![]() The merchant needs to post the same value in the payment request to PayU. With the above information, the hash generation string will look like: processed with the SHA-512 message-digest algorithm, the output is similar to: ffcdbf04fa5beefdcc2dd476c18bc410f02b3968e7f4f54e8f43f1e1a310bb32e3b4dec9305232bb89db5b1d0c009a53bcace6f4bd8ec2f695baf3d43ba730ce Sha512(key|txnid|amount|productinfo|firstname|email|||||||||||SALT)įor example, if key=C0Dr8m, txnid=12345, amount=10, productinfo=Shopping, firstname=Test, udf2=abc, udf4=15, SALT=3sf0jURk and udf1, udf3, udf5 are not posted, then the hash would be calculated as Case 2 above: response is similar to the following code block: ffcdbf04fa5beefdcc2dd476c18bc410f02b3968e7f4f54e8f43f1e1a310bb32e3b4dec9305232bb89db5b1d0c009a53bcace6f4bd8ec2f695baf3d43ba730ce How Hash Values are Generated?įor case 3 described above, the following example describes the generation of a hash value for a particular transaction request bearing the following details: Variable Case 3: If none of the udf parameters (udf1-udf5) are posted, hash is calculated as:. ![]() Sha512(key|txnid|amount|productinfo|firstname|email||udf2||udf4|||||||SALT) For example, if udf2 and udf4 are posted and udf1, udf3, udf5 are not.In this case, hash is calculated as: Case 2: If only some of the udf parameters are posted and others are not.Sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT) Case 1: If all the udf parameters (udf1-udf5) are posted by the merchant, hash is calculated as:.Refer to the PayU node SDK Readme, download and install the PayU node SDK from the PayU node SDK Github location. Note: You can use the Hash API of the PayU node SDK on Github to perform hashing. The following examples provide various scenarios of hash calculation: NET, refer to Microsoft Documentation > SHA512 Class. PayU is not responsible for any security breaches (including any data breaches) that may occur due to non-implementation of the aforesaid security features at your end or any loss or damage arising therefrom to you or any third party. Parameters such as transaction ID and amount need to be verified with the values sent in the request by you. This will identify any of the parameters that have been tampered with in response. Note: It is strongly recommended that you verify the parameters posted by PayU in response to that of the parameter sent by you in the request. Invoice Completion URLs configured with the merchant account.Notification URLs configured with the merchant account.URLs shared as part of payment request to PayU in the parameters: surl, furl, curl, nurl, and termUrl.The last web address accessed by a browser before loading PayU’s checkout page.The following are considered sources for the merchant-level URL: The details including - but are not limited to - the following are considered sensitive information:Īlong with the request, the sensitive information should not be a part of any merchant-level URL. You need to ensure that sensitive information related to the integration is not part of the payment request to PayU. For more information on the integration process, refer to Transaction Details APIs and Webhooks. PayU strongly recommends that you secure your integration by implementing Verify web service and webhook/callback as a secondary confirmation of the transaction response. Computing hash will protect you from any tampering by your customers and help in ensuring a safe and secure transaction experience. Integration SecurityĪfter receiving a response from PayU and comparing it with the request, you must compute the hash (or checksum) again and post-back parameters. For example, if you are not posting udf1, the udf1 field will be left empty in the hash calculation. But, the udf parameters (udf1-udf5) are optional, and you need to calculate the hash based on whether you are posting a particular udf or not. Hence, these parameters cannot be empty in the hash calculation. Here, the following parameters are mandatory: The parameter order is in the following code block: sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)Īll the parameters (and their descriptions) mentioned in the above code block have already been mentioned earlier in the Hosted Checkout Integration sections. Note: Ensure that you use pipe (|) character between these parameters as mentioned in the following code block. You need to generate a string using certain parameters and apply the SHA-512 algorithm to this string. PayU uses the SHA-512 hash function that belongs to the SHA-2 family of cryptographic functions. The hash is used to protect transactions against a “man-in-the-middle-attack.” Hash Generation Logic for Payment RequestĪ hash is an encrypted value (checksum) that is sent by you in a payment request and sent by PayU in the payment response.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |