Last update: July 30th, 2016
This document is meant to serve as a technical description of the payment page from Merchant's point of view.
The customer enters his card data (card number, expiration date, security code, card holder's name) and installment options, if available.
After the payment is processed, the customer will be redirected back to the Merchant using the HTTP POST request method, among a set of return parameters.
| Parameter | Description |
| RefNo | Global PayU reference number for the order. This is unique across all requests. If any of the required parameters is missing, this can be empty. |
| TransactionResult |
The result of the transaction. Possible values:
|
| Message | A more detailed description of the Code. |
| Code |
The code of the transaction. Possible values:
|
| MerchantRefNo | Order external reference number in Merchant's system (ORDER_REF). |
| Amount | Total transaction amount. Example: "100.55". |
| Currency | Transaction currency. Example: "RON". |
| Installments | The number of installments. Example: "6". Please notice that this field is optional and will not be present for failed or non-installments payments. |
| InstallmentsProgram | The installments program name. Example: "START BT", "Card Avantaj", "BRD Finance". Please notice that this field is optional and will not be present for failed or non-installments payments. |
| TimeStamp | Transaction timestamp in YYYY-MM-DD HH:MM:SS format. Example: "2013-06-18 11:22:33". |
| Signature | MD5 signature (see the signature). |
For security reasons each HTTP POST request will carry a unique Signature.
The signature is calculated using data from all parameters sent in the HTTP POST, key sorted, the Merchant's secret key and the MD5 algorithm to encrypt data.
[RefNo] => 11968959
[TransactionResult] => SUCCESS
[Message] => Authorized.
[Code] => AUTHORIZED
[MerchantRefNo] => EXT_REF_1351797695
[Amount] => 100.55
[Currency] => RON
[Installments] => 6
[InstallmentsProgram] => Star BT
[TimeStamp] => 2013-06-18 12:33:30
[Signature] => 774f14b974cf195ca1dd83cfde576217
First the Signature parameter should be excluded.
// keep the signature for future comparison
$signature = $_POST['Signature'];
// remove the signature
unset($_POST['Signature']);
Then the array must be key-sorted. For this we can use PHP's native ksort function:
ksort($_POST);
The sorted parameters will now look like this:
[Amount] => 100.55
[Code] => AUTHORIZED
[Currency] => RON
[Installments] => 6
[InstallmentsProgram] => Star BT
[MerchantRefNo] => EXT_REF_1351797695
[Message] => Authorized.
[RefNo] => 11968959
[TimeStamp] => 2013-06-18 12:33:30
[TransactionResult] => SUCCESS
The next step is to concatenate all the values of the array:
$concatenatedString = '';
foreach ($_POST as $value) {
$concatenatedString .= $value;
}
The concatenated string will have the following value:
100.55AUTHORIZEDRON6Star BTEXT_REF_1351797695Authorized.119689592013-06-18 12:33:30SUCCESS
The following step is to concatenate Merchant's secret key. We will use "SECRET_KET" as Merchant's secret key in this example.
$merchantSecretKey = 'SECRET_KEY';
$concatenatedString .= $merchantSecretKey;
The concatenated string will have the following value:
100.55AUTHORIZEDRON6Star BTEXT_REF_1351797695Authorized.119689592013-06-18 12:33:30SUCCESSSECRET_KEY
The final step is to hash the concatenated string using the MD5 algorithm, to obtain the signature.
$mySignature = md5($concatenatedString);
The signature in this case will be:
774f14b974cf195ca1dd83cfde576217
This signature will be compared with the Signature received (temporary stored in $signature).
if ($signature === $mySignature) {
// the signature is validated
}
Example 01: Success case with credit card without installments
[RefNo] => 11829573
[TransactionResult] => SUCCESS
[Message] => Authorized.
[Code] => AUTHORIZED
[MerchantRefNo] => EXT_REF_8306723140
[Amount] => 5
[Currency] => RON
[TimeStamp] => 2013-06-18 12:50:30
[Signature] => 7c211685859d3e09335d214a87ff3f0b
Example 02: Failure case with credit card without installments
[RefNo] => 11848951
[TransactionResult] => FAILED
[Message] => Insufficient funds
[Code] => GWERROR_51
[MerchantRefNo] => EXT_REF_6130940838
[Amount] => 5
[Currency] => RON
[TimeStamp] => 2013-06-18 12:53:08
[Signature] => 4740a5d30f3063fd00b5a08dbe229039
Example 03: Success case with credit card, 6 installments in START BT program
[RefNo] => 12076266
[TransactionResult] => SUCCESS
[Message] => Authorized.
[Code] => AUTHORIZED
[MerchantRefNo] => EXT_REF_4650490673
[Amount] => 1500
[Currency] => RON
[Installments] => 6
[InstallmentsProgram] => Star BT
[TimeStamp] => 2013-06-18 12:55:30
[Signature] => 15b7c04bfaee80de79372ea84addcb27
Example 04: Failure case due to duplicate ORDER_REF - already authorized
[RefNo] => 12015140
[TransactionResult] => FAILED
[Message] => The payment for your order is already authorized.
[Code] => ALREADY_AUTHORIZED
[MerchantRefNo] => EXT_REF_6873217472
[Amount] => 5
[Currency] => RON
[TimeStamp] => 2013-06-18 14:24:22
[Signature] => 5d193ad11896d1f93776e132f4d090d2
Example 05: Failure case due to input error - missing ORDER_REF
[RefNo] =>
[TransactionResult] => FAILED
[Message] => Invalid parameter ORDER_REF
[Code] => INPUT_ERROR
[MerchantRefNo] =>
[Amount] => 5
[Currency] => RON
[TimeStamp] => 2013-06-18 14:26:09
[Signature] => 2092d17227cbbf75ea479ec2f1a4e8cb
| OS - Desktop | Browser | Status |
| Windows XP | IE 6 | Not Supported |
| Windows XP | IE 7 | Not Supported |
| Windows XP | IE 8 | Not Supported |
| Windows XP | Firefox 3 and < | Supported(*) |
| Windows XP | Chrome 15 and < | Supported |
| Windows XP | Opera 10.6 and < | Supported |
| Windows XP | Safari | Not Supported |
| Windows 7 | IE 8 | Not Supported |
| Windows 7 | IE 8 and < | Supported |
| Windows 7 | Firefox 3 and < | Supported |
| Windows 7 | Chrome 15 and < | Supported |
| Windows 7 | Opera 10.6 and < | Supported |
| Windows 7 | Safari 4 and < | Supported |
| Windows 8 | IE 10 | Supported |
| Windows 8 | Firefox 16 and < | Supported |
| Windows 8 | Chrome 22 and < | Supported |
| Windows 8 | Opera 12 and < | Supported |
| Windows 8 | Yandex 14.12 and < | Supported |
| Windows 8 | Safari 5.1 and < | Supported |
| Windows 8.1 | IE 11 | Supported |
| Windows 8.1 | Firefox 16 and < | Supported |
| Windows 8.1 | Chrome 22 and < | Supported |
| Windows 8.1 | Opera 12 and < | Supported |
| Windows 8.1 | Yandex 14.12 and < | Supported |
| Windows 8.1 | Safari 5.1 and < | Supported |
| Windows 8.1 | Firefox 16 and < | Supported |
| Windows 8.1 | Chrome 24 and < | Supported |
| Windows 10 | IE 11 | Supported |
| Windows 10 | Edge 13 | Supported |
| Windows 10 | Edge 14 | Supported |
| Windows 10 | Firefox 32 and < | Supported |
| Windows 10 | Chrome 32 and < | Supported |
| Windows 10 | Opera 23 and < | Supported |
| Windows 10 | Safari 5.1 and < | Supported |
| OS X | Safari 5.1 | Supported |
| OS X | Safari 6 | Supported |
| OS X | Safari 6.2 | Supported |
| OS X | Safari 7 | Supported |
| OS X | Safari 7.1 | Supported |
| OS X | Safari 8 | Supported |
| OS X | Safari 9.1 | Supported |
| OS - Mobile | Browser | Status |
| Android | Android 2.2 and < | Supported - recommended browser Chrome |
| iOS | 3 and < | Supported - recommended browser Safari |
| Windows 8.1 and 10 | default browser | Supported |
Note: Information is based on clean browsers with no custom plugins that can affect user experience. Knows Issues: Small JS issue on PageV2 for card logo position.