API ReferenceIntegrationsKnowledge Base

Web Integration - Razorpay Hosted Checkout

Hosted payments lets you hand over the control of the entire checkout process to Razorpay. As the payment information entered by the customers is securely stored with Razorpay, you do not have to worry about implementing the PCI compliance requirements at your end.

How it Works🔗

Unlike the standard implementation of checkout where customers enter their payment details on a pop-up modal, hosted payments securely redirects customers to a Checkout page hosted at Razorpay. The payment details submitted by the customer in the Checkout form are sent to our server. Payments, from thereon, follow the usual payment flow.

Integration Steps🔗

  1. Create an Order from your Server.
  2. Pass Order ID and Checkout options to the Checkout.
  3. Store Fields in your Server.
  4. Verify the Signature.

Step 1: Create an Order from your Server🔗

The following is a sample API request and response for creating an order:

Copycurl -X POST https://api.razorpay.com/v1/orders -u <YOUR_KEY_ID>:<YOUR_SECRET> -H 'content-type:application/json' -d '{ "amount": 50000, "currency": "INR", "receipt": "rcptid_11" }'
Copytry { JSONObject orderRequest = new JSONObject(); orderRequest.put("amount", 50000); // amount in the smallest currency unit orderRequest.put("currency", "INR"); orderRequest.put("receipt", "order_rcptid_11"); Order order = razorpay.Orders.create(orderRequest); } catch (RazorpayException e) { // Handle Exception System.out.println(e.getMessage()); }
Copyimport razorpay client = razorpay.Client(auth=("api_key", "api_secret")) DATA = { "amount": 100, "currency": "INR", "receipt": "receipt#1", "notes": { "key1": "value3", "key2": "value2" } } client.order.create(data=DATA)
Copy$api->order->create(array('receipt' => '123', 'amount' => 100, 'currency' => 'INR', 'notes'=> array('key1'=> 'value3','key2'=> 'value2')));
CopyDictionary<string, object> options = new Dictionary<string,object>(); options.Add("amount", 50000); // amount in the smallest currency unit options.add("receipt", "order_rcptid_11"); options.add("currency", "INR"); Order order = client.Order.Create(options);
Copyoptions = amount: 50000, currency: 'INR', receipt: '<order_rcptid_11>' order = Razorpay::Order.create
Copyinstance.orders.create({ amount: 50000, currency: "INR", receipt: "receipt#1", notes: { key1: "value3", key2: "value2" } })
Copy{ "id": "order_DBJOWzybf0sJbb", "entity": "order", "amount": 50000, "amount_paid": 0, "amount_due": 50000, "currency": "INR", "receipt": "rcptid_11", "status": "created", "attempts": 0, "notes": [], "created_at": 1566986570 }

Request Parameters

Here is the list of parameters for creating an order:

amount mandatory
integer The transaction amount, expressed in the currency subunit, such as paise (in case of INR). For example, for an actual amount of ₹299.35, the value of this field should be 29935.
currency mandatory
string The currency in which the transaction should be made. See the list of supported currencies. Length must be of 3 characters.
receipt optional
string Your receipt id for this order should be passed here. Maximum length 40 characters.
notes optional
json object Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.
partial_payment optional
boolean Indicates whether the customer can make a partial payment. Possible values:
  • true: The customer can make partial payments.
  • false (default): The customer cannot make partial payments.

Step 2: Pass Payment Options to Hosted Checkout🔗

The Checkout options are sent as form-data to the following URL in a POST request.

https://api.razorpay.com/v1/checkout/embedded

The sample code is given below:

Copy<form method="POST" action="https://api.razorpay.com/v1/checkout/embedded"> <input type="hidden" name="key_id" value="YOUR_KEY_ID"> <input type="hidden" name="amount" value=1001> <input type="hidden" name="order_id" value="razorpay_order_id"> <input type="hidden" name="name" value="Acme Corp"> <input type="hidden" name="description" value="A Wild Sheep Chase"> <input type="hidden" name="image" value="https://cdn.razorpay.com/logos/BUVwvgaqVByGp2_large.png"> <input type="hidden" name="prefill[name]" value="Gaurav Kumar"> <input type="hidden" name="prefill[contact]" value="9123456780"> <input type="hidden" name="prefill[email]" value="gaurav.kumar@example.com"> <input type="hidden" name="notes[shipping address]" value="L-16, The Business Centre, 61 Wellfield Road, New Delhi - 110001"> <input type="hidden" name="callback_url" value="https://example.com/payment-callback"> <input type="hidden" name="cancel_url" value="https://example.com/payment-cancel"> <button>Submit</button> </form>

Read more: List of checkout options available.

  • For every successful payment, razorpay_payment_id, razorpay_order_id and razorpay_signature are submitted via a POST request to the callback_url passed in payment options.
  • If your customer cancels the transaction or clicks the back button, they are redirected to the cancel_url via a GET request.
  • If the payment fails, a POST request is made to the callback_url, with the error fields as payload.

Read more: List of checkout options available.

Step 3: Store Fields in your Server🔗

A successful payment returns the following fields to the Checkout Form.

  • You need to store these fields on your server.
  • You can confirm the authenticity of these details by verifying the signature in the next step.
Copy{ "razorpay_payment_id": "pay_29QQoUBi66xm2f", "razorpay_order_id": "order_9A33XWu170gUtm", "razorpay_signature": "9ef4dffbfd84f1318f6739a3ce19f9d85851857ae648f114332d8401e0949a3d" }
razorpay_payment_id
string Unique identifier for the payment returned by Checkout only for successful payments.
razorpay_order_id
string Unique identifier for the order returned by Checkout.
razorpay_signature
string Signature returned by the Checkout. This is used to verify the payment.

Step 4: Verify the Signature🔗

This is a mandatory step to confirm the authenticity of the details returned to the Checkout form for successful payments.

To verify the razorpay_signature returned to you by the Checkout form:

  1. Create a signature in your server using the following attributes:

    • order_id: Retrieve the order_id from your server. Do not use the razorpay_order_id returned by Checkout.
    • razorpay_payment_id: Returned by Checkout.
    • key_secret: Available in your server.
      The key_secret that was generated from the Razorpay Dashboard.
  2. Use the SHA256 algorithm, the razorpay_payment_id and the order_id to construct a HMAC hex digest as shown below:

    Copygenerated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret); if (generated_signature == razorpay_signature) { payment is successful }
  3. If the signature you generate on your server matches the razorpay_signature returned to you by the Checkout form, the payment received is from an authentic source.

Generate Signature on Your Server🔗

The links to the Razorpay SDKs for the supported platforms are given below:

Platform

Link

Java

https://github.com/razorpay/razorpay-java

PHP

https://github.com/razorpay/razorpay-php

Ruby

https://github.com/razorpay/razorpay-ruby

Python

https://github.com/razorpay/razorpay-python

.Net

https://github.com/razorpay/razorpay-dot-net

Copy/** * This class defines common routines for generating * authentication signatures for Razorpay Webhook requests. */ public class Signature { private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256"; /** * Computes RFC 2104-compliant HMAC signature. * * @param data * The data to be signed. * @param key * The signing key. * @return * The Base64-encoded RFC 2104-compliant HMAC signature. * @throws * java.security.SignatureException when signature generation fails */ public static String calculateRFC2104HMAC(String data, String secret) throws java.security.SignatureException { String result; try { // get an hmac_sha256 key from the raw secret bytes SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes(), HMAC_SHA256_ALGORITHM); // get an hmac_sha256 Mac instance and initialize with the signing key Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM); mac.init(signingKey); // compute the hmac on input data bytes byte[] rawHmac = mac.doFinal(data.getBytes()); // base64-encode the hmac result = DatatypeConverter.printHexBinary(rawHmac).toLowerCase(); } catch (Exception e) { throw new SignatureException("Failed to generate HMAC : " + e.getMessage()); } return result; } }
Copyuse Razorpay\Api\Api; $api = new Api($key_id, $key_secret); $attributes = array('razorpay_signature' => '23233', 'razorpay_payment_id' => '332' , 'razorpay_order_id' => '12122'); $order = $api->utility->verifyPaymentSignature($attributes)
Copyrequire 'razorpay' Razorpay.setup('key_id', 'key_secret') payment_response = { 'razorpay_order_id': '12122', 'razorpay_payment_id': '332', 'razorpay_signature': '23233' } Razorpay::Utility.verify_payment_signature(payment_response)
Copyimport razorpay client = razorpay.Client(auth = ('[key_id]', '[key_secret]')) params_dict = { 'razorpay_order_id': '12122', 'razorpay_payment_id': '332', 'razorpay_signature': '23233' } client.utility.verify_payment_signature(params_dict)
Copy Dictionary<string, string> attributes = new Dictionary<string, string>(); attributes.Add("razorpay_payment_id", paymentId); attributes.Add("razorpay_order_id", Request.Form["razorpay_order_id"]); attributes.Add("razorpay_signature", Request.Form["razorpay_signature"]); Utils.verifyPaymentSignature(attributes);

Post Signature Verification🔗

After verifying the signature, fetch the order in your system that corresponds to the razorpay_order_id in your database. Mark it as successful and process the order.

Payment Capture Settings🔗

After a payment is authorized, you need to capture the payment made by the customer for the amount to be settled to your bank account as per the settlement schedule. Payments that are not captured are auto-refunded after a fixed time period.

  • Auto-capture payments (recommended)
    Authorized payments can be automatically captured. You can auto-capture all payments using global settings on the Razorpay Dashboard. Watch Out
    Payment capture settings work only you have integrated with Orders API in your server side. Know more about the Orders API.
  • Manually capture payments
    Each authorized payment can also be captured individually. You can manually capture payments:

Know more about Capture Settings for payments.

Test the Integration🔗

After the integration is complete, a Pay button will appear on your web page/app.

You need to click the button and make a test transaction to ensure that the integration is working as expected. You can start accepting actual payments from your customers once the test is successful.

You can make test payments using one of the payment methods configured at the Checkout.

  • No money is deducted from the customer's account as this is a simulated transaction.
  • Ensure you have entered the API keys generated in the test mode in the Checkout code.

Netbanking🔗

You can select any of the listed banks. After choosing a bank, Razorpay will redirect to a mock page where you can make the payment a success or a failure. Since it is the test mode, we will not redirect you to the bank login portals.

UPI🔗

You can enter one of the following UPI IDs:

  • success@razorpay: To make the payment successful.
  • failure@razorpay: To fail the payment.

Handy Tips
UPI payments should be tested in Live Mode.

Wallet🔗

You can select any of the listed wallets. After choosing a wallet, Razorpay will redirect to a mock page where you can make the payment a success or a failure. Since it is the test mode, we will not redirect you to the wallet login portals.

Cards🔗

You can use one of the test cards to make transactions in the test mode. Use any valid expiration date in the future and any random CVV to create a successful payment.

Card Network

Domestic / International

Card Number

Mastercard

Domestic

5267 3181 8797 5449

Visa

Domestic

4111 1111 1111 1111

Mastercard

International

5555 5555 5555 4444
5105 1051 0510 5100

Visa

International

4012 8888 8888 1881
5104 0600 0000 0008

×