Payments

Payment Gateway

S 2 S Integration

Json

V 1

Build Integration

Cards

1. Build Integration for Cards (New Integration)

Steps to integrate S2S JSON V1 and accept payments using cards.

Integrate with Razorpay APIs to start accepting card payments. Our APIs support the latest 3DS2 authentication protocol.

Handy Tips
If you are an existing Razorpay user, that is, you integrated with our S2S APIs before October 15, 2022, you need to make certain integration changes to

migrate to the 3DS2 flow

.

Watch Out!

You must have a PCI compliance certificate to get this feature enabled on your account.

3DS2 Authentication

3DS2 is an authentication protocol, the successor of 3DS1, that enables businesses and payment providers to send additional information (such as customer device or browser data) to verify the transaction's authenticity. Razorpay integration is compliant with the 3DS2 protocol.

Know more: Razorpay supports

3DS2 transactions

.

Handy Tips

  • Integration does not differ for the challenge or frictionless flow.
  • Frictionless flow is not applicable for payments on cards issued in India.

Integration Steps

The integration consists of the following steps.

1.1

Create an Order

.

1.2

Create a Payment

.

1.3

Handle Payment Success and Failure

.

1.4

Verify Payment Signature

.

1.5

Verify Payment Status

.

Watch Out!

Do not hardcode the URL returned in the API responses.

1.1 Create an Order

Order is an important step in the payment process.

  • An order should be created for every payment.
  • You can create an order using the

    Orders API

    . It is a server-side API call. Know how to

    authenticate

    Orders API.
  • The order_id received in the response should be passed to the checkout. This ties the order with the payment and secures the request from being tampered.

You can create an order:

  • Using the sample code on the Razorpay Postman Public Workspace.
  • By manually integrating the API sample codes on your server.

Razorpay Postman Public Workspace

You can use the Postman workspace below to create an order:

Run in Postman

Handy Tips

Under the Authorization section in Postman, select Basic Auth and add the Key Id and secret as the Username and Password, respectively.

You can create an order manually by integrating the API sample codes on your server.

API Sample Code

Use this endpoint to create an order using the Orders API.

POST
/orders
curl -X POST https://api.razorpay.com/v1/orders 
-U [YOUR_KEY_ID]:[YOUR_KEY_SECRET]
-H 'content-type:application/json'
-d '{
  "amount": 500,
  "currency": "INR",
  "receipt": "qwsaq1",
  "partial_payment": true,
  "first_payment_min_amount": 230,
  "notes": {
    "key1": "value3",
    "key2": "value2"
  }
}'
{
  "id": "order_IluGWxBm9U8zJ8",
  "entity": "order",
  "amount": 5000,
  "amount_paid": 0,
  "amount_due": 5000,
  "currency": "INR",
  "receipt": "rcptid_11",
  "offer_id": null,
  "status": "created",
  "attempts": 0,
  "notes": [],
  "created_at": 1642662092
}

Request Parameters

amount

mandatory

integer The transaction amount, expressed in the currency subunit. For example, for an actual amount of ₹299.35, the value of this field should be 29935.

currency

mandatory

string The currency in which the transaction should be made. Refer to the

list of supported currencies

. Length must be of 3 characters.

receipt

optional

string Your receipt id for this order should be passed here. Maximum length is 40 characters.

notes

optional

json object Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.

partial_payment

optional

boolean Indicates whether the customer can make a partial payment. Possible values:

  • true: The customer can make partial payments.
  • false (default): The customer cannot make partial payments.

first_payment_min_amount

optional

integer Minimum amount that must be paid by the customer as the first partial payment. For example, if an amount of ₹7,000 is to be received from the customer in two installments of #1 - ₹5,000, #2 - ₹2,000, then you can set this value as 500000. This parameter should be passed only if partial_payment is true.

Response Parameters

Descriptions for the response parameters are present in the

Orders Entity

parameters table.

Error Response Parameters

The error response parameters are available in the

API Reference Guide

.

1.2 Create a Payment

Create a payment using the API given below after your order is created.

POST
/payments/create/json
curl -X POST \
https://api.razorpay.com/v1/payments/create/json \
-u [YOUR_KEY_ID]:[YOUR_KEY_SECRET] \
-H "Content-Type: application/json" \
-d '{
  "amount": 100,
  "currency": "INR",
  "contact": "9000090000",
  "email": "gaurav.kumar@example.com",
  "order_id": "order_DPzFe1Q1dEOKed",
  "method": "card",
  "card": {
    "number": "4111111111111111",
    "name": "Gaurav",
    "expiry_month": 11,
    "expiry_year": 23,
    "cvv": 100
  },
  "authentication": {
    "authentication_channel": "browser"
  },
  ### 3DS2.0 Browser Parameters###
  "browser": {
    "java_enabled": false,
    "javascript_enabled": false,
    "timezone_offset": 11,
    "color_depth": 23,
    "screen_width": 23,
    "screen_height": 100
  },
  "ip": "105.106.107.108",
  "referer": "https://merchansite.com/example/paybill",
  "user_agent": "Mozilla/5.0"
}'

Request Parameters

amount

mandatory

integer Payment amount in the smallest currency sub-unit. For example, if the amount to be charged is ₹299, then pass 29900 in this field. In case of three decimal currencies such as KWD, BHD and OMR, to accept a payment of 295.999, pass the value as 295999.

Watch Out!

As per VISA Guidelines, you should pass the last decimal number as 0 for three decimal currency payments. For example, if you want to charge a customer 99.991 KD for a transaction, you should pass the value for the amount parameter as 99990 and not 99991.

currency

mandatory

string Currency code for the currency in which you want to accept the payment. For example, INR. Refer to the list of supported currencies. Length must be of 3 characters.

Handy Tips

Razorpay has added support for three decimal currencies such as KWD, BHD, and OMR. This allows businesses to accept international payments in these currencies (April 2023). Know more about

three decimal currency

.

order_id

mandatory

string Unique identifier of the Order generated in the first step.

email

mandatory

string Email address of the customer. Maximum length supported is 40 characters.

contact

mandatory

string Phone number of the customer. Maximum length supported is 15 characters, inclusive of country code.

method

mandatory

string Name of the payment method. Possible value is card.

card

mandatory

object Details associated with the card.

number

string Unformatted card number.

name

string Name of the cardholder.

expiry_month

string Expiry month for the card in MM format.

expiry_year

string Expiry year for the card in YY format.

cvv

string CVV printed on the back of the card.

Handy Tips

  • CVV is not required by default for Visa and Amex tokenised cards.
  • To enable CVV-less flow for Rupay and MasterCard, contact our

    support team

    .
  • CVV is mandatory for Diners tokenised cards.
  • CVV is an optional field. Skip passing the cvv parameter to Razorpay to implement this change.

user-agent

mandatory

string The User-Agent header of the user's browser. Default value will be passed by Razorpay if not provided by merchant.

ip

mandatory

string The customer's IP address.

authentication

optional

object Details of the authentication channel.

authentication_channel

string The authentication channel for the payment. Possible values:

  • browser (default)
  • app

browser

mandatory

object Information regarding the customer's browser. This parameter need not be passed when authentication_channel=app.

java_enabled

boolean Indicates whether the customer's browser supports Java. Obtained from the navigator HTML DOM object.

javascript_enabled

boolean Indicates whether the customer's browser is able to execute JavaScript. Obtained from the navigator HTML DOM object.

timezone_offset

integer Time difference between UTC time and the cardholder browser local time. Obtained from the getTimezoneOffset() method applied to Date object.

screen_width

integer Total width of the payer's screen in pixels. Obtained from the screen.width HTML DOM property.

screen_height

integer Obtained from the navigator HTML DOM object.

color_depth

integer Obtained from payer's browser using the screen.colorDepth HTML DOM property.

language

string Obtained from payer's browser using the navigator.language HTML DOM property. Maximum limit of 8 characters.

notes

optional

object Key-value object used for passing tracking info. Refer to

Notes

for more details.

callback_url

optional

string URL endpoint where Razorpay will submit the final payment status.

referrer

optional

string Referrer header passed by the client's browser.

Response Parameters

If the payment request is valid, the response contains the following fields.

razorpay_payment_id

string Razorpay-generated ID for the payment created for this request. Present for all responses.

next

array A list of action objects available to you to continue the payment process.

action

string An indication of the next step available for payment processing. Possible value:

  • redirect: The payment requires the customer to be redirected to a bank page. Redirect the customer's browser to the URL returned in the url attribute of the object.

url

string URL to be used for the action indicated. For redirect, this will be a URL that the customer's browser needs to be redirected to for authentication.

A basic integration must look out for one type of next action:

Implementing Native OTP flows

If you are using this endpoint to implement

native OTP

on your website, you can pass the following additional request parameters.

auth_type

string Can be set to otp for Native OTP or 3ds for regular ACS payments. This will force the payment to use this authentication type.

preferred_auth

array List of authentication types that can be sent instead of auth_type, in order to indicate a preference. In this case, if the first authentication type is not supported, the payment will fallback to the next.

You can also opt to have ['otp', '3ds'] defined as your default preferred auth. Get in touch with our

Support Team

to have this configured for your account.

The response contains the following actions that should be consumed:

Next ActionDescription
otp_submitThe payment requires an OTP to be submitted via a POST request to the URL returned in the url attribute of the object.
otp_resendThe option to resend an OTP is available for the payment. It can be triggered by sending an empty POST request to the URL returned in the url attribute of the object.

Watch Out!

The OTP Submit and Resend APIs return a response in a particular

format

. A payment that is successfully authenticated in this manner need not be verified.

Examples

Different samples of payments using Native OTP with and without redirect flows are given below.

Payment Using Native OTP

This payment request results in next array containing otp_submit and otp_resend. This means the customer must be prompted for an OTP which can be submitted in the OTP Submit endpoint.

As otp_resend is also available, you can re-trigger the OTP SMS using the URL shared.

curl -X POST https://api.razorpay.com/v1/payments/create/redirect \
-u [YOUR_KEY_ID]:[YOUR_SECRET] \
-H 'content-type: application/json'
-d '{
  "amount": "1000",
  "currency": "INR",
  "order_id": "order_D32tqGE9vgwgJq",
  "email": "gaurav.kumar@example.com",
  "contact": "9000090000",
  "method": "card",
  "card": {
    "number": "4111111111111111",
    "name": "Gaurav",
    "expiry_month": 11,
    "expiry_year": 23,
    "cvv": 100
  },
  "authentication": {
    "authentication_channel": "browser"
  },
  ### 3DS2.0 Browser Parameters###
  "browser": {
    "java_enabled": false,
    "javascript_enabled": false,
    "timezone_offset": 11,
    "color_depth": 23,
    "screen_width": 23,
    "screen_height": 100
  },
  "ip": "105.106.107.108",
  "referer": "https://merchansite.com/example/paybill",
  "user_agent": "Mozilla/5.0",
  "auth_type": "otp"
}'

Payment Using Native OTP with Redirect Fallback

This payment request results in a next array containing otp_submit, otp_resend, and redirect. The redirect action here acts as a fallback to the bank page, that is, if your customer opts to enter the OTP on his bank page only, the browser can be redirected to the redirect URL in order to complete the payment using 3DS flow.

curl -X POST https://api.razorpay.com/v1/payments/create/redirect \
-u [YOUR_KEY_ID]:[YOUR_SECRET] \
-H 'content-type: application/json'
-d '{
  "amount": "1000",
  "currency": "INR",
  "order_id": "order_D32tqGE9vgwgJq",
  "email": "gaurav.kumar@example.com",
  "contact": "9000090000",
  "method": "card",
  "card": {
    "number": "4111111111111111",
    "name": "Gaurav",
    "expiry_month": 11,
    "expiry_year": 23,
    "cvv": 100
  },
  "authentication": {
    "authentication_channel": "browser"
  },
  ### 3DS2.0 Browser Parameters###
  "browser": {
    "java_enabled": false,
    "javascript_enabled": false,
    "timezone_offset": 11,
    "color_depth": 23,
    "screen_width": 23,
    "screen_height": 100
  },
  "ip": "105.106.107.108",
  "referer": "https://merchansite.com/example/paybill",
  "user_agent": "Mozilla/5.0",
  "auth_type": "otp"
}

Payment Using Native OTP as Preferred Auth

Here the payment request contains preferred auth that opts for otp and falls back to 3ds. This will result in a next array containing otp_submit and otp_resend. If Native OTP is not supported for the card, the next array containing only redirect is returned in the response.

curl -X POST https://api.razorpay.com/v1/payments/create/redirect \
-u [YOUR_KEY_ID]:[YOUR_SECRET] \
-H 'content-type: application/json'
-d '{
  "amount": "1000",
  "currency": "INR",
  "order_id": "order_D32tqGE9vgwgJq",
  "email": "gaurav.kumar@example.com",
  "contact": "9000090000",
  "method": "card",
  "card": {
    "number": "4111111111111111",
    "name": "Gaurav",
    "expiry_month": 11,
    "expiry_year": 23,
    "cvv": 100
  },
  "authentication": {
    "authentication_channel": "browser"
  },
  ### 3DS2.0 Browser Parameters###
  "browser": {
    "java_enabled": false,
    "javascript_enabled": false,
    "timezone_offset": 11,
    "color_depth": 23,
    "screen_width": 23,
    "screen_height": 100
  },
  "ip": "105.106.107.108",
  "referer": "https://merchansite.com/example/paybill",
  "user_agent": "Mozilla/5.0",
  "preferred_auth": [
    "otp",
    "3ds"
  ]
}

Response on Submitting OTP

Once the customer submits the OTP using the following endpoint, the respective success or failure responses will be generated.

Feature Request

This is an on-demand feature. Please raise a request with our

Support team

to get this feature activated on your Razorpay account.

The following endpoint submits the OTP:

POST
payments/:id/otp/submit
curl -X POST \
'https://api.razorpay.com/v1/payments/pay_D5jmY2H6vC7Cy3/otp/submit' \
-u [YOUR_KEY_ID]:[YOUR_KEY_SECRET] \
-H "Content-Type: application/x-www-form-urlencoded" \
-d 'otp=123456'

After the payment is completed, the final response is posted to the URL given in callback_url of the request.

1.3 Handle Payment Success and Failure

Once the payment is completed by the customer, a POST request is made to the callback_url provided in the payment request. The data contained in this request will depend on whether the payment was a success or a failure of the payment made by the customer.

Success Callback

If the payment made by the customer is successful, the following fields are sent:

  • razorpay_payment_id
  • razorpay_order_id
  • razorpay_signature
{
  "razorpay_payment_id": "pay_29QQoUBi66xm2f",
  "razorpay_order_id": "order_9A33XWu170gUtm",
  "razorpay_signature": "9ef4dffbfd84f1318f6739a3ce19f9d85851857ae648f114332d8401e0949a3d"
}

Failure Callback

If the payment has failed, the callback will contain details of the error. Refer to

errors

for details.

1.4 Verify Payment Signature

This is a mandatory step to confirm the authenticity of the details returned to the Checkout form for successful payments.

To verify the razorpay_signature returned to you by the Checkout form:

  1. Create a signature in your server using the following attributes:

    • order_id: Retrieve the order_id from your server. Do not use the razorpay_order_id returned by Checkout.
    • razorpay_payment_id: Returned by Checkout.
    • key_secret: Available in your server. The key_secret that was generated from the
      Razorpay Dashboard
      .

  2. Use the SHA256 algorithm, the razorpay_payment_id and the order_id to construct a HMAC hex digest as shown below:

    generated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret);
    

      if (generated_signature == razorpay_signature) {
        payment is successful
      }

  3. If the signature you generate on your server matches the razorpay_signature returned to you by the Checkout form, the payment received is from an authentic source.

Generate Signature on Your Server

Given below is the sample code for payment signature verification:

RazorpayClient razorpay = new RazorpayClient("[YOUR_KEY_ID]", "[YOUR_KEY_SECRET]");


String secret = "EnLs21M47BllR3X8PSFtjtbd";


JSONObject options = new JSONObject();
options.put("razorpay_order_id", "order_IEIaMR65cu6nz3");
options.put("razorpay_payment_id", "pay_IH4NVgf4Dreq1l");
options.put("razorpay_signature", "0d4e745a1838664ad6c9c9902212a32d627d68e917290b0ad5f08ff4561bc50f");


boolean status =  Utils.verifyPaymentSignature(options, secret);

Post Signature Verification

After you have completed the integration, you can

set up webhooks

, make test payments, replace the test key with the live key and integrate with other

APIs

.

1.5 Verify Payment Status

You can track the payment status in three ways:

Handy Tips

  • On the Dashboard, ensure that the payment status is captured. Refer to the payment capture settings page to know how to

    capture payments automatically

    .
  • Subscribe to our webhooks or poll the Fetch a Payment API to track the payment status.

Verify Status from Dashboard

To verify the payment status from the Dashboard:

  1. Log in to the

    Dashboard

    and navigate to TransactionsPayments.
  2. Check if a Payment Id has been generated and note the status. In case of a successful payment, the status is marked as Captured.
Check if the payment id is generated and the status is captured

Subscribe to Webhook Events

You can use Razorpay webhooks to configure and receive notifications when a specific event occurs. When one of these events is triggered, we send an HTTP POST payload in JSON to the webhook's configured URL. Know how to

set up webhooks.

Example

If you have subscribed to the order.paid webhook event, you will receive a notification every time a customer pays you for an order.

Poll APIs

Poll Payment APIs

to check the payment status.

Next Steps

Step 2: Test Integration

Is this integration guide useful?

ON THIS PAGE