAmount
optional
Amount paid through EMI subvention payments. 100
authOnly
optional
Initiates an authentication-only payment (true/false). false
createOrder
optional
A flag to store the order details (true/false). true
txnS2sFlow
optional
For defining seamless/non-seamless flows in handling payments. seamless

callbackActions object fields description

Parameter Description Example
successAction
mandatory
URL to be called on payment success. https://example.com/success
failureAction
mandatory
URL to be called on payment failure. https://example.com/failure
cancelAction
mandatory
URL to be called if user cancels the payment. https://example.com/cancel
codAction
optional
URL for Cash on Delivery (COD) action. https://example.com/cod

billingDetails object fields description

Parameter Description Example
firstName
mandatory
First name of the billing contact. Ashish
lastName
optional
Last name of the billing contact. Kumar
address1
mandatory
Primary billing address. 123 Main Street
address2
optional
Secondary billing address. Apt 4B
phone
optional
Phone number of the billing contact. 9123456789
email
mandatory
Email address of the billing contact. [email protected]
city
optional
City of the billing address. Bharatpur
state
optional
State of the billing address. Rajasthan
country
optional
Country of the billing address. India
zipCode
optional
Postal/Zip code of the billing address. 321028

Sample request

curl --location 'https://apitest.payu.in/v2/payments' \
--header 'date: Thu, 27 Mar 2025 10:12:27 GMT' \
--header 'authorization: hmac username="smsplus", algorithm="sha512", headers="date", signature="ec84843a663143bb86c46b46c5c5ccae8c2cf6b9beb3e14d0be04119daffe83f2de2a8e28c20cb0c1c8e23d5e86e5cbdc5774e6a2e9a7186e1b8b9b6f8a8b9c8c1e3c4c5c1a3c7c9b7b2a1a3e7e8e9c8c1e3c4c5c1a3c7c9b7b2a1a"' \
--header 'Content-Type: application/json' \
--data-raw '{
  "accountId": "KOEfPI",
  "txnId": "Test123UPI",
  "amount": 424.38,
  "paymentMethod": {
    "name": "UPI",
    "bankCode": "NB",
    "upi": {
      "vpa": "xyz@axis"
    }
  },
  "order": {
    "productInfo": "Example Product",
    "paymentChargeSpecification": {
      "price": 424.38,
      "netAmountDebit": 424.38
    }
  },
  "additionalInfo": {
    "vpa": "xyz@axis", 
    "txnFlow": "seamless",
    "createOrder": "true"
  },
  "callBackActions": {
    "successAction": "https://merchantwebsite.com/success",
    "failureAction": "https://merchantwebsite.com/failure"
  },
  "billingDetails": {
    "firstName": "John",
    "phone": "9876543210",
    "email": "[email protected]"
  }
}'

Sample response

{
  "result": {
    "redirectUrl": "https://secure.payu.in/ResponseHandler.php",
    "authAction": "https://api.payu.in/payments/21667772394/otps",
    "paymentId": "21667772394",
    "redirectTemplate": "<html><body><form name='payment_post' id='payment_post' action='https://upi.return.url' method='post'></form></body></html>",
    "upi": {
      "amount": "424.38",
      "merchantVpa": "facebookadsmanager.payu@hdfcbank", 
      "intentURIData": "pa=facebookadsmanager.payu@hdfcbank&pn=Facebook India Online Services Private Limited&tr=21667772414&tid=PPPL21667772XXXXXXXXXXXX0016744c229&am=424.38&cu=INR&tn=UPIIntent",
      "merchantName": "FacebookIndiaOnlineServicesPrivateLimited"
    }
  },
  "orderId": "b5f2d8785768087678f4",
  "status": "PENDING"
}

Response Parameters

Parameter Description
txnId This parameter contains the transaction ID of the transaction.
paymentId This parameter contains the payment ID of the transaction.
message This parameter contains the status message of the transaction.

UPI-Specific Response Parameters

For UPI payments, the response includes additional UPI-specific fields:

ParameterDescription
upi.amountTransaction amount for UPI payment
upi.merchantVpaMerchant's VPA for receiving payment
upi.intentURIDataUPI intent data for payment apps
upi.merchantNameMerchant name displayed in UPI apps
orderIdGenerated order ID if createOrder is true

Implementation Steps

Step 1: Collect Customer VPA

Obtain the customer's Virtual Payment Address (VPA) through your application interface. The VPA format is typically username@bankname (e.g., customer@paytm, user@googlepay).

Step 2: Create Payment Request

Submit the payment request with the customer's VPA and all required parameters as shown in the sample request above.

Step 3: Handle UPI Response

Process the response which contains:

  • UPI Intent Data: Use for triggering UPI apps on mobile devices
  • Payment ID: For tracking and verification
  • Merchant VPA: For displaying payment details

Step 4: Verify Payment Status

Always call the Verify Payment API to confirm the final transaction status:

curl --location 'https://apitest.payu.in/v2/payments/verify' \
--header 'date: Thu, 27 Mar 2025 10:12:27 GMT' \
--header 'authorization: hmac username="smsplus", algorithm="sha512", headers="date", signature="your_signature_here"' \
--header 'Content-Type: application/json' \
--data-raw '{
  "txnId": ["Test123UPI"]
}'

UPI Integration Flow Types

1. Intent-Based Flow

For mobile applications, use the UPI intent data to launch UPI-enabled apps:

  • Extract intentURIData from the response
  • Trigger UPI app with the intent data
  • Handle the callback from UPI apps

2. Collect Request Flow

For web applications or when customer needs to enter UPI PIN:

  • Present QR code or payment details
  • Allow customer to complete payment in their UPI app
  • Poll for payment status updates

3. Direct VPA Flow

When customer provides VPA directly:

  • Validate VPA format
  • Submit payment request with VPA
  • Handle authentication if required