Using Network Tokens

This scenario is applicable if you wanted to collect payments using network tokens.

HTTP Method: POST

Applicable scenarios

  • Merchant has the card token, TAVV(Cryptogram), and the last four digits of the card 
  • The token could be created by the merchant or through another partner 
📘

Note

This scenario is applicable if you are PCI compliant and got the network token and TAVV from any other aggregator or schemes and then sending the card transaction request in the form of authentication.

Request headers

ParameterDescription
dateThe current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorizationThe actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

FieldDescription
usernameRepresents the username or identifier for the client or merchant, for example smsplus.
algorithmUse SHA512 algorithm for hashing and send this as header value.
headersSpecifies which headers have been used in generating the hash, for example date.
signatureThe HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request body

Parameter Description Example

accountId
mandatory

String The merchant key provided by PayU during onboarding.

MERCHANT123

referenceId
mandatory

String Reference ID for transaction tracking and this must be unique for every transaction.

REF123456

amount
optional

String Amount of the transaction.
Note: This value will not be considered as the transaction. Only the details in the order.paymentChargeSpecificationparameter.pricefield will be considered.

1000

currency
mandatory

String Currency of the transaction. By default, INR is posted.

INR

paymentSource optional

StringContains the payment source.

WEB

paymentMethod
mandatory

Object Details about the payment method used. For more information, refer to paymentMethod object fields description target="_blank" .

{
"name": "NetBanking",
"bankCode": "TESTNB"
}

order
mandatory

Object Details about the transaction order including product information, ordered items, user-defined fields, and payment charge specifications. For more information, refer to order object fields description target="_blank"

additionalInfo
mandatory

Object Additional information including enforced payment methods, single instalment, virtual payment address (VPA), and various options for user preferences during the transaction. For more information, refer to additionalInfo object fields description target="_blank"

callBackActions
mandatory

Object Actions to perform on the payment server in different scenarios. For example, success, failure, cancellation, cash on delivery, etc. For more information, refer to callbackActions object fields description target="_blank"

billingDetails
mandatory

Object Billing details of the customer including name, address, phone number, email, etc. For more information, refer to billingDetails object field descriptions target="_blank".

Payment method object

Payment Method Object

For Cards seamless integration, the payment method object should contain:

ParameterTypeDescriptionRequired
nameStringMust be "CreditCard" for credit cards or "DebitCard" for debit cardsYes
bankCodeStringBank code for the card type (e.g., "CC" for credit cards, "DC" for debit cards)Yes
paymentCardObjectCard details including card number, CVV, expiry, etc.Yes

Example:

{
  "name": "CreditCard",
  "bankCode": "CC",
  "paymentCard": {
    "cardNumber": "5004461234560000",
    "validThrough": "04/2025",
    "ownerName": "John Doe",
    "cvv": "123"
  }
}

Payment Card Object

For new card payments:

ParameterTypeDescriptionRequired
cardNumberStringFull card numberYes
validThroughStringCard expiry date in MM/YYYY formatYes
ownerNameStringCardholder name as on cardNo
cvvStringCard Verification ValueYes

For saved card payments:

ParameterTypeDescriptionRequired
cardTokenStringSaved card tokenYes
cardTokenTypeStringToken type (PAYU, NETWORK, ISSUER)Yes
tavvStringCryptogram for saved cardsYes
last4DigitsStringLast 4 digits of saved cardYes
cvvStringCard Verification ValueYes

Example - New Card:

{
  "cardNumber": "5004461234560000",
  "validThrough": "04/2025",
  "ownerName": "John Doe",
  "cvv": "123"
}

Example - Saved Card:

{
  "cardToken": "29850879bf39848ca078727b8e1a95165a41cea1",
  "cardTokenType": "NETWORK",
  "tavv": "/wAAAAAAPtP+g6IAmbSeg1gAAAA=",
  "last4Digits": "0000",
  "cvv": "123"
}

Order object

Parameter Description Example
productInfo
mandatory
Product details. Product details
orderedItem
optional
Details about the items ordered. Array of Objects
userDefinedFields
optional
Custom fields for additional information. Fields: udf1, udf2, udf3, udf4, udf5, udf6, udf7, udf8, udf9, udf10. For more information, refer to Object
paymentChargeSpecification
mandatory
Includes amount and charges. For more information, refer to paymentChargeSpecification object fields description Object
paymentChargeSpecification object fields description
Parameter Description Example
price
mandatory
The transaction amount. 1000
netAmountDebit
optional
Net amount to be debited. 1000
taxSpecification
optional
Tax details of the product/order. Object
convenienceFee
optional
Fees format (e.g., CC:12). CC:12
offers
optional
Offers applied or available for the payment. Object
userDefinedFields object fields description
FieldDescription
udf1User defined field.
udf2User defined field.
udf3User defined field.
udf4User defined field.
udf5User defined field.
udf6User defined field.
udf7User defined field.
udf8User defined field.
udf9User defined field.
udf10User defined field.

Additional Info Object

Parameter Description Example
enforcePaymethod
optional
Force a transaction with a specified method (e.g., CC, DC). CC
forcePgid
optional
Forces identification for payment gateway. PG123
partnerHoldTime
optional
Time held by the partner for the transaction. 60
userCredentials
optional
Credentials for user authentication. string
userToken
optional
Token for the customer. user_token_123
subventionAmount
optional
Amount paid through EMI subvention payments. 100
authOnly
optional
Initiates an authentication-only payment (true/false). false
createOrder
optional
A flag to store the order details (true/false). true
txnS2sFlow
optional
For defining seamless/non-seamless flows in handling payments. seamless

Callback Actions Object

Parameter Description Example
successAction
mandatory
URL to be called on payment success. https://example.com/success
failureAction
mandatory
URL to be called on payment failure. https://example.com/failure
cancelAction
mandatory
URL to be called if user cancels the payment. https://example.com/cancel
codAction
optional
URL for Cash on Delivery (COD) action. https://example.com/cod

Billing Details Object

Parameter Description Example
firstName
mandatory
First name of the billing contact. Ashish
lastName
optional
Last name of the billing contact. Kumar
address1
mandatory
Primary billing address. 123 Main Street
address2
optional
Secondary billing address. Apt 4B
phone
optional
Phone number of the billing contact. 9123456789
email
mandatory
Email address of the billing contact. [email protected]
city
optional
City of the billing address. Bharatpur
state
optional
State of the billing address. Rajasthan
country
optional
Country of the billing address. India
zipCode
optional
Postal/Zip code of the billing address. 321028

Authorization Object

Field Description Example
eci
optional
Electronic Commerce Indicator. 05
cavv
optional
Cardholder Authentication Verification Value. AAABAWFlmQAAAABjRWWZEEFgFz
threeDSTransID
optional
3DS Transaction ID. 67b4c71f-4e6b-4f98-9f2a-1234567890ab
threeDSenrolled
optional
Indicates if the card is enrolled in 3D Secure. Y
threeDSstatus
optional
Status of the 3D Secure authentication. Success

ThreeDS2 Request Data Object

Parameter Description Example
threeDSVersion
optional
The version of 3D Secure used. 2.2.0
deviceChannel
optional
The device used for the transaction channel. APP

Sample request

curl -X POST \
  https://apitest.payu.in/v2/payments \
  -H 'date: Mon, 05 Oct 2024 11:00:00 GMT' \
  -H 'authorization: HMAC smsplus:4d1ea4e74243ea5b2b5b8b1d8a7b1a2e3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9' \
  -H 'content-type: application/json' \
  -d {
  "accountId": "smsplus",
  "txnId": "b5f2d8785768087678fn4",
  "paymentMethod": {
    "name": "CreditCard",
    "bankCode": "CC",
    "paymentCard": {
      "cardNumber": "5004461234560000",
      "validThrough": "04/2025",
      "ownerName": "John Doe",
      "cvv": "123"
    }
  },
  "order": {
    "productInfo": "Credit Card Test Product",
    "orderedItem": [
      {
        "itemId": "ITEM001",
        "description": "Test Product for Credit Card",
        "quantity": 1
      }
    ],
    "paymentChargeSpecification": {
      "price": 100.00
    },
    "userDefinedFields": {
      "udf1": "",
      "udf2": "",
      "udf3": "",
      "udf4": "",
      "udf5": ""
    }
  },
  "additionalInfo": {
    "txnS2sFlow": "2",
    "createOrder": false,
    "storeCard": "1",
    "oneClickCheckout": "1",
    "preAuthorize": "0"
  },
  "callBackActions": {
    "successAction": "https://example.com/success",
    "failureAction": "https://example.com/failure",
    "cancelAction": "https://example.com/cancel"
  },
  "billingDetails": {
    "firstName": "John",
    "lastName": "Doe",
    "phone": "9876543210",
    "email": "[email protected]",
    "address": {
      "address1": "123 Main Street",
      "city": "Mumbai",
      "state": "Maharashtra",
      "country": "India",
      "zipCode": "400001"
    }
  },
  "authorization": {
    "eci": "05",
    "cavv": "AAABAWFlmQAAAABjRWWZEEFgFz",
    "threeDSTransID": "67b4c71f-4e6b-4f98-9f2a-1234567890ab",
    "threeDSenrolled": "Y",
    "threeDSstatus": "Success"
  },
  "threeDS2RequestData": {
    "threeDSVersion": "2.2.0",
    "deviceChannel": "APP"
  }
  }'

Sample response

{
  "result": {
    "paymentId": "1999110000001769",
    "redirectUrl": "https://secure.payu.in/ResponseHandler.php",
    "authAction": "https://apitest.payu.in/v2/payments/1999110000001769/auth",
    "redirectTemplate": "<html><body>...</body></html>",
    "card": {
      "binData": {
        "pureS2SSupported": false,
        "issuingBank": "ICICI",
        "category": "creditcard",
        "cardType": "VISA",
        "isDomestic": true
      }
    }
  },
  "status": "PENDING",
  "message": "Please call verify API to get the transaction status"
}