Steps to integrate S2S JSON API and accept payments using cards.
You can integrate with Razorpay APIs to start accepting card payments. Razorpay APIs support the latest 3DS2 authentication protocol.
Handy Tips
If you are an existing Razorpay user, that is, you integrated with our S2S APIs before October 15, 2022, you need to make certain integration changes to
3DS2 is an authentication protocol, the successor of 3DS1, that enables businesses and payment providers to send additional information (such as customer device or browser data) to verify the transaction's authenticity. Razorpay integration is compliant with the 3DS2 protocol.
The order_id received in the response should be passed to the checkout. This ties the order with the payment and secures the request from being tampered.
You can create an order:
Using the sample code on the Razorpay Postman Public Workspace.
By manually integrating the API sample codes on your server.
Use this endpoint to create an order using the Orders API.
POST
/orders
curl -X POST https://api.razorpay.com/v1/orders
-U [YOUR_KEY_ID]:[YOUR_KEY_SECRET]
-H 'content-type:application/json'
-d '{
"amount": 500,
"currency": "INR",
"receipt": "qwsaq1",
"partial_payment": true,
"first_payment_min_amount": 230,
"notes": {
"key1": "value3",
"key2": "value2"
}
}'
{
"id":"order_IluGWxBm9U8zJ8",
"entity":"order",
"amount":5000,
"amount_paid":0,
"amount_due":5000,
"currency":"INR",
"receipt":"rcptid_11",
"offer_id":null,
"status":"created",
"attempts":0,
"notes":[],
"created_at":1642662092
}
Request Parameters
amount
mandatory
integer The transaction amount, expressed in the currency subunit. For example, for an actual amount of ₹299.35, the value of this field should be 29935.
currency
mandatory
string The currency in which the transaction should be made. Refer to the
string Your receipt id for this order should be passed here. Maximum length is 40 characters.
notes
optional
json object Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.
partial_payment
optional
boolean Indicates whether the customer can make a partial payment. Possible values:
true: The customer can make partial payments.
false (default): The customer cannot make partial payments.
first_payment_min_amount
optional
integer Minimum amount that must be paid by the customer as the first partial payment. For example, if an amount of ₹7,000 is to be received from the customer in two installments of #1 - ₹5,000, #2 - ₹2,000, then you can set this value as 500000. This parameter should be passed only if partial_payment is true.
Response Parameters
Descriptions for the response parameters are present in the
integer Payment amount in the smallest currency sub-unit. For example, if the amount to be charged is ₹299.00, then pass 29900 in this field. In case of three decimal currencies such as KWD, BHD and OMR, to accept a payment of 295.999, pass the value as 295999.
Watch Out!
As per VISA Guidelines, you should pass the last decimal number as 0 for three decimal currency payments. For example, if you want to charge a customer 99.991 KD for a transaction, you should pass the value for the amount parameter as 99990 and not 99991.
currency
mandatory
string Currency code for the currency in which you want to accept the payment. For example, INR. Refer to the list of supported currencies. The length must be 3 characters.
Handy Tips
Razorpay has added support for three decimal currencies such as KWD, BHD, and OMR. This allows businesses to accept international payments in these currencies (April 2023). Know more about
CVV is an optional field. Skip passing the cvv parameter to Razorpay to implement this change.
user-agent
mandatory
string The User-Agent header of the user's browser. The default value will be passed by Razorpay if not provided by you.
ip
mandatory
string The customer's IP address.
authentication
optional
object Details of the authentication channel.
authentication_channel
string The authentication channel for the payment. Possible values:
browser (default)
app
browser
mandatory
object Information regarding the customer's browser. This parameter need not be passed when authentication_channel=app.
java_enabled
boolean Indicates whether the customer's browser supports Java. Obtained from the navigator HTML DOM object.
javascript_enabled
boolean Indicates whether the customer's browser can execute JavaScript.Obtained from the navigator HTML DOM object.
timezone_offset
integer Time difference between UTC time and the cardholder's browser local time. Obtained from the getTimezoneOffset() method applied to the Date object.
screen_width
integer Total width of the payer's screen in pixels. Obtained from the screen.width HTML DOM property.
screen_height
integer Obtained from the navigator HTML DOM object.
color_depth
integer Obtained from the payer's browser using the screen.colorDepth HTML DOM property.
language
string Obtained from the payer's browser using the navigator.language HTML DOM property. Maximum limit of 8 characters.
notes
optional
object Key-value object used for passing tracking info. Refer to
If you would like the customer to enter the OTP on your website instead of the bank page, use the otp_generate URL. When this URL is triggered, you get the following response:
curl -u [YOUR_KEY_ID]
-X POST https://api.razorpay.com/v1/payments/pay_FVmAstJWfsD3SO/otp_generate
If the payment request is valid, the response contains the following fields.
razorpay_payment_id
string Unique identifier of the payment. Present for all responses.
next
array A list of action objects available to you to continue the payment process. Present when the payment requires further processing.
action
string An indication of the next step available for payment processing. Possible values:
opt_submit - Use this URL to allow the customer to submit OTP and complete the payment on your webpage.
opt_resend - Use this URL to resend OTP to the customer.
url
string URL to be used for the action indicated.
If the customer faces any latency issues, you can choose to cancel this request and redirect the customer to the bank page to enter the OTP and complete the payment. Thus, you can avoid payment failure by switching the customer to the bank page payment flow.
Once the payment is completed by the customer, a POST request is made to the callback_url provided in the payment request. The data contained in this request will depend on whether the payment was a success or a failure.
Signature verification is a mandatory step to ensure that the callback is sent by Razorpay. The razorpay_signature contained in the callback can be regenerated by your system and verified as follows.
Create a string to be hashed using the razorpay_payment_id contained in the callback and the Order ID generated in the first step, separated by a |. Hash this string using SHA256 and your API Secret.
You can use Razorpay webhooks to configure and receive notifications when a specific event occurs. When one of these events is triggered, we send an HTTP POST payload in JSON to the webhook's configured URL. Know how to