Server Side

Generating Hash

  • What is Hash?
    Every transaction (payment or non-payment) needs a hash by the merchant before sending the transaction details to PayU. This is required for PayU to validate the authenticity of the transaction. This should be done on your server.

  • Payment Hash

          sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||salt)
    • Webservice Hash - sample

            sha512(key|command|var1|salt) 

    Note: Please refer the web integration document 2.5 for more details

Return Url - (SURL / FURL)

  • Return URL is where PayU redirects the user after the transaction is completed. PayU sends the data related to transactions while redirecting so that you can check the status of the transaction.

  • How to create surl/furl page?
    The surl/furl page is hosted on your server to communicate back to client application when the transaction is completed. You may check the status of the transaction and take actions accordingly. Inside mobile applications, it is important that the user is redirected back to app whenever a transaction is completed. After the transaction is complete, Payu posts the response to the surl / furl.

  • Sample code (For Android):

  • Sample code (For iOS):

Response (comes with surl/furl)

Sample success response

Array
(
    [mihpayid] => 316717697
    [mode] => CC
    [status] => success
    [unmappedstatus] => captured
    [key] => smsplus
    [txnid] => 74e9a70d171df41f7c6a
    [amount] => 2.00
    [cardCategory] => domestic
    [discount] => 0.00
    [net_amount_debit] => 2
    [addedon] => 2015-04-13 18:10:58
    [productinfo] => Product Info
    [firstname] => Payu-Admin
    [lastname] => 
    [address1] => 
    [address2] => 
    [city] => 
    [state] => 
    [country] => 
    [zipcode] => 
    [email] => test@example.com
    [phone] => 1234567890
    [udf1] => 
    [udf2] => 
    [udf3] => 
    [udf4] => 
    [udf5] => 
    [udf6] => 
    [udf7] => 
    [udf8] => 
    [udf9] => 
    [udf10] => 
    [hash] => 0e92de4a135724da69011f0b39093c20431fe07d1f17f6ca3baa7fdcf4b0e5af333e4fb49a52544e65a110dfa4db2f27cff5d587bdafa67ef3baafc2f8928e46
    [field1] => 510370167829
    [field2] => 047751
    [field3] => 4602057101851030
    [field4] => 4602057101851030
    [field5] => 
    [field6] => 
    [field7] => 
    [field8] => 
    [field9] => SUCCESS
    [payment_source] => payu
    [PG_TYPE] => HDFCPG
    [bank_ref_num] => 4602057101851030
    [bankcode] => CC
    [error] => E000
    [error_Message] => No Error
    [name_on_card] => benjamin franklin
    [cardnum] => 438628XXXXXX2452
    [cardhash] => This field is no longer supported in postback params.
}  

Note: The possible error codes and messages Transaction Error Code.pdf

Post-Transaction hash sequence:

Merchant needs to form the below hash sequence and verify it with the hash sent by PayU in the Post Response:

sha512(additionalCharges|SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key) 

Where, additionalCharges value must be same as the value Posted from PayU to the merchant in the response.

IMPORTANT: This hash value must be compared with the hash value posted by PayU to the merchant. If both match, then only the order should be processed. If they don’t match, then the transaction has been tampered with by the user and hence should not be processed further.