Integrating PayUmoney with your Java Server Side
Upasana | July 16, 2018 | 2 min read | 979 views | Payumoney Integration
PayUmoney can be easily integrated with Java Powered Websites, here in this article we will go through the integration steps and code walk through.
Typical Online Payment workflow for PayUmoney
Customer selects a product or service to purchase from your website.
Server Calculates the one way secure hash for the selected transaction details. Hashing mechanism and key/secret are provided by PayUmoney
Transaction details and hash are set on the HTML form on the client browser and submitted to PayUmoney server
PayUmoney server displays the checkout screen. Customer chooses payment mode and initiates the transaction. Customer is redirected to Banks website where customer enters the security details
Bank sends the transaction response to PayUmoney.
PayUmoney processes the response and calls the success/failure URL on your website accordingly. Web-hooks are also called which helps when customer presses back button on refresh button.
Your server verifies the transaction by recalculating the response hash using its secret key.
Your website displays appropriate response to the customer.
Best Practices to Ensure Transaction Integrity
- Use SSL Certificate
Always use HTTPS protocol for interaction with payment gateways so that man in the middle can not interpret the data.
- Assign Unique Trx Attempt Reference
Assign and store a new unique transaction reference id for each attempt of payment. This ensures that all the attempts for a given order are captured well. This unique transaction reference number could be order id + timestamp of attempt.
- Use webhooks
Use webhooks to enable server to server communication for transaction success, failures and refunds. This ensures that any accidental page refresh/back button by customer does not cause payment loss. Webhooks makes your system resilent to payment failures.
- Always match response hash
Always match the response hash with calculated hash, to ensure that responses are not mocked up. This is valid for webhooks as well as website response handling.
- Check field values in the Response with Request
Always check that the order number, order amount etc. matches in request and response. This will ensure that the data was not tempered.
- Store IP address of customer
For each payment attempt, store the IP address of machine from where this request was originated.
- Store access code and secret key securely
Ideally only few people in the orgnaziaion should have access to this code. If secret is stolen, it should be changed. If someone got access to your keys, your payment responses and webhook responses can be tempered.
You can contact me for PayUmoney Integration with your java back-end (Spring, Struts, Servlets/JSP, etc).
Top articles in this category:
- Integrating PayUmoney Webhooks with your Java backend
- how to enable asciimath formula using mathjax in asciidoctorJ
- Using Asciidoctor in Java and Spring Boot
- Reverting default shell to bash from Zsh in Mac OS Catalina
- 2factor SMS in Spring Boot App
- Asciidoc: How to use nofollow option in asciidoc document