Third-Party Validation (TPV) - Custom Integration
Know how Razorpay performs Third-Party Validation (TPV) of your investors' bank accounts in real-time using Razorpay Custom Integration.
Third-Party Validation (TPV) of bank accounts is a mandatory requirement for merchants in the BFSI (Banking, Financial Services and Insurance) sector dealing with Securities, Broking and Mutual Funds. As per Securities and Exchange Board of India (SEBI) guidelines, transactions must be made by the investors only from those bank accounts provided when they registered with your business.
With Razorpay, you can comply with the SEBI guidelines for online payment collections by offering TPV integrations with
at Checkout. Investors can make payments using netbanking, debit card or UPI. UPI supports both collect and intent flows at Razorpay Custom Integration checkout.Feature Request
This is an on-demand feature. Please raise a request with our
to get this feature activated on your Razorpay account.- Contact our to get this feature enabled for your account.
- Keep the API key (combination of
Key_IdandKey_Secret) handy for integration. - if not done already.
- Configure the on the Razorpay Dashboard.
In TPV integration flow, Razorpay maps the investors' bank accounts to ensure that the payment is processed only from their registered bank accounts. Follow the steps given below:
Collect the bank account details provided by the investor at the time of registration.
Pass the bank account details to the bank_account array of the Orders API:
The investor needs to pay using the payment method specified by you in the order. For example, if you want the investor to pay using UPI, you must pass method=upi.
Create a request payload using the following attributes:
amount
mandatory
integer The transaction amount expressed in paise (currency supported is INR). For example, for an actual amount of ₹1, the value of this field should be 100.
currency
mandatory
string The currency in which the transaction should be made. You can create orders in INR only.
receipt
optional
string Receipt number that corresponds to this order, set for your internal reference. Maximum length is 40 characters.
notes
optional
json object Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.
method
mandatory
string The payment method used to make the payment. If this parameter is not passed, investors will be able to make payments using both netbanking and UPI payment methods. Possible values:
netbanking: Investors can make payments only using netbanking.card: Investors can make payments using debit card.upi: Investors can make payments only using UPI.
bank_account
mandatory
object Details of the bank account that the investor has provided at the time of registration.
account_number
mandatory
string The bank account number from which the investor should make the payment. For example, 765432123456789 Payments will not be processed for an incorrect account number.
name
mandatory
string The name linked to the bank account. For example, Gaurav Kumar.
ifsc
mandatory
string The bank IFSC. For example, HDFC0000053.
When creating a custom checkout form for TPV, you can ensure that only the netbanking, debit card and UPI methods are displayed to the investor.
Use the sample code given below to fetch all payment methods available to you.
var razorpay = new Razorpay({key: '<YOUR_KEY_ID>',// logo, displayed in the popupimage: 'https://cdn.razorpay.com/logos/Du3F12cJXffdFe_large.jpg',});razorpay.once('ready', function(response) {console.log(response.methods);})
Know more about the various
.Include the following script, preferably in the <head> section of your page:
<script type="text/javascript" src="https://checkout.razorpay.com/v1/razorpay.js"></script>
Include the Javascript, Not the Library
Include the script from https://checkout.razorpay.com/v1/razorpay.js instead of serving a copy from your own server. This allows new updates and bug fixes to the library to get automatically served to your application.
We always maintain backward compatibility with our code.
var razorpay = new Razorpay({key: '<YOUR_KEY_ID>',// logo, displayed in the payment processing popupimage: 'https://i.imgur.com/n5tjHFD.jpg',});
If you need multiple Razorpay instances on the same page, you can globally set some of the options:
Razorpay.configure({key: '<YOUR_KEY_ID>',// logo, displayed in the payment processing popupimage: 'https://i.imgur.com/n5tjHFD.jpg',})new Razorpay({}); // will inherit key and image from above.
After the order is created and the investor's payment details are obtained, the information should be sent to Razorpay to complete the payment. The data that needs to be submitted depends upon the payment method selected by the investor.
You can do this by invoking the createPayment method:
var data = {amount: 1000, // in currency subunits. Here 1000 = 1000 paise, which equals to ₹10currency: "INR",// Default is INR.email: 'gaurav.kumar@example.com',contact: '9123456780',notes: {address: 'Ground Floor, SJR Cyber, Laskar Hosur Road, Bengaluru',},order_id: 'order_Dd3Wbag7QXDuuL', // Order ID generated in Step 1method: 'netbanking',bank: 'HDFC'};var btn = document.querySelector('#btn');btn.addEventListener('click', function(){ // has to be placed within user initiated context, such as click, in order for popup to open.razorpay.createPayment(data);razorpay.on('payment.success', function(resp) {alert(resp.razorpay_payment_id),alert(resp.razorpay_order_id),alert(resp.razorpay_signature)}); // will pass payment ID, order ID, and Razorpay signature to success handler.razorpay.on('payment.error', function(resp){alert(resp.error.description)}); // will pass error object to error handler})
Handler Function Vs. Callback URL
- Handler Function:
When you use the handler function, the response object of the successful payment (razorpay_payment_id,razorpay_order_idandrazorpay_signature) is submitted to the Checkout Form. You need to collect these and send them to your server. - Callback URL:
When you use a Callback URL, the response object of the successful payment (razorpay_payment_id,razorpay_order_idandrazorpay_signature) is submitted to the Callback URL.
A successful payment returns the following fields to the Checkout form.
- You need to store these fields in your server.
- You can confirm the authenticity of these details by verifying the signature in the next step.
razorpay_payment_id
string Unique identifier for the payment returned by Checkout only for successful payments.
razorpay_order_id
string Unique identifier for the order returned by Checkout.
razorpay_signature
string Signature returned by the Checkout. This is used to verify the payment.
This is a mandatory step to confirm the authenticity of the details returned to the Checkout form for successful payments.
To verify the razorpay_signature returned to you by the Checkout form:
-
Create a signature in your server using the following attributes:
order_id: Retrieve theorder_idfrom your server. Do not use therazorpay_order_idreturned by Checkout.razorpay_payment_id: Returned by Checkout.key_secret: Available in your server. Thekey_secretthat was generated from the .
-
Use the SHA256 algorithm, the
razorpay_payment_idand theorder_idto construct a HMAC hex digest as shown below:generated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret);if (generated_signature == razorpay_signature) {payment is successful} -
If the signature you generate on your server matches the
razorpay_signaturereturned to you by the Checkout form, the payment received is from an authentic source.
Given below is the sample code for payment signature verification:
RazorpayClient razorpay = new RazorpayClient("[YOUR_KEY_ID]", "[YOUR_KEY_SECRET]");String secret = "EnLs21M47BllR3X8PSFtjtbd";JSONObject options = new JSONObject();options.put("razorpay_order_id", "order_IEIaMR65cu6nz3");options.put("razorpay_payment_id", "pay_IH4NVgf4Dreq1l");options.put("razorpay_signature", "0d4e745a1838664ad6c9c9902212a32d627d68e917290b0ad5f08ff4561bc50f");boolean status = Utils.verifyPaymentSignature(options, secret);
After you have completed the integration, you can
, make test payments, replace the test key with the live key and integrate with other .- (Recommended)
- (Recommended)
Is this integration guide useful?
ON THIS PAGE