Request Payment API
post https://mercury-uat.phonepe.com/enterprise-sandbox/v3/charge

Request Payment APIs are used when the merchant wants to send a collect payment request to user's PhonePe app against an order.

PROD

Base Url: https://mercury-t2.phonepe.com

Collect Call Endpoint: https://mercury-t2.phonepe.com/v3/charge

Header Name	Header Value
`Content-Type`	application/json
`X-VERIFY`	SHA256(base64 encoded payload + “/v3/charge” + salt key) + ### + salt index
`X-PROVIDER-ID`	Used for the cases where the merchants are getting onboarded via their Providers
`X-CALLBACK-URL`	Merchants need to pass their Callback URL to receive automated callbacks/ webhooks from Phonepe post performing transactions

Sample Payload for Base64
{  
   "merchantId":"MERCHANTUAT",
   "transactionId":"TX123456789",
   "merchantOrderId":"M123456789",
   "amount":100,
   "instrumentType":"MOBILE",
   "instrumentReference":"9999999999",
   "message":"collect for XXX order",
   "email":"amitxxx75@gmail.com",
   "expiresIn":180,
   "shortName":"DemoCustomer",
   "storeId":"store1",
   "terminalId":"terminal1"
}

Sample Request
{
  "request": "eyAgCiAgICJtZXJjaGFudElkIjoiTUVSQ0hBTlRVQVQiLAogICAidHJhbnNhY3Rpb25JZCI6IlRYMTIzNDU2Nzg5IiwKICAgIm1lcmNoYW50T3JkZXJJZCI6Ik0xMjM0NTY3ODkiLAogICAiYW1vdW50IjoxMDAsCiAgICJpbnN0cnVtZW50VHlwZSI6Ik1PQklMRSIsCiAgICJpbnN0cnVtZW50UmVmZXJlbmNlIjoiOTk5OTk5OTk5OSIsCiAgICJtZXNzYWdlIjoiY29sbGVjdCBmb3IgWFhYIG9yZGVyIiwKICAgImVtYWlsIjoiYW1pdHh4eDc1QGdtYWlsLmNvbSIsCiAgICJleHBpcmVzSW4iOjE4MCwKICAgInNob3J0TmFtZSI6IkRlbW9DdXN0b21lciIsCiAgICJzdG9yZUlkIjoic3RvcmUxIiwKICAgInRlcm1pbmFsSWQiOiJ0ZXJtaW5hbDEiCn0="
}

Request Parameters

Parameter Name	Type	Description	Mandatory
`merchantId`	`String`	Unique Merchant ID assigned to the merchant by PhonePe	`Yes`
`transactionId`	`String`	Unique Transaction ID generated by the merchant to track this request to PhonePe transactionId length Should be `unique` for each collect request. should be less than 35 characters. – No Special characters allowed except underscore “_” and hyphen “-“	`Yes`
`merchantOrderId`	`String`	Unique Order ID generated by the merchant merchantOrderId length should be less than 48 characters.	`Yes`
`amount`	`Long`	Amount in Paisa	`Yes`
`instrumentType`	`ENUM`	Has the value `MOBILE`	`Yes`
`instrumentReference`	`String`	Mobile number of the user	`Yes`
`expiresIn`	`Long`	expire time of payment completion.Payment should be `completed` with in this time else will be marked`failed`. (default 30 days)	`Yes`
`message`	`String`	Recommended to pass `transaction id, order id and invoice number`.	`No`
`email`	`String`	Email Id of User	`No`
`shortName`	`String`	Customer Name	`No`
`subMerchant`	`String`	Sub-category of the merchant	`No`
`storeId`	`String`	Store Id of store. Should be `unique` across. Special characters like ” “, “,”, “@” etc. are not allowed. Length should be lesser than `38 characters`	`Yes`
`terminalId`	`String`	Terminal Id of store. Should be unique for a store. Special characters like ” “, “,”, “@” etc. are not allowed. Length should be lesser than `38 characters`	`No`

Sample Success Response
{
    "success": true,
    "code": "SUCCESS",
    "message": "Your request has been successfully completed.",
    "data": {
        "transactionId": "55fe801b-1092-461a-8480-c80d9781498a",
        "amount": 300,
        "merchantId": "MERCHANTUAT"
    }
}

Sample Failed Response
{
    "success": false,
    "code": "INTERNAL_SERVER_ERROR",
    "message": "There is an error trying to process your transaction at the moment. Please try again in a while.",
    "data": {}
}

Response Parameters

Parameter Name	Type	Description
`success`	`BOOLEAN`	Success status of the request
`code`	`ENUM`	See below section for list of codes
`message`	`STRING`	Short message about status of request
`transactionId`	`STRING`	Unique Transaction ID generated by the merchant to track this request to PhonePe
`merchantId`	`STRING`	Unique Merchant ID assigned to the merchant by PhonePe
`amount`	`LONG`	Transaction amount in paise
`mobileNumber`	`STRING`	Mobile Number

Response Codes

The code in the above API response could be:

SUCCESS : Collect was successfully sent to VPA
INTERNAL_SERVER_ERROR : Something went wrong. Need to validate through check transaction status API first to know the payment status.
INVALID_TRANSACTION_ID : TransactionId in request was duplicate
BAD_REQUEST : Some mandatory parameter was missing
AUTHORIZATION_FAILED : Checksum sent in header was not valid

Charge Callback

When the user responds to the collect request sent by the merchant, a request is sent to either the URL provided in X-CALLBACK-URL or the merchant’s registered callback URL. By default, this is a POST request.

Note:

The callback would be sent only for success/Failed scenarios. For pending cases, there won’t be any callback. For such transactions payment status should be checked with below API.
If payment is in pending state, Merchant should display a message “Payment is in progress, please wait for sometime.”
The payment will always be closed within the expiry time passed in the collect request.

C# SampleCode
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.IO;
using System.Net;
using System.Text;
using System.Security.Cryptography;
using Newtonsoft.Json;

namespace Rextester
{
    public class Program
    {
        private const string PHONEPE_STAGE_BASE_URL = "https://mercury-uat.phonepe.com/enterprise-sandbox";
        private string merchantKey = "8289e078-be0b-484d-ae60-052f117f8deb";
        private const string merchantId = "M2306160483220675579140";
        private string transactionId = "mer_order_8";
        private int amount = 100;
        private string instrumentType = "MOBILE";
        private string instrumentReference = "9XXXXXXXXX";
        private string storeId = "store1";
        private string terminalId = "terminal1";
        private int expiresIn = 180;

        public bool SendPaymentRequest(){
            PhonePeCollectRequest phonePeCollectRequest = new PhonePeCollectRequest();

            phonePeCollectRequest.merchantId = merchantId;
            phonePeCollectRequest.transactionId = transactionId;
            phonePeCollectRequest.merchantOrderId = transactionId;
            phonePeCollectRequest.amount = amount;
            phonePeCollectRequest.expiresIn = expiresIn;
            phonePeCollectRequest.instrumentType = instrumentType;
            phonePeCollectRequest.instrumentReference = instrumentReference;
            phonePeCollectRequest.storeId = storeId;
            phonePeCollectRequest.terminalId = terminalId;

	  //convert string to json
            String jsonStr = JsonConvert.SerializeObject(phonePeCollectRequest);
            Console.WriteLine(jsonStr);
            
            string base64Json = ConvertStringToBase64(jsonStr);
            Console.WriteLine(base64Json);
            string jsonSuffixString = "/v3/charge" + merchantKey;
            string checksum = GenerateSha256ChecksumFromBase64Json(base64Json, jsonSuffixString);
            checksum = checksum + "###1";
            Console.WriteLine(checksum);
            
            string txnURL = PHONEPE_STAGE_BASE_URL + "/v3/charge";
            Console.WriteLine("txnURL : " + txnURL);
            try
            {
                HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(txnURL);
                webRequest.Method = "POST";
                webRequest.ContentType = "application/json";
                webRequest.Headers.Add("x-verify", checksum);

                PhonePeCollectApiRequestBody phonePeCollectApiRequestBody = new PhonePeCollectApiRequestBody();
                phonePeCollectApiRequestBody.request = base64Json;
                String jsonBody = JsonConvert.SerializeObject(phonePeCollectApiRequestBody);

                using (StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream()))
                {
                    requestWriter.Write(jsonBody);
                }

                string responseData = string.Empty;

                using (StreamReader responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream()))
                {
                    responseData = responseReader.ReadToEnd();
                    if (responseData.Length > 0)
                    {
                        //Dictionary<string, string> responseParam = JSONConvert.decode(responseData);
                        PhonePeCollectResponseBody responseBody = JsonConvert.DeserializeObject<PhonePeCollectResponseBody>(responseData);
                        Console.WriteLine(responseData);
                        Console.WriteLine(responseBody.message);
                    }
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
                return false;
            }
            
            return false;
        }
        
        public bool SendCheckPaymentStatusRequest()
        {
            string headerString = String.Format("/v3/transaction/{0}/{1}/status{2}", merchantId, transactionId, merchantKey);
            Console.WriteLine("headerString: " + headerString);
            string checksum = GenerateSha256ChecksumFromBase64Json("", headerString);
            checksum = checksum + "###1";
            Console.WriteLine(checksum);

            bool result = CallPhonePeStatusApi(checksum);

            return result;
        }
        
        private bool CallPhonePeStatusApi(String xVerify)
        {
            Console.WriteLine("CallPhonePeStatusApi()");
            string txnURL = PHONEPE_STAGE_BASE_URL;
            String urlSuffix = String.Format("/v3/transaction/{0}/{1}/status", merchantId, transactionId);
            txnURL = txnURL + urlSuffix;

            Console.WriteLine("Url: " + txnURL);
            
            try
            {
                HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(txnURL);

                webRequest.Method = "GET";
                webRequest.Headers.Add("x-verify", xVerify);

                string responseData = string.Empty;
                
                using (StreamReader responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream()))
                {
                    responseData = responseReader.ReadToEnd();
                    if (responseData.Length > 0)
                    {
                        PhonePeCollectResponseBody responseBody = JsonConvert.DeserializeObject<PhonePeCollectResponseBody>(responseData);
                        Console.WriteLine(responseData);
                        Console.WriteLine(responseBody.message);
                    }
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
                return false;
            }
            return false;
        }
        
        //convert jsonBody to base64
        public string ConvertStringToBase64(string inputString)
        {
            string base64Json = null;
            byte[] requestBytes = Encoding.UTF8.GetBytes(inputString);
            base64Json = Convert.ToBase64String(requestBytes);
            return base64Json;
        }
		
		// calculate SHA256
        private string GenerateSha256ChecksumFromBase64Json(string base64JsonString, string jsonSuffixString)
        {
            string checksum = null;
            SHA256 sha256 = SHA256.Create();
            string checksumString = base64JsonString + jsonSuffixString;
            byte[] checksumBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(checksumString));
            //checksum = BitConverter.ToString(checksumBytes).Replace("-", string.Empty);
            foreach (byte b in checksumBytes) {
                checksum += $"{b:x2}";
            }
            return checksum;
        }

        public static void Main(string[] args){
            Program obj = new Program();
            bool QRResponse = obj.SendPaymentRequest();
            Console.WriteLine(" Success");
            bool statusResponse = obj.SendCheckPaymentStatusRequest();
            Console.WriteLine("Payment status check");
        }
    }

    public class PhonePeCollectRequest
    {
        public string merchantId;
        public string transactionId;
        public string merchantOrderId;
        public int amount;
        public int expiresIn;
        public string instrumentType;
        public string instrumentReference;
        public string storeId;
        public string terminalId;
    }

    public class PhonePeCollectApiRequestBody
    {
        public string request;
    }
    
    public class PhonePeCollectResponseBody
    {
        public bool success;
        public string code;
        public string message;
        public Data data;
    }
    public class Data
    {
        public string transactionId;
        public int amount;
        public string merchantId;
        public string providerReferenceId;
    }
}

Java SampleCode

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Map.Entry;
import java.nio.charset.StandardCharsets;

import javax.xml.bind.DatatypeConverter;

public class RequestPaymentApi 
{
    String apiSaltKey = "salt_key";
    static String urlEndpoint = "/v3/charge";
	
	public static String GenerateSha256FromBase64Json(byte[] base64Encoded, String urlEndpoint)
	{
		String  checksum= null;
		MessageDigest md = null;
		try {
			md = MessageDigest.getInstance("SHA-256");
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	    // compute the hash of the input string
	    byte[] hash = md.digest(urlEndpoint.getBytes());
	    return checksum;
	}	
    public static void main(String[] args) throws Exception 
    {
    	String apiUrl = "https://mercury-uat.phonepe.com/enterprise-sandbox/v3/charge";
    	
        // Request parameters
        Map<String, Object> params = new HashMap<String, Object>();
        params.put("merchantId", "MERCHANTUAT");
        params.put("transactionId", "TX12345678901");
        params.put("merchantOrderId", "M123456701");
        params.put("amount", (long) 100);
        //params.put("amount", "100.00");
        params.put("instrumentType", "MOBILE");
        params.put("instrumentReference", "8296000000");
        params.put("message", "This is Collect Call");
        params.put("email", "deepak@gmail.com");
        params.put("expiresIn", (long) 1800);
        params.put("shortName", "DemoCustomer");
        params.put("storeId", "store1");
        params.put("terminalId", "1");

        //creating Json payload into EncodedBase64
        Gson gson = new Gson(); 
        String json = gson.toJson(params); 
        byte[] base64Encoded = Base64.getEncoder().encode(json.getBytes(StandardCharsets.UTF_8));

        //creating X-verify
        String checksum = GenerateSha256FromBase64Json(base64Encoded,urlEndpoint);
        checksum = checksum + "###1";
        
        // Construct request body
        StringBuilder requestBody = new StringBuilder();
        for (Entry<String, Object> entry : params.entrySet()) {
            requestBody.append(entry.getKey()).append("=").append(entry.getValue()).append("&");
        }
        requestBody.setLength(requestBody.length() - 1);  // Remove the trailing "&"
        
        URL url = new URL(apiUrl);
        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
        conn.setRequestMethod("POST");
        conn.setRequestProperty("Content-Type", "application/json");
        conn.setRequestProperty("X-verify", "checksum");
        conn.setDoOutput(true);
        
        OutputStream os = conn.getOutputStream();
        os.write(requestBody.toString().getBytes());
        os.flush();
        
        int responseCode = conn.getResponseCode();
        System.out.println("Response Code: " + responseCode);
        
        BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
        String response;
        while ((response = br.readLine()) != null) {
            System.out.println(response);
        }
        
        br.close();
        conn.disconnect();
    }
}

Python SampleCode
from django.shortcuts import render
from django.http import HttpResponse
import requests
import base64
import hashlib
from rest_framework.decorators import api_view
import json
from django.http import JsonResponse
import qrcode
import os

txnid = "TEST20231004021525T"
baseUrl = 'https://mercury-uat.phonepe.com/enterprise-sandbox'
MID = 'MERCHANTUAT'
saltkey = 'f1fed176-917c-4c1b-b5ae-1e1d39e1f8d5'
keyindex = '1'

def requestpayment(request):
    url = baseUrl + '/v3/charge'

    payload = {
        "merchantId": MID,
        "transactionId": txnid,
        "merchantOrderId": "MO8090133",
        "amount": 100,
        "instrumentType": "MOBILE",
        "instrumentReference": "8296412345",
        # "message":'Hi, this is Deepak',
        # "shortName": "sairamit",
        "storeId": "store1",
        "terminalId": "terminal1",
        "expiresIn": 180
    }

    # for base64 encoded payload
    strjson = json.dumps(payload)
    encoded_dict = strjson.encode('UTF-8')
    encodeddata = base64.b64encode(encoded_dict)
    encodeddata = encodeddata.decode('UTF-8')

    data = {
        "request": encodeddata
    }
    print(json.dumps(data))

    # for Sha256 calculation
    # api_saltkey = '/v3/charge' + saltkey
    str_forSha256 = encodeddata + '/v3/charge' + saltkey
    sha_value = hashlib.sha256(str_forSha256.encode('UTF-8')).hexdigest()
    x_verify = sha_value + '###' + keyindex
    print(x_verify);

    headers = {
        "Content-Type": "application/json",
        #"x-provider-id": "UATPROVIDER",
        # "x-callback-url": "https://3c07d4cctf.execute-api.ap-northeast-1.amazonaws.com/default/myfunc",
        # "x-call-mode": "POST",
        # "X-REDIRECT-MODE": "POST",
        "X-VERIFY": x_verify
    }
    print(headers)
    print(strjson)
    print(url)
    print(str_forSha256)
    print(x_verify)
    res = requests.post(url=url, data=json.dumps(data), headers=headers)
    print(res.status_code)
    print(res)
    return HttpResponse(res)

{“method”:”post”,”url”:”/v3/charge”,”auth”:”required”,”results”:{“codes”:[{“name”:””,”code”:”{\n \”success\”: true,\n \”code\”: \”SUCCESS\”,\n \”message\”: \”Your request has been successfully completed.\”,\n \”data\”: {\n \”transactionId\”: \”55fe801b-1092-461a-8480-c80d9781498a\”,\n \”amount\”: 300,\n \”merchantId\”: \”MERCHANTUAT\”,\n \”providerReferenceId\”: \”C2111161249027983263789\”\n }\n}”,”language”:”json”,”status”:200},{“name”:””,”code”:”{\n \”success\”: false,\n \”code\”: \”BAD_REQUEST\”,\n \”message\”: \”Invalid mobile number: \”,\n \”data\”: {}\n}”,”language”:”json”,”status”:400}]},”params”:[{“name”:”request”,”type”:”string”,”enumValues”:””,”default”:””,”desc”:”base64 encoded payload”,”required”:true,”in”:”body”,”ref”:””,”_id”:”5f310486f1017f0441fa05ea”},{“name”:”Content-Type”,”type”:”string”,”enumValues”:””,”default”:”application/json”,”desc”:””,”required”:true,”in”:”header”,”ref”:””,”_id”:”5f310486f1017f0441fa05e9″},{“name”:”X-VERIFY”,”type”:”string”,”enumValues”:””,”default”:”2dbfabed915b9b9759bc10a3ce6ecfbeb0c1169d5eada325668fcf31be8d360e###1″,”desc”:”SHA256(base64 encoded payload + \”/v3/charge\” + salt key) + ### + salt index”,”required”:true,”in”:”header”,”ref”:””,”_id”:”5f310486f1017f0441fa05e8″},{“name”:”X-CALLBACK-URL”,”type”:”string”,”enumValues”:””,”default”:””,”desc”:”Callback Url where a request will be made once user responds to collect request.”,”required”:true,”in”:”header”,”ref”:””,”_id”:”5f310486f1017f0441fa05e7″},{“name”:”X-PROVIDER-ID”,”type”:”string”,”enumValues”:””,”default”:””,”desc”:”Used for the cases where the merchant has multiple merchant IDs”,”required”:true,”in”:”header”,”ref”:””,”_id”:”5f310486f1017f0441fa05e6″}],”examples”:{“codes”:[{“code”:”{\n \”request\”: \”eyAgCiAgICJtZXJjaGFudElkIjoiTUVSQ0hBTlRVQVQiLAogICAidHJhbnNhY3Rpb25JZCI6IlRYMTIzNDU2Nzg5IiwKICAgIm1lcmNoYW50T3JkZXJJZCI6Ik0xMjM0NTY3ODkiLAogICAiYW1vdW50IjoxMDAsCiAgICJpbnN0cnVtZW50VHlwZSI6Ik1PQklMRSIsCiAgICJpbnN0cnVtZW50UmVmZXJlbmNlIjoiOTk5OTk5OTk5OSIsCiAgICJtZXNzYWdlIjoiY29sbGVjdCBmb3IgWFhYIG9yZGVyIiwKICAgImVtYWlsIjoiYW1pdHh4eDc1QGdtYWlsLmNvbSIsCiAgICJleHBpcmVzSW4iOjE4MCwKICAgInNob3J0TmFtZSI6IkRlbW9DdXN0b21lciIsCiAgICJzdG9yZUlkIjoic3RvcmUxIiwKICAgInRlcm1pbmFsSWQiOiJ0ZXJtaW5hbDEiCn0=\”\n}”,”language”:”json”}]},”apiSetting”:”64c244096688b200429110a5″}

https://mercury-uat.phonepe.com/enterprise-sandbox

HEADERS

Content-Type string required

X-VERIFY string required

SHA256(base64 encoded payload + "/v3/charge" + salt key) + ### + salt index

X-CALLBACK-URL string required

Callback Url where a request will be made once user responds to collect request.

X-PROVIDER-ID string required

Used for the cases where the merchant has multiple merchant IDs

BODY PARAMS

request string required

base64 encoded payload

RESPONSES

Updated on Oct 11, 2023