Step 1: Create an Order from your Server🔗

Order is an important step in the payment process. Orders and payments go hand-in-hand. For every payment, an order needs to be created. It is compulsory to create orders to capture payments automatically.

You can create an order using the Orders API. It is a server-to-server call that is secured by basic auth using your API keys.

Pass the order_id received in the Orders API response to Checkout. This ties the Order with the payment and secures the request from being tampered.

Sample Code🔗

The following is a sample API request and response for creating an order:

 Curl Java Python PHP .NET Ruby Node.JS Response
Copycurl  -X POST https://api.razorpay.com/v1/orders
-u <YOUR_KEY_ID>:<YOUR_SECRET>
-H 'content-type:application/json'
-d '{
    "amount": 50000,
    "currency": "INR",
    "receipt": "rcptid_11"
}'
Copytry {
  JSONObject orderRequest = new JSONObject();
  orderRequest.put("amount", 50000); // amount in the smallest currency unit
  orderRequest.put("currency", "INR");
  orderRequest.put("receipt", "order_rcptid_11");

  Order order = razorpay.Orders.create(orderRequest);
} catch (RazorpayException e) {
  // Handle Exception
  System.out.println(e.getMessage());
}
Copyimport razorpay
client = razorpay.Client(auth=("api_key", "api_secret"))

DATA = {
    "amount": 100,
    "currency": "INR",
    "receipt": "receipt#1",
    "notes": {
        "key1": "value3",
        "key2": "value2"
    }
}
client.order.create(data=DATA)
Copy$order  = $client->order->create([
  'receipt'         => 'order_rcptid_11',
  'amount'          => 50000, // amount in the smallest currency unit
  'currency'        => 'INR'// <a href="/docs/international-payments/#supported-currencies"  target="_blank">See the list of supported currencies</a>.)
]);
CopyDictionary<string, object> options = new Dictionary<string,object>();
options.Add("amount", 50000); // amount in the smallest currency unit
options.add("receipt", "order_rcptid_11");
options.add("currency", "INR");
Order order = client.Order.Create(options);
Copyoptions = amount: 50000, currency: 'INR', receipt: '<order_rcptid_11>'
order = Razorpay::Order.create
Copyvar options = {
  amount: 50000,  // amount in the smallest currency unit
  currency: "INR",
  receipt: "order_rcptid_11"
};
instance.orders.create(options, function(err, order) {
  console.log(order);
});
Copy{
    "id": "order_DBJOWzybf0sJbb",
    "entity": "order",
    "amount": 50000,
    "amount_paid": 0,
    "amount_due": 50000,
    "currency": "INR",
    "receipt": "rcptid_11",
    "status": "created",
    "attempts": 0,
    "notes": [],
    "created_at": 1566986570
}

Parameters🔗

Here is the list of parameters for creating the order:

amount mandatory

integer The transaction amount, expressed in the currency subunit, such as paise (in case of INR). For example, for an actual amount of ₹299.35, the value of this field should be 29935.

currency mandatory

string The currency in which the transaction should be made. See the list of supported currencies. Length must be of 3 characters.

receipt optional

string Your receipt id for this order should be passed here. Maximum length 40 characters.

notes optional

json object Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.

partial_payment optional

boolean Indicates whether the customer can make a partial payment. Possible values:

• true - The customer can make partial payments.
• false (default) - The customer cannot make partial payments.

Step 2: Pass Payment Options to Hosted Checkout🔗

The Checkout options are sent as form-data to the following URL in a POST request.

The sample code is given below:

 Hosted Checkout
Copy<form method="POST" action="https://api.razorpay.com/v1/checkout/embedded">
  <input type="hidden" name="key_id" value="YOUR_KEY_ID">
  <input type="hidden" name="order_id" value="razorpay_order_id">
  <input type="hidden" name="name" value="Acme Corp">
  <input type="hidden" name="description" value="A Wild Sheep Chase">
  <input type="hidden" name="image" value="https://cdn.razorpay.com/logos/BUVwvgaqVByGp2_large.png">
  <input type="hidden" name="prefill[name]" value="Gaurav Kumar">
  <input type="hidden" name="prefill[contact]" value="9123456780">
  <input type="hidden" name="prefill[email]" value="gaurav.kumar@example.com">
  <input type="hidden" name="notes[shipping address]" value="L-16, The Business Centre, 61 Wellfield Road, New Delhi - 110001">
  <input type="hidden" name="callback_url" value="https://example.com/payment-callback">
  <input type="hidden" name="cancel_url" value="https://example.com/payment-cancel">
  <button>Submit</button>
</form>

Read more: List of checkout options available.

• For every successful payment, razorpay_payment_id, razorpay_order_id and razorpay_signature are submitted via a POST request to the callback_url passed in payment options.
• If your customer cancels the transaction or clicks the back button, they are redirected to the cancel_url via a GET request.
• If the payment fails, a POST request is made to the callback_url, with the error fields as payload.

Read more: List of checkout options available.

Step 3: Store Fields in your Server🔗

A successful payment returns the following fields to the Checkout Form. Make provisions to store these fields on your server. You can confirm the authenticity of these details by verifying the signature in the next step.

 Success Callback
Copy{
  "razorpay_payment_id": "pay_29QQoUBi66xm2f",
  "razorpay_order_id": "order_9A33XWu170gUtm",
  "razorpay_signature": "9ef4dffbfd84f1318f6739a3ce19f9d85851857ae648f114332d8401e0949a3d"
}

razorpay_payment_id

string Unique identifier for the payment returned by Checkout only for successful payments.

razorpay_order_id

string Unique identifier for the order returned by Checkout.

razorpay_signature

string Signature returned by the Checkout. This is used to verify the payment.

Step 4: Verify the Signature🔗

This is a mandatory step that allows you to confirm the authenticity of the details returned to the Checkout form for successful payments.

To verify the razorpay_signature returned to you by the Checkout form:

1. Create a signature in your server using the following attributes:

   • order_id - Retrieve the order_id from your server. Do not use the razorpay_order_id returned by Checkout.
   • razorpay_payment_id - Returned by Checkout.
   • key_secret - Available in your server.
     The key_secret that was generated from the Razorpay Dashboard.

2. Use the SHA256 algorithm, the razorpay_payment_id and the order_id to construct a HMAC hex digest as shown below:

   Copygenerated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret);
   
     if (generated_signature == razorpay_signature) {
       payment is successful
     }
   

3. If the signature you generate on your server matches the razorpay_signature returned to you by the Checkout form, the payment received is from an authentic source.

Generate Signature on Your Server🔗

The links to the Razorpay SDKs for the supported platforms are given below:

 Java PHP Ruby Python .NET
Copy/**
* This class defines common routines for generating
* authentication signatures for Razorpay Webhook requests.
*/
public class Signature
{
    private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
    /**
    * Computes RFC 2104-compliant HMAC signature.
    * * @param data
    * The data to be signed.
    * @param key
    * The signing key.
    * @return
    * The Base64-encoded RFC 2104-compliant HMAC signature.
    * @throws
    * java.security.SignatureException when signature generation fails
    */
    public static String calculateRFC2104HMAC(String data, String secret)
    throws java.security.SignatureException
    {
        String result;
        try {

            // get an hmac_sha256 key from the raw secret bytes
            SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes(), HMAC_SHA256_ALGORITHM);

            // get an hmac_sha256 Mac instance and initialize with the signing key
            Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
            mac.init(signingKey);

            // compute the hmac on input data bytes
            byte[] rawHmac = mac.doFinal(data.getBytes());

            // base64-encode the hmac
            result = DatatypeConverter.printHexBinary(rawHmac).toLowerCase();

        } catch (Exception e) {
            throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
        }
        return result;
    }
}
Copyuse Razorpay\Api\Api;
$api = new Api($key_id, $key_secret);
$attributes  = array('razorpay_signature'  => '23233',  'razorpay_payment_id'  => '332' ,  'razorpay_order_id' => '12122');
$order  = $api->utility->verifyPaymentSignature($attributes)
Copyrequire 'razorpay'
Razorpay.setup('key_id', 'key_secret')
payment_response = {
  'razorpay_order_id': '12122',
  'razorpay_payment_id': '332',
  'razorpay_signature': '23233'
}

Razorpay::Utility.verify_payment_signature(payment_response)
Copyimport razorpay

client = razorpay.Client(auth = ('[key_id]', '[key_secret]'))
params_dict = {
    'razorpay_order_id': '12122',
    'razorpay_payment_id': '332',
    'razorpay_signature': '23233'
}
client.utility.verify_payment_signature(params_dict)
Copy Dictionary<string, string> attributes = new Dictionary<string, string>();

            attributes.Add("razorpay_payment_id", paymentId);
            attributes.Add("razorpay_order_id", Request.Form["razorpay_order_id"]);
            attributes.Add("razorpay_signature", Request.Form["razorpay_signature"]);

            Utils.verifyPaymentSignature(attributes);

Post Signature Verification🔗

After verifying the signature, fetch the order in your system that corresponds to the razorpay_order_id in your database. Mark it as successful and process the order.

Test Payments🔗

You can make test payments using any of the payment methods configured at the Checkout. No money is deducted from the customer's account as this is a simulated transaction. In the Checkout code, ensure that you have entered the API keys generated in the test mode.

Test Cards🔗

You can use any of the test cards to make transactions in the test mode. Use any valid expiration date in the future and any random CVV to create a successful payment.

Verify Payment Status🔗

You can track the status of the payment from the Razorpay Dashboard, subscribe to the Webhook event or poll our APIs.

From Dashboard🔗

1. Log into the Dashboard and navigate to Transactions → Payments.
2. Check if a payment_ID has been generated. If no payment_ID has been generated, it means that the transaction has failed.

Subscribe to Webhook events🔗

You can subscribe to a Webhook event that is generated when a certain event happens in our server. When one of those events is triggered, Razorpay sends the Webhook payload to the configured URL. Know how to set up Webhooks.

Poll APIs🔗

You can retrieve the status of the payments by polling our Payment APIs.

Accept Live Payments🔗

After testing the flow of funds end-to-end in test mode and confident that the integration is working as expected, switch to the live mode and start accepting payments from customers. However, make sure that you swap the test API keys with the live keys.

To generate API key in live mode:

1. Log into Dashboard and switch to Live mode on the menu.
2. Navigate to Settings → API Keys → Generate Key to generate API key for live mode.
3. Download the keys and save them securely.
4. Replace the test API key with the Live Key in the Checkout code and start accepting actual payments.