Last update: May 11th, 2015
The Instant Delivery Notification facilitates automatic delivery confirmations from your system directly to the PayU system which automatically registers these confirmations on the PayU servers. As soon as your orders made to the PayU system are confirmed, a POST must be sent through your administration system to a URL provided by PayU, containing the identification data for transaction about to be confirmed.
The URL where the delivery is automatically confirmed is: https://secure.payu.ro/order/idn.php
Note:
The identification data contained in the HTTP POST is described in the following table and must be sent in the following exact order:
| Parameter | Description |
| MERCHANT | Merchant's ID. Available in the PaVU administration interface, in the "Account administrator" / "Account settings" sections |
| ORDER_REF | Reference number for the order in the PayU system. |
| ORDER_AMOUNT | Represents the total of the order about to be confirmed as it was received from PayU system |
| ORDER_CURRENCY | The currency in which the order's amount was made. |
| IDN_DATE | The date when the delivery confirmation request is transmitted, in the following format Y-m-d H:i:s (Ex: 2012-04-26 14:30:56) |
| ORDER_HASH | HMAC_MD5 signature for the sent data. (HMAC defined at: RFC 2104) |
| CHARGE_AMOUNT * | Optional. This field is not mandatory. It must be sent only if the captured amount is different then the ORDER_AMOUNT when using the Partial Complete system feature. Represents the amount to be captured. |
| REF_URL * | Optional. This field is not mandatory. If this parameter is not sent or it is empty, the reply will be sent inline. Represents the URL address where the reply will be sent with the GET method. The URL address must begin with the <> syntax |
$idn = array( 'MERCHANT' => 'MERCHANT', 'ORDER_REF' => 3954142, 'ORDER_AMOUNT' => '39.99', 'ORDER_CURRENCY' => 'USD', 'IDN_DATE' => '2015-05-11 14:32:08', 'ORDER_HASH' => '90610f067080ffc48428791cd43ac930' );
$idn = array(
'MERCHANT' => 'MERCHANT',
'ORDER_REF' => 3954142,
'ORDER_AMOUNT' => '39.99',
'ORDER_CURRENCY' => 'USD',
'IDN_DATE' => '2015-05-11 14:32:08',
'CHARGE_AMOUNT' => '10.99',
'REF_URL' => 'http://www.merchant-site.com/idn-response.php'
'ORDER_HASH' => 'c2757080358a77ef22466ff8df1d1ef6'
);
Paramters included in hash signature are: "MERCHANT", "ORDER_REF", "ORDER_AMOUNT", "ORDER_CURRENCY", "IDN_DATE", "CHARGE_AMOUNT"
For a signature example we assume to have the following parameters set and values:
| Field name | Length (in bytes) | Field value |
| MERCHANT | 8 | MERCHANT |
| ORDER_REF | 7 | 3954142 |
| ORDER_AMOUNT | 5 | 39.99 |
| ORDER_CURRENCY | 3 | USD |
| IDN_DATE | 19 | 2015-05-11 14:32:08 |
In order to validate the sent data, a HMAC_MD5 signature has to be calculated, that will be encoded with the secret key attached to your account. The Secret Key is available in Control Panel, at the "Account Administration" / "Account settings" section [click here].
The source string for the HMAC_MD5 signature is creating by adding the field length at the beginning of each field value, without
"new line" characters (for UTF-8 characters, the string length in bytes may be larger than the number of characters).
For the data above, the source string is: 8MERCHANT73954142539.993USD192015-05-11 14:32:08
The secret key for data validation is: 1231234567890123
The HMAC_MD5 signature calculated for the data above is: 90610f067080ffc48428791cd43ac930
The PayU response is set to be INLINE(in the same page) and it has the following format (anywhere in the page):
<EPAYMENT> ORDER_REF|RESPONSE_CODE|RESPONSE_MSG|IRN_DATE|ORDER_HASH </EPAYMENT>
The parameters in the validation response sent by PayU are:
| ORDER_REF | Order reference in the PayU system received by IDN |
| RESPONSE_CODE | Response code for the delivery request |
| RESPONSE_MSG | Response message for the delivery request |
| IDN_DATE | The date when the order delivery request response has been sent, in the following format: Y-m-d H:i:s (Ex: 2015-05-11 14:30:56) |
| ORDER_HASH | HMAC_MD5 signature for data validation |
If the REF_URL parameter is sent through IDN and contains a valid URL, the response will be sent to the URL like below: REF_URL = http://www.merchant-site.com/idn-response.php
In case of some API limit is defined in PayU system, we also return some specific headers with information about limit (see API Limit documentation).
The answer codes meaning and messages are:
| Response Code | Response Message |
| 1 | Confirmed |
| 2 | ORDER_REF missing or incorrect |
| 3 | ORDER_AMOUNT missing or incorrect |
| 4 | ORDER_CURRENCY is missing or incorrect |
| 5 | IDN_DATE is not in the correct format |
| 6 | Error confirming order |
| 7 | Order already confirmed |
| 9 | Invalid ORDER_REF |
| 10 | Invalid ORDER_AMOUNT |
| 11 | Invalid ORDER_CURRENCY |
| 12 | Invalid CHARGE_AMOUNT |
| 13 | Invalid signature |
| 14 | Limit calls for API exceeded. In this case http response code will be 429 (see API Limit documentation for more details) |
| 15 | Limit calls for API exceeded for this merchant. In this case http response code will be 429 (see API Limit documentation for more details) |
| 18 | Invalid request |
| 20 | Partial amount is not supported or enabled |
Note: In case of invalid reply from PayU, the order is not confirmed