Custom Checkout FAQs
Frequently asked questions about Pine Labs Custom checkout (Seamless) — PCI compliance, payment methods, integration, error handling, testing, and troubleshooting.
General
What is Custom checkout checkout?
Custom checkout lets you build your own payment UI on your site and call Pine Labs APIs directly for each payment method. Customers stay on your domain — no redirect to a Pine Labs page.
Do I need PCI compliance for Custom checkout?
Yes. You must have a PCI compliance certificate because you collect and transmit sensitive card data (card number, CVV, expiry) directly through your system.
What payment methods does Custom checkout support?
Cards (Visa, Mastercard, RuPay), UPI (Collect and Intent), Net Banking, Wallets, and BNPL. Each method requires a separate Create Payment API call.
Can I use Custom checkout for mobile apps?
Yes. Make the API calls from your mobile app's backend and build the payment UI natively in your app.
Integration
What APIs do I need for Custom checkout?
Three main APIs: Generate Token for authentication, Create Order to create an order, and Create Payment to submit payment per method.
What's the difference between Create Order and Create Payment?
Create Order sets up the transaction (amount, customer, allowed methods). Create Payment submits the actual payment with method-specific details (card number, UPI ID, bank code). You always create the order first.
What is the challenge_url?
The challenge_url is returned in the Create Payment response. Redirect the customer to this URL for 3DS authentication, OTP verification, or bank login (net banking). After verification, the customer returns to your callback URL.
Can I retry a failed payment on the same order?
Yes. Each order supports multiple payment attempts. Create a new payment with the same order_id using a different payment method or corrected details.
How many payment retries are allowed per order?
The response includes payment_retries_remaining to indicate how many more attempts are allowed.
Do I need to implement signature verification?
Yes. This is mandatory. Verify the SHA256 HMAC signature on every callback to confirm the data hasn't been tampered with. See Signature Verification.
PCI compliance
Why is PCI compliance required for Custom checkout?
Because your system collects, transmits, and processes raw card data (card_number, cvv, expiry). PCI DSS compliance ensures you handle this data securely.
What level of PCI compliance do I need?
You need PCI DSS certification appropriate for your transaction volume. Contact your acquiring bank or a PCI Qualified Security Assessor for guidance.
What if I don't have PCI compliance?
Use Hosted checkout (Infinity) or iFrame checkout. Both handle card data collection on the Pine Labs side, so you don't need PCI compliance.
Payment methods
How do I accept card payments?
Collect card details (name, number, CVV, expiry, mobile) on your UI, then call Card Payment Create. The response includes a challenge_url for 3DS/OTP verification.
How do I accept UPI payments?
Two options: UPI Collect (customer enters VPA, approves on their UPI app) and UPI Intent (generate QR code or deeplink). See UPI integration steps.
How do I accept Net Banking payments?
Collect the bank selection from your UI, pass the bank_code in Netbanking Payment Create. Customer is redirected to the bank's login page. See Supported Banks.
Can I support tokenized (saved) cards?
Yes. Use the Tokenization flow to save cards and the CVV-less flow for returning customers.
Can I support EMI through Custom checkout?
EMI (Credit and Debit) is primarily supported through Hosted checkout. For EMI via Custom checkout, contact the integration team.
Pre-authorization
Does Custom checkout support pre-authorization?
Yes. Set pre_auth: true in the Create Order request. After successful payment, call Capture Order to settle or Cancel Order to void.
Which payment methods support pre-auth in Custom checkout?
Card payments support pre-authorization.
Error handling
What happens if the Create Payment call fails?
The response includes error_detail with code and message. Common errors: INTERNAL_ERROR (processor unavailable), INVALID_CARD (incorrect card details), INSUFFICIENT_FUNDS. See Error Codes.
How do I handle 3DS failures?
If the customer fails 3DS verification, they're redirected to your failure_callback_url with error details. You can allow a retry with the same or different payment method.
What if the customer drops off during 3DS/OTP?
Configure webhooks to receive payment status updates server-side. The callback may not fire if the customer closes the browser.
Testing
How do I test Custom checkout?
Use the UAT environment (https://pluraluat.v2.pinepg.in) with test card details.
Can I test all payment methods in UAT?
Cards, Net Banking (SBI), Cross-Border, and Pay by Points work in UAT with test data. UPI processes real transactions — test with minimum amounts.
When do I get production credentials?
After UAT sign-off. Share your callback and webhook URLs for whitelisting.
Troubleshooting
My signature verification keeps failing.
Check: (1) Parameters sorted alphabetically by key, (2) joined with &, (3) HmacSHA256 with hex-decoded secret_key, (4) result compared in uppercase.
Payment succeeded but I didn't receive a callback.
The callback depends on the customer's browser. Always use webhooks as the primary confirmation mechanism.
Getting CORS errors when calling Pine Labs APIs.
You're calling APIs from the frontend. All Pine Labs API calls must be made from your backend server.
How do I contact support?
Integration support: pgintegration@pinelabs.com. General support: pgsupport@pinelabs.com.
Related pages
Custom checkout — Overview Features and benefits of Seamless Checkout.
Custom checkout — Integration steps Step-by-step integration guide.
Custom checkout — Customization options Configure payment methods and parameters.