1. Build Integration for Cards (New Integration)
Steps to integrate S2S JSON V1 and accept payments using cards.
Integrate with Razorpay APIs to start accepting card payments. Our APIs support the latest 3DS2 authentication protocol.
Handy Tips
If you are an existing Razorpay user, that is, you integrated with our S2S APIs before October 15, 2022, you need to make certain integration changes to
.Watch Out!
You must have a PCI compliance certificate to get this feature enabled on your account.
3DS2 is an authentication protocol, the successor of 3DS1, that enables businesses and payment providers to send additional information (such as customer device or browser data) to verify the transaction's authenticity. Razorpay integration is compliant with the 3DS2 protocol.
Know more: Razorpay supports
.Handy Tips
- Integration does not differ for the challenge or frictionless flow.
- Frictionless flow is not applicable for payments on cards issued in India.
The integration consists of the following steps.
1.1
.1.2
.1.3
.1.4
.1.5
.Watch Out!
Do not hardcode the URL returned in the API responses.
Order is an important step in the payment process.
- An order should be created for every payment.
- You can create an order using the . It is a server-side API call. Know how to Orders API.
- The
order_idreceived in the response should be passed to the checkout. This ties the order with the payment and secures the request from being tampered.
Create an order by manually integrating the API sample codes on your server.
Use this endpoint to create an order using the Orders API.
curl -X POST https://api.razorpay.com/v1/orders-U [YOUR_KEY_ID]:[YOUR_KEY_SECRET]-H 'content-type:application/json'-d '{"amount": 50000,"currency": "SGD","receipt": "qwsaq1","partial_payment": true,"first_payment_min_amount": 230,"notes": {"key1": "value3","key2": "value2"}}'
{"id": "order_IluGWxBm9U8zJ8","entity": "order","amount": 50000,"amount_paid": 0,"amount_due": 50000,"currency": "SGD","receipt": "rcptid_11","offer_id": null,"status": "created","attempts": 0,"notes": [],"created_at": 1642662092}
amount
mandatory
integer The amount to be paid by the customer in cents. For example, if the amount is S$500.00, enter 50000.
currency
mandatory
string The currency in which the payment should be made by the customer. Length must be of 3 characters.
receipt
optional
string Your receipt id for this order should be passed here. Maximum length is 40 characters.
notes
optional
json object Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.
partial_payment
optional
boolean Indicates whether the customer can make a partial payment. Possible values:
true: The customer can make partial payments.false(default): The customer cannot make partial payments.
first_payment_min_amount
optional
integer Minimum amount that must be paid by the customer as the first partial payment. For example, if an amount of S$7,000.00 is to be received from the customer in two installments of #1 - S$5,000.00, #2 - S$2,000.00 then you can set this value as 500000. This parameter should be passed only if partial_payment is true.
Know more about
.Descriptions for the response parameters are present in the
parameters table.The error response parameters are available in the
.Create a payment using the API given below after your order is created.
curl -X POST \https://api.razorpay.com/v1/payments/create/json \-u [YOUR_KEY_ID]:[YOUR_KEY_SECRET] \-H "Content-Type: application/json" \-d '{"amount": 100,"currency": "SGD","contact": "+6591119111","email": "alex.lim@example.com","order_id": "order_DPzFe1Q1dEOKed","method": "card","card": {"number": "5272008806235704","name": "Alex","expiry_month": 11,"expiry_year": 30,"cvv": 100},"authentication": {"authentication_channel": "browser"},### 3DS2.0 Browser Parameters###"browser": {"java_enabled": false,"javascript_enabled": false,"timezone_offset": 11,"color_depth": 23,"screen_width": 23,"screen_height": 100},"ip": "105.106.107.108","referer": "https://merchansite.com/example/paybill","user_agent": "Mozilla/5.0"}'
order_id
mandatory
string Unique identifier of the Order generated in the first step.
mandatory
string Email address of the customer. Maximum length supported is 40 characters.
contact
mandatory
string Phone number of the customer. Maximum length supported is 15 characters, inclusive of country code.
method
mandatory
string Name of the payment method. Possible value is card.
user-agent
mandatory
string The User-Agent header of the user's browser. Default value will be passed by Razorpay if not provided by merchant.
ip
mandatory
string The customer's IP address.
authentication
optional
object Details of the authentication channel.
authentication_channel
string The authentication channel for the payment. Possible values:
browser(default)app
browser
mandatory
object Information regarding the customer's browser. This parameter need not be passed when authentication_channel=app.
java_enabled
boolean Indicates whether the customer's browser supports Java. Obtained from the navigator HTML DOM object. Possible values:
true: Customer's browser supports Java.false: Customer's browser does not support Java.
javascript_enabled
boolean Indicates whether the customer's browser can execute JavaScript. Obtained from the navigator HTML DOM object. Possible values:
true: Customer's browser can execute JavaScript.false: Customer's browser cannot execute JavaScript.
timezone_offset
integer Time difference between UTC time and the cardholder browser local time. Obtained from the getTimezoneOffset() method applied to Date object.
screen_width
integer Total width of the payer's screen in pixels. Obtained from the screen.width HTML DOM property.
screen_height
integer Obtained from the navigator HTML DOM object.
color_depth
integer Obtained from payer's browser using the screen.colorDepth HTML DOM property.
language
string Obtained from payer's browser using the navigator.language HTML DOM property. Maximum limit of 8 characters.
notes
optional
object Key-value object used for passing tracking info. Refer to
callback_url
optional
string URL endpoint where Razorpay will submit the final payment status.
referrer
optional
string Referrer header passed by the client's browser.
If the payment request is valid, the response contains the following fields.
razorpay_payment_id
string Razorpay-generated ID for the payment created for this request. Present for all responses.
next
array A list of action objects available to you to continue the payment process.
action
string An indication of the next step available for payment processing. Possible value:
redirect: The payment requires the customer to be redirected to a bank page. Redirect the customer's browser to the URL returned in theurlattribute of the object.
url
string URL to be used for the action indicated. For redirect, this will be a URL that the customer's browser needs to be redirected to for authentication.
A basic integration must look out for one type of next action:
If you are using this endpoint to implement
on your website, you can pass the following additional request parameters.auth_type
string Can be set to otp for Native OTP or 3ds for regular ACS payments. This will force the payment to use this authentication type.
preferred_auth
array List of authentication types that can be sent instead of auth_type, in order to indicate a preference. In this case, if the first authentication type is not supported, the payment will fallback to the next.
The response contains the following actions that should be consumed:
Watch Out!
The OTP Submit and Resend APIs return a response in a particular
. A payment that is successfully authenticated in this manner need not be verified.Different samples of payments using Native OTP with and without redirect flows are given below.
This payment request results in next array containing otp_submit and otp_resend. This means the customer must be prompted for an OTP which can be submitted in the OTP Submit endpoint.
As otp_resend is also available, you can re-trigger the OTP SMS using the URL shared.
curl -X POST https://api.razorpay.com/v1/payments/create/redirect \-u [YOUR_KEY_ID]:[YOUR_SECRET] \-H 'content-type: application/json'-d '{"amount": "1000","currency": "SGD","order_id": "order_D32tqGE9vgwgJq","email": "nur.aisyah@example.com","contact": "+6591119111","method": "card","card": {"number": "5272008806235704 ","name": "Alex","expiry_month": 11,"expiry_year": 23,"cvv": 100},"authentication": {"authentication_channel": "browser"},### 3DS2.0 Browser Parameters###"browser": {"java_enabled": false,"javascript_enabled": false,"timezone_offset": 11,"color_depth": 23,"screen_width": 23,"screen_height": 100},"ip": "105.106.107.108","referer": "https://merchansite.com/example/paybill","user_agent": "Mozilla/5.0","auth_type": "otp"}'
This payment request results in a next array containing otp_submit, otp_resend, and redirect. The redirect action here acts as a fallback to the bank page, that is, if your customer opts to enter the OTP on his bank page only, the browser can be redirected to the redirect URL in order to complete the payment using 3DS flow.
Here the payment request contains preferred auth that opts for otp and falls back to 3ds. This will result in a next array containing otp_submit and otp_resend. If Native OTP is not supported for the card, the next array containing only redirect is returned in the response.
Once the customer submits the OTP using the following endpoint, the respective success or failure responses will be generated.
Feature Request
This is an on-demand feature. Please raise a request with our
to get this feature activated on your Razorpay account.The following endpoint submits the OTP:
After the payment is completed, the final response is posted to the URL given in callback_url of the request.
Once the payment is completed by the customer, a POST request is made to the callback_url provided in the payment request. The data contained in this request will depend on whether the payment was a success or a failure of the payment made by the customer.
If the payment made by the customer is successful, the following fields are sent:
razorpay_payment_idrazorpay_order_idrazorpay_signature
{"razorpay_payment_id": "pay_29QQoUBi66xm2f","razorpay_order_id": "order_9A33XWu170gUtm","razorpay_signature": "9ef4dffbfd84f1318f6739a3ce19f9d85851857ae648f114332d8401e0949a3d"}
If the payment has failed, the callback will contain details of the error. Refer to
for details.This is a mandatory step to confirm the authenticity of the details returned to the Checkout form for successful payments.
-
Create a signature in your server using the following attributes:
order_id: Retrieve theorder_idfrom your server. Do not use therazorpay_order_idreturned by Checkout.razorpay_payment_id: Returned by Checkout.key_secret: Available in your server. Thekey_secretthat was generated from the .
-
Use the SHA256 algorithm, the
razorpay_payment_idand theorder_idto construct a HMAC hex digest as shown below:generated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret);if (generated_signature == razorpay_signature) {payment is successful} -
If the signature you generate on your server matches the
razorpay_signaturereturned to you by the Checkout form, the payment received is from an authentic source.
Given below is the sample code for payment signature verification:
RazorpayClient razorpay = new RazorpayClient("[YOUR_KEY_ID]", "[YOUR_KEY_SECRET]");String secret = "EnLs21M47BllR3X8PSFtjtbd";JSONObject options = new JSONObject();options.put("razorpay_order_id", "order_IEIaMR65cu6nz3");options.put("razorpay_payment_id", "pay_IH4NVgf4Dreq1l");options.put("razorpay_signature", "0d4e745a1838664ad6c9c9902212a32d627d68e917290b0ad5f08ff4561bc50f");boolean status = Utils.verifyPaymentSignature(options, secret);
After you have completed the integration, you can
, make test payments, replace the test key with the live key and integrate with other .Handy Tips
On the Razorpay Dashboard, ensure that the payment status is captured. Refer to the payment capture settings page to know how to
To verify the payment status from the Razorpay Dashboard:
- Log in to the Razorpay Dashboard and navigate to Transactions → Payments.
- Check if a Payment Id has been generated and note the status. In case of a successful payment, the status is marked as Captured.
Is this integration guide useful?