FAQ Android

Why do we need so many hashes?

For security purpose, hash is mandatory.Whenever you talk to PayU server you need a hash.For every API there is a separate hash because all API are public.

Do we need to calculate Reverse Hash?

It is MANDATORY to calculate reverse hash on your surl/furl to validate a transaction at your end. Otherwise, the transaction maybe hacked or tempered with.

For more info, please refer Server Side Document for more details.

Does merchant need PCI/DSS certificate?

When merchant collects the customer card details on their own website/server and post them to PayU.The merchant must be PCI-DSS certified in this case. For further information on PCI-DSS certification please contact your Account Manager at PayU.

Can merchant generate hash from PayU SDK ?

Yes, merchant can also generate hash from PayU SDK but it's not recommendable because in this case key and salt will be hard coded so any body can use key and salt for making payment and it's not secure.

Is there a tool to test hash generation?

Refer Hash generation Tool.

The merchant can check if he is calculating hash correctly by entering the same parameters in above tool and then test the hashes generated with the hashes he is getting from his code.

Why do we need to use surl and furl in CustomBrowser?

When the transaction successes then the PayU posts the response to the Surl and if transaction get fail the PayU posts the response to the Furl provided in post params while making payment request.

Please refer Server Side Document for more details.

What is the session time-out period for the PayU gateway? That is, if I do not enter any details, confirm or cancel payment for a significant amount of time, will I get a session expired message? If yes, what is that time period and is it configurable?

PayU page will not get expire, however, the PayU id generated will get expired or bounced if customer doesn't do anything after landing on the payment page for 3 hours. Also, if after 3 hours if customer enters the card details, new PayUid will get generated and transaction will go through.

Does PayU accepts the following card types :

  • Master

  • Visa

  • Maestro(both 19 & 16 Digit)

  • Rupay

  • Amex


What is max character length for card number?

For Maestro 19, 16 otherwise.

What is max character length for CVV?

4 is for Amex card holders, 3 otherwise.

I am a CustomBrowser Merchant version <7.4.0. How I would like to update the SDK to avail UPI payment modes?

With 7.4.0, we have optimised our SDK Offerings for our Merchants. After you update this SDK, the UPI transaction offering will get removed. The UPI Transactions offering is added in another SDK which supports the complete UPI portfolio - UPI Collect transactions, UPI Intent transactions, Tez(GPay) (In-App, Intent & Collect) Flows and PhonePe Flows and SamsungPay. Please include the following UPI SDK to continue accepting UPI payments seamlessly and make it even better with our brand new offerings!

I am a CustomBrowser Merchant version >=7.4.0. I have added UPI SDK for UPI offering(Generic Intent and UPI Collect). I would like to add Google, PhonePe and Samsung Pay payment option. What should I do?

You just need to add PayU Gradle dependencies for Googlepay, Phonepe and Samsung Pay. Generate PostData according to your payment option you choose.

I am a UPI SDK merchant(Directly UPI SDK not through CustomBrowser), I would like to add GooglePay, PhonePe or SamsungPay.

You just need to add PayU Gradle dependencies for Googlepay, Phonepe and Samsung Pay and generate postdata for the same reference Postdata through UPI SDK.

Is PG SDK mandatory to use with CustomBrowser?

PG SDK is not mandatory to do make payment with CustomBrowser. You can create postdata of its own.

How to switch environment from testing to production in PayU SDK?

Please refer sample app.Please change value of env variable accordingly for testing or production, in MainActivity in sample app. Please refer following code :

int env = PayuConstants.PRODUCTION_ENV; //for production
int env = PayuConstants.STAGING_ENV; //for testing

And remove below metadata from manifest file.

     android:value="https://test.payu.in" />
     android:value="https://test.payu.in" />

Why is enter OTP manually button not visible on CB when App's theme is Material theme?

To fix this, use below code in your styles.xml file

    <style name="cb_approve_otp" parent="android:Widget.Button">
        <item name="android:textSize">@dimen/cb_fourteenScaled</item>
        <item name="android:textColor">#FFFFFF</item>
        <item name="backgroundTint">@color/cb_otpColor</item>

How to fix build error after adding PayUCheckoutPro SDK gradle dependency?

After adding PayUCheckoutPro SDK gradle dependency, if below build error is received

Add below code in <application> tag of your App's AndroidManifest.xml file


Last updated