search

Credit/Debit Cards Integration

This page explains how you can integrate Credit/Debit Cards in the Custom Checkout solution to collect payment from your customers. You can fetch the large database of around 200 million cards saved with Paytm users accounts and present them on your payment page. This allows the users to make quick and easy payments using their saved cards without the need of entering the complete card details.

Demo

Integration Steps

This section explains the integration steps to process payment through a new Debit/Credit Card or saved cards with a user's Paytm account. Make sure you have followed the Pre-requisites and Integration Steps mentioned on the Paytm Custom checkout page.

 

Paytm user's Saved Cards

In case you want to show Paytm user’s saved cards on your checkout page, follow the steps below:

 

  1. User selects Paytm for payment on your checkout page and enters their Paytm registered mobile number.
  2. You call the Send OTP API to verify their account and then Paytm triggers the OTP on a mobile number passed in the request.
  3. To validate the OTP entered by a user, you call the Validate OTP API.
  4. Your backend server calls the Fetch Payment Options API using the transaction token received in a response to Initiate transaction API request.
  5. You receive the Paytm user’s saved credit and debit cards In response to Fetch Payment Options API. In the response, you also receive the card type, issuing bank, and current success rate on that card.

    Note:
    a. For maestro cards, CVV and Expiry Date are not required for any transaction.
    b. You can consume the success rate of the card and intimate a user so they could choose any other payment method.

  6. User selects the saved card of its Paytm account, enters the required details like CVV and clicks the Pay button, at which point you call the Process Transaction API.

    Note: You can hit the Process Transaction API either through Form post or JSON based. Using JSON based integration, you can also collect OTP for 2FA on your page for major banks.

Postman Collection - Payment processing through Cards

This postman collection lets you quickly understand the flow integration for payment processing through credit/debit cards. This will help you to understand and test the APIs with sample request/response on integration environment for both new and paytm user’s saved credit/debit cards integration.
 

Run in Postman


To set up the environment for using the Postman Collection, click  here.

  1. You hit the Process Transaction API as an HTML form post through the client. Paytm processes the transaction and redirects the user to the bank page to complete the payment by entering the OTP. Please refer to the sample request/response below:
    <form method="post" type="redirect" action="https://securegw-stage.paytm.in/theia/api/v1/processTransaction?mid=INTEGR7769XXXXXX9383&orderId=ORDERID_98765">
        <input type="text" name="mid" value="INTEGR7769XXXXXX9383" />
        <input type="text" name="orderId" value="ORDERID_98765" />
        <input type="text" name="txnToken" value="f0bed899539742309eebd8XXXX7edcf61588842333227">
        <input type="text" name="paymentMode" value="CREDIT_CARD" />
        <input type="text" name="cardInfo" value="1159332987||111|" />
        <input type="text" name="AUTH_MODE" value="otp" />
        <input type="submit" />
    </form>
  2. After the user completes the transaction on the bank page, Bank redirects the user back to Paytm which in turn redirects the user back on your payment confirmation page.
  3. You receive the transaction status on the Callback URL. Please refer to the sample response here.
  4. Prior to verifying the payment, you must validate the checksumhash received in response to the Process Transaction API. To verify it, use the Paytm library with all the parameters in key-value pairs on the merchant server.
  5. Validate the transaction response via server-side request using theTransaction Status API. You must verify the Order ID and amount with your DB entries and consider the status as the final status of the transaction in all cases.
  6. After the transaction status verification, you show final payment status to the user.
  1. You hit the Process Transaction API as a JSON request (S2S) from the client or backend server. Paytm processes the request and passes the Direct Bank Form and Redirect Bank form flow in response to your request. Please refer to the sample request/response below:

    Request

    curl -X POST 'https://securegw-stage.paytm.in/theia/api/v1/processTransaction?mid=INTEGR7769XXXXXX9383&orderId=ORDERID_98765' \
    --header 'Content-Type: application/json' \
    --data '{"head":{"txnToken":"f0bed899539742309eebd8XXXX7edcf61588842333227"},"body":{"requestType":"NATIVE","mid":"INTEGR7769XXXXXX9383","orderId":"ORDERID_98765","paymentMode":"CREDIT_CARD","cardInfo":"1159332987||111|","authMode":"otp"}}'

    Response

    {
        "head": {
            "responseTimestamp": "1595585135939",
            "version": "v1"
        },
        "body": {
            "resultInfo": {
                "resultStatus": "S",
                "resultCode": "0000",
                "resultMsg": "Success"
            },
            "bankForm": {
                "pageType": "redirect",
                "isForceResendOtp": false,
                "redirectForm": {
                    "actionUrl": "https://securegw-stage.paytm.in/mockbank/MockJSP/PAReqEntry.jsp?TrackID=90200724000183473830&amt=1&cardnum=NDExMTExMTExMTExMTExMQ==",
                    "method": "post",
                    "type": "redirect",
                    "headers": {
                        "Content-Type": "application/x-www-form-urlencoded"
                    },
                    "content": {
                        "MD": "1466814881",
                        "PaReq": "eJxVUsFy4jAM/ZVMzrvYSgokjOIOhdJmZklYCoc9ehy3pEMcapsCf792IO3uTU9PfpKejPfnZh98Sm3qVmUhDGgYSCXaqlZvWbjdLH4m4T3DzU5LOX+R4qglw6U0hr/JoK6ycFEJoeBpltdrU552kP5WpiCvCchlFjJcTdfyg+GtAXP6gwhJD52SFjuuLEMuPh7ygg2HNB67ihvERup8ziACGtEYyRWi4o1kZfGYjoNZuVxui3w23eRl8RL82syRdDSK9qisvrB4OELSAzzqPdtZezATQg78YpuBaJtrdOL7vbRIfAmS79FWRx8ZJ3muKzZ9f10YSEq9PenRiBf6j1XwubqodZsh8RVYcStZRGFMU4gCChNIJtEdki6PvPGzsLWBH5CmA0rdttcUHnyn6RWAIz33bw6d/9qdp1+qRyjPh1ZJV+Gs+4qRfE8+e/YWC+vcG8UJ9MNBDOO7zu6O8jq1cymKadoJeYDEPya3S5Lb8V3036f4C56Zvls=",
                        "TermUrl": "https://securegw-stage.paytm.in/instaproxy/bankresponse/HDFC/CC/90200724000183473830"
                    }
                }
            }
        }
    }

    You select one of the following flows supported by Paytm to complete the transaction:
    1. Direct Bank Form - In this flow, you can collect and verify the bank OTP on your page on the website or app. Currently, it is supported for ICICI, HDFC, Citibank, Axis, and SBI only. Paytm calls the bank to send OTP to the user. Bank returns OTP to the user and confirmation to Paytm. Paytm returns a set of supported functions for validating bank OTP. You call the Direct Bank Request API to validate bank OTP in your app or website.
    2. Redirect Bank Form - In this flow, the user is redirected to the bank page to complete the payment where you collect and verify the OTP. User completes the transaction on the bank page and the bank redirects the user back to Paytm which in turn redirects the user back on your payment confirmation page.
  2. You receive the transaction status on the Callback URL. Please refer to the sample response here.
  3. Prior to verifying the payment, you must validate the checksumhash received in response to the Process Transaction API. To verify it, use the Paytm library with all the parameters in key-value pairs on the merchant server.
  4. Validate the transaction response via server-side request using the Transaction Status API. You must verify the order Id and amount with your DB entries and consider the status as the final status of the transaction in all cases.
  5. After the transaction status verification, you show the final payment status to the user.

New Credit/Debit Card

In case you want to integrate payment with new Credit/Debit Cards on your checkout page, follow the steps below:

 

  1. User selects the Credit/Debit Card on your checkout page and starts entering the card details. As soon as the first 6 digits are entered, you call the Fetch Bin Detail API to get the BIN details of the card.
  2. Paytm validates the card and returns the BIN details like the card type (VISA, Master, AMEX etc.), issuing bank, and the current success rate of bin.

    Note:
    a. For maestro cards, CVV and Expiry Date are not required for any transaction.
    b. You can consume the success rate of the card and intimate a user so they could choose any other payment method.

  3. User clicks Pay to proceed for checkout and you call the Process Transaction API.

    You can hit the Process Transaction API either through Form post or JSON based. Using JSON based integration, you can also collect OTP for 2FA on your page for major banks.

  1. You hit the Process Transaction API as an HTML form post through the client. Paytm processes the transaction and redirects the user to the bank page to complete the payment by entering the OTP. Refer to the sample request/response below:
    <form method="post" type="redirect" action="https://securegw-stage.paytm.in/theia/api/v1/processTransaction?mid=INTEGR7769XXXXXX9383&orderId=ORDERID_98765">
        <input type="text" name="mid" value="INTEGR7769XXXXXX9383" />
        <input type="text" name="orderId" value="ORDERID_98765" />
        <input type="text" name="txnToken" value="f0bed899539742309eebd8XXXX7edcf61588842333227" />
        <input type="text" name="paymentMode" value="DEBIT_CARD" />
        <input type="text" name="cardInfo" value="|5129670406454327|983|122025" />
        <input type="text" name="AUTH_MODE" value="otp" />
        <input type="submit" />
    </form>
  2. After the user completes the transaction on the bank page, bank redirects the user back to Paytm which in turn redirects the user back on your payment confirmation page.
  3. You receive the transaction status on the Callback URL. Please refer to the sample response here.
  4. Prior to verifying the payment, you must validate the checksumhash received in response to the Process Transaction API. To verify it, use the Paytm library with all the parameters in key-value pairs on the merchant server.
  5. Validate the transaction response via server-side request using the Transaction Status API. You must verify the Order ID and amount with your DB entries and consider the status as the final status of the transaction in all cases.
  6. After the transaction status verification, you show final payment status to the user.
  1. You hit the Process Transaction API as a JSON request (S2S) from the client or backend server. Paytm processes the request and passes the Direct Bank Form and Redirect Bank Form flow in response to your request. Please refer to the sample request/response below:

    Request

    curl -X POST 'https://securegw-stage.paytm.in/theia/api/v1/processTransaction?mid=INTEGR7769XXXXXX9383&orderId=ORDERID_98765' \
    --header 'Content-Type: application/json' \
    --data '{"head":{"txnToken":"f0bed899539742309eebd8XXXX7edcf61588842333227"},"body":{"requestType":"NATIVE","mid":"INTEGR7769XXXXXX9383","orderId":"ORDERID_98765","paymentMode":"CREDIT_CARD","cardInfo":"1159332987||111|","authMode":"otp"}}'

    Response

    {
        "head": {
            "responseTimestamp": "1595585135939",
            "version": "v1"
        },
        "body": {
            "resultInfo": {
                "resultStatus": "S",
                "resultCode": "0000",
                "resultMsg": "Success"
            },
            "bankForm": {
                "pageType": "redirect",
                "isForceResendOtp": false,
                "redirectForm": {
                    "actionUrl": "https://securegw-stage.paytm.in/mockbank/MockJSP/PAReqEntry.jsp?TrackID=90200724000183473830&amt=1&cardnum=NDExMTExMTExMTExMTExMQ==",
                    "method": "post",
                    "type": "redirect",
                    "headers": {
                        "Content-Type": "application/x-www-form-urlencoded"
                    },
                    "content": {
                        "MD": "1466814881",
                        "PaReq": "eJxVUsFy4jAM/ZVMzrvYSgokjOIOhdJmZklYCoc9ehy3pEMcapsCf792IO3uTU9PfpKejPfnZh98Sm3qVmUhDGgYSCXaqlZvWbjdLH4m4T3DzU5LOX+R4qglw6U0hr/JoK6ycFEJoeBpltdrU552kP5WpiCvCchlFjJcTdfyg+GtAXP6gwhJD52SFjuuLEMuPh7ygg2HNB67ihvERup8ziACGtEYyRWi4o1kZfGYjoNZuVxui3w23eRl8RL82syRdDSK9qisvrB4OELSAzzqPdtZezATQg78YpuBaJtrdOL7vbRIfAmS79FWRx8ZJ3muKzZ9f10YSEq9PenRiBf6j1XwubqodZsh8RVYcStZRGFMU4gCChNIJtEdki6PvPGzsLWBH5CmA0rdttcUHnyn6RWAIz33bw6d/9qdp1+qRyjPh1ZJV+Gs+4qRfE8+e/YWC+vcG8UJ9MNBDOO7zu6O8jq1cymKadoJeYDEPya3S5Lb8V3036f4C56Zvls=",
                        "TermUrl": "https://securegw-stage.paytm.in/instaproxy/bankresponse/HDFC/CC/90200724000183473830"
                    }
                }
            }
        }
    }

    You select any one of the following flows supported by Paytm to complete the transaction:
    1. Direct Bank Form - You can collect and verify the bank OTP on your page on the web or app. Currently, it is supported for ICICI, HDFC, Citibank, Axis and SBI only. Paytm calls the bank to send OTP to the user. Bank returns OTP to the user and confirmation to Paytm. Paytm returns a set of supported functions for validating bank OTP. You call the Direct Bank Request API to validate bank OTP in your app or website.
    2. Redirect Bank Form - It redirects the user to the bank page to complete the payment where you collect and verify the OTP. User completes the transaction on the bank page. Bank redirects the user back to Paytm which in turn redirects the user back on your payment confirmation page.
  2. You receive the transaction status on the Callback URL. Please refer to the sample response here.
  3. Prior to verifying the payment, you must validate the checksumhash received in response to the Process Transaction API. To verify it, use the Paytm library with all the parameters in key-value pairs on the merchant server.
  4. Validate the transaction response via server-side request using the Transaction Status API You must verify the Order ID and amount with your DB entries and consider the status as the final status of the transaction in all cases.
  5. After the transaction status verification, you show the final payment status to the user.

Post integration steps

Post completion of integration in your staging environment, it is mandatory to test the Paytm payment sources integration on your website/app before moving into the live environment with production account details (received from Paytm team).

  1. You can view the staging transaction details in the “Test Data” mode on your dashboard.
  2. You must ensure to re-verify the transaction response with Transaction Status API via server to server call for payment flow and not as a one-time activity.

Post successful testing in your staging environment, move your code to the live environment with production account details. These credentials will be available after you activate your business account with Paytm on the Merchant Dashboard.
 

Paytm recommends you to read about Managing Refunds and late payment notifications for a better understanding of the integration.
 

For any issues with the integration, refer to Get in touch.