FAQs

Question 1 : How to switch environment from testing to production in PayU SDK?

Ans : Please refer sample app.Please change value of env variable accordingly for testing or production, in MainActivity in sample app.

Please refer following code :

int env = PayuConstants.PRODUCTION_ENV; //for production
int env = PayuConstants.STAGING_ENV; //for testing

Question 2 : Why do we need so many hashes?

Ans : For security purpose, hash is mandatory.Whenever you talk to PayU server you need a hash.For every API there is a separate hash because all API are public.

For example, verify_payment API :

This web-service is used to reconcile the transaction with PayU. When we post back the final response to you (merchant), we provide a list of parameters (including the status of the transaction – For example, success, failed etc). On a few occasions, the transaction response is initiated from our end, but it doesn’t reach you due to network issues or user activity (like refreshing the browser etc).

This API is helpful to tackle such cases - where you can execute it to get the status of the transaction.Since you already have the txnID (Order ID generated at your end) value for such cases, you simply need to execute the verify_payment API with the necessary input parameters. The output would return you the transaction status and various other parameters also.Another usage of this API is to provide an additional layer of verification of the transaction (in addition to checksum). You can verify the status and other parameters received in the post response via this API.

Testing url for verify transaction :

https://mobiletest.payu.in/merchant/postservice?form=2

Production url for verify transaction:

https://info.payu.in/merchant/postservice.php?form=2

You need to generate hash from your server for verify transaction, logic is as below :

sha512(key|command|var1|salt)
(eg. hash = sha512(0MQaQP | verify_payment | 123455666677 |13p0PXZk))

Description of verify transaction API’s params :

key=YOUR KEY
command=verify_payment
salt= YOUR SALT
var1=YOUR TRANSACTION ID

You need to pass generated hash using above logic to post data which is being send to PayU server.

Post data you need to send to PayU server:

key=0MQaQP&hash=e43ede14c88c70e27f47001b4207aefda114e665fe054e1eeeaa7d2c1cda41449d04dae1b63074b13d48098d404dae4b31216214a557d39265d55a45249dba2e&command=verify_payment&var1=123455666677


key=0MQaQP(YOUR KEY)
hash=e43ede14c88c70e27f47001b4207aefda114e665fe054e1eeeaa
 7d2c1cda41449d04dae1b63074b13d48098d404dae4b31216214a55
7d39265d55a45249dba2e(generated using sha512(key|command|var1|salt) from your server)
command=verify_payment
var1=123455666677(YOUR TRANSACTION ID )

Post response via this API :

--- if Merchant transaction ID is missing

array('status' => 0, 'msg' => 'Parameter missing')

--- if Merchant transaction ID isn't found

array('status' => '1', 'msg' => 'Transaction Fetched Successfully', 

'transaction_details' => array('mihpayid' => 'Not Found', 'status' => 'Not Found'));

--- if successfully fetched

array('status' => '1',

'msg' => 'Transaction Fetched Successfully',

'transaction_details' =>array('mihpayid' => Transaction ID,

);

Question 3 : What are mandatory parameters for making payment?

Ans : Please refer page no. 8 in Integration Document ver2.5

Question 4 : Is there any class in SDK for card validation?

Ans : SDK is having a class named PayuUtils. Followings are its few methods

//to validate card number,it also take care of length validation, luan validation
Boolean validateCardNumber(String cardNumber) 


//returns the issuer type e.g., VISA, MAST, 
String getIssuer(String mCardNumber) 


// takes care of card number validation using luan algorithms, does not perform length validation
Boolean luhn(String cardNumber)



// takes care of cvv validation, e.g., AMEX -> 4 digit, SMAE -> no cvv, others -> 3 digits
validateCvv(String cardNumber, String cvv)



// to validate expiry date 
boolean validateExpiry(int expiryMonth, int expiryYear)

To use these methods you need object of PayuUtils class.

Question 5 : Does merchant need PCI/DSS certificate?

Ans : When merchant collects the customer card details on their own website/server and post them to PayU.The merchant must be PCI-DSS certified in this case. For further information on PCI-DSS certification please contact your Account Manager at PayU.

Question 6 : Why does SSL error come in case of SRUL/FRUL

Ans : If SURL/FURL is not https then SSL error occurs but it happens some time not always with case of http.

Question 7 : How the pg success be affected by One Tab functionality ?

Ans : One tap payment is providing benefits in various ways:

• low bounce rates
• Reduced cart abandonment ratio
• Less failure points
• Reduced human intervention, thus ensuring low failure due to customer errors (typos etc) Network errors

All these, clubbed together are going to improve the success rates of the PG considerably. The exact % will be known once it is widely used in the market, however since we observed with historical data that there are about 20-25% failure rates are due to above mentioned reasons, we are bound to reduce it.

Question 8 : Can merchant generate hash from PayU SDK ?

Ans : Yes, merchant can also generate hash from PayU SDK but it's not recommendable because in this case key and salt will be hard coded so any body can use key and salt for making payment and it's not secure.

Question 9 : Is there a tool to test hash generation?

Ans : Refer Hash generation Tool.

The merchant can check if he is calculating hash correctly by entering the same parameters in above tool and then test the hashes generated with the hashes he is getting from his code.

Question 10 : Why do we need to use surl and furl ?

Ans : When the transaction successes then the PayU posts the response to the Surl and if transaction get fail the PayU posts the response to the Furl provided in post params while making payment request.

Please refer Server Side Document for more details.

Question 11 : What is the session time-out period for the PayU gateway?That is,if I do not enter any details,confirm or cancel payment for a significant amount of time,will I get a session expired message?If yes, what is that time period and is it configurable?

Ans : PayU page will not get expire however the PayU id generated will get expired or bounced if customer does not anything after landing on the payment page after 3 hours. Also if after 3 hours if customer enters the card details, new PayUid will get generated and transaction will go through.

Question 12 : How to extract the payment failure reason from Android SDK?Is there any API which can provide failure reason for a particular transaction?-

Ans : There is no API which provide failure reason for a particular transaction.To see reason for transaction failure,use your merchant panel.

Question 13 : Does PayU accepts the following card types :

• Master
• Visa
• Maestro(both 19 & 16 Digit)
• Rupay
• Amex

Ans : Yes.

Question 14 : What is max character length for card number?

Ans : For Maestro 19, 16 otherwise.

Question 15 : What is max character length for CVV?

Ans : 4 is for Amex card holders, 3 otherwise.

Question 16 : Is there any documentation and sample app for hybrid application or phonegap?

Ans : Sorry, As of now, we do not have any documentation and plugin for Hybrid Application or Phonegap but we have the Sample App for the same.Please refer Phonegap Sample App

Question 17 : Is there any plugin to integrate PayU SDK for PhoneGap?

Ans : Yes, PayU provide sample app for Phonegap.But there is no plugin for integrating PayU SDK in your app.If anyone wants to use PayU Payment Gateway for hybrid app, can implement PayU APIs itself.Please refer Integration Document ver2.5 for PayU APIs.