Using Network Tokens

This scenario is applicable if you wanted to collect payments using network tokens.

HTTP Method: POST

Applicable scenarios

Merchant has the card token, TAVV(Cryptogram), and the last four digits of the card
The token could be created by the merchant or through another partner

📘
Note
This scenario is applicable if you are PCI compliant and got the network token and TAVV from any other aggregator or schemes and then sending the card transaction request in the form of authentication.

Request headers

Parameter	Description
date	The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorization	The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

Field	Description
username	Represents the username or identifier for the client or merchant, for example smsplus.
algorithm	Use SHA512 algorithm for hashing and send this as header value.
headers	Specifies which headers have been used in generating the hash, for example date.
signature	The HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code

var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request body

Parameter	Description	Example
accountId `mandatory`	`String` The merchant key provided by PayU during onboarding.	MERCHANT123
referenceId `mandatory`	`String` Reference ID for transaction tracking and this must be unique for every transaction.	REF123456
amount `optional`	`String` Amount of the transaction. Note: This value will not be considered as the transaction. Only the details in the `order.paymentChargeSpecificationparameter.price`field will be considered.	1000
currency `mandatory`	`String` Currency of the transaction. By default, `INR` is posted.	INR
paymentSource `optional`	`String`Contains the payment source.	WEB
paymentMethod `mandatory`	`Object` Details about the payment method used. For more information, refer to paymentMethod object fields description target="_blank" .	{ "name": "NetBanking", "bankCode": "TESTNB" }
order `mandatory`	`Object` Details about the transaction order including product information, ordered items, user-defined fields, and payment charge specifications. For more information, refer to order object fields description target="_blank"
additionalInfo `mandatory`	`Object` Additional information including enforced payment methods, single instalment, virtual payment address (VPA), and various options for user preferences during the transaction. For more information, refer to additionalInfo object fields description target="_blank"
callBackActions `mandatory`	`Object` Actions to perform on the payment server in different scenarios. For example, success, failure, cancellation, cash on delivery, etc. For more information, refer to callbackActions object fields description target="_blank"
billingDetails `mandatory`	`Object` Billing details of the customer including name, address, phone number, email, etc. For more information, refer to billingDetails object field descriptions target="_blank".

Payment method object

Payment Method Object

For Cards seamless integration, the payment method object should contain:

Parameter	Type	Description	Required
`name`	String	Must be "CreditCard" for credit cards or "DebitCard" for debit cards	Yes
`bankCode`	String	Bank code for the card type (e.g., "CC" for credit cards, "DC" for debit cards)	Yes
`paymentCard`	Object	Card details including card number, CVV, expiry, etc.	Yes

Example:

{
  "name": "CreditCard",
  "bankCode": "CC",
  "paymentCard": {
    "cardNumber": "5004461234560000",
    "validThrough": "04/2025",
    "ownerName": "John Doe",
    "cvv": "123"
  }
}

Payment Card Object

For new card payments:

Parameter	Type	Description	Required
`cardNumber`	String	Full card number	Yes
`validThrough`	String	Card expiry date in MM/YYYY format	Yes
`ownerName`	String	Cardholder name as on card	No
`cvv`	String	Card Verification Value	Yes

For saved card payments:

Parameter	Type	Description	Required
`cardToken`	String	Saved card token	Yes
`cardTokenType`	String	Token type (PAYU, NETWORK, ISSUER)	Yes
`tavv`	String	Cryptogram for saved cards	Yes
`last4Digits`	String	Last 4 digits of saved card	Yes
`cvv`	String	Card Verification Value	Yes

Example - New Card:

{
  "cardNumber": "5004461234560000",
  "validThrough": "04/2025",
  "ownerName": "John Doe",
  "cvv": "123"
}

Example - Saved Card:

{
  "cardToken": "29850879bf39848ca078727b8e1a95165a41cea1",
  "cardTokenType": "NETWORK",
  "tavv": "/wAAAAAAPtP+g6IAmbSeg1gAAAA=",
  "last4Digits": "0000",
  "cvv": "123"
}

Order object

Parameter	Description	Example
productInfo `mandatory`	Product details.	Product details
orderedItem `optional`	Details about the items ordered.	Array of Objects
userDefinedFields `optional`	Custom fields for additional information. Fields: udf1, udf2, udf3, udf4, udf5, udf6, udf7, udf8, udf9, udf10. For more information, refer to	Object
paymentChargeSpecification `mandatory`	Includes amount and charges. For more information, refer to paymentChargeSpecification object fields description	Object

paymentChargeSpecification object fields description

Parameter	Description	Example
price `mandatory`	The transaction amount.	1000
netAmountDebit `optional`	Net amount to be debited.	1000
taxSpecification `optional`	Tax details of the product/order.	Object
convenienceFee `optional`	Fees format (e.g., CC:12).	CC:12
offers `optional`	Offers applied or available for the payment.	Object

userDefinedFields object fields description

Field	Description
udf1	User defined field.
udf2	User defined field.
udf3	User defined field.
udf4	User defined field.
udf5	User defined field.
udf6	User defined field.
udf7	User defined field.
udf8	User defined field.
udf9	User defined field.
udf10	User defined field.

Additional Info Object

Parameter	Description	Example
enforcePaymethod `optional`	Force a transaction with a specified method (e.g., CC, DC).	CC
forcePgid `optional`	Forces identification for payment gateway.	PG123
partnerHoldTime `optional`	Time held by the partner for the transaction.	60
userCredentials `optional`	Credentials for user authentication.	string
userToken `optional`	Token for the customer.	user_token_123
subventionAmount `optional`	Amount paid through EMI subvention payments.	100
authOnly `optional`	Initiates an authentication-only payment (true/false).	false
createOrder `optional`	A flag to store the order details (true/false).	true
txnS2sFlow `optional`	For defining seamless/non-seamless flows in handling payments.	seamless

Callback Actions Object

Parameter	Description	Example
successAction `mandatory`	URL to be called on payment success.	https://example.com/success
failureAction `mandatory`	URL to be called on payment failure.	https://example.com/failure
cancelAction `mandatory`	URL to be called if user cancels the payment.	https://example.com/cancel
codAction `optional`	URL for Cash on Delivery (COD) action.	https://example.com/cod

Billing Details Object

Parameter	Description	Example
firstName `mandatory`	First name of the billing contact.	Ashish
lastName `optional`	Last name of the billing contact.	Kumar
address1 `mandatory`	Primary billing address.	123 Main Street
address2 `optional`	Secondary billing address.	Apt 4B
phone `optional`	Phone number of the billing contact.	9123456789
email `mandatory`	Email address of the billing contact.	[email protected]
city `optional`	City of the billing address.	Bharatpur
state `optional`	State of the billing address.	Rajasthan
country `optional`	Country of the billing address.	India
zipCode `optional`	Postal/Zip code of the billing address.	321028

Authorization Object

Field	Description	Example
eci `optional`	Electronic Commerce Indicator.	05
cavv `optional`	Cardholder Authentication Verification Value.	AAABAWFlmQAAAABjRWWZEEFgFz
threeDSTransID `optional`	3DS Transaction ID.	67b4c71f-4e6b-4f98-9f2a-1234567890ab
threeDSenrolled `optional`	Indicates if the card is enrolled in 3D Secure.	Y
threeDSstatus `optional`	Status of the 3D Secure authentication.	Success

ThreeDS2 Request Data Object

Parameter	Description	Example
threeDSVersion `optional`	The version of 3D Secure used.	2.2.0
deviceChannel `optional`	The device used for the transaction channel.	APP

Sample request

curl -X POST \
  https://apitest.payu.in/v2/payments \
  -H 'date: Mon, 05 Oct 2024 11:00:00 GMT' \
  -H 'authorization: HMAC smsplus:4d1ea4e74243ea5b2b5b8b1d8a7b1a2e3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9' \
  -H 'content-type: application/json' \
  -d {
  "accountId": "smsplus",
  "txnId": "b5f2d8785768087678fn4",
  "paymentMethod": {
    "name": "CreditCard",
    "bankCode": "CC",
    "paymentCard": {
      "cardNumber": "5004461234560000",
      "validThrough": "04/2025",
      "ownerName": "John Doe",
      "cvv": "123"
    }
  },
  "order": {
    "productInfo": "Credit Card Test Product",
    "orderedItem": [
      {
        "itemId": "ITEM001",
        "description": "Test Product for Credit Card",
        "quantity": 1
      }
    ],
    "paymentChargeSpecification": {
      "price": 100.00
    },
    "userDefinedFields": {
      "udf1": "",
      "udf2": "",
      "udf3": "",
      "udf4": "",
      "udf5": ""
    }
  },
  "additionalInfo": {
    "txnS2sFlow": "2",
    "createOrder": false,
    "storeCard": "1",
    "oneClickCheckout": "1",
    "preAuthorize": "0"
  },
  "callBackActions": {
    "successAction": "https://example.com/success",
    "failureAction": "https://example.com/failure",
    "cancelAction": "https://example.com/cancel"
  },
  "billingDetails": {
    "firstName": "John",
    "lastName": "Doe",
    "phone": "9876543210",
    "email": "[email protected]",
    "address": {
      "address1": "123 Main Street",
      "city": "Mumbai",
      "state": "Maharashtra",
      "country": "India",
      "zipCode": "400001"
    }
  },
  "authorization": {
    "eci": "05",
    "cavv": "AAABAWFlmQAAAABjRWWZEEFgFz",
    "threeDSTransID": "67b4c71f-4e6b-4f98-9f2a-1234567890ab",
    "threeDSenrolled": "Y",
    "threeDSstatus": "Success"
  },
  "threeDS2RequestData": {
    "threeDSVersion": "2.2.0",
    "deviceChannel": "APP"
  }
  }'

Sample response

{
  "result": {
    "paymentId": "1999110000001769",
    "redirectUrl": "https://secure.payu.in/ResponseHandler.php",
    "authAction": "https://apitest.payu.in/v2/payments/1999110000001769/auth",
    "redirectTemplate": "<html><body>...</body></html>",
    "card": {
      "binData": {
        "pureS2SSupported": false,
        "issuingBank": "ICICI",
        "category": "creditcard",
        "cardType": "VISA",
        "isDomestic": true
      }
    }
  },
  "status": "PENDING",
  "message": "Please call verify API to get the transaction status"
}