This v2 API is used to delete an existing card stored on PayU Vault.
HTTP Method: DELETE
Environment
Request parameters
Authentication header
| Parameter | Description |
|---|---|
| date | The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT. |
| authorization | The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description table below. |
authorization fields description
| Parameter | Description |
|---|---|
| username | Represents the username or identifier for the client or merchant, in this case, it's "smsplus". |
| algorithm | Use SHA512 algorithm for hashing and send this as header value. |
| headers | Specifies which headers have been used in generating the hash. In this case, only the "date" header is used. |
| signature | The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to hashing algorithm. |
hashing algorithm
You must hash the request parameters using the following hash logic:
sha512(<Body data> + '|' + date + '|' + merchant_secret}Where, <Body data> contains the request Body posted with the request.
Sample authorization header code
var merchant_key = pm.environment.get('merchantKey') || 'PRiQvJ';
var merchant_secret = pm.environment.get('merchantSalt') || 'mGHSxpD2iBVywParGQrGBlaXjnwkGJMQ';
// Generate current date in RFC 1123 format
var date = new Date().toUTCString();
// Get request body data (empty for GET/DELETE)
var data = "";
if (pm.request.method === "POST" && pm.request.body && pm.request.body.raw) {
data = pm.request.body.raw;
}
// Generate authorization header
var hash_string = data + '|' + date + '|' + merchant_secret;
var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
var authorization = 'hmac username="' + merchant_key + '", algorithm="sha512", headers="date", signature="' + hash + '"';
// Set environment variables
pm.environment.set('date', date);
pm.environment.set('authorization', authorization);Query parameters
| Parameter | Description | Example |
|---|---|---|
userCredentialmandatory | String User authentication credential in the format username:userid. | testuser:testuser123 |
cardTokenmandatory | String Card token of the saved card. | |
networkTokenoptional | String Network issuer token. | |
issuerToken optional | String Issuer token. | |
bankType optional | String The bank type of card. It can be any of the following: Credit, Debit, or Prepaid. | Credit |
Header parameters
| Parameter | Description |
|---|---|
datemandatory | The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT. |
Body parameters
No body parameters for this API
Sample request
curl --location --request DELETE 'https://apitest.payu.in/storecard/card/v1?userCredential=sms%3A123&cardToken=2d1e569bf1f6b150a32f70' \
--header 'date: Fri, 24 Apr 2026 07:05:59 GMT' \
--header 'authorization: hmac username="PRiQvJ", algorithm="sha512", headers="date", signature="30d8f518edda5b0962c35c0057024cabb6e7f19727488cb1874e75652bcea7499811dbf3ddac419c50c2fe56a8e032129bb0d6eaeaa3f971b3c2b5ccbfd12aa3"' \
--header 'Cookie: PHPSESSID=krida5voc39gqosfud8tt6n8as'Sample Response
-
On successful deletion
{ "message": "testAll card deleted successfully", "status": 1 } -
On failure of deletion
{ "message": "cardToken is invalid", "status": 0 }