Hosted payments lets you hand over the control of the entire checkout process to Razorpay. As the payment information entered by the customers is securely stored with Razorpay, you do not have to worry about implementing the PCI compliance requirements at your end.
Unlike the standard implementation of checkout where customers enter their payment details on a pop-up modal, hosted payments securely redirects customers to a Checkout page hosted at Razorpay. The payment details submitted by the customer in the Checkout form are sent to our server. Payments, from thereon, follow the usual payment flow.
Use the below endpoint to create an order in your (backend) server.
Copycurl -X POST https://api.razorpay.com/v1/orders
-H 'content-type:application/json'
-d '{
"amount": 50000,
"currency": "INR",
"receipt": "rcptid_11"
}'
Copytry {
JSONObject orderRequest = new JSONObject();
orderRequest.put("amount", 50000); // amount in the smallest currency unit
orderRequest.put("currency", "INR");
orderRequest.put("receipt", "order_rcptid_11");
Order order = razorpay.Orders.create(orderRequest);
} catch (RazorpayException e) {
// Handle Exception
System.out.println(e.getMessage());
}
Copyorder_amount = 50000
order_currency = 'INR'
order_receipt = 'order_rcptid_11'
notes = {'Shipping address': 'Bommanahalli, Bangalore'} # OPTIONAL
client.order.create(amount=order_amount, currency=order_currency, receipt=order_receipt, notes=notes)
Copy$order = $client->order->create([
'receipt' => 'order_rcptid_11',
'amount' => 50000, // amount in the smallest currency unit
'currency' => 'INR',// <a href="/docs/payment-gateway/payments/international-payments/#supported-currencies" target="_blank">See the list of supported currencies</a>.)
]);
CopyDictionary<string, object> options = new Dictionary<string,object>();
options.Add("amount", 50000); // amount in the smallest currency unit
options.add("receipt", "order_rcptid_11");
options.add("currency", "INR");
Order order = client.Order.Create(options);
Copyoptions = amount: 50000, currency: 'INR', receipt: '<order_rcptid_11>',
order = Razorpay::Order.create
Copyvar options = {
amount: 50000, // amount in the smallest currency unit
currency: "INR",
receipt: "order_rcptid_11"
};
instance.orders.create(options, function(err, order) {
console.log(order);
});
Copy{
"id": "order_DBJOWzybf0sJbb",
"entity": "order",
"amount": 50000,
"amount_paid": 0,
"amount_due": 50000,
"currency": "INR",
"receipt": "rcptid_11",
"status": "created",
"attempts": 0,
"notes": [],
"created_at": 1566986570
}
An order id (referred as order_id) is generated on the successful creation of an order. You should store this order id in your system against the order.
Read more: Learn more about Orders API.
amount mandatoryinteger The transaction amount, expressed in the currency subunit, such as paise (in case of INR). For example, for an actual amount of ₹299.35, the value of this field should be 29935.currency mandatorystring The currency in which the transaction should be made. See the list of supported currencies. Default is INR. Length must be of 3 characters.receipt optionalstring Your receipt id for this order should be passed here. Maximum length of 40 characters.notes optionalobject Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.The Checkout options are sent as form-data to the following URL in a POST request.
The sample code is given below:
Copy<form method="POST" action="https://api.razorpay.com/v1/checkout/embedded">
<input type="hidden" name="key_id" value="YOUR_KEY_ID">
<input type="hidden" name="order_id" value="razorpay_order_id">
<input type="hidden" name="name" value="Acme Corp">
<input type="hidden" name="description" value="A Wild Sheep Chase">
<input type="hidden" name="image" value="https://cdn.razorpay.com/logos/BUVwvgaqVByGp2_large.png">
<input type="hidden" name="prefill[name]" value="Gaurav Kumar">
<input type="hidden" name="prefill[contact]" value="9123456780">
<input type="hidden" name="prefill[email]" value="gaurav.kumar@example.com">
<input type="hidden" name="notes[shipping address]" value="L-16, The Business Centre, 61 Wellfield Road, New Delhi - 110001">
<input type="hidden" name="callback_url" value="https://example.com/payment-callback">
<input type="hidden" name="cancel_url" value="https://example.com/payment-cancel">
<button>Submit</button>
</form>
Read more: List of checkout options available.
razorpay_payment_id, razorpay_order_id and razorpay_signature are submitted via a POST request to the callback_url passed in payment options.cancel_url via a GET request.callback_url, with the error fields as payload.Read more: List of checkout options available.
A successful payment returns the following fields to the Checkout Form. Make provisions to store these fields on your server. You can confirm the authenticity of these details by verifying the signature in the next step.
Copy{
"razorpay_payment_id": "pay_29QQoUBi66xm2f",
"razorpay_order_id": "order_9A33XWu170gUtm",
"razorpay_signature": "9ef4dffbfd84f1318f6739a3ce19f9d85851857ae648f114332d8401e0949a3d"
}
razorpay_payment_idstring Unique identifier for the payment returned by Checkout only for successful payments.razorpay_order_idstring Unique identifier for the order returned by Checkout.razorpay_signaturestring Signature returned by the checkout. This is used to verify the payment.This is a mandatory step that allows you to confirm the authenticity of the details returned to the Checkout form for successful payments.
To verify the razorpay_signature returned to you by the Checkout form:
Create a signature in your server using the following attributes:
order_id - Retrieve the order_id from your server. Do not use the razorpay_order_id returned by Checkout.razorpay_payment_id - Returned by Checkout.key_secret - Available in your server.key_secret that was generated from the Dashboard.Use the SHA256 algorithm, the razorpay_payment_id and the order_id to construct a HMAC hex digest as shown below:
Copygenerated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret); if (generated_signature == razorpay_signature) { payment is successful }
If the signature you generate on your server matches the razorpay_signature returned to you by the Checkout form, the payment received is from an authentic source.
Copy/**
* This class defines common routines for generating
* authentication signatures for Razorpay Webhook requests.
*/
public class Signature
{
private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
/**
* Computes RFC 2104-compliant HMAC signature.
* * @param data
* The data to be signed.
* @param key
* The signing key.
* @return
* The Base64-encoded RFC 2104-compliant HMAC signature.
* @throws
* java.security.SignatureException when signature generation fails
*/
public static String calculateRFC2104HMAC(String data, String secret)
throws java.security.SignatureException
{
String result;
try {
// get an hmac_sha256 key from the raw secret bytes
SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes(), HMAC_SHA256_ALGORITHM);
// get an hmac_sha256 Mac instance and initialize with the signing key
Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
mac.init(signingKey);
// compute the hmac on input data bytes
byte[] rawHmac = mac.doFinal(data.getBytes());
// base64-encode the hmac
result = DatatypeConverter.printHexBinary(rawHmac).toLowerCase();
} catch (Exception e) {
throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
}
return result;
}
}
Copyuse Razorpay\Api\Api;
$api = new Api($key_id, $key_secret);
$attributes = array('razorpay_signature' => '23233', 'razorpay_payment_id' => '332' , 'razorpay_order_id' => '12122');
$order = $api->utility->verifyPaymentSignature($attributes)
Copyrequire 'razorpay'
Razorpay.setup('key_id', 'key_secret')
payment_response = {
'razorpay_order_id': '12122',
'razorpay_payment_id': '332',
'razorpay_signature': '23233'
}
Razorpay::Utility.verify_payment_signature(payment_response)
Copyimport razorpay
client = razorpay.Client(auth = ('<key_id>', '<key_secret>'))
params_dict = {
'razorpay_order_id': '12122',
'razorpay_payment_id': '332',
'razorpay_signature': '23233'
}
client.utility.verify_payment_signature(params_dict)
After verifying the signature, fetch the order in your system that corresponds to the razorpay_order_id in your database. Mark it as successful and process the order.
Once authorized, you need to capture payments made by customers for them to get settled to your bank account as per the settlement schedule. Payments that are not captured are auto-refunded after a fixed time period. You can:
Read more: Capture Settings for payments.
Now that the integration is complete, you must ensure that your integration works as expected. You can make a test transaction using the test cards, verify the payment status from Dashboard, APIs or subscribe to related Webhook events to take appropriate actions at your end. After testing the integration in test mode, you can start accepting payments from your customers in real-time.
You can make test payments using any of the payment methods configured on the Checkout. No money is deducted from the customer's account as this is a simulated transaction. In the Checkout code, ensure that you have entered the API keys generated in the test mode.
You can use any of the test cards to make transactions in the test mode. Use any valid expiration date in the future and any random CVV to create a successful payment.
Card Network | Domestic / International | Card Number |
|---|---|---|
Mastercard | Domestic | 5104 0600 0000 0008 |
Visa | Domestic | 4111 1111 1111 1111 |
Mastercard | International | 5555 5555 5555 4444 |
Visa | International | 4012 8888 8888 1881 |
You can track the status of the payment from the Dashboard or subscribe to the Webhook event or poll our APIs.
payment_ID has been generated. If no payment_ID has been generated, it means that the transaction has failed.
You can subscribe to a Webhook event that is generated when a certain event happens in our server. When one of those events is triggered, Razorpay sends the Webhook payload to the configured URL.
Learn how to set up Webhooks.
When the customer makes a successful payment on the Checkout, payment.authorized event is created in Razorpay.
You can retrieve the status of the payments by polling our Payment APIs.
After testing the flow of funds end-to-end in test mode, you are now ready to take your integration live. Once you are confident that the integration is working fine, you can switch to the live mode and start accepting payments from customers. But first, you need to swap the test API keys with the live keys.
To generate API key in live mode: