1.1 Create an Order in Server

Order is an important step in the payment process.

• An order should be created for every payment.
• You can create an order using the

  Orders API

  . It is a server-side API call. Know how to

  authenticate

  Orders API.
• The order_id received in the response should be passed to the checkout. This ties the order with the payment and secures the request from being tampered.

You can create an order:

• Using the sample code on the Razorpay Postman Public Workspace.
• By manually integrating the API sample codes on your server.

Razorpay Postman Public Workspace

You can use the Postman workspace below to create an order:

You can create an order manually by integrating the API sample codes on your server.

API Sample Code

Use this endpoint to create an order using the Orders API.

curl -X POST https://api.razorpay.com/v1/orders 
-U [YOUR_KEY_ID]:[YOUR_KEY_SECRET]
-H 'content-type:application/json'
-d '{
  "amount": 500,
  "currency": "INR",
  "receipt": "qwsaq1",
  "partial_payment": true,
  "first_payment_min_amount": 230,
  "notes": {
    "key1": "value3",
    "key2": "value2"
  }
}'

{
  "id": "order_IluGWxBm9U8zJ8",
  "entity": "order",
  "amount": 5000,
  "amount_paid": 0,
  "amount_due": 5000,
  "currency": "INR",
  "receipt": "rcptid_11",
  "offer_id": null,
  "status": "created",
  "attempts": 0,
  "notes": [],
  "created_at": 1642662092
}

1.2 Pass Payment Options to Hosted Checkout

Add the Pay button on your web page using the checkout code given below. The hosted checkout page is displayed when the customers click the Pay button.

Code to Add Pay Button

The Checkout options are sent as form-data to the following URL in a POST request.

POST: https://api.razorpay.com/v1/checkout/embedded

The sample code is given below:

<form method="POST" action="https://api.razorpay.com/v1/checkout/embedded">
  <input type="hidden" name="key_id" value="YOUR_KEY_ID"/>
  <input type="hidden" name="amount" value=1001/>
  <input type="hidden" name="order_id" value="razorpay_order_id"/>
  <input type="hidden" name="name" value="Acme Corp"/>
  <input type="hidden" name="description" value="A Wild Sheep Chase"/>
  <input type="hidden" name="image" value="https://cdn.razorpay.com/logos/BUVwvgaqVByGp2_large.jpg"/>
  <input type="hidden" name="prefill[name]" value="Gaurav Kumar"/>
  <input type="hidden" name="prefill[contact]" value="9123456780"/>
  <input type="hidden" name="prefill[email]" value="gaurav.kumar@example.com"/>
  <input type="hidden" name="notes[shipping address]" value="L-16, The Business Centre, 61 Wellfield Road, New Delhi - 110001"/>
  <input type="hidden" name="callback_url" value="https://example.com/payment-callback"/>
  <input type="hidden" name="cancel_url" value="https://example.com/payment-cancel"/>
  <button>Submit</button>
</form>

• For every successful payment, razorpay_payment_id, razorpay_order_id and razorpay_signature are submitted via a POST request to the callback_url passed in payment options.
• If your customer cancels the transaction or clicks the back button, they are redirected to the cancel_url via a GET request.
• If the payment fails, a POST request is made to the callback_url, with the error fields as payload.

Checkout Options

1.3 Store Fields in Your Server

A successful payment returns the following fields to the Checkout form.

• You need to store these fields in your server.
• You can confirm the authenticity of these details by verifying the signature in the next step.

1.4 Verify Payment Signature

This is a mandatory step to confirm the authenticity of the details returned to the Checkout form for successful payments.

To verify the razorpay_signature returned to you by the Checkout form:

1. Create a signature in your server using the following attributes:

   • order_id: Retrieve the order_id from your server. Do not use the razorpay_order_id returned by Checkout.
   • razorpay_payment_id: Returned by Checkout.
   • key_secret: Available in your server. The key_secret that was generated from the
     Razorpay Dashboard
     .

2. Use the SHA256 algorithm, the razorpay_payment_id and the order_id to construct a HMAC hex digest as shown below:

   HMAC Hex Digest

   copy

   generated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret);
   
     if (generated_signature == razorpay_signature) {
       payment is successful
     }

3. If the signature you generate on your server matches the razorpay_signature returned to you by the Checkout form, the payment received is from an authentic source.

Generate Signature on Your Server

Given below is the sample code for payment signature verification:

RazorpayClient razorpay = new RazorpayClient("[YOUR_KEY_ID]", "[YOUR_KEY_SECRET]");

String secret = "EnLs21M47BllR3X8PSFtjtbd";

JSONObject options = new JSONObject();
options.put("razorpay_order_id", "order_IEIaMR65cu6nz3");
options.put("razorpay_payment_id", "pay_IH4NVgf4Dreq1l");
options.put("razorpay_signature", "0d4e745a1838664ad6c9c9902212a32d627d68e917290b0ad5f08ff4561bc50f");

boolean status =  Utils.verifyPaymentSignature(options, secret);

Post Signature Verification

After you have completed the integration, you can

1.5 Verify Payment Status

You can track the payment status in three ways:

• From the Dashboard

  .

• Subscribe to the Webhook Events

  .

• Poll our APIs

  .

Verify Status from Dashboard

To verify the payment status from the Dashboard:

1. Log in to the

   Dashboard

   and navigate to Transactions → Payments.
2. Check if a Payment Id has been generated and note the status. In case of a successful payment, the status is marked as Captured.

Subscribe to Webhook Events

You can use Razorpay webhooks to configure and receive notifications when a specific event occurs. When one of these events is triggered, we send an HTTP POST payload in JSON to the webhook's configured URL. Know how to

Example

If you have subscribed to the order.paid webhook event, you will receive a notification every time a customer pays you for an order.

Poll APIs

Next Steps