Hosted Checkout

Hosted payments lets you hand over the control of the entire checkout process to Razorpay thereby providing a seamless checkout experience to your customers. As the payment information entered by the customers is securely stored with Razorpay, you do not have to worry about implementing the PCI compliance requirements at your end.

How it Works#

Unlike the standard implementation of checkout where customers enter their payment details on a pop-up modal, hosted payments securely redirects customers to a Checkout page hosted at Razorpay. The payment details submitted by the customer in the Checkout form are sent to our server. Payments, from thereon, follow the usual payment flow.

Steps to Integrate with Razorpay Hosted Checkout#

Prerequisites#

Understand the payment flow process.
Create a Razorpay Account
Generate Test API Keys

Steps

Post-integration, you can:

Configure the webhook
Make a Test payment
Replace Test Key with Live Key and start accepting payments from your customers
Integrate with APIs for further actions

Step 1 - Create an Order in your Server-side#

Orders API helps to:

Prevent multiple payments by binding a single successful payment to an order.
Auto capture payments immediately after authorization.

Here is the list of attributes for creating the order:

amount mandatory: integer The transaction amount, expressed in the currency subunit, such as paise (in case of INR). For example, for an actual amount of ₹299.35, the value of this field should be 29935.
currency mandatory: string The currency in which the transaction should be made. See the list of supported currencies. Default is INR.
receipt optional: string Your receipt id for this order should be passed here. Maximum length 40 characters.
payment_capture optional: boolean Set to 1 to automatically capture the payment. Set to 0 to capture payments manually using the API or Dashboard. Learn about capturing payments.
notes optional: JSON object Object consisting of key value pairs as notes.
You can read more about Notes in the API documentation.

Sample Code#

The following is a sample API request and response for creating an order:

 cURL Java Python PHP dotnet Ruby Node.JS Response
Copycurl  -X POST https://api.razorpay.com/v1/orders
-H 'content-type:application/json'
-d '{
    "amount": 50000,
    "currency": "INR",
    "receipt": "rcptid_11",
    "payment_capture": 1
}'
Copytry {
  JSONObject orderRequest = new JSONObject();
  orderRequest.put("amount", 50000); // amount in the smallest currency unit
  orderRequest.put("currency", "INR");
  orderRequest.put("receipt", "order_rcptid_11");
  orderRequest.put("payment_capture", false);

  Order order = razorpay.Orders.create(orderRequest);
} catch (RazorpayException e) {
  // Handle Exception
  System.out.println(e.getMessage());
}
Copyorder_amount = 50000
order_currency = 'INR'
order_receipt = 'order_rcptid_11'
notes = {'Shipping address': 'Bommanahalli, Bangalore'}   # OPTIONAL

client.order.create(amount=order_amount, currency=order_currency, receipt=order_receipt, notes=notes, payment_capture='0')
Copy$order  = $client->order->create([
  'receipt'         => 'order_rcptid_11',
  'amount'          => 50000, // amount in the smallest currency unit
  'currency'        => 'INR',// <a href="https://razorpay.freshdesk.com/support/solutions/articles/11000065530-what-currencies-does-razorpay-support" target="_blank">See the list of supported currencies</a>.)
  'payment_capture' =>  '0'
]);
CopyDictionary<string, object> options = new Dictionary<string,object>();
options.Add("amount", 50000); // amount in the smallest currency unit
options.add("receipt", "order_rcptid_11");
options.add("currency", "INR");
options.add("payment_capture", "0");
Order order = client.Order.Create(options);
Copyoptions = amount: 50000, currency: 'INR', receipt: '<order_rcptid_11>', payment_capture: '0'
order = Razorpay::Order.create
Copyvar options = {
  amount: 50000,  // amount in the smallest currency unit
  currency: "INR",
  receipt: "order_rcptid_11",
  payment_capture: '0'
};
instance.orders.create(options, function(err, order) {
  console.log(order);
});
Copy{
    "id": "order_DBJOWzybf0sJbb",
    "entity": "order",
    "amount": 50000,
    "amount_paid": 0,
    "amount_due": 50000,
    "currency": "INR",
    "receipt": "rcptid_11",
    "status": "created",
    "attempts": 0,
    "notes": [],
    "created_at": 1566986570
}

A successful creation of the Order returns an id (referred to the order_id) that should be stored against the Order defined in your system.

Step 2 - Paste Hosted Checkout Options#

The Checkout options are sent as form-data to the following URL in a POST request.

https://api.razorpay.com/v1/checkout/embedded

Checkout Options#

key_id mandatory

string Enter <YOUR_Key_ID> generated from the Dashboard.

name mandatory

string The business name to be shown in the checkout form.

descriptionoptional

string Description of the item purchased shown in the checkout form.

image optional

string URL of the logo that must appear on the checkout form. It is recommended to add the logo using the Razorpay Dashboard.

order_id mandatory

string Unique identifier of the Order, created using the Orders API.

amount mandatory

integer Enter the amount to charge the customer, in currency subunits. For example, if charging the customer INR 200, enter 20000.

currency mandatory

string Enter the currency to be used in the payment. Ensure that currency of the payment matches the Order currency. Defaults to INR. We support more than 90 currencies.

method optional

string Use this parameter to show a specific payment method in Checkout. Possible values:

card
netbanking
wallet
emi
upi

prefill

The fields that can be pre-populated in the Checkout form.

name optional: string Name of the card holder.
email mandatory: string Email address of the customer.
contact mandatory: string Customer's phone number.

notesoptional

jSON object An additional set of fields that you want to associate with the payment. You can add "shipping address", "alternate contact" in the Notes field. Refer API section on Notes for more information.

[Shipping address]: string 106, Razorpay, Bangalore
[Alternate contact]: string 9999999999

Note:
You can add upto 15 fields (key-value pairs) in the Notes parameters

callback_url mandatory

string Page to which the customers are redirected to after a successful payment. razorpay_payment_id, razorpay_order_id and razorpay_signature are sent as form-data through a POST request to the callback_url.

Tip:
You can also utilize Razorpay Webhooks to get notified of different events such as payment authorization or payment failure. Learn how to enable webhooks from your Dashboard.

cancel_urloptional

string The URL customers are redirected to after the cancellation of a payment.

The sample code is given below:

 Example Checkout Script
Copy<form method="POST" action="https://api.razorpay.com/v1/checkout/embedded">
  <input type="hidden" name="key_id" value="YOUR_KEY_ID">
  <input type="hidden" name="order_id" value="razorpay_order_id">
  <input type="hidden" name="name" value="Acme Corp">
  <input type="hidden" name="description" value="A Wild Sheep Chase">
  <input type="hidden" name="image" value="https://cdn.razorpay.com/logos/BUVwvgaqVByGp2_large.png">
  <input type="hidden" name="prefill[name]" value="Gaurav Kumar">
  <input type="hidden" name="prefill[contact]" value="9123456780">
  <input type="hidden" name="prefill[email]" value="gaurav.kumar@example.com">
  <input type="hidden" name="notes[shipping address]" value="L-16, The Business Centre, 61 Wellfield Road, New Delhi - 110001">
  <input type="hidden" name="callback_url" value="https://example.com/payment-callback">
<input type="hidden" name="cancel_url" value="https://example.com/payment-cancel">
  <button>Submit</button>
</form>

Once payment is successful, the response parameters razorpay_payment_id, razorpay_order_id and razorpay_signature are sent as form-data as a POST request to the callback_url. You can consume this response to verify the payment signature as mentioned in Step 5.

Customer Cancels the Transaction:
If your customer cancels the transaction, a GET redirect request is made to the cancel_url.

Step 3 - Store fields in Database#

A successful payment for the Order returns razorpay_order_id, razorpay_payment_id and razorpay_signature, which is then used for payment verification. Make arrangements to store these objects from Razorpay in your database:

razorpay_order_id: string Order ID returned by Razorpay Orders API.
razorpay_payment_id: string Returned by Razorpay API only for successful payments.
razorpay_signature: string A hexadecimal string used for verifying the payment.

Note:
In your system, let us say, unique identifier for an Order is transaction_id or checkout_id. This is not the order_id returned by Razorpay.

Step 4 - Pass Order ID to Checkout#

The razorpay_order_id, returned on successful creation of the order, should be sent to the Checkout form. Additionally, you need to send an extra key-value pair as shown:

Copy{
  "amount": "1000",
   // and other options


  "order_id": "order_CuEzONfnOI86Ab" // Order ID generated using Orders API
}

A successful payment for the Order returns razorpay_order_id, razorpay_payment_id and razorpay_signature, which is then used for payment verification.

Step 5 - Verify the Signature#

Signature verification is a mandatory step to ensure that the callback is sent by Razorpay and the payment is received from an authentic source.

Once the payment is completed by the customer, a POST request is sent to the action url or the callback_url provided in the Checkout or the payment request. The data contained in this request will depend on whether the payment was a success or a failure.

 Success Callback
Copy{
  "razorpay_payment_id": "pay_29QQoUBi66xm2f",
  "razorpay_order_id": "order_9A33XWu170gUtm",
  "razorpay_signature": "9ef4dffbfd84f1318f6739a3ce19f9d85851857ae648f114332d8401e0949a3d"
}

In failed payments, the callback will contain the errors returned by Razorpay.

Generate a Signature#

The razorpay_signature, returned to you by the Checkout form on successful payment, can be regenerated by your system and verified as follows:

Create a string to be hashed using the following attributes:
- razorpay_payment_id - Returned by Checkout
- razorpay_order_id - Returned by Checkout
- key_secret - Available in your server.
  The key_secret that was generated from the Dashboard.
Use the SHA256 algorithm and razorpay_payment_id,razorpay_order_idto construct a HMAC hex digest as shown below:

Copygenerated_signature = hmac_sha256(razorpay_order_id + "|" + razorpay_payment_id, secret);

  if (generated_signature == razorpay_signature) {
    payment is successful
  }

 Java Python Ruby PHP
Copy/**
* This class defines common routines for generating
* authentication signatures for Razorpay Webhook requests.
*/
public class Signature
{
    private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";


    /**
    * Computes RFC 2104-compliant HMAC signature.
    * * @param data
    * The data to be signed.
    * @param key
    * The signing key.
    * @return
    * The Base64-encoded RFC 2104-compliant HMAC signature.
    * @throws
    * java.security.SignatureException when signature generation fails
    */
    public static String calculateRFC2104HMAC(String data, String secret)
    throws java.security.SignatureException
    {
        String result;
        try {

            // get an hmac_sha256 key from the raw secret bytes
            SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes(), HMAC_SHA256_ALGORITHM);

            // get an hmac_sha256 Mac instance and initialize with the signing key
            Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
            mac.init(signingKey);

            // compute the hmac on input data bytes
            byte[] rawHmac = mac.doFinal(data.getBytes());

            // base64-encode the hmac
            result = DatatypeConverter.printHexBinary(rawHmac).toLowerCase();

        } catch (Exception e) {
            throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
        }
        return result;
    }
}

Copyimport razorpay
client = razorpay.Client(auth = ("<YOUR_KEY_ID>", "<YOUR_KEY_SECRET>"))
params_dict = { // params
    'razorpay_order_id': '12122', //
    'razorpay_payment_id': '332’,
    'razorpay_signature': '23233'
}
client.utility.verify_payment_signature(params_dict) // This is the method


Copy  require 'razorpay'
 Razorpay.setup('key_id', 'key_secret')
 payment_response = {
  ‘ razorpay_order_id’: ‘12122’,
   ‘razorpay_payment_id’: ‘332’,
   ‘razorpay_signature’: ‘23233’
 }

 Razorpay::Utility.verify_payment_signature(payment_response)

Copyuse Razorpay\Api\Api;
$api = new Api($api_key, $api_secret);
$attrbutes  = array(‘razorpay_signature’  => ‘23233’,  ‘razorpay_payment_id’  => ‘332’ ,  ‘razorpay_order_id’ => ‘12122’);
$order  = $api->utility->verifyPaymentSignature($attributes)

Post Signature Verification#

After verifying the signature, fetch the order in your system that corresponds to razorpay_order_id in your database. You can now mark this fetched order as successful and process the order.

Test the Integration#

Now that the integration is complete, you must ensure that your integration works as expected. You can make a test transaction using the test cards, verify the payment status from Dashboard, APIs or subscribe to related Webhook events to take appropriate actions at your end. After testing the integration in test mode, you can start accepting payments from your customers in real-time.

Test Payments#

You can make test payments using any of the payment methods configured on the Checkout. No money is deducted from the customer's account as this is a simulated transaction. In the Checkout code, ensure that you have entered the API keys generated in the test mode.

Test Cards#

You can use any of the test cards to make transactions in the test mode. Use any valid expiration date in the future and any random CVV to create a successful payment.

Card Network	Domestic / International	Card Number
Mastercard	Domestic	5104 0155 5555 5558 5104 0600 0000 0008
Visa	Domestic	4111 1111 1111 1111
Mastercard	International	5555 5555 5555 4444 5105 1051 0510 5100
Visa	International	4012 8888 8888 1881 4000 1841 8621 8826

Verify the Payment Status#

You can track the status of the payment from the Dashboard or subscribe to the Webhook event or poll our APIs.

From the Dashboard#

Login to your Dashboard and navigate to Transactions → Payments.
Look if a payment_ID has been generated. If no payment_ID has been generated, it means that the transaction has failed.

Subscribe to Webhook events#

You can subscribe to a Webhook event that is generated when a certain event happen in our server. When one of those events is triggered, Razorpay will send the request paylaod to the configured URL on your server.

Learn how to setup Webhooks.

When the customer has made sucessful payment on the Checkout, payment.authorized event is created in Razorpay.

Poll APIs#

You can retrieve the status of the payments by polling our Payment APIs.

Accept Live Payments#

After testing the flow of funds end-to-end in test mode, you are now ready to take your integration live. Once you are confident that the integration is working fine, you can switch to the live mode and start accepting payments from customers. But first you need to swap the test API keys with the live keys.

To generate API key in live mode:

Login to Dashboard and switch to Live mode on the menu.
Navigate to Settings → API Keys → Generate Key to generate API key for live mode.
Download the keys and save it securely.

Replace the test API key with the Live Key in the Checkout code and start accepting real-time payments.

Related Information#

Now that you are done with the integration, you might find the following information useful:

Payment Methods