Refund Initiation API

The Refund Initiation API allows merchants to initiate refunds for transactions. Its functionally similar to the v1 Cancel Refund Transaction API, but is maintained only for backward compatibility with existing integrations. The v2 API offers enhanced functionality and improved response formats compared to the v1 API.

Endpoint

Request header

ParameterDescription
dateThe current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorizationThe actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description.

authorization fields description

FieldDescription
usernameRepresents the username or identifier for the client or merchant, for example smsplus.
algorithmUse SHA512 algorithm for hashing and send this as header value.
headersSpecifies which headers have been used in generating the hash, for example date.
signatureThe HMAC signature generated using the specified algorithm. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

Hash logic: sha512(<Body data> + '|' + date + '|' + merchant_secret)

Where <Body data> contains the request body posted with the request.

Sample header code
var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';
// date
var date = new Date();
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);

function getAuthHeader(date) {
    var AUTH_TYPE = 'sha512';
    var data = isEmpty(request['data']) ? "" : request['data'];
    var hash_string = data + '|' + date + '|' + merchant_secret;
    var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
    return `hmac username="${merchant_key}", algorithm="${AUTH_TYPE}", headers="date", signature="${hash}"`;
}

Request body

Parameter Description Example
payuId
mandatory
String The unique PayU transaction identifier for which the refund is being initiated. 9999999900009081231239182
refundToken
mandatory
String Unique token identifier for the refund request. adij90
amount
mandatory
Number The refund amount to be processed. 2
refundDetails
optional
Object Additional details related to the refund request. {}
refundSplitRequest
optional
Object Information for split refund requests when applicable. null

Sample request

curl --location 'https://secure.payu.in/v2/refund/' \
--header 'Content-Type: application/json' \
--header 'date: Tue, 15 Jul 2025 08:47:13 GMT' \
--header 'Authorization: hmac username="KOEfPI", algorithm="sha512", headers="date", signature="33560cfbfe91d98dc4d395de8e212e9f9c8e8d88459c4ac2948962ad5e7ecdd0f23b695d4aacd1ac3a94bf912ece4f61fe9e0a8566b7b016c8a52fc1a0299d3c"' \
--header 'Cookie: PHPSESSID=pemnb8cccqkdqc0d4o0uh6mvg0' \
--data '{
    "payuId" : "9999999900009081231239182",
    "refundToken": "adij90",
    "amount": 2,
    "refundDetails": {},
    "refundSplitRequest": null
}'

Response parameters

ParameterDescriptionExample
statusIndicates success (1) or failure (0) of the refund request1
statusCodeNumeric code representing the status of the refund request102
messageDescriptive message about the status of the refund request"Refund request accepted"
payuIdUnique PayU transaction ID for which the refund was processed999091000003794
refundTokenUnique token identifying the refund request11358934598
requestIdUnique identifier for the refund request (if available)4993824108552
refundIdUnique identifier for the refund transaction (if successful)123456789
splitInfoContains details of refunds for split transactions (if applicable)See JSON example

Sample Response

Success Response

{
  "status": 1,
  "statusCode": 102,
  "message": "Refund request accepted",
  "refundId": "123456789"
}

Failure Response

{
  "status": 0,
  "errorcode": "4000",
  "message": "Refund request rejected"
}