Accepting a Payment
The simplest version of payment acceptance with PayU involves sending an HTTP request to create a new order and redirecting the buyer to the PayU payment page. In this approach, you don't fetch individual payment methods from the PayU backend during the purchase process. Instead, you present a single, general payment option—PayU.
Authenticating an Order
Before creating a new payment request, you must authenticate within the scope of the selected point of sale. To achieve this, retrieve the client_id and client_secret from the point of sale where the funds will be deposited after the transaction is completed.
curl -X POST https://secure.snd.payu.com/pl/standard/user/oauth/authorize \
-d 'grant_type=client_credentials' \
-d 'client_id=460718' \
-d 'client_secret=22f4175da9f0f72bcce976dd8bd7504f'
The response will include an OAuth token, which you should use to authenticate your request.
{
"access_token": "3e5cac39-7e38-4139-8fd6-30adc06a61bd",
"token_type": "bearer",
"expires_in": 43199, //expiration time in seconds
"grant_type": "client_credentials"
}
To learn more about authentication, refer to Authorizing Request guide or the Authorize section in our API Reference.
Creating a new Order Request
After obtaining a valid OAuth token, you can initiate a new transaction with PayU by sending a request containing the transaction details to the appropriate endpoint: https://secure.payu.com/api/v2_1/orders.
Using this API endpoint, you can provide the required transaction details to PayU. The system will then process your request and create a new transaction.
Make sure to include all the required transaction details and authenticate the request using the OAuth token to successfully create the transaction with PayU.
curl -X POST https://secure.payu.com/api/v2_1/orders \
-H "Content-Type: application/json" \
-H "Authorization: Bearer 3e5cac39-7e38-4139-8fd6-30adc06a61bd" \
-d '{
"customerIp": "127.0.0.1",
"merchantPosId": "145227",
"description": "RTV market",
"currencyCode": "PLN",
"totalAmount": "21000",
"products": [
{
"name": "Wireless Mouse for Laptop",
"unitPrice": "21000",
"quantity": "1"
}
]
}'
The response to the order will provide detailed transaction information, including the redirectURI parameter. This redirectURI contains the URL of the PayU payment page, where you should redirect the payer to complete the payment.
{
"status": {
"statusCode": "SUCCESS"
},
"redirectUri": "{payment_summary_redirection_url}",
"orderId": "WZHF5FFDRJ140731GUEST000P01",
"extOrderId": "{YOUR_EXT_ORDER_ID}"
}
To learn more about creating a new order, refer to the Creating a New Order guide and the Create an Order section in our API Reference.
Once redirected to the PayU payment page, the buyer can select the payment method that best suits them. After the payment is completed, the funds will be credited to the balance of the shop associated with the point of sale whose credentials were used for authentication.
Payment Page Example
By clicking the button below, you will be redirected to the PayU hosted payment page for the sandbox environment.
Transmission Encryption
To connect to PayU servers, you must comply with the security requirements for communication protocols.
Since 30 June 2018 PayU supports only TLS 1.2 protocol.
Lack of support for older protocols is for security reasons. The TLS 1.2 protocol is the best transmission encryption method compliant with the highest security standard PCI DSS 3.2.
The change applies to all transmission via HTTPS, therefore it includes all REST API and Classic API endpoints.
Majority of e-commerce solutions and hosting providers make sure that their software is up-to-date. Therefore, if your site is using such a provider, most probably you have nothing to worry about. You can contact your service providers and ask whether they have updated their software.
Since December 9, 2023, to establish a TLS connection successfully with PayU servers, the Server Name Indication (SNI) extension is required.
The SNI extension was proposed in 2003 (rfc3546) and is currently a widely adopted standard. SNI has been supported by web browsers for many years and is also backed by libraries in leading programming languages.
If your site is a custom-built solution, make sure that it uses the latest version of the protocol. The following information could be useful.
JAVA
Java 1.5 and below does not support TLS 1.2 In Java 1.6, TLS 1.2 is not supported in Oracle public updates. It is supported in the business edition starting Oracle java version 6u115 b32.
In Java 1.7, TLS1.2 is supported. But it needs to be explicitly enabled by selecting the enabled protocols while creating the SSLSocket & SSLEngine instances.
Please refer to: Oracle blog for more details.
cURL
Curl supports TLS1.2 starting 7.34.0. Please use the following command to test the connection.
You may use any PayU endpoint. If you need help with Classic API integration contact our support.
If it works, you'll see Unauthorized message.
cURL+PHP
php -r '$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://secure.payu.com/api/v2_1/orders");
curl_setopt ($ch, CURLOPT_SSLVERSION, 6);
var_dump(curl_exec($ch));
var_dump(curl_error($ch));'
If it works, you'll see "Unauthorized" message. TLS 1.1 and TLS 1.2 are supported since OpenSSL 1.0.1. Forcing TLS 1.1 and 1.2 are only supported since curl 7.34.0.
That's it! These are the basics of creating a transaction with PayU. If you'd like to make the checkout process easier and faster for your customers, and display payment methods directly on your store's website, Create Your Own Checkout.
Additionally, we provide helpful resources to simplify the integration with our system.
To learn more about the available currencies, languages, or payment methods, visit the Integration References page.