Third Party Validation (TPV) on Razorpay Standard Integration
Know how to integrate TPV on Razorpay Standard Integration.
Before you integrate TPV on Razorpay Standard integration, you should fulfill the following requirements:
- Create a , if you have not done already.
- Raise a support ticket to enable the TPV feature for your account.
- required to authenticate API requests sent to Razorpay servers.
- Check the .
In the TPV integration flow, Razorpay maps the customers' bank accounts to ensure that the payment is processed only from their registered bank accounts. Follow the steps given below:
You should collect the bank account details provided by the investor at the time of registration.
Pass the investor bank account details to the bank_account array of the Orders API. You can choose to make the investor pay using a certain payment method or permit them to choose any of the supported payment method, that is, netbanking, UPI or debit card.
The investor needs to pay using the payment method specified by you in the order. For example, if you want the investor to pay using UPI, you must pass method=upi.
Create a request payload using the following attributes:
amount
mandatory
integer The transaction amount expressed in paise (currency supported is INR). For example, for an actual amount of ₹1, the value of this field should be 100.
currency
mandatory
string The currency in which the transaction should be made. You can create Orders in INR only.
receipt
optional
string Receipt number that corresponds to this Order, set for your internal reference. Maximum length is 40 characters.
notes
optional
json object Key-value pair that can be used to store additional information about the entity. Maximum 15 key-value pairs, 256 characters (maximum) each. For example, "note_key": "Beam me up Scotty”.
method
mandatory
string The payment method used to make the payment. If this parameter is not passed, investors will be able to make payments using both netbanking and UPI payment methods. Possible values:
netbanking: Investors can make payments only using netbanking.card: Investors can make payments using debit card.upi: Investors can make payments only using UPI.
bank_account
Details of the bank account that the investor has provided at the time of registration.
account_number
mandatory
string The bank account number from which the investor should make the payment. For example, 765432123456789 Payments will not be processed for an incorrect account number.
name
mandatory
string The name linked to the bank account. For example, Gaurav Kumar.
ifsc
mandatory
string The bank IFSC. For example, HDFC0000053.
Send the order_id obtained in the response of the previous step along with the other Checkout attributes to trigger Razorpay Checkout.
Following are two sample codes for Checkout:
- On successful payment, your web page is displayed to the user.
- On payment failure, the customer is notified of the reason for failure and requested to retry the payment.
Copy-paste the form parameters as options in your HTML code:
<button id="rzp-button1">Pay</button><script src="https://checkout.razorpay.com/v1/checkout.js"></script><script>var options = {"key": "YOUR_KEY_ID", // Enter the Key ID generated from the Dashboard"amount": "50000", // Amount is in currency subunits. Default currency is INR. Hence, 50000 refers to 50000 paise"currency": "INR","name": "Acme Corp","description": "Test Transaction","image": "https://example.com/your_logo","order_id": "order_Dd3Wbag7QXDuuL", //This is a sample Order ID. Pass the `id` obtained in the response of Step 1"handler": function (response){alert(response.razorpay_payment_id);alert(response.razorpay_order_id);alert(response.razorpay_signature)},"prefill": {"name": "Gaurav Kumar","email": "gaurav.kumar@example.com","contact": "9000090000"},"notes": {"address": "Razorpay Corporate Office"},"theme": {"color": "#3399cc"}};var rzp1 = new Razorpay(options);rzp1.on('payment.failed', function (response){alert(response.error.code);alert(response.error.description);alert(response.error.source);alert(response.error.step);alert(response.error.reason);alert(response.error.metadata.order_id);alert(response.error.metadata.payment_id);});document.getElementById('rzp-button1').onclick = function(e){rzp1.open();e.preventDefault();}</script>
Know more about the
.Handy Tips
- The open method of the Razorpay object (
rzp1.open()) should be invoked by your site's JavaScript. This may or may not be a user-driven action such as a click. - UPI Intent Apps will appear on the standard checkout if the method is
upiin the Orders API.
The way you handle payment success and failure scenarios depends on the Checkout sample code you opted for in the previous step.
If you used Sample Code with Handler Function:
Investor sees your application web page, and the Checkout returns the response object of the successful payment (razorpay_payment_id, razorpay_order_id and razorpay_signature). You need to collect these and send them to your server.
"handler": function (response){alert(response.razorpay_payment_id);alert(response.razorpay_order_id);alert(response.razorpay_signature)}
If you used the Sample Code with the Callback URL:
When you use a Callback URL, the response object of the successful payment (razorpay_payment_id,razorpay_order_id and razorpay_signature) is submitted to the Callback URL. Only successful authorizations are auto-submitted.
A successful payment returns the following fields to the Checkout form.
- You need to store these fields in your server.
- You can confirm the authenticity of these details by verifying the signature in the next step.
razorpay_payment_id
string Unique identifier for the payment returned by Checkout only for successful payments.
razorpay_order_id
string Unique identifier for the order returned by Checkout.
razorpay_signature
string Signature returned by the Checkout. This is used to verify the payment.
This is a mandatory step to confirm the authenticity of the details returned to the Checkout form for successful payments.
To verify the razorpay_signature returned to you by the Checkout form:
-
Create a signature in your server using the following attributes:
order_id: Retrieve theorder_idfrom your server. Do not use therazorpay_order_idreturned by Checkout.razorpay_payment_id: Returned by Checkout.key_secret: Available in your server. Thekey_secretthat was generated from the .
-
Use the SHA256 algorithm, the
razorpay_payment_idand theorder_idto construct a HMAC hex digest as shown below:generated_signature = hmac_sha256(order_id + "|" + razorpay_payment_id, secret);if (generated_signature == razorpay_signature) {payment is successful} -
If the signature you generate on your server matches the
razorpay_signaturereturned to you by the Checkout form, the payment received is from an authentic source.
Given below is the sample code for payment signature verification:
RazorpayClient razorpay = new RazorpayClient("[YOUR_KEY_ID]", "[YOUR_KEY_SECRET]");String secret = "EnLs21M47BllR3X8PSFtjtbd";JSONObject options = new JSONObject();options.put("razorpay_order_id", "order_IEIaMR65cu6nz3");options.put("razorpay_payment_id", "pay_IH4NVgf4Dreq1l");options.put("razorpay_signature", "0d4e745a1838664ad6c9c9902212a32d627d68e917290b0ad5f08ff4561bc50f");boolean status = Utils.verifyPaymentSignature(options, secret);
After you have completed the integration, you can
, make test payments, replace the test key with the live key and integrate with other .After the integration is complete, a Pay button will appear on your webpage/app.
Click the button and make a test transaction to ensure the integration is working as expected. You can start accepting actual payments from your customers once the test is successful.
You can make test payments using netbanking, card or UPI payment methods configured at the Checkout.
Watch Out!
This is a mock payment page that uses your test API keys, test card and payment details.
- Ensure you have entered only your in the Checkout code.
- Due to using test keys, no real money is deducted. This is a simulated transaction.
Consider these steps before taking the integration live.
You can perform an end-to-end simulation of funds flow in the Test Mode. Once confident that the integration is working as expected, switch to the Live Mode and start accepting payments from customers.
Watch Out!
Ensure you are switching your test API keys with API keys generated in Live Mode.
To generate API Keys in Live Mode on your Curlec Dashboard:
- Log in to the and switch to Live Mode on the menu.
- Navigate to Account & Settings → API Keys → Generate Key to generate the API Key for Live Mode.
- Download the keys and save them securely.
- Replace the Test API Key with the Live Key in the Checkout code and start accepting actual payments.
After payment is authorized, you need to capture it to settle the amount to your bank account as per the settlement schedule. Payments that are not captured are auto-refunded after a fixed time.
Watch Out
- You should deliver the products or services to your customers only after the payment is captured Razorpay automatically refunds all the uncaptured payments.
- You can track the payment status using our or webhooks.
- Auto-capture payments (recommended)
Authorized payments can be automatically captured. You can auto-capture all payments on the Curlec Dashboard.
Watch Out!
Payment capture settings work only if you have integrated with Orders API on your server side. Know more about the
.- Manually capture payments
Each authorized payment can also be captured individually. You can manually capture payments using:
Know more about
.- (Recommended)
- (Recommended)
Is this integration guide useful?