1. Build Integration

Steps to integrate your Web application with the Razorpay S2S Redirect API.

You can integrate with Razorpay APIs to start accepting payments made using netbanking, card, UPI and other payment methods. In this document, the netbanking payment method has been shown as an example.

Follow these steps to integrate your Web application with the Razorpay S2S Redirect API:

1.1

Create an Order

1.2

Create a Payment

1.3

Handle Payment Success and Failure

1.4

Verify Payment Signature

1.5

Verify Payment Status

Watch Out!

Do not hardcode the URL returned in the API responses.

1.1 Create an Order

Order is an important step in the payment process.

An order should be created for every payment.
You can create an order using the
Orders API
. It is a server-side API call. Know how to
authenticate
Orders API.
The order_id received in the response should be passed to the checkout. This ties the order with the payment and secures the request from being tampered.

You can create an order:

Using the sample code on the Razorpay Postman Public Workspace.
By manually integrating the API sample codes on your server.

Razorpay Postman Public Workspace

You can use the Postman workspace below to create an order:

Handy Tips

Under the Authorization section in Postman, select Basic Auth and add the Key Id and secret as the Username and Password, respectively.

You can create an order manually by integrating the API sample codes on your server.

API Sample Code

Use this endpoint to create an order using the Orders API.

POST

/orders

curl -X POST https://api.razorpay.com/v1/orders 
-U [YOUR_KEY_ID]:[YOUR_KEY_SECRET]
-H 'content-type:application/json'
-d '{
  "amount": 500,
  "currency": "INR",
  "receipt": "qwsaq1",
  "partial_payment": true,
  "first_payment_min_amount": 230,
  "notes": {
    "key1": "value3",
    "key2": "value2"
  }
}'

{
  "id": "order_IluGWxBm9U8zJ8",
  "entity": "order",
  "amount": 5000,
  "amount_paid": 0,
  "amount_due": 5000,
  "currency": "INR",
  "receipt": "rcptid_11",
  "offer_id": null,
  "status": "created",
  "attempts": 0,
  "notes": [],
  "created_at": 1642662092
}

Request Parameters

amount

mandatory

integer The transaction amount, expressed in the currency subunit. For example, for an actual amount of ₹299.35, the value of this field should be 29935.

currency

mandatory

string The currency in which the transaction should be made. Refer to the

list of supported currencies

. Length must be of 3 characters.

receipt

optional

string Your receipt id for this order should be passed here. Maximum length is 40 characters.

notes

optional

json object Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.

partial_payment

optional

boolean Indicates whether the customer can make a partial payment. Possible values:

true: The customer can make partial payments.
false (default): The customer cannot make partial payments.

first_payment_min_amount

optional

integer Minimum amount that must be paid by the customer as the first partial payment. For example, if an amount of ₹7,000 is to be received from the customer in two installments of #1 - ₹5,000, #2 - ₹2,000, then you can set this value as 500000. This parameter should be passed only if partial_payment is true.

Response Parameters

Descriptions for the response parameters are present in the

Orders Entity

parameters table.

Error Response Parameters

The error response parameters are available in the

API Reference Guide

1.2 Create a Payment

Create a payment using the API given below after your order is created.

POST

/payments/create/redirect

Sample Code

The following is a sample API request and response for creating a payment:

curl -X POST \
https://api.razorpay.com/v1/payments/create/redirect \
-u [YOUR_KEY_ID]:[YOUR_KEY_SECRET] \
-H "Content-Type: application/json" \
-d
 '{
  "amount": 100,
  "currency": "INR",
  "contact": "8888888888",
  "email": "gaurav@gmail.com",
  "order_id": "order_4xbQrmEoA5WJ0G",
  "method": "netbanking",
  "bank": "HDFC",
  "ip": "105.106.107.108",
  "referer": "https://merchansite.com/example/paybill",
  "user_agent": "Mozilla/5.0"
}'

<!doctype html>
<html style="height:100%;width:100%;">

<head>
	<title>Processing, Please Wait...</title>
	<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
	<meta charset="utf-8"/>
	<meta name="viewport" content="width=device-width, initial-scale=1"/>
	<meta name="theme-color" content="#198C78"/>
	<meta http-equiv="refresh" content="0;url=https://api.razorpay.com/v1/payments/KFMEsPhiP7Ipou/authenticate" />
	<style>
		* {
			box-sizing: border-box;
			margin: 0;
			padding: 0;
		}

		body {
			background: #f5f5f5;
			overflow: hidden;
			text-align: center;
			height: 100%;
			white-space: nowrap;
			margin: 0;
			padding: 0;
			font-family: -apple-system, BlinkMacSystemFont, ubuntu, verdana, helvetica, sans-serif;
		}

		#bg {
			position: absolute;
			bottom: 50%;
			width: 100%;
			height: 50%;
			background: #198C78;
			margin-bottom: 90px;
		}

		#cntnt {
			position: relative;
			width: 100%;
			vertical-align: middle;
			display: inline-block;
			margin: auto;
			max-width: 420px;
			min-width: 280px;
			height: 95%;
			max-height: 360px;
			background: #fff;
			z-index: 9999;
			box-shadow: 0 0 20px 0 rgba(0, 0, 0, 0.16);
			border-radius: 4px;
			overflow: hidden;
			padding: 24px;
			box-sizing: border-box;
			text-align: left;
		}

		#ftr {
			position: absolute;
			left: 0;
			right: 0;
			bottom: 0;
			height: 80px;
			background: #f5f5f5;
			text-align: center;
			color: #212121;
			font-size: 14px;
			letter-spacing: -0.3px;
		}

		#ftr_new {
			display: flex;
			justify-content: space-between;
			align-items: center;
			padding: 0 24px;
			position: absolute;
			left: 0;
			right: 0;
			bottom: 0;
			height: 80px;
			background: #f5f5f5;
			text-align: center;
			color: #212121;
			font-size: 14px;
			letter-spacing: -0.3px;
		}

		#ldr {
			width: 100%;
			height: 3px;
			position: relative;
			margin-top: 16px;
			border-radius: 3px;
			overflow: hidden;
		}

		#ldr::before,
		#ldr::after {
			content: '';
			position: absolute;
			top: 0;
			bottom: 0;
			width: 100%;
		}

		#ldr::before {
			top: 1px;
			border-top: 1px solid #bcbcbc;
		}

		#ldr::after {
			background: #198C78;
			width: 0%;
			transition: 20s cubic-bezier(0, 0.1, 0, 1);
		}

		.loaded #ldr::after {
			width: 90%;
		}

		#logo {
			width: 48px;
			height: 48px;
			padding: 8px;
			border: 1px solid #e5e5e5;
			border-radius: 3px;
			text-align: center;
		}

		#hdr {
			min-height: 48px;
			position: relative;
		}

		#logo,
		#name,
		#amt {
			display: inline-block;
			vertical-align: middle;
			letter-spacing: -0.5px;
		}

		#amt {
			position: absolute;
			right: 0;
			top: 0;
			background: #fff;
			color: #212121;
		}

		#name {
			line-height: 48px;
			margin-left: 12px;
			font-size: 16px;
			max-width: 140px;
			overflow: hidden;
			text-overflow: ellipsis;
			color: #212121;
		}

		#logo+#name {
			line-height: 20px;
		}

		#txt {
			height: 200px;
			text-align: center;
		}

		#title {
			font-size: 20px;
			line-height: 24px;
			margin-bottom: 8px;
			letter-spacing: -0.3px;
		}

		#msg,
		#cncl {
			font-size: 14px;
			line-height: 20px;
			color: #757575;
			margin-bottom: 8px;
			letter-spacing: -0.3px;
		}

		#cncl {
			text-decoration: underline;
			cursor: pointer;
		}

		#logo img {
			max-width: 100%;
			max-height: 100%;
			vertical-align: middle;
		}

		@media (max-height:580px),
		(max-width:420px) {
			#bg {
				display: none;
			}

			body {
				background: #198C78;
			}
		}

		@media (max-width:420px) {
			#cntnt {
				padding: 16px;
				width: 95%;
			}

			#name {
				margin-left: 8px;
			}
		}

		@media (max-height:580px),
		(max-width:420px) {
			#ftr_new {
				padding: 0 16px;
			}
		}
	</style>
</head>
<script>
	var events = {
    page: 'payment_redirect_postform',
    props: {
          payment_id: 'pay_KFMEsPhiP7Ipou',
              merchant_id: '8TgNt9DVrJB0bl',
        },
    load: true,
    unload: true
  }
</script>
<script>
	!function(e){e.track=Boolean;try{if(/razorpay\.in$/.test(location.origin))return;if("object"!=typeof e.events)return;var n=e.events.props;if(0===Object.keys(n).length)return;var t,o=e.events,r=o.page,a=o.load,s=o.unload,i=o.error,c="https://lumberjack.razorpay.com/v1/track",u="MC40OTMwNzgyMDM3MDgwNjI3Nw9YnGzW",p="function"==typeof navigator.sendBeacon,d=Date.now(),f=[{name:"ua_parser",input_key:"user_agent",output_key:"user_agent_parsed"}];function l(e,o){(o=o||{}).beacon=p,o.time_since_render=Date.now()-d,o.url=location.href,function(e,n){if(e&&n)Object.keys(n).forEach(function(t){e[t]=n[t]})}(o,n);var a={addons:f,events:[{event:r+":"+e,properties:o,timestamp:Date.now()}]},s=encodeURIComponent(btoa(unescape(encodeURIComponent(JSON.stringify(a))))),i=JSON.stringify({key:u,data:s});p?navigator.sendBeacon(c,i):((t=new XMLHttpRequest).open("post",c,!0),t.send(i))}a&&l("load"),s&&e.addEventListener("unload",function(){l("unload")}),i&&e.addEventListener("error",function(e){l("error",{message:e.message,line:e.line,col:e.col,stack:e.error&&e.error.stack})})}catch(e){}e.track=l}(window);
</script>

<body>
	<div id='bg'></div>
	<div style="display:inline-block;vertical-align:middle;height:100%"></div>
	<div id='cntnt'>
		<div id="hdr">
			<div id='name'>
				RazorPay
			</div>
		</div>
		<div id="ldr"></div>
		<div id="txt">
			<div style="display:inline-block;vertical-align:middle;white-space:normal;">
				<h2 id='title'>Loading Bank page&#x2026;</h2>
				<p id='msg'>Please wait while we redirect you to your Bank page</p>
			</div>
			<div style="display:inline-block;vertical-align:middle;height:100%"></div>
		</div>
		<div id='ftr'>
			<div style="display:inline-block;">Secured by
				<img style="vertical-align:middle;margin-bottom:5px;" height="20px" src="https://cdn.razorpay.com/logo.svg"/></div>
				<div style="display:inline-block;vertical-align:middle;height:100%"></div>
			</div>
		</div>
		<script>
			setTimeout(function() {
      document.body.className = 'loaded';
    }, 10);

    setTimeout(function(){
      document.getElementById('title').innerHTML = 'Still trying to load...';
      document.getElementById('msg').innerHTML = 'The bank page is taking time to load.';
    }, 10000);
		</script>
</body>

</html>

Request Parameters

amount

mandatory

integer Payment amount in the smallest currency subunit.
For example, if the amount to be charged is ₹299.00, then pass 29900 in this field.

currency

mandatory

string Currency code for the currency in which you want to accept the payment. For example, INR. Refer to the

supported currencies

for a list of supported international currencies.

order_id

mandatory

string Unique identifier of the Order created at your server side.
Enter the id returned in the response of the

step.

mandatory

string Email address of the customer.

contact

mandatory

string Contact of the customer.

method

mandatory

string Supported payment methods are:

card
netbanking
wallet
emi
upi
emandate

vpa

mandatory

string Virtual payment address of the customer. Required if the method is upi.

card

The fields that can be pre-populated in the Checkout form.

number

mandatory

string Unformatted card number. Required if the method is card.

name

mandatory

string Name of the cardholder. Required if the method is card.

expiry_month

mandatory

integer Expiry month for the card in MM format. Required if the method is card.

expiry_year

mandatory

string Expiry year for the card in YY format. Required if the method is card.

cvv

mandatory

string CVV printed on the back of the card. Required if the method is card.

Handy Tips

CVV is not required by default for Visa and Amex tokenised cards.
To enable CVV-less flow for Rupay and MasterCard, contact our
support team
.
CVV is mandatory for Diners tokenised cards.
CVV is an optional field. Skip passing the cvv parameter to Razorpay to implement this change.

bank_account

The details of the bank account that should be passed in the request.

account_number

mandatory

string Bank account number used to initiate the payment. Required if the method is emandate.

ifsc

mandatory

string IFSC of the bank used to initiate the payment. Required if the method is emandate.

name

mandatory

string Name associated with the bank account used to initiate the payment. Required if the method is emandate.

bank

mandatory

string Bank code of the bank used for the payment. Required if the method is fpx.

wallet

mandatory

string Wallet code for the wallet used for the payment. Required if the method is wallet.

notes

optional

object Key-value object used for passing tracking info. Refer to

notes

for more details.

callback_url

optional

string URL endpoint where Razorpay will submit the final payment status.

mandatory

string IP Address of the client's browser.

referrer

mandatory

string Referrer header passed by the client's browser.

user_agent

mandatory

string Value of user_agent header passed by the client's browser.

Response Parameters

Descriptions for the response parameters are present in the

Payments Entity

parameters table.

Response Types

2OO OK

The response contains 200 OK code along with the HTML content that needs to be opened in the customer's browser. This HTML content contains form fields that will be automatically posted to the bank or wallet URL (specified in the form) to continue with the payment process.

400 Bad Request

This can happen when erroneous parameters are passed in the request, for example invalid currency.

{
"error_code": "BAD_REQUEST_ERROR",
"error_description": "Payment failed",
"error_source": "gateway",
"error_step": "payment_authorization",
"error_reason": "payment_failed",
}

Know more about

errors

The HTML form returned in the response should be opened in the customer's browser. The customer completes the payment on the displayed page.

1.3 Handle Payment Success and Failure

Once the payment is completed by the customer, a POST request is sent to the callback_url provided in the

create a payment request

. The data contained in the POST request depends on the success or failure of the payment made by the customer.

Success

A successful payment contains the following fields:

razorpay_payment_id
razorpay_order_id
razorpay_signature

{   "razorpay_payment_id": "pay_29QQoUBi66xm2f",
    "razorpay_order_id": "order_9A33XWu170gUtm",
    "razorpay_signature": "9ef4dffbfd84f1318f6739a3ce19f9d85851857ae648f114332d8401e0949a3d"
}

Failure

In failed payments, the response received at the callback contains the error details as shown below:

error%5Bcode%5D=BAD_REQUEST_ERROR&error%5Bdescription%5D=Payment+failed&error%5Bsource%5D=gateway&error%5Bstep%5D=payment_authorization&error%5Breason%5D=payment_failed&error%5Bmetadata%5D=%7B%22payment_id%22%3A%22pay_HDP0E0MdoAaOYu%22%2C%22order_id%22%3A%22order_HDOSKuUVbejk0C%22%7D

The key-value parameters of the request are shown below:

error_code

string Error that occurred during payment. For example, BAD_REQUEST_ERROR.

error_description

string Description of the error that occurred during payment. For example, Payment failed.

error_source

string The point of failure. For example, gateway.

error_step

string The stage where the transaction failure occurred. The stages can vary depending on the payment method used to complete the transaction. For example, payment_auhtorization.

error_reason

string The exact error reason. For example, payment_failed.

metadata

object Contains additional information about the request.

payment_id

string Unique identifier of the payment.

order_id

string Unique identifier of the order associated with the payment.

Know more about

errors

1.4 Verify Payment Signature

This is a mandatory step to confirm the authenticity of the details returned to the Checkout form for successful payments.

To verify the razorpay_signature returned to you by the Checkout form:

Create a signature in your server using the following attributes:
- order_id: Retrieve the order_id from your server. Do not use the razorpay_order_id returned by Checkout.
- razorpay_payment_id: Returned by Checkout.
- key_secret: Available in your server. The key_secret that was generated from the
  Razorpay Dashboard
  .

Use the SHA256 algorithm, the razorpay_payment_id and the order_id to construct a HMAC hex digest as shown below:

generated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret);

  if (generated_signature == razorpay_signature) {
    payment is successful
  }

If the signature you generate on your server matches the razorpay_signature returned to you by the Checkout form, the payment received is from an authentic source.

Generate Signature on Your Server

Given below is the sample code for payment signature verification:

RazorpayClient razorpay = new RazorpayClient("[YOUR_KEY_ID]", "[YOUR_KEY_SECRET]");

String secret = "EnLs21M47BllR3X8PSFtjtbd";

JSONObject options = new JSONObject();
options.put("razorpay_order_id", "order_IEIaMR65cu6nz3");
options.put("razorpay_payment_id", "pay_IH4NVgf4Dreq1l");
options.put("razorpay_signature", "0d4e745a1838664ad6c9c9902212a32d627d68e917290b0ad5f08ff4561bc50f");

boolean status =  Utils.verifyPaymentSignature(options, secret);

Post Signature Verification

After you have completed the integration, you can

set up webhooks

, make test payments, replace the test key with the live key and integrate with other

APIs

1.5 Verify Payment Status

You can track the payment status in three ways:

Handy Tips

On the Dashboard, ensure that the payment status is captured. Refer to the payment capture settings page to know how to
capture payments automatically
.
Subscribe to our webhooks or poll the Fetch a Payment API to track the payment status.

Verify Status from Dashboard

To verify the payment status from the Dashboard:

Log in to the
Dashboard
and navigate to Transactions → Payments.
Check if a Payment Id has been generated and note the status. In case of a successful payment, the status is marked as Captured.

Check if the payment id is generated and the status is captured

You can use Razorpay webhooks to configure and receive notifications when a specific event occurs. When one of these events is triggered, we send an HTTP POST payload in JSON to the webhook's configured URL. Know how to

set up webhooks.