This document covers the general information that you would want to know as a developer integrating a PayUmoney product. Different aspects of integration like security, testing, implementing webhooks and error codes returned by PayUmoney are described here.


This section provides important security-related guidelines and best practices while integrating Payumoney checkouts. Ensure PCI compliance and secure communications between your customer and your server by using these best practices.

Anyone involved with the processing, transmission, or storage of credit card or debit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). You can set up a PCI-DSS compliant payment checkout with PayUmoney through the following steps:

  • Serve your payment pages securely using Transport Layer Security (TLS) so that they make use of HTTPS
  • Use Redirect Checkout, Web fronts or our mobile SDKs to accept payment information. The sensitive information is transmitted directly through the PayU servers with no intervention of merchant’s server thus enhancing the security.


Why Use TLS?

Payment pages must make use of SSL as it significantly reduces the risk of you or your customers being exposed to a man-in-the-middle attack. The term “SSL” continues to be used colloquially when referring to TLS and its function to protect transmitted data. TLS attempts to accomplish the following:

  • Encrypt and verify the integrity of traffic between the client and your server
  • Verify that the client is communicating with the correct server. In practice, this usually means verifying that the owner of the domain and the owner of the server are the same entity. This helps prevent man-in-the-middle attacks. Without it, there’s no guarantee that you’re encrypting traffic to the right recipient.

Additionally, your customers are more comfortable sharing sensitive information on pages visibly served over HTTPS, which can help increase your customer conversion rate.


If you want to test the payment using any of the Payumoney checkouts, please signup as a merchant on Payumoney and get your salt & key available on the dashboard.

You may also use the following test salt & test key as well.

Test MID: 4934580

Test Key: rjQUPktU

Test Salt: e5iIg1jwi8

Test Authorization Header: y8tNAC1Ar0Sd8xAHGjZ817UGto5jt37zLJSX/NHK3ok=

Below are the test card details for doing a test transaction in the testing mode.You may use the following card details for testing:

Card Name: Test

Card Number: 5123 4567 8901 2346

CVV: 123

Expiry: 05/2020


A Webhook is an HTTP callback. The callback is done to an URL specified while creating a webhook.

The webhook callbacks are event driven i.e. a callback to a webhook will be done whenever the event associated with the webhook occurs.
Eg: Successful Payment Webhook – The event associated with this webhook is Successful Payment. So whenever a successful payment happens, a callback to the webhook URL will be done.

Webhook help in automated updating of the database rather than doing it manually. You can also use webhook to notify yourself for various events. Currently, we are providing 4 types of webhook events:

  • Successful Payment: Whenever a payment is a success for your merchant account, you will receive a callback to your server.
  • Failed Payment: Whenever a payment is failed for your merchant account, you will receive a callback to your server.
  • Refunds: Whenever a payment is refunded (refund initiated as well as refund completed), you will receive a callback to your server.
  • Dispute: Whenever a dispute is raised or resolved, you will receive a callback to your server with details of the dispute.
      1. Your webhook should acknowledge that it received data with 200 OK response. Any response outside of the 200 range will be treated as a failure to receive data.
      2. A webhook will be disabled (i.e. will not POST data on URL) if there are 20 consecutive failures in sending POST requests to the specified URL.


Callback Format -Webhooks

“customerName”:”Test user”,
“error_Message”:”No Error”,

“customerName”:”First Name”,
“error_Message”:”Card authentication failed at the bank due to invalid CVV (or CVC or Card Security Code)”,

“refundStatus”:”Refund Initiated”,
“addedOn”:”2016-03-08 19:14:44.0″

“completedOn”:”2016-03-08 19:12:37.0″,
“refundStatus”:”Refund Completed”,
“addedOn”:”2016-03-08 19:10:37.0″

“issueType”:”Goods/service not received”,
“initiatedOn”:”2016-03-09 16:39:20″,
“updatedOn”:”2016-03-09 16:39:20″

“issueType”:”Goods/service not received”,
“initiatedOn”:”2016-03-09 16:39:20″,
“updatedOn”:”2016-03-09 16:44:16″

Error Codes

A transaction may fail due to any of the reason listed below.

Error Code Error Text
e314 Address_failure
e304 Address_invalid
e702 Amount_difference
e303 Authentication_error
e335 Authentication_incomplete
e334 Authentication_service_unavailable
e505 Awaiting_processing
e312 Bank_denied
e208 Bank_server_error
e216 Batch_error
e201 Brand_invalid
e324 Card_fraud_suspected
e218 Card_issuer_timed_out
e900 Card_not_enrolled
e305 Card_number_invalid
e213 Checksum_failure
e210 Communication_error
e214 Curl_call_failure
e203 Curl_error_card_verification
e205 Curl_error_enrolled
e204 Curl_error_not_enrolled
e206 Cutoff_error
e315 Cvc_address_failure
e313 Cvc_failure
e504 Duplicate_transaction
e311 Expired_card
e336 Expiry_date_low_funds
e219 Incomplete_bank_response
e712 Incomplete_data
e706 Insufficient_funds
e719 Insufficient_funds_authentication_failure
e713 Insufficient_funds_expiry_invalid
e718 Insufficient_funds_invalid_cvv
e903 International_card_not_allowed
e717 Invalid_account_number
e715 Invalid_amount
e709 Invalid_card_name
e902 Invalid_card_type
e333 Invalid_contact
e331 Invalid_email_id
e323 Invalid_expiry_date
e332 Invalid_fax
e327 Invalid_login
e707 Invalid_pan
e710 Invalid_pin
e207 Invalid_transaction_type
e711 Invalid_user_defined_data
e714 Invalid_zip
e329 Issuer_declined_low_funds
e310 Lost_card
e200 Merchant_invalid_pg
e211 Network_error
e209 No_bank_response
e000 No_error
e337 Not_captured
e328 Parameters_mismatch
e326 Password_error
e330 Payment_gateway_validation_failure
e600 PayUMoney_api_error
e716 Permitted_bank_settings_error
e708 Pin_retries_exceeded
e800 Prefered_gateway_not_set
e704 Receipt_number_error
e215 Reserved_usage_error
e325 Restricted_card
e901 Retry_limit_exceeded
e307 Risk_denied_pg
e317 Secure_3d_authentication_error
e302 Secure_3d_cancelled
e322 Secure_3d_card_type
e319 Secure_3d_format_error
e301 Secure_3d_incorrect
e316 Secure_3d_not_enrolled
e318 Secure_3d_not_supported
e300 Secure_3d_password_error
e321 Secure_3d_server_error
e320 Secure_3d_signature_error
e700 Secure_hash_failure
e701 Secure_hash_skipped
e212 Server_communication_error
e309 System_error_pg
e217 Tranportal_id_error
e502 Transaction_aborted
e503 Transaction_cancelled
e308 Transaction_failed
e202 Transaction_invalid
e306 Transaction_invalid_pg
e703 Transaction_number_error
e501 Unknown_error
e500 Unknown_error_pg
e705 User_profile_settings_error