Step 1 : Download JS SDK
a.) Download the JS SDK of PhonePe using the npm package. The details can be found here.
Step 2 : Create PhonePe instance
b.) Create an instance of PhonePe which can be accessed globally, on all the pages of the merchant website. The details can be found here.
PhonePe.PhonePe.build(PhonePe.Constants.Species.web)
.then((sdk) => { //Get the instance of the sdk })
OR
let sdk = await PhonePe.PhonePe.build(PhonePe.Constants.Species.web)
Step 3 : Call fetchAuthToken()
c.) Call fetchAuthToken to fetch the grant token at the client-side. The details can be found here.
PhonePe.PhonePe.build(PhonePe.Constants.Species.web).then((sdk) => {
sdk.fetchAuthToken().then((res) => {
console.log("Grant token data received = " + res)
alert(res)
}).catch((err) => {
console.log("Error occurred while fetching the grant token: " + err)
alert(err)
})
})
As soon as SSO fetchAuthToken is called the below pop up will be seen on UI.
Once the above SSO pop up is shown to the user, a user can
Case 1: Click on login.
In this case grantToken is sent in response, which is used to call getAuth API to fetch the access token.
Case 2: Click on Skip.
If a user clicks on “Skip”. He is shown a login page of the site where either he can create his account or he can login inside the platform.
//If a user clicks on login, promise is resolved :
Promise resolve:
{
"grantToken": "GRT8616a8396e9b3a0899a2a6b06a3845cf0ad3521d0c4a0d5194404fba21a00b7a",
"expiryInSeconds": 86400
}
//If a user clicks on Skip, promise is rejected :
Promise reject:
{
"error_code": "NETWORK_ERROR"
}
Calling fetch Access token (Backend API)
d.) In case a user clicks on login, the grant token is sent at the client-side, which is used to fetch the access token. The details can be found here.
Creating Curl request :
a.) URL : https://apps-uat.phonepe.com/v3/service/auth/access
b.) Create curl request body
The grant token which was fetched in the fetchAuthToken() method
{
"grantToken":"GRTe098bd540176757ybbnhu879125ebec723741c5189f6a4e303f2b9d28d3e4d1289bd61dd"
}
Base encode the above using the link(https://www.base64encode.org/)
The base 64 value of
{
"grantToken":"GRTe098bd540176757ybbnhu879125ebec723741c5189f6a4e303f2b9d28d3e4d1289bd61dd"
} is equal to :
ewoJImdyYW50VG9rZW4iOiJHUlRlMDk4YmQ1NDAxNzY3NTd5YmJuaHU4NzkxMjVlYmVjNzIzNzQxYzUxODlmNmE0ZTMwM2YyYjlkMjhkM2U0ZDEyODliZDYxZGQiCn0=
Send the base encoded value in the "request" key as below . Example :
{
"request": "ewoJImdyYW50VG9rZW4iOiJHUlRlMDk4YmQ1NDAxNzY3NTd5YmJuaHU4NzkxMjVlYmVjNzIzNzQxYzUxODlmNmE0ZTMwM2YyYjlkMjhkM2U0ZDEyODliZDYxZGQiCn0="
}
c.) Create x-verify :
Logic of calculation : SHA256(only base64 encoded str+ "/v3/service/auth/access" + salt key) + ### + salt index
1. salt key and salt index will be always unique which will be shared by the PhonePe team for each merchant.
Suppose the key and index are : {'keyIndex': 1, 'key': '427560aa-5c48-462c-9c93-e45efefc3875'}
2. Calculate the SHA256 using the link as : https://passwordsgenerator.net/sha256-hash-generator/
SHA256 of (ewoJImdyYW50VG9rZW4iOiJHUlRlMDk4YmQ1NDAxNzY3NTd5YmJuaHU4NzkxMjVlYmVjNzIzNzQxYzUxODlmNmE0ZTMwM2YyYjlkMjhkM2U0ZDEyODliZDYxZGQiCn0=/v3/service/auth/access427560aa-5c48-462c-9c93-e45efefc3875) is equal to
7D229AB125302FE5BAB6C2D35AB257FE0B418598DBFC1A0DA12E617D131D9282
x-verify : 7D229AB125302FE5BAB6C2D35AB257FE0B418598DBFC1A0DA12E617D131D9282###1
3. Headers :
x-verify : 7D229AB125302FE5BAB6C2D35AB257FE0B418598DBFC1A0DA12E617D131D9282###1
x-client-id: <MID shared by the PhonePe integration team>
content-type: application/json
curl -X POST \
https://apps-uat.phonepe.com/v3/service/auth/access \
-H 'content-type: application/json' \
-H 'x-client-id: <MID shared by the PhonePe integration team>' \
-H 'x-verify: 53D6A504A597688B09CC23140A533F6EDDF406DC13F6E8B0D26857A792ED9268###1' \
-d '{"request":"ewogICJncmFudFRva2VuIjoiR1JUOTcxNTY0M2NiZWQ2YmJiMzlkY2Q1ZjUzOTExNmRiMzUzZTcwOWI0YjA4NzI4NGE4OThmZGRjNTFhN2VjMGM5ZiIKfQ=="}'
Response :
{
"success": true,
"code": "SUCCESS",
"data": {
"accessToken": "AUTHca12ab41b97bea5268e65593ab2a1cc697338a656e8",
"expiresInSeconds": 1800
}
}
Calling Get User details API (Backend API)
e.) Using access token from above API, user details are fetched by calling getUserDetails API
Creating Curl GET request :
a.) URL : https://apps-uat.phonepe.com/v3/service/userdetails
b.) Create x-verify :
Logic of calculation : SHA256(/v3/service/userdetails + salt key) + ### + salt index
1. salt key and salt index will be always unique which will be shared by the PhonePe team for each merchant.
Suppose the key and index are : {'keyIndex': 1, 'key': '427560aa-5c48-462c-9c93-e45efefc3875'}
2. Calculate the SHA256 using the link as : https://passwordsgenerator.net/sha256-hash-generator/
SHA256 of (/v3/service/userdetails427560aa-5c48-462c-9c93-e45efefc3875) is equal to
0F8B5CFEA573998562D960FDD504819DC9544091D699412E3EBC4F2653B056E9
x-verify : 0F8B5CFEA573998562D960FDD504819DC9544091D699412E3EBC4F2653B056E9###1
3. Headers :
x-verify : 7D229AB125302FE5BAB6C2D35AB257FE0B418598DBFC1A0DA12E617D131D9282###1
x-client-id: <MID shared by the PhonePe integration team>
content-type: application/json
x-access-token : <Token which was fetched using the access token API>
curl -X GET \
https://apps-uat.phonepe.com/v3/service/userdetails \
-H 'content-type: application/json' \
-H 'x-access-token: AUTHa859ede5a5e2c4ed78f2534a72e8ebe4bb1e47322ca61ae6644316976f7d230d' \
-H 'x-client-id: <MID/APPUNIQUE ID SHARED BY PHONEPE TEAM>' \
-H 'x-verify: 0F8B5CFEA573998562D960FDD504819DC9544091D699412E3EBC4F2653B056E9###1'
Response :
{
"success": true,
"code": "SUCCESS",
"data": {
"name": "Anurag",
"phoneNumber": "9888888888"
}
}
Incase of email is shared
{
"success": true,
"code": "SUCCESS",
"data": {
"name": "Rohit Kumar",
"phoneNumber": "9888888888",
"primaryEmail": "[email protected]",
"isEmailVerified": true
}
}
You can find the POSTMAN code here.
Step 4 : Check the flow inside PhonePe testing builds
f.) Download the PhonePe build(APK/IPA) and test the method inside the PhonePe APP. How to do the same can be found here.
All the PhonePe Switch client-side methods can be tested inside the PhonePe App. The method will not work on the web browser.