Hash generation

Hash is a crucial parameter -- used specifically to avoid any tampering during the transaction.

This is the simplest way of calculating the hash value. Here, please make sure that the api_version parameter is NOT POSTED from your end.

For hash calculation, you need to generate a string using certain parameters and apply the sha512 algorithm on this string. Please note that you have to use pipe (|) character in between these parameters as mentioned below. The parameter order is mentioned below:

           sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)

All these parameters (and their descriptions) have already been mentioned earlier in this table. Here, SALT (to be provided by PayU), key, txnid, amount, productinfo, firstname, email are mandatory parameters and hence can't be empty in hash calculation above. But, udf1-udf5 are optional and hence you need to calculate the hash based upon the fact that whether you are posting a particular udf or not. For example, if you are NOT posting udf1. Then, in the hash calculation, udf1 field will be left empty. Following examples will clarify various scenarios of hash calculation:

Case 1: If all the udf parameters (udf1-udf5) are posted by the merchant. Then,

      hash=sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)

Case 2: If only some of the udf parameters are posted and others are not. For example, if udf2 and udf4 are posted and udf1, udf3, udf5 are not. Then,

            hash=sha512(key|txnid|amount|productinfo|firstname|email||udf2||udf4|||||||SALT)

Case 3: If NONE of the udf parameters (udf1-udf5) are posted. Then,

            hash=sha512(key|txnid|amount|productinfo|firstname|email|||||||||||SALT)

Example: If key=C0Dr8m, txnid=12345, amount=10, productinfo=Shopping, firstname=Test, email=test@test.com, udf2=abc, udf4=15, SALT=3sf0jURk and udf1, udf3, udf5 are not posted. Then, hash would be calculated as Case 2 above:

            sha512(C0Dr8m|12345|10|Shopping|Test|test@test.com||abc||15|||||||3sf0jURk)

(This value comes out to be ffcdbf04fa5beefdcc2dd476c18bc410f02b3968e7f4f54e8f4 3f1e1a310bb32e3b4dec9305232bb89db5b1d0c00 9a53bcace6f4bd8ec2f695baf3d43ba730ce)

IMPORTANT: For details related to hash at the time of post back from PayU to the merchant, please refer to later section. This is also absolutely mandatory to avoid any tampering.

Examples on Hash calculation

Formula for hash (checksum) before transaction:

Explained above.

Formula for hash (checksum) after transaction:

This time the variables are in reverse order and status variable is added between salt and udf1.

  sha512(SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key)

It is absolutely mandatory that the hash (or checksum) is computed again after you receive response from PayU and compare it with post back parameters below. This will protect you from any tampering by the user and help in ensuring safe and secure transaction experience.

Hash (Checksum) Algorithm Example codes The Checksum algorithm used is SHA512 which is globally well known algorithm. To need help with implementation, feel free to call us, mail us or use Google to find the desired function library for your implementation. Some example codes are also mentioned below:

For PHP Example code:

$output = hash ("sha512", $text); For .NET Link:https://msdn.microsoft.com/en- us/library/system.security.cryptography.sha512.aspx

Example code:

                    byte[] data = new byte[DATA_SIZE]; 
                    byte[] result; 
                    SHA512 shaM = new SHA512Managed(); 
                    result = shaM.ComputeHash(data);

For JSP Example code:

                        import java.io.FileInputStream;
                        import java.security.MessageDigest;
                        public class SHACheckSumExample { 
                            public static void main(String[] args)throws Exception {
                                MessageDigest md = MessageDigest.getInstance("SHA-512");
                                FileInputStream fis = new FileInputStream("c:\\loging.log");
                                byte[] dataBytes = new byte[1024];
                                int nread = 0;
                                while ((nread = fis.read(dataBytes)) != -1) {
                                    md.update(dataBytes, 0, nread);
                                }; 
                                byte[] mdbytes = md.digest();
                                //convert the byte to hex format method 
                                StringBuffer sb = new StringBuffer(); 
                                for (int i = 0; i < mdbytes.length; i++) {
                                    sb.append(Integer.toString((mdbytes[i] & 0xff) + 0x100, 16).substring(1));
                                } 
                                System.out.println("Hex format : " + sb.toString()); 
                                //convert the byte to hex format method 2 
                                StringBuffer hexString = new StringBuffer();
                                for (int i=0;i<mdbytes.length;i++) 
                                    hexString.append(Integer.toHexString(0xFF & mdbytes[i])); 
                            } 
                            System.out.println("Hex format : " + hexString.toString()); 
                        }