POST
/
pg
/
orders
/
curl --request POST \
  --url https://api-pacb-uat.eximpe.com/pg/orders/ \
  --header 'Content-Type: application/json' \
  --header 'X-Client-ID: <api-key>' \
  --header 'X-Client-Secret: <api-key>' \
  --header 'X-Merchant-ID: <api-key>' \
  --data '{
  "amount": "2499.99",
  "currency": "INR",
  "reference_id": "ORD_2024_WH_001234",
  "return_url": "https://electronicshub.com/payment/success",
  "collection_mode": "hosted_payment",
  "mop_type": "UPI",
  "buyer": {
    "name": "Priya Sharma",
    "email": "[email protected]",
    "phone": "+919876543210",
    "address": {
      "line_1": "403, Crystal Tower, Linking Road",
      "line_2": "Near Metro Station",
      "city": "Mumbai",
      "state": "Maharashtra",
      "postal_code": "400050"
    }
  },
  "product": {
    "name": "Sony WH-1000XM5 Wireless Headphones",
    "description": "Premium noise-cancelling wireless headphones with 30-hour battery life",
    "hs_code": "85183000",
    "hs_code_description": "Headphones and earphones, whether or not combined with a microphone",
    "type_of_goods": "goods"
  },
  "invoice": {
    "number": "INV_WH_2024_0621",
    "date": "2024-06-21"
  }
}'
{
  "success": true,
  "message": "Checkout session created successfully",
  "data": {
    "session_id": "session_wh_5f8e3d7a9b2c1",
    "order_id": "OD2024120456789"
  }
}

Overview

The Create Order endpoint is the first step in the payment flow. It creates a new order with all the necessary details including buyer information, product details, and payment preferences. After creating an order successfully, you’ll receive a session_id and order_id. Use the session_id to redirect the customer to the payment gateway for completing the transaction.

Payment Collection Modes

EximPe supports multiple payment collection modes:

1. Hosted Payment (Default)

The standard hosted payment flow where customers are redirected to EximPe’s secure payment page.

2. S2S UPI Intent

Server-to-server UPI intent flow that generates a UPI intent link for direct app-to-app payments.

3. S2S UPI Collection

Server-to-server UPI collection flow that sends a payment request directly to the customer’s VPA (Virtual Payment Address).

4. S2S Card Payment

Server-to-server card payment flow with 3D Secure authentication. For new cards, the system initiates 3D Secure verification and returns an ACS template that must be rendered on the client side to complete authentication. Card details are securely processed and can be tokenized using the Save Card API after successful payment.

Request Parameters

Required Parameters

  • amount: Payment amount in decimal format
  • currency: 3-letter ISO currency code (e.g., INR)
  • reference_id: Unique identifier for the order
  • buyer: Buyer details object
  • product: Product details object

Optional Parameters

  • collection_mode: Payment collection mode (hosted_payment or s2s)
  • mop_type: Method of payment (UPI, CREDIT_CARD, DEBIT_CARD, NET_BANKING, QR)
  • upi_flow_type: UPI flow type (intent or collection) - required when using S2S with UPI
  • vpa: Virtual Payment Address - required when upi_flow_type is collection
  • upi_app_name: Preferred UPI app - optional, defaults to others
  • return_url: URL to redirect after payment completion
  • invoice: Invoice details object
  • card_details: Card information object - required when mop_type is CREDIT_CARD or DEBIT_CARD

Card Payment Specific Parameters

When using card payments (mop_type is CREDIT_CARD or DEBIT_CARD), additional buyer information is required:
  • buyer.ip_address: Customer’s IP address (required for fraud prevention)
  • buyer.user_agent: Customer’s browser user agent (required for fraud prevention)

Card Details Options

You can provide card information in two ways:
  1. New Card Details (for first-time payments):
    • Include full card information: number, cardholder_name, expiry_month, expiry_year, cvv, network
    • Required for new cards not previously saved
    • Use the Save Card API after successful payment to tokenize for future use
  2. Saved Card Token (for repeat payments):
    • Use token: Previously saved card token from the Save Card API
    • Include identifier: Customer identifier used when saving the card
    • Include network: Card network (VISA, MASTERCARD, etc.)
    • No sensitive card data required - token handles authentication

Response

Hosted Payment Response

For hosted payment mode, the response includes:
  • session_id: Use this to redirect customers to the payment page
  • order_id: Unique order identifier

S2S UPI Intent Response

For S2S UPI Intent mode, the response includes:
  • order_id: Unique order identifier
  • intent_uri: UPI intent link that can be used to open UPI apps directly

S2S UPI Collection Response

For S2S UPI Collection mode, the response includes:
  • order_id: Unique order identifier
  • message: Confirmation message about the collection request sent to the VPA

S2S Card Payment Response

For S2S Card Payment mode, the response includes:
  • order_id: Unique order identifier
  • acs_template: Base64-encoded HTML template for 3D Secure authentication
Important: The acs_template must be decoded from Base64 and rendered in the customer’s browser to complete the 3D Secure authentication process.

Examples

{
  "amount": "1000.00",
  "currency": "INR", 
  "reference_id": "ORDER_123456",
  "collection_mode": "hosted_payment",
  "return_url": "https://yourdomain.com/payment/callback",
  "mop_type": "UPI",
  "buyer": {
    "name": "Alice Smith",
    "email": "[email protected]",
    "phone": "+919812345678",
    "address": {
      "line_1": "221B Baker Street",
      "city": "Mumbai",
      "state": "Maharashtra", 
      "postal_code": "400001"
    }
  },
  "product": {
    "name": "Wireless Headphones",
    "type_of_goods": "goods"
  }
}

Response Examples

{
  "success": true,
  "message": "Checkout session created successfully",
  "data": {
    "session_id": "session_abc123def456",
    "order_id": "OD2000992103"
  }
}

Implementation Notes

UPI Payments

  • S2S UPI Intent: The response includes a UPI intent link that can be used to open UPI apps directly
  • S2S UPI Collection: A payment request is sent to the provided VPA, and the customer receives a notification
  • UPI App Optimization: The upi_app_name parameter helps optimize the intent link for specific UPI applications
  • VPA Format: Must follow the pattern username@bank (e.g., user@paytm, 9876543210@ybl)

Card Payments

  • 3D Secure Flow: For new cards, the system initiates 3D Secure verification
  • ACS Template Processing:
    1. Decode the Base64 acs_template from the response
    2. Render the decoded HTML in the customer’s browser
    3. The form will auto-submit to complete 3D Secure authentication
    4. Customer will be redirected back to your return_url after authentication
  • Card Tokenization: Use the Save Card API after successful payment to securely tokenize cards for future use
  • Saved Card Usage: Use previously saved card tokens for faster, more secure repeat payments
  • Fraud Prevention: ip_address and user_agent are required for fraud detection and prevention

New vs Saved Cards

  • New Cards: Require full card details and may trigger 3D Secure authentication
  • Saved Cards: Use tokens for faster processing, reduced 3D Secure requirements, and enhanced security
  • Token Benefits: No sensitive data exposure, faster checkout, improved conversion rates

Security Considerations

  • Card Data: Never log or store card details in your application
  • 3D Secure: Always implement proper 3D Secure handling for card payments
  • Token Management: Use the Card Token APIs for managing saved cards

Authorizations

X-Client-ID
string
header
required

Client app ID. You can find your app id in the merchant dashboard.

X-Client-Secret
string
header
required

Client secret key. You can find your secret in the merchant dashboard.

X-Merchant-ID
string
header
required

Merchant ID. You can find your merchant ID in the merchant section of the merchant dashboard.

Body

application/json

Order creation request

amount
string
required

Amount in decimal format (e.g., "100.00")

currency
string
required

3-letter ISO currency code (e.g., INR, USD)

reference_id
string
required

Unique identifier for the order

buyer
object
required
product
object
required
return_url
string<uri>

URL to redirect after payment

collection_mode
enum<string>

Payment collection mode

Available options:
hosted_payment,
s2s
mop_type
enum<string>

Method of payment type (e.g., UPI)

Available options:
UPI,
CREDIT_CARD,
NETBANKING,
DEBIT_CARD,
QR
upi_flow_type
enum<string>

UPI flow type (required when collection_mode is s2s and mop_type is UPI)

Available options:
intent,
collection
vpa
string

Virtual Payment Address (required when upi_flow_type is collection)

upi_app_name
enum<string>

UPI app name (optional, defaults to 'others')

Available options:
bhim,
paytm,
google_pay,
phonepe,
cred,
amazon_pay,
whatsapp,
others
invoice
object
card_details
object

Response

Order created successfully

success
boolean
required

Indicates if the request was successful

message
string
required

Response message

data
object
required