Custom Checkout Integration Steps
Step-by-step guide to integrate Pine Labs Seamless Checkout. Create orders, submit payments per method, handle 3DS/OTP challenges, verify signatures, and manage transactions.
Integration Steps
Learn how you can integrate with Pine Labs Online APIs to start accepting payments on your website.
Follow the below steps to integrate with Pine Labs Online seamless checkout APIs in your application.
📘 Note
- Ensure you store your
client_idandclient_secretin your Backend securely.- Integrate our APIs on your backend system.
- We strictly recommend not to call our APIs from the frontend.
- Failure to adhere to the above guidelines may result in legal implications. In such cases, you will be held responsible for any damage or loss arising from non-compliance.
🚧 Watch Out
- To Integrate with Pine Labs Online seamless checkout flow you must have a PCI compliance certificate.
- Some payment methods also support additional checkout options. These options are not part of the standard payment and may require additional APIs or feature enablement.
1. [Prerequisite] Generate Token
Integrate our Generate Token API in your backend servers to generate the access token. Use the token generated to authenticate Pine Labs Online APIs.
Below are the sample requests and response for the Generate Token API.
curl --request POST \
--url https://pluraluat.v2.pinepg.in/api/auth/v1/token \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'Request-Timestamp: 2024-07-09T07:57:08.022Z' \
--header 'Request-ID: c17ce30f-f88e-4f81-ada1-c3b4909ed235' \
--data '
{
"client_id": "a17ce30e-f88e-4f81-ada1-c3b4909ed232",
"client_secret": "fgwei7egyhuggwp39w8rh",
"grant_type": "client_credentials"
}
'
Refer to our Generate Token API documentation to learn more.
2. Create Order
To create an Order, use our Create Order API, for authentication use the generated access token in the headers of the API request.
Below are the sample requests and response for a Create Order API.
curl --location 'https://pluraluat.v2.pinepg.in/api/pay/v1/orders' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c' \
--header 'Content-Type: application/json' \
--header 'Request-ID: c17ce30f-f88e-4f81-ada1-c3b4909ed235' \
--header 'Request-Timestamp: 2024-07-09T07:57:08.022Z' \
--header 'accept: application/json' \
--data '
{
"merchant_order_reference": 112345,
"order_amount": {
"value": 1100,
"currency": "INR"
},
"pre_auth": false,
"allowed_payment_methods": [
"CARD",
"UPI",
"NETBANKING",
"POINTS",
"WALLET"
],
"notes": "order1",
"callback_url":"https://sample-callback-url",
"failure_callback_url": "https://sample-failure-callback-url",
"purchase_details": {
"customer": {
"email_id": "kevin.bob@example.com",
"first_name": "Kevin",
"last_name": "Bob",
"customer_id": "123456",
"mobile_number": "9876543210",
"country_code": "91",
"billing_address":{
"address1":"H.No 15, Sector 17",
"address2":"",
"address3":"",
"pincode":"61232112",
"city":"CHANDIGARH",
"state":"PUNJAB",
"country":"INDIA",
"full_name": "Kevin Bob",
"adddress_type": "Home",
"address_category": "billing"
},
"shipping_address":{
"address1":"H.No 15, Sector 17",
"address2":"",
"address3":"",
"pincode":"144001123",
"city":"CHANDIGARH",
"state":"PUNJAB",
"country":"INDIA",
"full_name": "Kevin Bob",
"adddress_type": "Home",
"address_category": "shipping"
}
},
"merchant_metadata": {
"key1": "DD",
"key2": "XOF"
}
}
}
'
Refer to our Create Order API documentation to learn more.
3. Create Payment
To create a payment, use our Create Payment API, use the order_id returned in the response of a Create Order API to link the payment against an order.
Below are the sample requests and sample response for Card Payment API.
curl --location 'https://pluraluat.v2.pinepg.in/api/pay/v1/orders/{order_id}/payments' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c' \
--header 'Content-Type: application/json' \
--header 'Request-ID: c17ce30f-f88e-4f81-ada1-c3b4909ed235' \
--header 'Request-Timestamp: 2024-07-09T07:57:08.022Z' \
--header 'accept: application/json' \
--data '
{
"payments": [
{
"merchant_payment_reference": "008cf04b-a770-4777-854e-b1e6c1230609",
"payment_method": "CARD",
"payment_amount": {
"value": 1100,
"currency": "INR"
},
"payment_option": {
"card_details": {
"name": "Anil Reddy",
"card_number": "4111111111111111",
"cvv": "272",
"expiry_month": "04",
"expiry_year": "2029",
"registered_mobile_number": "9876543210"
}
}
}
]
}
'
Refer to our Create Payment API documentation to learn more.
📘 Note:
When the pre-authorization is set to true you can capture the payment after successful delivery or service.
The above API example includes a sample request and response for a card payment. If your customer chooses another payment method, such as UPI, netbanking, wallet, or any other supported option, you must pass the payload applicable to that payment method.
Payment method-specific request and response samples are listed below:
| Payment Method | Description |
|---|---|
| Card Payments | Process card-based payments including OTP authorization. |
| UPI Payments | Process UPI payments via intent and QR flows. |
| NetBanking | Process net banking payments. |
| Wallets | Process wallet-based payments. |
| Pay by Points | Check balance and create payments using reward points. |
| Buy Now and Pay Later Payments | Check eligibility and process Buy Now Pay Later payments. |
| EMI Payments | Discover offers, validate EMI eligibility, and process EMI payments. |
| Brand Wallet Payments | Process payments using Brand Wallet balance and add money to Brand Wallets via gift cards or UPI. |
Native OTP Flow (Optional for Card Payments)
Handle OTP authentication directly within your website or mobile application while Pine Labs manages the underlying authentication orchestration.
Click here for Integration Details
📘 Note:
- Follow the steps below to process the transaction using the Native OTP Flow. If you are using the standard redirect-based authentication flow, you can use the
chanllenge_urlto continue with the standard ACS [Access Control Server] flow.
3.1 Get Card Details
Use this API to fetch the card details.
Below are the sample requests and sample response for a Get Card Details API.
curl --request POST \
--url https://pluraluat.v2.pinepg.in/api/pay/v1/getCardDetails \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--header 'Request-ID: c17ce30f-f88e-4f81-ada1-c3b4909ed235' \
--header 'Request-Timestamp: 2024-07-09T07:57:08.022Z' \
--header 'accept: application/json' \
--data '
{
"amount": "100",
"card_details": [
{
"payment_identifier": "4012001037141112",
"payment_reference_type": "CARD"
}
]
}
'
3.2. Generate OTP
Use this API to generate and send an OTP to the registered mobile number.
Below are the sample requests and sample response for a Generate OTP API.
curl --request POST \
--url https://pluraluat.v2.pinepg.in/api/pay/v1/otp/generate \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"payment_id": "v1-250219120455-aa-Lc5FbR-cc-a"
}
'
3.3. Submit OTP
Use this API to submit the OTP for verification.
Below are the sample requests and sample response for a Submit OTP API.
curl --request POST \
--url https://pluraluat.v2.pinepg.in/api/pay/v1/otp/submit \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"payment_id": "v1-250219120455-aa-Lc5FbR-cc-a",
"otp": 1234
}
'
3.4. Resend OTP
Use this API to resend a OTP to the registered mobile number.
Below are the sample requests and sample response for a Resend OTP API.
curl --request POST \
--url https://pluraluat.v2.pinepg.in/api/pay/v1/otp/resend \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"payment_id": "v1-250219120455-aa-Lc5FbR-cc-a"
}
'
Decoupled Authentication Flow (Optional)
Authenticate payments using your own 3DS provider and submit the authentication results to Pine Labs for payment authorization.
Click here for Integration Details
📘 Note:
- Build a fully customized payment experience using Pine Labs APIs. Control checkout design and Decoupled Authentication flows while Pine Labs securely handles payment processing and authorization.
3.1. Payment Authorize
Use this API to submit an authorization request for a transaction that has already completed customer authentication through a third-party 3DS provider.
Below are the sample requests and sample response for a Payment Authorize API.
curl --request POST \
--url https://pluraluat.v2.pinepg.in/api/pay/v1/orders/{orderId}/payments/{paymentId}/authorize \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--header 'Request-ID: c17ce30f-f88e-4f81-ada1-c3b4909ed235' \
--header 'Request-Timestamp: 2024-07-09T07:57:08.022Z' \
--header 'accept: application/json' \
--data '
{
"decrypted_card_details": {
"pan": "",
"cvv": "",
"card_holder_name": "",
"cryptogram": "",
"token": "",
"expiration_month": "",
"expiration_year": "",
"eci": "",
"cavv": ""
},
"acquirer_payment_details": {
"directory_server_transaction_id": "",
"acs_transaction_id": "",
"three_ds_server_transaction_id": "",
"three_ds_version": ""
},
"authentication_type": ""
}
'
Refer to our Payment Authorize API documentation to learn more.
4. Handle Payment
In create payment API response we return a challenge_url, use this challenge url to navigate your customers to the checkout page to accept payment.
📘 Note:
- On successful payment we send the webhook event
ORDER_AUTHORIZEDand the status of the payment is updated toauthorized.- You can capture or cancel an order only when the order status is
authorized.
4.1 Store Payment Details on Your Server
On a successful and failed payment we return the following fields to the return url.
- We recommend you to store the payment details on your server.
- You must validate the authenticity of the payment details returned. You can authenticate by verifying the signature.
{
"order_id": "v1-4405071524-aa-qlAtAf",
"status": "AUTHORIZED",
"signature": "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
}
4.2 Verify Payment Signature
Ensure you follow this as a mandatory step to verify the authenticity of the details returned to the checkout form for successful payments.
Follow the below steps to verify the signature.
- Create a signature on your server using the following parameters using the SHA256 algorithm.
order_id: Unique Identifier generated for an order request on Pine Labs Online database.payment_status: Payment status.error_code: Short code for the error returned.error_message: Corresponding error message for the code.secret_key: The Onboarding team has provided you with this information as part of the onboarding process.
Use the below sample code to construct HashMap signature using the SHA256 algorithm.
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
public class hash {
public static void main(String[] args) {
// Test the GenerateHash method
String input = "<string>";
String secretKey = "<secret_key>"; // Example key in hex
String hash = GenerateHash(input, secretKey);
System.out.println("Generated Hash: " + hash);
}
public static String GenerateHash(String input, String strSecretKey) {
String strHash = "";
try {
if (!isValidString(input) || !isValidString(strSecretKey)) {
return strHash;
}
byte[] convertedHashKey = new byte[strSecretKey.length() / 2];
for (int i = 0; i < strSecretKey.length() / 2; i++) {
convertedHashKey[i] =
(byte)Integer.parseInt(strSecretKey.substring(i * 2, (i*2)+2),16); //hexNumber radix
}
strHash = hmacDigest(input.toString(), convertedHashKey,
"HmacSHA256");
} catch (Exception ex) {
strHash = "";
}
return strHash.toUpperCase();
}
private static String hmacDigest(String msg, byte[] keyString, String algo) {
String digest = null;
try {
SecretKeySpec key = new SecretKeySpec(keyString, algo);
Mac mac = Mac.getInstance(algo);
mac.init(key);
byte[] bytes = mac.doFinal(msg.getBytes("UTF-8"));
StringBuffer hash = new StringBuffer();
for (int i = 0; i < bytes.length; i++) {
String hex = Integer.toHexString(0xFF & bytes[i]);
if (hex.length() == 1) {
hash.append('0');
}
hash.append(hex);
}
digest = hash.toString();
} catch (UnsupportedEncodingException e) {
// logger.error("Exception occured in hashing the pine payment gateway request"+e);
} catch (InvalidKeyException e) {
// logger.error("Exception occured in hashing the pine payment gateway request"+e);
} catch (NoSuchAlgorithmException e) {
// logger.error("Exception occured in hashing the pine payment gateway request"+e);
}
return digest;
}
public static boolean isValidString(String str){
if(str != null && !"".equals(str.trim())){
return true;
}
return false;
}
}
📘 Note:
To create a request string, format the key-value pairs of data returned to the return URL. The pairs are separated by
&and arranged in ascending order based on a lexicographical comparison of the keys.
Shown below is a example to create a request string.
"key1=value1&key2=value2", ["order_id=random_order_id&status=AUTHORIZED"]
- If the signature generated on your server matches the Pine Labs Online signature returned in the return URL, it confirms that the payment details are from Pine Labs Online.
- Capture the status returned on your database. Once the payment status is
AUTHORIZEDyou can either capture or cancel an order.
📘 Important:
- With pre-authorization set to true, you can capture or cancel a payment for an order.
5. Capture Order
Use this API to capture the payment against an order. On successful capture of an order the order status is updated as processed.
Shown below are the sample requests and sample response for a Capture Order API.
curl --request PUT \
--url https://pluraluat.v2.pinepg.in/api/pay/v1/orders/order_id/capture \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c' \
--header 'Content-Type: application/json' \
--header 'Request-ID: c17ce30f-f88e-4f81-ada1-c3b4909ed235' \
--header 'Request-Timestamp: 2024-07-09T07:57:08.022Z' \
--header 'accept: application/json' \
--data '
{
"merchant_capture_reference": "merchant-capture-ref-r4y",
"capture_amount": {
"value": 4000,
"currency": "INR"
}
}
'
Refer to our Capture Order API documentation to learn more.
6. Cancel Order
Use this API to cancel the payment against an order.
Shown below are the sample requests and sample response for a Cancel Order API.
curl --request PUT \
--url https://pluraluat.v2.pinepg.in/api/pay/v1/orders/{order_id}/cancel \
--header 'Authorization: Bearer <access_token>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Request-ID: c17ce30f-f88e-4f81-ada1-c3b4909ed235' \
--header 'Request-Timestamp: 2026-06-01T00:00:00.000Z'
Refer to our Cancel Order API documentation to learn more.
