• Getting Started
    • Mobile Integration (Android/IOS)
      Enterprise Solutions
      Retail Solutions
      Accept Payments
      Process Payments
      Disbursals
      API References
      Testing
      Refunds
      Guides
      Other Processes
      Mini Program Platform

      Checksum

      Paytm uses checksum signature to ensure that API requests and responses shared between your application and Paytm over network have not been tampered with. We use SHA256 hashing and AES128 encryption algorithm to ensure the safety of transaction data.

      Overview of checksum generation and validation


      1. Download the Paytm checksum utility for your application platform and include it in your server-side module

      2. Get you account secret key from your Paytm Dashboard

      3. Based on the payment solution you are using, create an API request and use the Paytm Checksum utility to create the checksumhash with request parameters

      4. Paytm validates the request checksumhash and parameters

      5. On successful validation, Paytm processes the transaction

      6. Once the transaction is processed, Paytm creates a checksumhash with response parameters

      7. Paytm returns the response checksumhash and parameters to your application

      8. Your system call the Checksum utility and validate the response checksumhash and parameters

      Create Checksumhash


      To create Checksumhash, use the Paytm Checksum utility for your platform with your account's merchant key and all of the API request parameters. Paytm utility return the checksum hash.

      Find sample checksumhash code for common languages hereunder -

      Redirection Flow (Form Post Request)

      /* import checksum generation utility */
      import com.paytm.pg.merchant.*;
      /* initialize an hash */ TreeMap<String, String> params = new TreeMap<String, String>(); params.put("MID", "YOUR_MID_HERE"); params.put("ORDERID", "YOUR_ORDERID_HERE"); /** * Generate checksum by parameters we have * Find your Merchant Key in your Paytm Dashboard at https://dashboard.paytm.com/next/apikeys */ String paytmChecksum = PaytmChecksum.generateSignature(params, "YOUR_MERCHANT_KEY"); System.out.println("generateSignature Returns: " + paytmChecksum);

      JSON Request

      Pass complete request body as a string to the checksum utility to create checksum.

      /* import checksum generation utility */
      import com.paytm.pg.merchant.*;
      /* initialize JSON String */ String body = "{"\mid\":"\YOUR_MID_HERE\","\orderId\":"\YOUR_ORDER_ID_HERE\"}";
      /** * Generate checksum by parameters we have in body * Find your Merchant Key in your Paytm Dashboard at https://dashboard.paytm.com/next/apikeys */
      paytmChecksum = PaytmChecksum.generateSignature(body, "YOUR_MERCHANT_KEY"); System.out.println("generateSignature Returns: " + paytmChecksum);

      Validate Checksumhash


      To validate Checksumhash, use the Paytm checksum utility for your platform with your account's merchant key, response checksumhash and all of the API response parameters. Paytm utility validates the checksumhash and returns the validation success or fail response.

      Find sample checksumhash validation code for common languages hereunder -

      Redirection Flow (Form Post Response)

      /* import checksum generation utility */
      import com.paytm.pg.merchant.*;
      String paytmChecksum = null;
      /* Create a TreeMap from the parameters received in POST */ TreeMap<String, String> paytmParams = new TreeMap<String, String>(); for (Entry<String, String[]> requestParamsEntry : request.getParameterMap().entrySet()) { if ("CHECKSUMHASH".equalsIgnoreCase(requestParamsEntry.getKey())){ paytmChecksum = requestParamsEntry.getValue()[0]; } else { paytmParams.put(requestParamsEntry.getKey(), requestParamsEntry.getValue()[0]); } }
      /** * Verify checksum * Find your Merchant Key in your Paytm Dashboard at https://dashboard.paytm.com/next/apikeys */ boolean isVerifySignature = PaytmChecksum.verifySignature(paytmParams, "YOUR_MERCHANT_KEY", paytmChecksum); if (isVerifySignature) { System.out.append("Checksum Matched"); } else { System.out.append("Checksum Mismatched"); }

      JSON Response

      Pass complete response body as a string to the checksum utility to validate checksum.

      /* import checksum generation utility */
      import com.paytm.pg.merchant.*; 
      /* string we need to verify against checksum */ String body = "{"\mid\":"\YOUR_MID_HERE\","\orderId\":"\YOUR_ORDER_ID_HERE\"}";
      /* checksum that we need to verify */ String paytmChecksum = "CHECKSUM_VALUE";
      /** * Verify checksum * Find your Merchant Key in your Paytm Dashboard at https://dashboard.paytm.com/next/apikeys */ boolean isVerifySignature = PaytmChecksum.verifySignature(body, "YOUR_MERCHANT_KEY", paytmChecksum); if (isVerifySignature) { System.out.append("Checksum Matched"); } else { System.out.append("Checksum Mismatched"); }

      Please refer Paytm checksum FAQ for more details.