Step 1: Check if your JSON format is correct at https://jsonlint.com/.
Text{ "merchantId": "DemoMerchant", "transactionId": "TX123456789", "merchantOrderId": "M123456789", "amount": 100, "instrumentType": "MOBILE", "instrumentReference": "9xxxxxxxxxx", "message": "collect for XXX order", "email": "amitxxx75@gmail.com", "expiresIn": 180, "shortName": "DemoCustomer", "subMerchant": "DemoMerchant", "storeId": "store1", "terminalId": "terminal1" }
Step 2: Encode above request to base64. You can check the correct encoding at
https://www.base64encode.org/
TextExample of the above encoding: ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==
Step 3: Calculate X-VERIFY
SHA256(only base64 encoded str+ “/v3/service/access” + salt key) + ### + salt index
TextSHA256 OF (ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==/v3/charge+”SALTKEY”).
SALT KEY will be shared by the PhonePe team corresponding to your Merchant ID.
TextExample: "keyIndex":1,"key":"6b451f58-d565-4890-836f-6fb1gjt84d97", "keyIndex":2,"key":"487667h6e9-91d3-4dfa-930a-8d3813745441" Use one of the keys to generate SHA256. SHA256 OF (ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==/v3/charge6b451f58-d565-4890-836f-6fb1gjt84d97) Which will be: 83A41A36020D6FD2F0E0F02528ADB8784D7800BD56C6C743A28FC49319A4FFDAF8B40A2F3F475BD40968E4644690F874AE63AE744BCE602EC577E1BEBE2364B1
You can validate the value at https://passwordsgenerator.net/sha256-hash-generator/
Once SHA256 is calculated, you should calculate the X-VERIFY header value.
SHA256(only base64 encoded str+ “/v3/charge” + salt key) + ### + salt index
TextX-VERIFY : 83A41A36020D6FD2F0E0F02528ADB8784D7800BD56C6C743A28FC49319A4FFDAF8B40A2F3F475BD40968E4644690F874AE63AE744BCE602EC577E1BEBE2364B1###1
Where 1 is keyIndex as shared above.
So the request should be:
Textcurl -X POST \ https://mercury-uat.phonepe.com/v3/charge \ -H 'content-type: application/json' \ -H 'x-verify: 5BB903E40D045733B3D10B2E0CC62FE4D7BC401FF98F014824DFB33B09E620AB###1' \ -d '{ "request": "ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==" }'