API ReferenceIntegrationsKnowledge Base

Hosted Checkout

Hosted payments lets you hand over the control of the entire checkout process to Razorpay thereby providing a seamless checkout experience to your customers. As the payment information entered by the customers is securely stored with Razorpay, you do not have to worry about implementing the PCI compliance requirements at your end.

How it Works#

Unlike the standard implementation of checkout where customers enter their payment details on a pop-up modal, hosted payments securely redirects customers to a Checkout page hosted at Razorpay. The payment details submitted by the customer in the Checkout form are sent to our server. Payments, from thereon, follow the usual payment flow.

Steps to Integrate with Razorpay Standard Checkout#

Prerequisites#

Steps

  1. Create an Order in your Server-side

  2. Pass Hosted Checkout Options

  3. Store fields in Database

  4. Pass Order ID to Checkout

  5. Verify the Signature

Post-integration, you can:

  • Configure the webhook
  • Make a Test payment
  • Replace Test Key with Live Key and start accepting payments from your customers
  • Integrate with APIs for further actions

Step 1 - Create an Order in your Server-side#

Orders API helps to:

  • Prevent multiple payments by binding a single successful payment to an order.
  • Auto capture payments immediately after authorization.

Here is the list of attributes for creating the order:

amount mandatory
integer The transaction amount, expressed in the currency subunit, such as paise (in case of INR). For example, for an actual amount of ₹299.35, the value of this field should be 29935.
currency mandatory
string The currency in which the transaction should be made. See the list of supported currencies. Default is INR.
receipt optional
string Your receipt id for this order should be passed here. Maximum length 40 characters.
payment_capture optional
boolean Set to 1 to automatically capture the payment. Set to 0 to capture payments manually using the API or Dashboard. Learn about capturing payments.
notes optional
JSON object Object consisting of key value pairs as notes.
You can read more about Notes in the API documentation.

Sample Code#

The following is a sample API request and response for creating an order:

Copycurl -X POST https://api.razorpay.com/v1/orders -H 'content-type:application/json' -d '{ "amount": 50000, "currency": "INR", "receipt": "rcptid_11", "payment_capture": 1 }'
Copytry { JSONObject orderRequest = new JSONObject(); orderRequest.put("amount", 50000); // amount in the smallest currency unit orderRequest.put("currency", "INR"); orderRequest.put("receipt", "order_rcptid_11"); orderRequest.put("payment_capture", false); Order order = razorpay.Orders.create(orderRequest); } catch (RazorpayException e) { // Handle Exception System.out.println(e.getMessage()); }
Copyorder_amount = 50000 order_currency = 'INR' order_receipt = 'order_rcptid_11' notes = {'Shipping address': 'Bommanahalli, Bangalore'} # OPTIONAL client.order.create(amount=order_amount, currency=order_currency, receipt=order_receipt, notes=notes, payment_capture='0')
Copy$order = $client->order->create([ 'receipt' => 'order_rcptid_11', 'amount' => 50000, // amount in the smallest currency unit 'currency' => 'INR',// <a href="https://razorpay.freshdesk.com/support/solutions/articles/11000065530-what-currencies-does-razorpay-support" target="_blank">See the list of supported currencies</a>.) 'payment_capture' => '0' ]);
CopyDictionary<string, object> options = new Dictionary<string,object>(); options.Add("amount", 50000); // amount in the smallest currency unit options.add("receipt", "order_rcptid_11"); options.add("currency", "INR"); options.add("payment_capture", "0"); Order order = client.Order.Create(options);
Copyoptions = amount: 50000, currency: 'INR', receipt: '<order_rcptid_11>', payment_capture: '0' order = Razorpay::Order.create
Copyvar options = { amount: 50000, // amount in the smallest currency unit currency: "INR", receipt: "order_rcptid_11", payment_capture: '0' }; instance.orders.create(options, function(err, order) { console.log(order); });
Copy{ "id": "order_DBJOWzybf0sJbb", "entity": "order", "amount": 50000, "amount_paid": 0, "amount_due": 50000, "currency": "INR", "receipt": "rcptid_11", "status": "created", "attempts": 0, "notes": [], "created_at": 1566986570 }

A successful creation of the Order returns the order_id that you need to store against the Order defined in your system.

Step 2 - Paste Hosted Checkout Options#

The Checkout options are sent as form-data to the following URL in a POST request.

https://api.razorpay.com/v1/checkout/embedded

Checkout Options#

key_id mandatory

string Enter <YOUR_Key_ID> generated from the Dashboard.

name mandatory

string The business name to be shown in the checkout form.

descriptionoptional

string Description of the item purchased shown in the checkout form.

image optional

string URL of the logo that must appear on the checkout form. It is recommended to add the logo using the Razorpay Dashboard.

order_id mandatory

string Unique identifier of the Order, created using the Orders API.

amount mandatory

integer Enter the amount to charge the customer, in currency subunits. For example, if charging the customer INR 200, enter 20000.

currency mandatory

string Enter the currency to be used in the payment. Ensure that currency of the payment matches the Order currency. Defaults to INR. We support more than 90 currencies.

prefill

The fields that can be pre-populated in the Checkout form.

name optional
string Name of the card holder.

email mandatory
string Email address of the customer.

contact mandatory
string Customer's phone number.

method optional
string The payment method that should be used for making the payment.

Possible values: card,netbanking,wallet,emi and upi.

notesoptional

jSON object An additional set of fields that you want to associate with the payment. You can add "shipping address", "alternate contact" in the Notes field. Refer API section on Notes for more information.

[Shipping address]
string 106, Razorpay, Bangalore
[Alternate contact]
string 9999999999

Note:
You can add upto 15 fields (key-value pairs) in the Notes parameters

callback_url mandatory

string Page to which the customers are redirected to after a successful payment. razorpay_payment_id, razorpay_order_id and razorpay_signature are sent as form-data through a POST request to the callback_url.

Tip:
You can also utilize Razorpay Webhooks to get notified of different events such as payment authorization or payment failure. Learn how to enable webhooks from your Dashboard.

cancel_urloptional

string The URL customers are redirected to after the cancellation of a payment.

The sample code is given below:

Copy<form method="POST" action="https://api.razorpay.com/v1/checkout/embedded"> <input type="hidden" name="key_id" value="YOUR_KEY_ID"> <input type="hidden" name="order_id" value="razorpay_order_id"> <input type="hidden" name="name" value="Acme Corp"> <input type="hidden" name="description" value="A Wild Sheep Chase"> <input type="hidden" name="image" value="https://cdn.razorpay.com/logos/BUVwvgaqVByGp2_large.png"> <input type="hidden" name="prefill[name]" value="Gaurav Kumar"> <input type="hidden" name="prefill[contact]" value="9123456780"> <input type="hidden" name="prefill[email]" value="gaurav.kumar@example.com"> <input type="hidden" name="notes[shipping address]" value="L-16, The Business Centre, 61 Wellfield Road, New Delhi - 110001"> <input type="hidden" name="callback_url" value="https://example.com/payment-callback"> <input type="hidden" name="cancel_url" value="https://example.com/payment-cancel"> <button>Submit</button> </form>

Once payment is successful, the response parameters razorpay_payment_id, razorpay_order_id and razorpay_signature are sent as form-data as a POST request to the callback_url. You can consume this response to verify the payment signature as mentioned in Step 5.

Customer Cancels the Transaction:
If your customer cancels the transaction, a GET redirect request is made to the cancel_url.

Step 3 - Store fields in Database#

Make arrangements to store the following objects from Razorpay in your database:

razorpay_order_id
string Order ID returned by Razorpay Orders API.
razorpay_payment_id
string Returned by Razorpay API only for successful payments.
razorpay_signature
string A hexadecimal string used for verifying the payment.

Note:
In your system, let us say, unique identifier for an Order is transaction_id or checkout_id. This is not the order_id returned by Razorpay.

Step 4 - Pass Order ID to Checkout#

The razorpay_order_id, returned on successful creation of the order, should be sent to the Checkout form. Additionally, you need to send an extra key-value pair as shown:

Copy{ "amount": "100", // and other options "order_id": "order_CuEzONfnOI86Ab" // Order ID created in Step 1 }

A successful payment for the Order returns razorpay_order_id, razorpay_payment_id and razorpay_signature, which is then used for payment verification.

Step 5 - Verify the Signature#

Signature verification is a mandatory step that ensures all your authorized payments are successfully verified. You can carry out payment verification using the signature verification step.

This allows you to decide if a payment should be successful or not. The razorpay_signature is returned to you by the Checkout form on a successful payment.

This signature needs to be verified in your backend server.

To verify payments, you need to generate a verification signature using a SHA256 algorithm and verify it against the razorpay_signature, returned in the Checkout form.

Generate a Signature#

The razorpay_signature is returned to you by the Checkout form on successful payment. This signature needs to be verified in your server.

  1. Create a signature in your server using the following attributes:

    • razorpay_payment_id - Returned by Checkout
    • razorpay_order_id - Returned by Checkout
    • key_secret - Available in your server
  2. Using the SHA256 algorithm and razorpay_payment_idandrazorpay_order_id, construct a HMAC hex digest as shown below:

Copygenerated_signature = hmac_sha256(razorpay_order_id + "|" + razorpay_payment_id, secret); if (generated_signature == razorpay_signature) { payment is successful }

Post Signature Verification Steps#

After verifying the signature, fetch the order in your system that corresponds torazorpay_order_id in your database. You can now mark this fetched order as successful and process the order.

Note:
A successful creation of Order returns razorpay_order_id, which should be stored against the order created in your system. After validating the signature, you have to fetch the order in your system corresponding to the razorpay_order_id and mark this order successful.

The integration is now complete!

Post-Integration Steps#

Setup Webhooks#

Webhooks allow you to build or set up integrations that subscribe to certain events on Razorpay API. When one of those events is triggered, we send an HTTP POST payload in JSON to the webhook's configured URL.

Learn how to setup Webhooks.

Make Test Payments#

Once the integration is complete, you can make a test payment from your application.

Making Test Payments Using Test Cards

Card Network

Domestic / International

Card Number

Mastercard

Domestic

5104 0155 5555 5558
5104 0600 0000 0008

Visa

Domestic

4111 1111 1111 1111

Mastercard

International

5555 5555 5555 4444
5105 1051 0510 5100

Visa

International

4012 8888 8888 1881
4000 1841 8621 8826

You can navigate to DashboardTransactionsPayments to check if the payment has gone through. If no payment_ID has been generated, it means that the transaction has failed.


Replace Test Key with Live Key#

Now that the integration is working, you can switch to the live mode and start accepting payments from customers. But first you need to swap the test API keys with the live keys.

  1. Switch to live mode using the option in the menu ribbon.
  2. Navigate to Settings.
  3. Click API Keys.
  4. Click Generate Key to generate key for live mode.
  5. Replace the test API keys with the Live Keys in the Checkout code.

Integrate with APIs for further actions#

Once the integration is complete, the next thing to do is to use APIs for: