For security purpose, hash is mandatory.Whenever you talk to PayU server you need a hash.For every API there is a separate hash because all API are public.
It is MANDATORY to calculate reverse hash on your surl/furl to validate a transaction at your end. Otherwise, the transaction maybe hacked or tempered with.
For more info, please refer Server Side Document for more details.
When merchant collects the customer card details on their own website/server and post them to PayU.The merchant must be PCI-DSS certified in this case. For further information on PCI-DSS certification please contact your Account Manager at PayU.
Yes, merchant can also generate hash from PayU SDK but it's not recommendable because in this case key and salt will be hard coded so any body can use key and salt for making payment and it's not secure.
Refer Hash generation Tool.
The merchant can check if he is calculating hash correctly by entering the same parameters in above tool and then test the hashes generated with the hashes he is getting from his code.
When the transaction successes then the PayU posts the response to the Surl and if transaction get fail the PayU posts the response to the Furl provided in post params while making payment request.
Please refer Server Side Document for more details.
PayU page will not get expire, however, the PayU id generated will get expired or bounced if customer doesn't do anything after landing on the payment page for 3 hours. Also, if after 3 hours if customer enters the card details, new PayUid will get generated and transaction will go through.
Maestro(both 19 & 16 Digit)
For Maestro 19, 16 otherwise.
4 is for Amex card holders, 3 otherwise.
With 7.4.0, we have optimised our SDK Offerings for our Merchants. After you update this SDK, the UPI transaction offering will get removed. The UPI Transactions offering is added in another SDK which supports the complete UPI portfolio - UPI Collect transactions, UPI Intent transactions, Tez(GPay) (In-App, Intent & Collect) Flows and PhonePe Flows and SamsungPay. Please include the following UPI SDK to continue accepting UPI payments seamlessly and make it even better with our brand new offerings!
PG SDK is not mandatory to do make payment with CustomBrowser. You can create postdata of its own.
Please refer sample app.Please change value of env variable accordingly for testing or production, in MainActivity in sample app. Please refer following code :
int env = PayuConstants.PRODUCTION_ENV; //for productionint env = PayuConstants.STAGING_ENV; //for testing
And remove below metadata from manifest file.
<meta-dataandroid:name="payu_web_service_url"android:value="https://test.payu.in" /><meta-dataandroid:name="payu_post_url"android:value="https://test.payu.in" />