The v2 Save Card API is used for saving a card to the vault. After successfully storing a card, it returns the cardToken. This is Save

HTTP Method: POST

Environment


Production Environment	https://info.payu.in/storecard/card/v1
Test Environment	https://test.payu.in/storecard/card/v1

Request Parameters

Authentication header

Parameter	Description
date	The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.
authorization	The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to authorization fields description table below.

authorization fields description

Parameter	Description
username	Represents the username or identifier for the client or merchant, in this case, it's "smsplus".
algorithm	Use SHA512 algorithm for hashing and send this as header value.
headers	Specifies which headers have been used in generating the hash. In this case, only the "date" header is used.
signature	The actual HMAC signature generated using the specified algorithm (sha512) and includes the hashed data. For more information, refer to hashing algorithm.

hashing algorithm

You must hash the request parameters using the following hash logic:

sha512(<Body data> + '|' + date + '|' + merchant_secret}

Where, <Body data> contains the request Body posted with the request.

Sample authorization header code

var merchant_key = 'smsplus';
var merchant_secret = 'izF09TlpX4ZOwmf9MvXijwYsBPUmxYHD';

// date
var date = new Date();
// var date = "Wed, 28 Jun 2023 11:25:19 GMT";
date = date.toUTCString();

// authorization
var authorization = getAuthHeader(date);
console.log(authorization);

function getAuthHeader(date) {
var AUTH_TYPE = 'sha512';
var data = isEmpty(request['data'])?"":request['data'];
var hash_string = data + '|' + date + '|' + merchant_secret;
console.log("Hash String is ", hash_string);
var hash = CryptoJS.SHA512(hash_string).toString(CryptoJS.enc.Hex);
var authHeader = 'hmac username="' + merchant_key + '", ' + 'algorithm="' + AUTH_TYPE + '", headers="date", signature="' + hash + '"'
return authHeader;
}

pm.environment.set('date', date);
pm.environment.set('authorization', authorization);
pm.environment.set('merchant_key',merchant_key);
pm.environment.set('merchant_secret',merchant_secret);

function isEmpty(obj) {
for(var key in obj) {
if(obj.hasOwnProperty(key))
return false;
}
return true;
}

Header parameters

Parameter	Description
date `mandatory`	The current date and time. For example, format of the date is Wed, 28 Jun 2023 11:25:19 GMT.

Body parameters

Parameter	Reference	Example
userCredential `mandatory`	`String` The user credentials are posted in this parameter in the following format: MerchantKey:UserId	JP***G:abc
cardLabel `mandatory`	`String` The nickname of the card is specified in this parameter.	My_card
cardType `mandatory`	`String` The card mode is specified in this parameter. For more information on card mode codes, refer to Card Type Codes and Supported Banks for Cards.	CC
cardType `mandatory`	`String` The card type of the card is specified in this parameter. For more information on card type codes, refer to Card Type Codes and Supported Banks for Cards	AMEX
nameOnCard `mandatory`	`String` The name on the card is specified in this parameter.	Ashish
cardNo `mandatory`	`String` The card number is specified in this parameter. For the test cards to do mock API calls, refer to Test Cards, UPI ID and Wallets.
cardExpiryMonth `mandatory`	`String` The card expiry month is specified in this parameter.	9
cardExpiryYear `mandatory`	`String` The card expiry year is specified in this parameter.	2021
authRefNumber `mandatory for Rupay and AMEX cards`	`String` This parameter can be any of the following based on the Rupay or AMEX card used: • The authorization reference number received during authorization call of Rupay card transactions. • The AEVV received during authorization call of Amex card transactions. Notes: • This parameter is mandatory for Rupay cards. Authentication reference number will be sent by the PG in the authorization response. Currently, this check is skipped by Rupay. • This parameter is mandatory for AMEX cards. American Express Verification Value will be sent by the PG in the authorization response.	6381242223626382106105

Sample request

curl --location 'https://test.payu.in/storecard/card/v1)' \
  --header 'authorization: {{authorization}}' \
  --header 'date: {{date}}'
  --data '{
    "userCredential":"sms:123",
    "cardName":"testAll",
    "cardMode":"CC",
    "cardType":"CC",
    "nameOnCard":"test",
    "cardNo":"4761360079851258",
    "cardExpiryMonth":12,
    "cardExpiryYear":2025,
    "authRefNumber":"asd"
}'

Sample response

Success scenario

{
  "message": "Card Stored Successfully.",
  "status": 1,
  "result": {
    "cardToken": "18cc810671348c3d3241",
    "cardNo": "XXXXXXXXXXXX1258",
    "cardName": "testAll",
    "networkToken": "4761360000000009"
  }
}

Success scenarios for various cards

VISA

{
status: 1,
msg: "Card Stored Successfully.",
"result": {
   "cardToken": "917757449926e57ff2662",
   "cardNo": "XXXXXXXXXXXX1165",
   "cardLabel": "My_card",
   "networkToken": "44173XXX1000XXX1",
   "issuerToken": "QQ3LkzgZOnEjY428"
  }
}

Mastercard

{
  "status": 1,
  "msg": "Card Stored Successfully.",
  "result": {
    "cardToken": "917e296b5b6da5d20fbfb",
    "cardNo": "XXXXXXXXXXXX2346",
    "cardLabel": "Test_Card",
    "networkToken": "3117328711111210",
    "issuerToken": "AQ3LkzgBNyEjY213"
  }
}

American Express

{
  "status": 1,
  "msg": "Card Stored Successfully.",
  "result": {
    "cardToken": "917e29XXX6da5XXCbfb",
    "cardNo": "XXXXXXXXXXX1002",
    "cardLabel": "AMEX_Card",
    "networkToken": "51273287XXX61215",
    "issuerToken": "Va3RaqBNyPnY673"
  }
}

Rupay

{
  "status": 1,
  "msg": "Card Stored Successfully.",
  "result": {
    "cardToken": "91XXX96b5b6da5dXXXbfb",
    "cardNo": "XXXXXXXXXXXX0001",
    "cardLabel": "Rupay_Card",
    "networkToken": "712XXX870976XX2",
    "issuerToken": "Ya4HawKgbLmr312"
  }
}

Diners

{
  "status": 1,
  "msg": "Card Stored Successfully.",
  "result": {
    "cardToken": "91XXX296b5b6da5XXXbfb",
    "cardNo": "XXXXXXXXXXXX0009",
    "cardLabel": "Diner_Card",
    "networkToken": "8koNXXXC1bT0Hv5a",
    "issuerToken": "LQ3QkzXXXnEjY428"
  }
}

Failure scenario

If card Number is invalid

{
"status": 0
"msg": CardNumber is invalid
}

Response parameters for Save a Card API

The following table describes the parameters in the response:

📘
Note: For every successful payment transactions, PayU returns the mihpayuid and cardToken parameters to the merchants, but networkToken and issuer_token are returned only if you are PCI-DSS compliant.

Parameter	Description	Example
message	The description of the response whether the card details were stored successfully or not stored.	Card Stored Successfully.
status	The status of the response can be any of the following: • 1: Success • 0: Failure	1
result	This contains the token details in a JSON format. For more information, refer to result JSON fields description.

result JSON fields description

Parameter	Description	Example
cardToken	The cardToken is sent by PayU for the successful response.	18_1067_8c3d3241
cardNo	The redacted card number with last four digits that was saved.	XXXXXXXXXXXX1258
cardName	The name on card that was saved.	testAll
network_token	The network token is returned in this parameter.	`1234 5* 9* 3456`
issuer_token	The parameter contains the issuer token that is returned by issuer.	`3456 7* A* EFGH`

EXAMPLE QUESTIONS