search

Online payments with Redirection flow - Deprecated

Paytm Redirection flow for your website provides a secure, PCI-compliant way to accept Debit/Credit card, Net-Banking, UPI and Paytm wallet payments from your customers.

Note: This is an HTML form post integration and it has been deprecated. The flow is available for only existing integrations.

Overview of payment processing

The payment process starts at the click on Pay button on the merchant order summary page. On this click, you need to:

  1. Create an order in your order system and then generate checksumhash at your server end for the payment request. Checksumhash is used for detecting errors or tampering introduced during its transmission of the request. A checksum is generated using the merchant key which should be kept only on server-side for security reasons.

  2. Post the payload and checksumhash in an HTML form POST on Paytm's server. This redirects the customer to Paytm's payment page.

  3. Customer fills payment details and completes the payment authentication. Once the payment is complete, a response is posted in HTML form POST on your website's callback URL.

  4. Verify checksumhash received in response to ensure that it has not tampered.

  5. Lastly, verify transaction status with Transaction Status API via server to server call. This protects you from scenarios where your account credentials are compromised or request/response has tampered.

Find the detailed interaction of each system component in the flow chart below:
 

Steps in processing payments

1.  At the click of place order/payment button by the customer on your website, create an order in your system and generate the required payload for the payment request. Parameters of a payload are provided below:
 

Request attributes Description

MID

String(20)

Mandatory

This is a unique identifier provided to every merchant by Paytm. MID is part of your account credentials and is different on staging and production environment. Your staging MID is available here and production MID will be available once your activation is complete.

ORDER_ID

String(50)

Mandatory

Unique reference ID for a transaction which is generated by merchant special characters allowed in Order ID are: @, -, _,.

CUST_ID

String(64)

Mandatory

Unique reference ID for every customer which is generated by merchant special characters allowed in Cust_ID are @, ! ,_ ,$,.

TXN_AMOUNT

String(10)

Mandatory

Amount in INR payable by the customer. Should contain digits up to two decimal points. The only special character allowed is (“.”)

CHANNEL_ID

String(3)

Mandatory

This parameter is used to control the theme of the payment page. Based on the channel passed, Paytm will render the layout suitable for that specific platform.

•   For websites, the value is WEB

•   For Mobile websites/App, the value is WAP

WEBSITE

String(30)

Mandatory

•   For staging environment: WEBSTAGING

•   For production environment: Will be available here once your activation is complete

PROMO_CAMP_ID

String(120)

Optional

This parameter is required to pass when a merchant is running any promotional campaign and it is configured at Paytm payment gateway. Merchant will get in contact with Paytm to launch any promo code campaign.

CHECKSUMHASH

String(108)

Mandatory

Signature to avoid tampering. Generated using server-side checksum utility available here.

MOBILE_NO

String(15)

Optional

Customer's mobile number. Passing this enables faster login for a customer into his/her Paytm account. When the customer clicks on login, the mobile number comes pre-filled on our payment page.

EMAIL

String(50)

Optional

Customer's Email ID

INDUSTRY_TYPE_ID

String(20)

Mandatory

•   For staging environment: "Retail"

•   For production environment: Will be available here once your activation is complete

CALLBACK_URL

String(255)

Optional

On completion of the transaction, Paytm payment gateway will send the response on this URL. Sample URL is - https://merchant.com/callback/

MERC_UNQ_REF

String(50)

Optional

This parameter accepts merchant defined value. In transaction request, the merchant can send his choice of value and Paytm payment gateway shall return the same value in the transaction response. Merchant can also use this identifier to search transactions on a panel.

PAYMENT_MODE_ONLY

String(3)

Optional

If a merchant wants to allow payment mode selection on his website or restrict the payment to a particular paymode, then the value to be passed is “YES”.
For example, with this parameter merchant can ensure that customer only sees credit card as a paymode when he lands on Paytm's cashier page.

AUTH_MODE

String(10)

Conditional

Required If PAYMENT_MODE_ONLY = YES, then

•   For Credit/Debit card - 3D

•   For Wallet, Net Banking, Postpaid – USRPWD

PAYMENT_TYPE_ID

String(15)

Conditional

Required If PAYMENT_MODE_ONLY = Yes, then

•   Credit card payment mode – CC

•   Debit card payment mode - DC

•   Net banking payment mode - NB

•   Paytm wallet – PPI

•   EMI - EMI

•   UPI - UPI

•   Paytm Postpaid - PAYTM_DIGITAL_CREDIT

BANK_CODE

String(5)

Conditional

Required If PAYMENT_MODE_ONLY = Yes PAYMENT_TYPE_ID = NB
List of Bank Codes is provided here.

2.  Generate checksumhash using Paytm library with parameters in key-value pairs. Using the payload and checksumhash make an HTML form post and redirect the customer to Paytm server. Code snippets and Github links for the checksum utility and HTML form post are provided below.
 

/* initialize a TreeMap object */
TreeMap<String, String> paytmParams = new TreeMap<String, String>();

/* Find your MID in your Paytm Dashboard at https://dashboard.paytm.com/next/apikeys */
paytmParams.put("MID", "YOUR_MID_HERE");

/* Find your WEBSITE in your Paytm Dashboard at https://dashboard.paytm.com/next/apikeys */
paytmParams.put("WEBSITE", "YOUR_WEBSITE_HERE");

/* Find your INDUSTRY_TYPE_ID in your Paytm Dashboard at https://dashboard.paytm.com/next/apikeys */
paytmParams.put("INDUSTRY_TYPE_ID", "YOUR_INDUSTRY_TYPE_ID_HERE");

/* WEB for website and WAP for Mobile-websites or App */
paytmParams.put("CHANNEL_ID", "YOUR_CHANNEL_ID");

/* Enter your unique order id */
paytmParams.put("ORDER_ID", "YOUR_ORDER_ID");

/* unique id that belongs to your customer */
paytmParams.put("CUST_ID", "CUSTOMER_ID");

/* customer's mobile number */
paytmParams.put("MOBILE_NO", "CUSTOMER_MOBILE_NUMBER");

/* customer's email */
paytmParams.put("EMAIL", "CUSTOMER_EMAIL");

/**
* Amount in INR that is payble by customer
* this should be numeric with optionally having two decimal points
*/
paytmParams.put("TXN_AMOUNT", "ORDER_TRANSACTION_AMOUNT");

/* on completion of transaction, we will send you the response on this URL */
paytmParams.put("CALLBACK_URL", "YOUR_CALLBACK_URL");

/**
* Generate checksum for parameters we have
* You can get Checksum JAR from https://developer.paytm.com/docs/checksum/
* Find your Merchant Key in your Paytm Dashboard at https://dashboard.paytm.com/next/apikeys 
*/
String checksum = CheckSumServiceHelper.getCheckSumServiceHelper().genrateCheckSum("YOUR_KEY_HERE", paytmParams);

/* for Staging */
String url = "https://securegw-stage.paytm.in/order/process";

/* for Production */
// String url = "https://securegw.paytm.in/order/process";

/* Prepare HTML Form and Submit to Paytm */
StringBuilder outputHtml = new StringBuilder();
outputHtml.append("<html>");
outputHtml.append("<head>");
outputHtml.append("<title>Merchant Checkout Page</title>");
outputHtml.append("</head>");
outputHtml.append("<body>");
outputHtml.append("<center><h1>Please do not refresh this page...</h1></center>");
outputHtml.append("<form method='post' action='" + url + "' name='paytm_form'>");

for(Map.Entry<String,String> entry : paytmParams.entrySet()) {
    outputHtml.append("<input type='hidden' name='" + entry.getKey() + "' value='" + entry.getValue() + "'>");
}

outputHtml.append("<input type='hidden' name='CHECKSUMHASH' value='" + checksum + "'>");
outputHtml.append("</form>");
outputHtml.append("<script type='text/javascript'>");
outputHtml.append("document.paytm_form.submit();");
outputHtml.append("</script>");
outputHtml.append("</body>");
outputHtml.append("</html>");

Endpoints:
Staging: https://securegw-stage.paytm.in/order/process
Production: https://securegw.paytm.in/order/process

Get the sample code for a language of your choice:
 

For Web:


For App:


HTML Form Post

<html>
   <head>
      <title>Merchant Check Out Page</title>
   </head>
   <body>
      <center>
         <h1>Please do not refresh this page...</h1>
      </center>
      <form method="post" action="https://securegw-stage.paytm.in/order/process" name="paytm">
         <table border="1">
            <tbody>
               <input type="hidden" name="MID" value="YOUR_MID_HERE">
               <input type="hidden" name="WEBSITE" value="YOUR_WEBSITE_HERE">
               <input type="hidden" name="ORDER_ID" value="YOUR_ORDER_ID">
               <input type="hidden" name="CUST_ID" value="CUSTOMER_ID">
               <input type="hidden" name="MOBILE_NO" value="CUSTOMER_MOBILE_NUMBER">
               <input type="hidden" name="EMAIL" value="CUSTOMER_EMAIL">
               <input type="hidden" name="INDUSTRY_TYPE_ID" value="YOUR_INDUSTRY_TYPE_ID_HERE">
               <input type="hidden" name="CHANNEL_ID" value="YOUR_CHANNEL_ID">
               <input type="hidden" name="TXN_AMOUNT" value="ORDER_TRANSACTION_AMOUNT">
               <input type="hidden" name="CALLBACK_URL" value="YOUR_CALLBACK_URL">
               <input type="hidden" name="CHECKSUMHASH" value="GENERATED_CHECKSUM_VALUE">
            </tbody>
         </table>
         <script type="text/javascript">
            document.paytm.submit();
         </script>
      </form>
   </body>
</html>

3.  Customer fills the payment details and is redirected to bank page for authorization. Once the transaction is authorized, Paytm receives the response from the bank and returns a status to your website via your callback URL. Response attributes description and the sample HTML form post is provided below:

Response Attributes Description

MID

String(20)

This is a unique identifier provided to every merchant by Paytm

TXNID

String(64)

This is a unique Paytm transaction ID that is issued by Paytm for each transaction

ORDERID

String(50)

Unique reference ID for a transaction which is generated by merchant and sent in the request

BANKTXNID

String

The transaction ID sent by the bank. In the case of Paytm proprietary instruments too, there is a unique reference number generated by Paytm's system. In case the transaction does not reach the bank, this will be a NULL or empty string. The primary reason for this is user dropping out of the payment flow before the transaction reaches to bank servers.

TXNAMOUNT

String(10)

Amount paid by the customer in INR

CURRENCY

String(3)

Currency in which the transaction has taken place. Currently, only "INR" is the supported currency of the transaction.

STATUS

String(20)

This contains the transaction status and has only three values: TXN_SUCCESS, TXN_FAILURE and PENDING

RESPCODE

String(10)

Codes refer to a particular reason for payment failure/success. List in this PDF.

RESPMSG

String(500)

Description message is linked with each respcode. List in this PDF.

TXNDATE

DateTime

Date and Time of transaction in the format "yyyy-MM-dd HH:mm:ss.S" Example: "2015-11- 02 11:40:46.0"

GATEWAYNAME

String(15)

Gateway used by Paytm to process the transactions. Details are provided below paymode wise:
Credit, debit cards UPI - Gateway used to process the transaction. For example, if HDFC gateway has been used to process SBI credit card transactions, the value will be HDFC
  • Net banking - Netbanking transactions are not routed via the gateway. Hence issuing bank name is passed in this field
  • Paytm Wallet - The value will be 'WALLET'
  • Paytm Postpaid - The value will be 'PAYTMCC'

BANKNAME

String(500)

Name of issuing bank of the payment instrument used by the customer. Details are provided below paymode wise:
  • Credit, debit cards, net banking - Name of the issuing bank. Example in case the customer uses SBI's credit card, the value will be "SBI"
  • Paytm Wallet - Wallet
Note that in the case of UPI - This parameter will not be present in the response.

PAYMENTMODE

String(15)

The payment mode used by the customer for a transaction:

•   Credit card - CC

•   Debit card - DC

•   Net banking - NB

•   UPI - UPI

•   Paytm wallet - PPI

•   Postpaid - PAYTMCC

CHECKSUMHASH

String(108)

Security parameter to avoid tampering. Verified using server-side checksum utility provided by Paytm. Utilities to generate checksumhash is available here.
<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
		<title>Paytm Secure Online Payment Gateway</title>
	</head>
	<body>
		<table align='center'>
			<tr>
				<td><STRONG>Transaction is being processed,</STRONG></td>
			</tr>
			<tr>
				<td><font color='blue'>Please wait ...</font></td>
			</tr>
			<tr>
				<td>(Please do not press 'Refresh' or 'Back' button</td>
			</tr>
		</table>
		<FORM NAME='TESTFORM' ACTION='YOUR_CALLBACK_URL' METHOD='POST'>
			<input type='hidden' name='CURRENCY' value='PAYMENT_CURRENCY'>
			<input type='hidden' name='GATEWAYNAME' value='GATEWAY_USED_BY_PAYTM'>
			<input type='hidden' name='RESPMSG' value='PAYTM_RESPONSE_MESSAGE_DESCRIPTION'>
			<input type='hidden' name='BANKNAME' value='BANK_NAME_OF_ISSUING_PAYMENT_MODE'>
			<input type='hidden' name='PAYMENTMODE' value='PAYMENT_MODE_USED_BY_CUSTOMER'>
			<input type='hidden' name='MID' value='YOUR_MID_HERE'>
			<input type='hidden' name='RESPCODE' value='PAYTM_RESPONSE_CODE'>
			<input type='hidden' name='TXNID' value='PAYTM_TRANSACTION_ID'>
			<input type='hidden' name='TXNAMOUNT' value='ORDER_TRANSACTION_AMOUNT'>
			<input type='hidden' name='ORDERID' value='YOUR_ORDER_ID'>
			<input type='hidden' name='STATUS' value='PAYTM_TRANSACTION_STATUS'>
			<input type='hidden' name='BANKTXNID' value='BANK_TRANSACTION_ID'>
			<input type='hidden' name='TXNDATE' value='TRANSACTION_DATE_TIME'>
			<input type='hidden' name='CHECKSUMHASH' value='PAYTM_GENERATED_CHECKSUM_VALUE'>
		</FORM>
	</body>
	<script type="text/javascript">  document.forms[0].submit();</script>    
</html>

4.  Checksumhash received in response of transaction needs to be verified on merchant server using Paytm library with all the parameters in key-value pairs. Code snippets and Github links for the checksum utility are provided here

String paytmChecksum = null;

/* Create a TreeMap from the parameters received in POST */
TreeMap<String, String> paytmParams = new TreeMap<String, String>();
for (Entry<String, String[]> requestParamsEntry : request.getParameterMap().entrySet()) {
    if ("CHECKSUMHASH".equalsIgnoreCase(requestParamsEntry.getKey())){
        paytmChecksum = requestParamsEntry.getValue()[0];
    } else {
        paytmParams.put(requestParamsEntry.getKey(), requestParamsEntry.getValue()[0]);
    }
}

/**
* Verify checksum
* Find your Merchant Key in your Paytm Dashboard at https://dashboard.paytm.com/next/apikeys 
**/
boolean isValidChecksum = CheckSumServiceHelper.getCheckSumServiceHelper().verifycheckSum("YOUR_KEY_HERE", paytmParams, paytmChecksum);
if (isValidChecksum) {
	System.out.append("Checksum Matched");
} else {
	System.out.append("Checksum Mismatched");
}

Get the sample code for a language of your choice:
 

For Web:


For App:


5.  Validate transaction response via server-side request using the Transaction Status API. This API requires checksumhash in request and its verification in response. The status should be treated as the final status of the transaction.

On completion of your integration

Post completion of integration on your staging environment, do a complete transaction from order summary page on your website or mobile app.

  1. Attempt a test transaction using test paymodes credentials.

  2. Ensure you re-verify transaction response with Transaction Status API via server to server call in payment flow and not separately as a one-time activity.

  3. See the transaction details in the “Test Data” mode on your dashboard.
     

Once the test transaction is complete, move your code to live environment with production account details. Note that production accounts details are available after you have activated your account on the dashboard.
 

Lastly, it's recommended that you read about Managing Refunds and late payment notifications.
 

In case of any issues with integration, please Get in touch.