This scenario is applicable if you wanted to collect payments using network tokens.
HTTP Method: POST
Applicable scenarios
- Merchant has the card token, TAVV(Cryptogram), and the last four digits of the card
- The token could be created by the merchant or through another partner
NoteThis scenario is applicable if you are PCI compliant and got the network token and TAVV from any other aggregator or schemes and then sending the card transaction request in the form of authentication.
Request headers
Parameter | Description |
---|---|
date | The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT. |
authorization | The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description. |
authorization fields description
Field | Description |
---|---|
username | Represents the username or identifier for the client or merchant, for example smsplus. |
algorithm | Use SHA512 algorithm for hashing and send this as header value. |
headers | Specifies which headers have been used in generating the hash, for example date. |
signature | The HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm. |
hashing algorithm
You must hash the request parameters using the following hash logic:
Hash logic: sha512(<Body data>
+ '|' + date + '|' + merchant_secret)
Where <Body data>
contains the request body posted with the request.
Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();
// authorization
var authorization = getAuthHeader(date);
function getAuthHeader(date) {
var AUTH_TYPE = 'sha512';
var data = isEmpty(request['data']) ? "" : request['data'];
var hash_string = data + '|' + date + '|' + merchant_secret;
var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}
Request body
Parameter | Description | Example |
---|---|---|
accountId |
|
MERCHANT123 |
referenceId |
|
REF123456 |
amount |
|
1000 |
currency |
|
INR |
paymentSource |
|
WEB |
paymentMethod |
|
{ |
order |
|
|
additionalInfo |
|
|
callBackActions |
|
|
billingDetails |
|
Payment method object
Payment Method Object
For Cards seamless integration, the payment method object should contain:
Parameter | Type | Description | Required |
---|---|---|---|
name | String | Must be "CreditCard" for credit cards or "DebitCard" for debit cards | Yes |
bankCode | String | Bank code for the card type (e.g., "CC" for credit cards, "DC" for debit cards) | Yes |
paymentCard | Object | Card details including card number, CVV, expiry, etc. | Yes |
Example:
{
"name": "CreditCard",
"bankCode": "CC",
"paymentCard": {
"cardNumber": "5004461234560000",
"validThrough": "04/2025",
"ownerName": "John Doe",
"cvv": "123"
}
}
Payment Card Object
For new card payments:
Parameter | Type | Description | Required |
---|---|---|---|
cardNumber | String | Full card number | Yes |
validThrough | String | Card expiry date in MM/YYYY format | Yes |
ownerName | String | Cardholder name as on card | No |
cvv | String | Card Verification Value | Yes |
For saved card payments:
Parameter | Type | Description | Required |
---|---|---|---|
cardToken | String | Saved card token | Yes |
cardTokenType | String | Token type (PAYU, NETWORK, ISSUER) | Yes |
tavv | String | Cryptogram for saved cards | Yes |
last4Digits | String | Last 4 digits of saved card | Yes |
cvv | String | Card Verification Value | Yes |
Example - New Card:
{
"cardNumber": "5004461234560000",
"validThrough": "04/2025",
"ownerName": "John Doe",
"cvv": "123"
}
Example - Saved Card:
{
"cardToken": "29850879bf39848ca078727b8e1a95165a41cea1",
"cardTokenType": "NETWORK",
"tavv": "/wAAAAAAPtP+g6IAmbSeg1gAAAA=",
"last4Digits": "0000",
"cvv": "123"
}
Order object
Parameter | Description | Example |
---|---|---|
productInfomandatory |
Product details. | Product details |
orderedItemoptional |
Details about the items ordered. | Array of Objects |
userDefinedFieldsoptional |
Custom fields for additional information. Fields: udf1, udf2, udf3, udf4, udf5, udf6, udf7, udf8, udf9, udf10. For more information, refer to | Object |
paymentChargeSpecificationmandatory |
Includes amount and charges. For more information, refer to paymentChargeSpecification object fields description | Object |
paymentChargeSpecification object fields description
Parameter | Description | Example |
---|---|---|
pricemandatory |
The transaction amount. | 1000 |
netAmountDebitoptional |
Net amount to be debited. | 1000 |
taxSpecificationoptional |
Tax details of the product/order. | Object |
convenienceFeeoptional |
Fees format (e.g., CC:12). | CC:12 |
offersoptional |
Offers applied or available for the payment. | Object |
userDefinedFields object fields description
Field | Description |
---|---|
udf1 | User defined field. |
udf2 | User defined field. |
udf3 | User defined field. |
udf4 | User defined field. |
udf5 | User defined field. |
udf6 | User defined field. |
udf7 | User defined field. |
udf8 | User defined field. |
udf9 | User defined field. |
udf10 | User defined field. |
Additional Info Object
Parameter | Description | Example |
---|---|---|
enforcePaymethodoptional |
Force a transaction with a specified method (e.g., CC, DC). | CC |
forcePgidoptional |
Forces identification for payment gateway. | PG123 |
partnerHoldTimeoptional |
Time held by the partner for the transaction. | 60 |
userCredentialsoptional |
Credentials for user authentication. | string |
userTokenoptional |
Token for the customer. | user_token_123 |
subventionAmountoptional |
Amount paid through EMI subvention payments. | 100 |
authOnlyoptional |
Initiates an authentication-only payment (true/false). | false |
createOrderoptional |
A flag to store the order details (true/false). | true |
txnS2sFlowoptional |
For defining seamless/non-seamless flows in handling payments. | seamless |
Callback Actions Object
Parameter | Description | Example |
---|---|---|
successActionmandatory |
URL to be called on payment success. | https://example.com/success |
failureActionmandatory |
URL to be called on payment failure. | https://example.com/failure |
cancelActionmandatory |
URL to be called if user cancels the payment. | https://example.com/cancel |
codActionoptional |
URL for Cash on Delivery (COD) action. | https://example.com/cod |
Billing Details Object
Parameter | Description | Example |
---|---|---|
firstNamemandatory |
First name of the billing contact. | Ashish |
lastNameoptional |
Last name of the billing contact. | Kumar |
address1mandatory |
Primary billing address. | 123 Main Street |
address2optional |
Secondary billing address. | Apt 4B |
phoneoptional |
Phone number of the billing contact. | 9123456789 |
emailmandatory |
Email address of the billing contact. | [email protected] |
cityoptional |
City of the billing address. | Bharatpur |
stateoptional |
State of the billing address. | Rajasthan |
countryoptional |
Country of the billing address. | India |
zipCodeoptional |
Postal/Zip code of the billing address. | 321028 |
Authorization Object
Field | Description | Example |
---|---|---|
ecioptional |
Electronic Commerce Indicator. | 05 |
cavvoptional |
Cardholder Authentication Verification Value. | AAABAWFlmQAAAABjRWWZEEFgFz |
threeDSTransIDoptional |
3DS Transaction ID. | 67b4c71f-4e6b-4f98-9f2a-1234567890ab |
threeDSenrolledoptional |
Indicates if the card is enrolled in 3D Secure. | Y |
threeDSstatusoptional |
Status of the 3D Secure authentication. | Success |
ThreeDS2 Request Data Object
Parameter | Description | Example |
---|---|---|
threeDSVersionoptional |
The version of 3D Secure used. | 2.2.0 |
deviceChanneloptional |
The device used for the transaction channel. | APP |
Sample request
curl -X POST \
https://apitest.payu.in/v2/payments \
-H 'date: Mon, 05 Oct 2024 11:00:00 GMT' \
-H 'authorization: HMAC smsplus:4d1ea4e74243ea5b2b5b8b1d8a7b1a2e3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9' \
-H 'content-type: application/json' \
-d {
"accountId": "smsplus",
"txnId": "b5f2d8785768087678fn4",
"paymentMethod": {
"name": "CreditCard",
"bankCode": "CC",
"paymentCard": {
"cardNumber": "5004461234560000",
"validThrough": "04/2025",
"ownerName": "John Doe",
"cvv": "123"
}
},
"order": {
"productInfo": "Credit Card Test Product",
"orderedItem": [
{
"itemId": "ITEM001",
"description": "Test Product for Credit Card",
"quantity": 1
}
],
"paymentChargeSpecification": {
"price": 100.00
},
"userDefinedFields": {
"udf1": "",
"udf2": "",
"udf3": "",
"udf4": "",
"udf5": ""
}
},
"additionalInfo": {
"txnS2sFlow": "2",
"createOrder": false,
"storeCard": "1",
"oneClickCheckout": "1",
"preAuthorize": "0"
},
"callBackActions": {
"successAction": "https://example.com/success",
"failureAction": "https://example.com/failure",
"cancelAction": "https://example.com/cancel"
},
"billingDetails": {
"firstName": "John",
"lastName": "Doe",
"phone": "9876543210",
"email": "[email protected]",
"address": {
"address1": "123 Main Street",
"city": "Mumbai",
"state": "Maharashtra",
"country": "India",
"zipCode": "400001"
}
},
"authorization": {
"eci": "05",
"cavv": "AAABAWFlmQAAAABjRWWZEEFgFz",
"threeDSTransID": "67b4c71f-4e6b-4f98-9f2a-1234567890ab",
"threeDSenrolled": "Y",
"threeDSstatus": "Success"
},
"threeDS2RequestData": {
"threeDSVersion": "2.2.0",
"deviceChannel": "APP"
}
}'
Sample response
{
"result": {
"paymentId": "1999110000001769",
"redirectUrl": "https://secure.payu.in/ResponseHandler.php",
"authAction": "https://apitest.payu.in/v2/payments/1999110000001769/auth",
"redirectTemplate": "<html><body>...</body></html>",
"card": {
"binData": {
"pureS2SSupported": false,
"issuingBank": "ICICI",
"category": "creditcard",
"cardType": "VISA",
"isDomestic": true
}
}
},
"status": "PENDING",
"message": "Please call verify API to get the transaction status"
}