Paytm Redirection flow for your website provides a secure, PCI-compliant way to accept Debit/Credit card, Net-Banking, UPI and Paytm wallet payments from your customers.
Note: This is an HTML form post integration and it has been deprecated. The flow is available for only existing integrations.
The payment process starts at the click on Pay button on the merchant order summary page. On this click, you need to:
Create an order in your order system and then generate checksumhash at your server end for the payment request. Checksumhash is used for detecting errors or tampering introduced during its transmission of the request. A checksum is generated using the merchant key which should be kept only on server-side for security reasons.
Post the payload and checksumhash in an HTML form POST on Paytm's server. This redirects the customer to Paytm's payment page.
Customer fills payment details and completes the payment authentication. Once the payment is complete, a response is posted in HTML form POST on your website's callback URL.
Verify checksumhash received in response to ensure that it has not tampered.
Lastly, verify transaction status with Transaction Status API via server to server call. This protects you from scenarios where your account credentials are compromised or request/response has tampered.
Find the detailed interaction of each system component in the flow chart below:
1. At the click of place order/payment button by the customer on your website, create an order in your system and generate the required payload for the payment request. Parameters of a payload are provided below:
| Request attributes | Description |
|---|---|
|
MID String(20) Mandatory |
This is a unique identifier provided to every merchant by Paytm. MID is part of your account credentials and is different on staging and production environment. Your staging MID is available here and production MID will be available once your activation is complete. |
|
ORDER_ID String(50) Mandatory |
Unique reference ID for a transaction which is generated by merchant special characters allowed in Order ID are: @, -, _,. |
|
CUST_ID String(64) Mandatory |
Unique reference ID for every customer which is generated by merchant special characters allowed in Cust_ID are @, ! ,_ ,$,. |
|
TXN_AMOUNT String(10) Mandatory |
Amount in INR payable by the customer. Should contain digits up to two decimal points. The only special character allowed is (“.”) |
|
CHANNEL_ID String(3) Mandatory |
This parameter is used to control the theme of the payment page. Based on the channel passed, Paytm will render the layout suitable for that specific platform.
• For websites, the value is WEB • For Mobile websites/App, the value is WAP |
|
WEBSITE String(30) Mandatory |
• For staging environment: WEBSTAGING • For production environment: Will be available here once your activation is complete |
|
PROMO_CAMP_ID String(120) Optional |
This parameter is required to pass when a merchant is running any promotional campaign and it is configured at Paytm payment gateway. Merchant will get in contact with Paytm to launch any promo code campaign. |
|
CHECKSUMHASH String(108) Mandatory |
Signature to avoid tampering. Generated using server-side checksum utility available here. |
|
MOBILE_NO String(15) Optional |
Customer's mobile number. Passing this enables faster login for a customer into his/her Paytm account. When the customer clicks on login, the mobile number comes pre-filled on our payment page. |
|
String(50) Optional |
Customer's Email ID |
|
INDUSTRY_TYPE_ID String(20) Mandatory |
• For staging environment: "Retail" • For production environment: Will be available here once your activation is complete |
|
CALLBACK_URL String(255) Optional |
On completion of the transaction, Paytm payment gateway will send the response on this URL. Sample URL is - https://merchant.com/callback/ |
|
MERC_UNQ_REF String(50) Optional |
This parameter accepts merchant defined value. In transaction request, the merchant can send his choice of value and Paytm payment gateway shall return the same value in the transaction response. Merchant can also use this identifier to search transactions on a panel. |
|
PAYMENT_MODE_ONLY String(3) Optional |
If a merchant wants to allow payment mode selection on his website or restrict the payment to a particular paymode, then the value to be passed is “YES”. For example, with this parameter merchant can ensure that customer only sees credit card as a paymode when he lands on Paytm's cashier page. |
|
AUTH_MODE String(10) Conditional |
Required If PAYMENT_MODE_ONLY = YES, then
• For Credit/Debit card - 3D • For Wallet, Net Banking, Postpaid – USRPWD |
|
PAYMENT_TYPE_ID String(15) Conditional |
Required If PAYMENT_MODE_ONLY = Yes, then
• Credit card payment mode – CC • Debit card payment mode - DC • Net banking payment mode - NB • Paytm wallet – PPI • EMI - EMI • UPI - UPI • Paytm Postpaid - PAYTM_DIGITAL_CREDIT |
|
subwalletAmount object |
This parameter is required to limit the maximum amount that could be deducted from a particular subwallet. This parameter is only used for payMode PPI (Paytm Wallet). NOTE: As per compliance rules, you need to send the Food item amount separately to Paytm. |
|
BANK_CODE String(5) Conditional |
Required If PAYMENT_MODE_ONLY = Yes PAYMENT_TYPE_ID = NB List of Bank Codes is provided here. |
2. Generate checksumhash using Paytm library with parameters in key-value pairs. Using the payload and checksumhash make an HTML form post and redirect the customer to Paytm server. Code snippets and Github links for the checksum utility and HTML form post are provided below.
Payment Gateway
QR Code
Payment Links
Payment Invoice
Subscriptions
International Merchants
AI Router
Food Wallet
Paytm Cash
Paytm Gold
Smart Retail
POS Hardware
/* initialize a TreeMap object */
TreeMap<String, String> paytmParams = new TreeMap<String, String>();
/* Find your MID in your Paytm Dashboard at https://dashboard.paytmpayments.com/next/apikeys */
paytmParams.put("MID", "YOUR_MID_HERE");
/* Find your WEBSITE in your Paytm Dashboard at https://dashboard.paytmpayments.com/next/apikeys */
paytmParams.put("WEBSITE", "YOUR_WEBSITE_HERE");
/* Find your INDUSTRY_TYPE_ID in your Paytm Dashboard at https://dashboard.paytmpayments.com/next/apikeys */
paytmParams.put("INDUSTRY_TYPE_ID", "YOUR_INDUSTRY_TYPE_ID_HERE");
/* WEB for website and WAP for Mobile-websites or App */
paytmParams.put("CHANNEL_ID", "YOUR_CHANNEL_ID");
/* Enter your unique order id */
paytmParams.put("ORDER_ID", "YOUR_ORDER_ID");
/* unique id that belongs to your customer */
paytmParams.put("CUST_ID", "CUSTOMER_ID");
/* customer's mobile number */
paytmParams.put("MOBILE_NO", "CUSTOMER_MOBILE_NUMBER");
/* customer's email */
paytmParams.put("EMAIL", "CUSTOMER_EMAIL");
/**
* Amount in INR that is payble by customer
* this should be numeric with optionally having two decimal points
*/
paytmParams.put("TXN_AMOUNT", "ORDER_TRANSACTION_AMOUNT");
/* on completion of transaction, we will send you the response on this URL */
paytmParams.put("CALLBACK_URL", "YOUR_CALLBACK_URL");
/**
* Generate checksum for parameters we have
* You can get Checksum JAR from https://paytmpayments.com/docs/checksum/
* Find your Merchant Key in your Paytm Dashboard at https://dashboard.paytmpayments.com/next/apikeys
*/
String checksum = CheckSumServiceHelper.getCheckSumServiceHelper().genrateCheckSum("YOUR_KEY_HERE", paytmParams);
/* for Staging */
String url = "https://securestage.paytmpayments.com/order/process";
/* for Production */
// String url = "https://secure.paytmpayments.com/order/process";
/* Prepare HTML Form and Submit to Paytm */
StringBuilder outputHtml = new StringBuilder();
outputHtml.append("<html>");
outputHtml.append("<head>");
outputHtml.append("<title>Merchant Checkout Page</title>");
outputHtml.append("</head>");
outputHtml.append("<body>");
outputHtml.append("<center><h1>Please do not refresh this page...</h1></center>");
outputHtml.append("<form method='post' action='" + url + "' name='paytm_form'>");
for(Map.Entry<String,String> entry : paytmParams.entrySet()) {
outputHtml.append("<input type='hidden' name='" + entry.getKey() + "' value='" + entry.getValue() + "'>");
}
outputHtml.append("<input type='hidden' name='CHECKSUMHASH' value='" + checksum + "'>");
outputHtml.append("</form>");
outputHtml.append("<script type='text/javascript'>");
outputHtml.append("document.paytm_form.submit();");
outputHtml.append("</script>");
outputHtml.append("</body>");
outputHtml.append("</html>");
Endpoints:
Staging: https://securestage.paytmpayments.com/order/process
Production: https://secure.paytmpayments.com/order/process
Get the sample code for a language of your choice:
For Web:
For App:
HTML Form Post
<html>
<head>
<title>Merchant Check Out Page</title>
</head>
<body>
<center>
<h1>Please do not refresh this page...</h1>
</center>
<form method="post" action="https://securestage.paytmpayments.com/order/process" name="paytm">
<table border="1">
<tbody>
<input type="hidden" name="MID" value="YOUR_MID_HERE">
<input type="hidden" name="WEBSITE" value="YOUR_WEBSITE_HERE">
<input type="hidden" name="ORDER_ID" value="YOUR_ORDER_ID">
<input type="hidden" name="CUST_ID" value="CUSTOMER_ID">
<input type="hidden" name="MOBILE_NO" value="CUSTOMER_MOBILE_NUMBER">
<input type="hidden" name="EMAIL" value="CUSTOMER_EMAIL">
<input type="hidden" name="INDUSTRY_TYPE_ID" value="YOUR_INDUSTRY_TYPE_ID_HERE">
<input type="hidden" name="CHANNEL_ID" value="YOUR_CHANNEL_ID">
<input type="hidden" name="TXN_AMOUNT" value="ORDER_TRANSACTION_AMOUNT">
<input type="hidden" name="CALLBACK_URL" value="YOUR_CALLBACK_URL">
<input type="hidden" name="CHECKSUMHASH" value="GENERATED_CHECKSUM_VALUE">
</tbody>
</table>
<script type="text/javascript">
document.paytm.submit();
</script>
</form>
</body>
</html>
3. Customer fills the payment details and is redirected to bank page for authorization. Once the transaction is authorized, Paytm receives the response from the bank and returns a status to your website via your callback URL. Response attributes description and the sample HTML form post is provided below:
| Response Attributes | Description |
|---|---|
|
MID String(20) |
This is a unique identifier provided to every merchant by Paytm |
|
TXNID String(64) |
This is a unique Paytm transaction ID that is issued by Paytm for each transaction |
|
ORDERID String(50) |
Unique reference ID for a transaction which is generated by merchant and sent in the request |
|
BANKTXNID String |
The transaction ID sent by the bank. In the case of Paytm proprietary instruments too, there is a unique reference number generated by Paytm's system. In case the transaction does not reach the bank, this will be a NULL or empty string. The primary reason for this is user dropping out of the payment flow before the transaction reaches to bank servers. |
|
TXNAMOUNT String(10) |
Amount paid by the customer in INR |
|
CURRENCY String(3) |
Currency in which the transaction has taken place. Currently, only "INR" is the supported currency of the transaction. |
|
STATUS String(20) |
This contains the transaction status and has only three values: TXN_SUCCESS, TXN_FAILURE and PENDING |
|
RESPCODE String(10) |
Codes refer to a particular reason for payment failure/success. List in this PDF. |
|
RESPMSG String(500) |
Description message is linked with each respcode. List in this PDF. |
|
TXNDATE DateTime |
Date and Time of transaction in the format "yyyy-MM-dd HH:mm:ss.S" Example: "2015-11- 02 11:40:46.0" |
|
GATEWAYNAME String(15) |
Gateway used by Paytm to process the transactions. Details are provided below paymode wise: Credit, debit cards UPI - Gateway used to process the transaction. For example, if HDFC gateway has been used to process SBI credit card transactions, the value will be HDFC
|
|
BANKNAME String(500) |
Name of issuing bank of the payment instrument used by the customer. Details are provided below paymode wise:
|
|
PAYMENTMODE String(15) |
The payment mode used by the customer for a transaction:
• Credit card - CC • Debit card - DC • Net banking - NB • UPI - UPI • Paytm wallet - PPI • Postpaid - PAYTMCC |
|
CHECKSUMHASH String(108) |
Security parameter to avoid tampering. Verified using server-side checksum utility provided by Paytm. Utilities to generate checksumhash is available here. |
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Paytm Secure Online Payment Gateway</title>
</head>
<body>
<table align='center'>
<tr>
<td><STRONG>Transaction is being processed,</STRONG></td>
</tr>
<tr>
<td><font color='blue'>Please wait ...</font></td>
</tr>
<tr>
<td>(Please do not press 'Refresh' or 'Back' button</td>
</tr>
</table>
<FORM NAME='TESTFORM' ACTION='YOUR_CALLBACK_URL' METHOD='POST'>
<input type='hidden' name='CURRENCY' value='PAYMENT_CURRENCY'>
<input type='hidden' name='GATEWAYNAME' value='GATEWAY_USED_BY_PAYTM'>
<input type='hidden' name='RESPMSG' value='PAYTM_RESPONSE_MESSAGE_DESCRIPTION'>
<input type='hidden' name='BANKNAME' value='BANK_NAME_OF_ISSUING_PAYMENT_MODE'>
<input type='hidden' name='PAYMENTMODE' value='PAYMENT_MODE_USED_BY_CUSTOMER'>
<input type='hidden' name='MID' value='YOUR_MID_HERE'>
<input type='hidden' name='RESPCODE' value='PAYTM_RESPONSE_CODE'>
<input type='hidden' name='TXNID' value='PAYTM_TRANSACTION_ID'>
<input type='hidden' name='TXNAMOUNT' value='ORDER_TRANSACTION_AMOUNT'>
<input type='hidden' name='ORDERID' value='YOUR_ORDER_ID'>
<input type='hidden' name='STATUS' value='PAYTM_TRANSACTION_STATUS'>
<input type='hidden' name='BANKTXNID' value='BANK_TRANSACTION_ID'>
<input type='hidden' name='TXNDATE' value='TRANSACTION_DATE_TIME'>
<input type='hidden' name='CHECKSUMHASH' value='PAYTM_GENERATED_CHECKSUM_VALUE'>
</FORM>
</body>
<script type="text/javascript"> document.forms[0].submit();</script>
</html>
4. Checksumhash received in response of transaction needs to be verified on merchant server using Paytm library with all the parameters in key-value pairs. Code snippets and Github links for the checksum utility are provided here.
String paytmChecksum = null;
/* Create a TreeMap from the parameters received in POST */
TreeMap<String, String> paytmParams = new TreeMap<String, String>();
for (Entry<String, String[]> requestParamsEntry : request.getParameterMap().entrySet()) {
if ("CHECKSUMHASH".equalsIgnoreCase(requestParamsEntry.getKey())){
paytmChecksum = requestParamsEntry.getValue()[0];
} else {
paytmParams.put(requestParamsEntry.getKey(), requestParamsEntry.getValue()[0]);
}
}
/**
* Verify checksum
* Find your Merchant Key in your Paytm Dashboard at https://dashboard.paytmpayments.com/next/apikeys
**/
boolean isValidChecksum = CheckSumServiceHelper.getCheckSumServiceHelper().verifycheckSum("YOUR_KEY_HERE", paytmParams, paytmChecksum);
if (isValidChecksum) {
System.out.append("Checksum Matched");
} else {
System.out.append("Checksum Mismatched");
}
Get the sample code for a language of your choice:
For Web:
For App:
5. Validate transaction response via server-side request using the Transaction Status API. This API requires checksumhash in request and its verification in response. The status should be treated as the final status of the transaction.
Post completion of integration on your staging environment, do a complete transaction from order summary page on your website or mobile app.
Attempt a test transaction using test paymodes credentials.
Ensure you re-verify transaction response with Transaction Status API via server to server call in payment flow and not separately as a one-time activity.
See the transaction details in the “Test Data” mode on your dashboard.
Once the test transaction is complete, move your code to live environment with production account details. Note that production accounts details are available after you have activated your account on the dashboard.
Lastly, it's recommended that you read about Managing Refunds and late payment notifications.
In case of any issues with integration, please Get in touch.
