Paytm Payment Gateway - Overview

  • Paytm payment gateway enables merchants to receive money from customers by redirecting them to Paytm's web server. When the customer selects or is routed via Paytm gateway, the merchant's web server posts an HTML form with required fields to Paytm. This redirects the customer to Paytm payment page with payment modes/banks configured for the merchant.  The customer fills the required payment details and is redirected to bank's website for further authentication. Upon authentication, Paytm receives the response from the bank and conveys the same to the merchant.

    • Customer Flow
    • Web Product Flow
    • Mobile product flow
    1. Plugins for popular ecommerce platforms - Paytm provides plugins for platforms like Magento, Opencart, Nopcommerce, CS cart, Prestashop, Wordpress, Ubercart, Woocommerce etc
    2. Pre-built integration with ecommerce platforms - Paytm comes pre-integrated for some ecommerce platforms like Martjack, ZEPO, Kartrocket and Ecomchain etc. The website admin only needs to input the credentials provided by Paytm to go live
    3. API – API description is provided in later section. Paytm also provides developer kits in popular development languages. The API request and server side utility code for generating checksumhash (detailed in later section) is present in these kits
    1. SDKs - Paytm provides Android and iOS SDKs for integrating Paytm gateway with mobile apps. Along with the SDK, a checksumhash generation utility needs to be setup on the merchant’s server
    2. API – Detailed API description is provided in later section. Paytm also provides developer kits for popular development languages. The API request and server side utility code for checksum generation (detailed in later section) is present in these kits

    Callback URLs: After completion of transaction, Paytm posts the response on call-back URL

    Note – Callback URLs are not required to be configured in case of plugins and prebuilt integrations

  • In browser to browser calls, there are chances of tampering with transaction request/response. As safeguard against this, merchant must verify the response by following two ways (both are mandatory to implement)

    Validation request/response via checksum: Paytm posts the transaction status to merchant. With these parameters (other than Checksumhash), merchant has to generate Checksumhash at his end and validate with the one received in response. In case of mismatch merchant should check the final details of transaction with transaction status API

    Reconciling final status with Transaction Status API: For terminal state (success/fail) transactions, merchant is required to re-verify status of the transaction with Transaction Status API. The status provided in the response should be treated as the final status of transaction. Additionally, the merchant should match the transaction amount received with that sent in transaction request API. In case of a mismatch, the merchant should mark this transaction as disputed and raise it to KAM/helpdesk team. team

    Checksumhash ensures integrity of the request and is generated using the secret merchant key. Checksum is always generated on merchant server (where merchant key is placed) and then is passed to client or directly to Paytm depending on the flow

    Checksum must include all parameters i.e. all the mandatory and optional parameters which have been received or is being posted. If merchant code is in Java then merchant should pass TreeMap of all the parameters (parameter name would be key of TreeMap) to checksum utility method along with key to generate CHECKSUMHASH

  • This section details out the use cases of all APIs used in this payment gateway flow. Comprehensive APIs are available here.

    API Name with signature linkPurpose
    Transaction Request APITo initiate transaction via Paytm PG/wallet
    Transaction Status API

    This API has three use cases -

    1. For terminal state (success/fail) transactions, merchant is required to re-verify transaction status with this API. The status provided in the response should be treated as the final status of transaction. Additionally merchant should match the TXN Amount received with that sent in transaction request API. In case of mismatch, merchant should mark this transaction as disputed and raise it to KAM/helpdesk team
    2. In event of a network failure or genuine user dropout during the payment process, response of transaction request is not posted to the merchant. Hence in case merchant does not receive the response after considerable time has passed, it should status query after regular intervals till the terminal status of transaction is received
    3. Sometimes “pending” status is received from banks which is passed in response to the merchants. In these cases too, merchant should status query in regular intervals till the terminal status of transaction is received
    Refund API*To initiate transaction via Paytm PG/wallet.Note that since Refund API is a server to server call, reverification of terminal state refund transactions via “Refund Status API” is not required
    Refund Status API*Same guidelines as transaction status API
    Same guidelines as transaction status API

    * Note – Merchant can manage refund via merchant panel. Refund API Integration is not required

  • Merchant Staging CredentialsStaging payment instrument details

    MID, Merchant Key, Industry type id, Channel id

    Can be generated from here. This will take you to Paytm payment gateway application page where user has to click on "Developers looking to access Sandbox"

    Staging CC/DC Credentials

    • Card Number -: Any valid VISA or MASTER card number
    • Expiry Date-: Any future date from transaction date
    • CVV-: Any three digit number
    • OTP-: 123123 (To test successful transaction)

    Staging Wallet Credentials:

    • Mobile Number – 7777777777
    • Password – Paytm12345
    • OTP – 489871
    • After every 5 minutes, the Wallet balance is topped up to Rs. 7,000

    Note: Netbanking, UPI and EMI cannot be currently tested in staging environment.

  • Production credentials will be shared once the below verifications have been completed–

    • Completion of document verification
    • Completion of platform/APP verification
    • Integration checklist compliance on staging environment
  • FeatureBenefits
    ISPEONPaytm sends server to server (S2S) response on the configured server URL shared by merchant, along with response to browser URL. Merchant is not required to re-verify transaction status received via S2S response. S2S response is sent only when transaction has reached a terminal state (success/fail)
    Quick Failure

    If there is no response from the bank within the configured time period, Paytm will treat the transaction as failed and confirm the same to merchant in response.

    After this termination, in case Paytm receives success from the bank, an auto refund will be initiated to customer

    Refund & Transaction AlertsPaytm will trigger alerts to merchant and customer after completion of each transaction and refund
    Campaign configurationCampaigns can be configured via Paytm. Based on the campaigns configured, customer will be restricted to choose from the paymode and issuing bank & can avail cashback/discounts
    RetryIf the transaction fails on the bank page, the customer will again land on Paytm payment page to reattempt the transaction. Merchant will receive the status of the final transaction which was attempted by the customer
    Email/SMS InvoicingMerchant can send a payment link to customer's email or mobile and accept the payment. This can be done via merchant panel