Build Your Own Ecommerce Plugin

Build your own custom plugin to integrate Razorpay with your ecommerce website and start accepting payments.

You can build a plugin that integrates Razorpay Payment Gateway with websites created using ecommerce platforms such as Drupal or Spree Commerce.

Steps to Build and Integrate🔗

A to-do-list for integration is given below:

  1. Clone the Razorpay Sample application in your language and test the payment flow with it.
  2. Integrate with Orders API in the server-side.
  3. Display the checkout form on your website to your customer.
  4. Verify the signature post checkout form submission.
  5. Display a confirmation message to the customer.
  6. Mark the Platform Order as successful after looking up the Razorpay order_id.

2. Integrate with Orders API in Server-side🔗

Order is an important step in the payment process.

  • An order should be created for every payment.
  • You can create an order using the Orders API. It is a server-side API call. Know how to authenticate Orders API.
  • The order_id received in the response should be passed to the checkout. This ties the Order with the payment and secures the request from being tampered.

API Sample Code🔗

The following is a sample API request and response for creating an order:

Copycurl -X POST -U [YOUR_KEY_ID]:[YOUR_KEY_SECRET] -H 'content-type:application/json' -d '{ "amount": 500, "currency": "INR", "receipt": "qwsaq1", "partial_payment": true, "first_payment_min_amount": 230 }'
CopyRazorpayClient razorpay = new RazorpayClient("[YOUR_KEY_ID]", "[YOUR_KEY_SECRET]"); JSONObject orderRequest = new JSONObject(); orderRequest.put("amount", 50000); // amount in the smallest currency unit orderRequest.put("currency", "INR"); orderRequest.put("receipt", "order_rcptid_11"); Order order = razorpay.Orders.create(orderRequest); } catch (RazorpayException e) { // Handle Exception System.out.println(e.getMessage()); }
Copyimport razorpay client = razorpay.Client(auth=("YOUR_ID", "YOUR_SECRET")) DATA = { "amount": 100, "currency": "INR", "receipt": "receipt#1", "notes": { "key1": "value3", "key2": "value2" } } client.order.create(data=DATA)
Copy$api = new Api($key_id, $secret); $api->order->create(array('receipt' => '123', 'amount' => 100, 'currency' => 'INR', 'notes'=> array('key1'=> 'value3','key2'=> 'value2')));
CopyRazorpayClient client = new RazorpayClient(your_key_id, your_secret); Dictionary<string, object> options = new Dictionary<string,object>(); options.Add("amount", 50000); // amount in the smallest currency unit options.add("receipt", "order_rcptid_11"); options.add("currency", "INR"); Order order = client.Order.Create(options);
Copyrequire "razorpay" Razorpay.setup('YOUR_KEY_ID', 'YOUR_SECRET') options = amount: 50000, currency: 'INR', receipt: '<order_rcptid_11>' order = Razorpay::Order.create
Copyvar instance = new Razorpay({ key_id: 'YOUR_KEY_ID', key_secret: 'YOUR_SECRET' }) instance.orders.create({ amount: 50000, currency: "INR", receipt: "receipt#1", notes: { key1: "value3", key2: "value2" } })
Copyimport ( razorpay "" ) client := razorpay.NewClient("YOUR_KEY_ID", "YOUR_SECRET") data := map[string]interface{}{ "amount": 50000, "currency": "INR", "receipt": "some_receipt_id" } body, err := client.Order.Create(data)
Copy{ "id": "order_IluGWxBm9U8zJ8", "entity": "order", "amount": 5000, "amount_paid": 0, "amount_due": 5000, "currency": "INR", "receipt": "rcptid_11", "offer_id": null, "status": "created", "attempts": 0, "notes": [], "created_at": 1642662092 }

Request Parameters🔗

Here is the list of parameters for creating an order:

amount mandatory
integer The transaction amount, expressed in the currency subunit, such as paise (in case of INR). For example, for an actual amount of ₹299.35, the value of this field should be 29935.
currency mandatory
string The currency in which the transaction should be made. See the list of supported currencies. Length must be of 3 characters.
receipt optional
string Your receipt id for this order should be passed here. Maximum length 40 characters.
notes optional
json object Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.
partial_payment optional
boolean Indicates whether the customer can make a partial payment. Possible values:
  • true: The customer can make partial payments.
  • false (default): The customer cannot make partial payments.
first_payment_min_amount optional
integer Minimum amount that must be paid by the customer as the first partial payment. For example, if an amount of ₹7,000 is to be received from the customer in two installments of #1 - ₹5,000, #2 - ₹2,000, then you can set this value as 500000. This parameter should be passed only if partial_payment is true.

Know more about Orders API.

Error Response Parameters🔗

The error response parameters are available in the API Reference Guide.

A successful payment returns the following fields to the Checkout form.

  • You need to store these fields in your server.

  • You can confirm the authenticity of these details by verifying the signature in the next step.

Copy{ "razorpay_payment_id": "pay_29QQoUBi66xm2f", "razorpay_order_id": "order_9A33XWu170gUtm", "razorpay_signature": "9ef4dffbfd84f1318f6739a3ce19f9d85851857ae648f114332d8401e0949a3d" }
string Unique identifier for the payment returned by Checkout only for successful payments.
string Unique identifier for the order returned by Checkout.
string Signature returned by the Checkout. This is used to verify the payment.

The razorpay_order_id, returned on successful creation of the order, should be sent to the Checkout form. Additionally, you need to send an extra key-value pair as shown:

Copy{ "amount": "1000", // and other options "order_id": "order_CuEzONfnOI86Ab" // Order ID generated using Orders API }

A successful payment for the Order returns razorpay_order_id, razorpay_payment_id and razorpay_signature, which is then used for payment verification.

3. Display Checkout to your customer🔗

You can display the Standard Checkout form on your website to collect payments from customers. Ensure that the order_id option is passed along with the other checkout options mentioned below.

key mandatory

string API Key ID generated from the Razorpay Dashboard.

amount mandatory

integer The amount to be paid by the customer in currency subunits. For example, if the amount is ₹100, enter 10000.

currency mandatory

string The currency in which the payment should be made by the customer. See the list of supported currencies.

name mandatory

string The business name shown on the Checkout form.

description optional

string Description of the purchase item shown on the Checkout form. Must start with an alphanumeric character.

image optional

string Link to an image (usually your business logo) shown on the Checkout form. Can also be a base64 string, if loading the image from a network is not desirable.

order_id mandatory

string Order ID generated via Razorpay Orders API.


object You can prefill the following details at Checkout.

name optional
string Cardholder's name to be pre-filled if customer is to make card payments on Checkout.
email optional
string Email address of the customer.
contact optional
string Phone number of the customer. The expected format of the phone number is + {country code}{phone number}. If the country code is not specified, 91 will be used as the default value. This is particularly important while prefilling contact of customers with phone numbers issued outside India. Examples:
  • +14155552671 (a valid non-Indian number)
  • +919977665544 (a valid Indian number).
    If 9977665544 is entered, +91 is added to it as +919977665544.
method optional
string Pre-selection of the payment method for the customer. Will only work if contact and email are also pre-filled. Possible values
  • card
  • netbanking
  • wallet
  • emi
  • upi
notes optional

object Set of key-value pairs that can be used to store additional information about the payment. It can hold a maximum of 15 key-value pairs, each 256 characters long (maximum).


object Thematic options to modify the appearance of Checkout.

hide_topbar optional
boolean Used to display or hide the top bar on the Checkout form. This bar shows the selected payment method, phone number and gives the customer the option to navigate back to the start of the Checkout form. Possible values are:
  • true: Hides the top bar
  • false (default): Displays the top bar.
color optional
string Enter your brand colour's HEX code to alter the appearance of Checkout form.
backdrop_color optional
string Enter a HEX code to change the Checkout's backdrop colour.

object Options to handle the Checkout modal.

backdropclose optional
boolean Indicates whether clicking the translucent blank space outside the Checkout form should close the form. Possible values are:
  • true: Closes the form when your customer clicks outside the checkout form.
  • false (default): Does not close the form when customer clicks outside the checkout form.
escape optional
boolean Indicates whether pressing the escape key should close the Checkout form. Possible values are:
  • true (default): Closes the form when the customer presses the escape key.
  • false: Does not close the form when the customer presses the escape key.
handleback optional
boolean Determines whether Checkout must behave similar to the browser when back button is pressed. Possible values:
  • true (default): Checkout behaves similarly to the browser. That is, when the browser's back button is pressed, the Checkout also simulates a back press. This happens as long as the Checkout modal is open.
  • false: Checkout does not simulate a back press when browser's back button is pressed.
confirm_close optional
boolean Determines whether a confirmation dialog box should be shown when customers attempt to close Checkout. Possible values:
  • true: Confirmation dialog box is shown.
  • false (default): Confirmation dialog box is not shown.
ondismiss optional
function Used to track the status of Checkout. You can pass a modal object with ondismiss: function(){} as options. This function is called when the modal is closed by the user.
animation optional
boolean Show an animation before loading of Checkout.
  • true(default): Animation appears.
  • false: Animation does not appear.
subscription_id optional

string If you are accepting recurring payments using Razorpay Checkout, you should pass the relevant subscription_id to the Checkout. Know more about Subscriptions on Checkout.

subscription_card_change optional

boolean Permit or restrict customer from changing the card linked to the subscription. You can also do this from the hosted page. Possible values:

  • true: Allow the customer to change the card from Checkout.
  • false (default): Do not allow the customer to change the card from Checkout.
recurring optional

boolean Determines if you are accepting recurring (charge-at-will) payments on Checkout via instruments such as emandate, paper NACH and so on. Possible values:

  • true: You are accepting recurring payments.
  • false (default): You are not accepting recurring payments.
callback_url optional

string Customers will be redirected to this URL on successful payment. Ensure that the domain of the Callback URL is whitelisted.

redirect optional

boolean Determines whether to post a response to the event handler post payment completion or redirect to Callback URL. callback_url must be passed while using this parameter. Possible values:

  • true: Customer is redirected to the specified callback URL in case of payment failure.
  • false (default): Customer is shown the Checkout popup to retry the payment.
customer_id optional

string Unique identifier of customer. Used for:

timeout optional

integer Sets a timeout on Checkout, in seconds. After the specified time limit, customer will not be able to use Checkout.

remember_customer optional

boolean Determines whether to allow saving of cards. Can also be configured via the Razorpay Dashboard. Possible values:

  • true: Enables card saving feature.
  • false (default): Disables card saving feature.

object Marks fields as read-only.

contact optional
boolean Used to set the contact field as readonly. Possible values: - true: Customer will not be able to edit this field. - false (default): Customer will be able to edit this field.
email optional
boolean Used to set the email field as readonly. Possible values: - true: Customer will not be able to edit this field. - false (default): Customer will be able to edit this field.
name optional
boolean Used to set the name field as readonly. Possible values: - true: Customer will not be able to edit this field. - false (default): Customer will be able to edit this field.
send_sms_hash optional

boolean Used to auto-read OTP for cards and net banking pages. Applicable from Android SDK version 1.5.9 and above. Possible values:

  • true: OTP is auto-read.
  • false (default): OTP is not auto-read.
allow_rotation optional

boolean Used to rotate payment page as per screen orientation. Applicable from Android SDK version 1.6.4 and above. Possible values:

  • true: Payment page can be rotated.
  • false (default): Payment page cannot be rotated.
retry optional

object Parameters that enable retry of payment on the checkout.

boolean Determines whether the customers can retry payments on the checkout. Possible values:
  • true (default): Enables customers to retry payments.
  • false: Disables customers from retrying the payment.
integer The number of times the customer can retry the payment. Recommended to set this to 4. Having a larger number here can cause loops to occur.
config optional

object Parameters that enable configuration of checkout display language.


object Child parameter that enables configuration of checkout display language.

string The language in which checkout should be displayed. Possible values:
  • en: English
  • ben: Bengali
  • hi: Hindi
  • mar: Marathi
  • guj: Gujarati
  • tam: Tamil
  • tel: Telugu

4. Verify Signature Post Checkout Form Submission🔗

This is a mandatory step to confirm the authenticity of the details returned to the Checkout form for successful payments.

To verify the razorpay_signature returned to you by the Checkout form:

  1. Create a signature in your server using the following attributes:

    • order_id: Retrieve the order_id from your server. Do not use the razorpay_order_id returned by Checkout.
    • razorpay_payment_id: Returned by Checkout.
    • key_secret: Available in your server.
      The key_secret that was generated from the Razorpay Dashboard.
  2. Use the SHA256 algorithm, the razorpay_payment_id and the order_id to construct a HMAC hex digest as shown below:

    Copygenerated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret); if (generated_signature == razorpay_signature) { payment is successful }
  3. If the signature you generate on your server matches the razorpay_signature returned to you by the Checkout form, the payment received is from an authentic source.

Generate Signature on Your Server🔗

Given below are the sample codes for payment signature verification.

Copy/** * This class defines common routines for generating * authentication signatures for Razorpay Webhook requests. */ public class Signature { private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256"; /** * Computes RFC 2104-compliant HMAC signature. * * @param data * The data to be signed. * @param key * The signing key. * @return * The Base64-encoded RFC 2104-compliant HMAC signature. * @throws * when signature generation fails */ public static String calculateRFC2104HMAC(String data, String secret) throws { String result; try { // get an hmac_sha256 key from the raw secret bytes SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes(), HMAC_SHA256_ALGORITHM); // get an hmac_sha256 Mac instance and initialize with the signing key Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM); mac.init(signingKey); // compute the hmac on input data bytes byte[] rawHmac = mac.doFinal(data.getBytes()); // base64-encode the hmac result = DatatypeConverter.printHexBinary(rawHmac).toLowerCase(); } catch (Exception e) { throw new SignatureException("Failed to generate HMAC : " + e.getMessage()); } return result; } }
Copyuse Razorpay\Api\Api; $api = new Api($key_id, $key_secret); $attributes = array('razorpay_signature' => '23233', 'razorpay_payment_id' => '332' , 'razorpay_order_id' => '12122'); $order = $api->utility->verifyPaymentSignature($attributes)
Copyrequire 'razorpay' Razorpay.setup('key_id', 'key_secret') payment_response = { 'razorpay_order_id': '12122', 'razorpay_payment_id': '332', 'razorpay_signature': '23233' } Razorpay::Utility.verify_payment_signature(payment_response)
Copyimport razorpay client = razorpay.Client(auth=("YOUR_ID", "YOUR_SECRET")) client.utility.verify_payment_signature({ 'razorpay_order_id': razorpay_order_id, 'razorpay_payment_id': razorpay_payment_id, 'razorpay_signature': razorpay_signature })
Copy Dictionary<string, string> attributes = new Dictionary<string, string>(); attributes.Add("razorpay_payment_id", paymentId); attributes.Add("razorpay_order_id", Request.Form["razorpay_order_id"]); attributes.Add("razorpay_signature", Request.Form["razorpay_signature"]); Utils.verifyPaymentSignature(attributes);
Copyvar { validatePaymentVerification } = require('./dist/utils/razorpay-utils'); validatePaymentVerification({"order_id": razorpayOrderId, "payment_id": razorpayPaymentId }, signature, secret);
Copyimport ( "crypto/hmac" "crypto/sha256" "crypto/subtle" "encoding/hex" "fmt" ) func main() { signature := "477d1cdb3f8122a7b0963704b9bcbf294f65a03841a5f1d7a4f3ed8cd1810f9b" secret := "qp3zKxwLZxbMORJgEVWi3Gou" data := "order_J2AeF1ZpvfqRGH|pay_J2AfAxNHgqqBiI" //fmt.Printf("Secret: %s Data: %s\n", secret, data) // Create a new HMAC by defining the hash type and the key (as byte array) h := hmac.New(sha256.New, []byte(secret)) // Write Data to it _, err := h.Write([]byte(data)) if err != nil { panic(err) } // Get result and encode as hexadecimal string sha := hex.EncodeToString(h.Sum(nil)) fmt.Printf("Result: %s\n", sha) if subtle.ConstantTimeCompare([]byte(sha), []byte(signature)) == 1 { fmt.Println("Works") } }

Post Signature Verification🔗

After you have successfully completed the integration, you can set up webhooks, make test payments, replace test key with live key and integrate with other APIs.

6. Mark Order as Successful🔗

After verifying the signature, fetch the order in your system that corresponds to razorpay_order_id in your database. You can now mark this fetched order as successful and process the order.

You can make a test payment to check whether the integration works.

Common Issues Faced During Integration🔗

Following are some of the common issues that you must watch out for while integrating:

  1. Not storing the Razorpay order ID at your end.
  2. Passing the amount from the frontend to the Razorpay order creation call.
  3. Passing USD or any other non-INR currency while creating the order.
  4. Passing razorpay_order_id from the frontend while verifying the signature.

Alternatively, you can use this value to check the integrity of the signature while looking up the corresponding order at your end with this Razorpay order ID and marking only that as successful.