response checksum or hash not matching in payumoney?

When notification is passed to the app after payumoney processing it sends response hash and we need to compute the hash and match it with the passed in response hash.

I use the following code to compute the expected response hash.

Digest::SHA512.hexdigest([
  PAYU_SALT,
  notification.transaction_status,
  notification.user_defined,
  notification.customer_email,
  notification.customer_first_name,
  notification.product_info,
  notification.gross,
  notification.invoice,
  PAYU_KEY].join("|"))  

The hash of the following string is computed

"salt|success|||||||||||||Payment|100.0|1|key"

When I print the following hash it gives

Digest::SHA512.hexdigest([
  PAYU_SALT,
  notification.transaction_status,
  notification.user_defined,
  notification.customer_email,
  notification.customer_first_name,
  notification.product_info,
  notification.gross,
  notification.invoice,
  PAYU_KEY].join("|"))  

  #⇒ e7b3c5ba00b98aad9186a5e6eea65028a[...]

whereas notification.checksum gives

  #⇒ 546f5d23e0cadad2d4158911ef72f095d[...] 

So the two hashes don’t match.

I am using the following gem: https://github.com/payu-india/payuindia

I appreciate any help as to why the response hash is not matching. Is there any error in my logic to compute the response hash? Thanks!


Where did you come up with that order for the fields in the array?

Looking at PayU's Developer FAQ it seems like the order is the following:

key|txnid|amount|productinfo|firstname|email|||||||||||salt

Please make sure that the hash is calculated in the following format - hashSequence= key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||salt

Please make sure that in the above sequence please use the UDFs which have also been posted to our server. In case you haven't posted any UDFs, the hash sequence should look like this - hashSequence= key|txnid|amount|productinfo|firstname|email|||||||||||salt.

Keep in mind that when computing the hash even a single character out of place will result in a completely different checksum.

PayUMoney integration, != $posted_hash){ // Transaction completed but is Invalid as Hash Values are not Matching. Notify Admin. //header('Location: fail.php'); //exit(); }  generating a response hash. The hash generated by you should match the one sent by PayUmoney in response.


little late but Actual Sequence is: SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key

Thanks to Ravi Kant Singh

but additionalCharges| are removed

Tested with live environment

Check your hash in above order and if its match you can process request

[PDF] PayUMoney Integration Document, Initiated – The transaction has been started but not completed. 3. Money With Hash (Checksum): This refers to a random numeric string generated using a mathematical algorithm to ensure that data hash at your end. (response handling). The hash generated by you should match the one sent by PayUmoney Bolt in response. Note: It is mandatory for the merchant to generate the response hash and check if it matches with the hash sent in the response by PayUmoney or your integration will be susceptible to the man in the middle attacks.


ok this was a silly mistake i made. The reason the hash didn't match was beacuse i had a typo with the PAYU test key. At the end i typed small 'u' when it was 'U'. The library is fine and the logic is right. The error was in my side with using wrong key.

Redirect Checkout, As a merchant, you do not have to make any change in case we release an enhancement Verify response hash and display transaction status to the customer. Where salt is available on the PayUMoney dashboard. Note: A blank udf field is to be used while computing hashSequence, even if a merchant is not passing any udf field in input request. For the response hash, the sequence of variables is in reverse order as compared to payment request hash. Also, a status variable added between salt and udf1


Actual Sequence for hash is : additionalCharges|SALT|status||||||udf5|udf4|udf3|udf2|udf1|email|firstname|productinfo|amount|txnid|key

How to solve or fix Payumoney Integration Errors & it's Solution , Please login to your payumoney account and check the account status. 2.2 Generate hash in Duration: 1:17 Posted: Dec 11, 2016 Upon receiving the checksum, the receiver decodes it using the same Salt. If the checksum is different on the receiver’s side, it means that the message has been tampered and thus this transaction will be rejected for security purpose.


PayUMoney payment gateway hash generator script for android , Below is the test card details for doing a test transaction in the testing mode. Card No - 5123456789012346. Expiry - 05/2020. CVV - 123. We use conventional HTTP response codes to indicate success or failure of an API request. In general, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that resulted from the provided information (e.g. a required parameter was missing etc.), and codes in the 5xx range indicate an error with PayUmoney's servers.


PayUMoney payment gateway integration in php, Learn how to integrate PayUMoney payment gateway integration in php. account is live if not then write a mail to support team : techsupport@payumoney.​com <html> <head> <script> var hash = '<?php echo $hash ?> Hi siva, when payment is successfully done you get status response from gateway  A checksum is generated by a mathematical function using the message and the Salt as input. This checksum is then sent along with the message to Y. Y then recalculates this checksum using the Salt and the same algorithm. If the checksum that Y calculates is different from the checksum that X passed then


Paytm for Developers: Checksum Generation and Verification, Paytm uses checksum signature to ensure that API requests and responses shared between your application and Paytm over network have not been tampered with. Paytm returns the response checksumhash and parameters to your application if($isVerifySignature){ printf("Checksum Matched"); }else{ printf("Checksum  A checksum (such as CRC32) is to prevent accidental changes. If one byte changes, the checksum changes. The checksum is not safe to protect against malicious changes: it is pretty easy to create a file with a particular checksum. A hash function maps some data to other data. It is often used to speed up comparisons or create a hash table.