RuPay Payer Authentication

RuPay payer authentication allows you to authenticate RuPay cardholders before initiating a RuPay payment. The payer will be redirected via the RuPay PaySecure network to a site hosted by the issuer to enter a One-Time-Password (OTP). You receive the authentication result that will enable you to decide whether you want to proceed with the payment or not.

RuPay payment authentication is only available in India.


  • Your National Payments Corporation of India (NPCI) merchant-acquirer link on the gateway must be enabled to process RuPay authentication.

Integrating to use RuPay Payer Authentication

The gateway supports the following integration options for RuPay authentication.

  • Hosted Checkout: This is the easiest integration option. With Hosted Checkout integrations version 55 and later, Rupay authentication is automatically available when you are enabled and configured for it by your payment service provider.
  • Authentication API: This is a server-side integration option that gives you total control over your integration but requires the highest integration effort. Use this option if you are required to customize API interactions between the payer's browser and the gateway. You must perform operations needed for managing the integration flows directly from your merchant server to the gateway server.
  • JavaScript API: This is a client-side JavaScript integration if you want to initiate RuPay authentication from your website's payment page. Use this option if you want to allow the payer to submit their payment details directly to the gateway from the browser.
    To initiate RuPay authentication and other authentication operations directly from the payer's browser, you must first establish the authentication channel where your merchant server must communicate with the gateway server for creating a session on the gateway. The gateway generated session Id is then included in all browser-initiated authentication requests as the password parameter (see session-based authentication).


How do I retrieve the authentication results?

If you wish to retrieve the authentication results at any stage, use the Retrieve Transaction operation. Note that fields that are only used during the authentication, for example, authentication.redirectHtml, are not persisted in the gateway hence not returned.

Retrieve Transaction API Reference [REST] [NVP]

How do I determine the authentication status?

The gateway provides the authentication status in the transaction.authenticationStatus field. This field may return one of the following values depending on the authentication stage:

  • AUTHENTICATION_ATTEMPTED: Payer authentication was attempted and a proof of authentication attempt was obtained.
  • AUTHENTICATION_AVAILABLE: Payer authentication is available for the payment method provided.
  • AUTHENTICATION_FAILED: The payer was not authenticated. You should not proceed with this transaction.
  • AUTHENTICATION_NOT_SUPPORTED: The requested authentication method is not supported for this payment method.
  • AUTHENTICATION_PENDING: Payer authentication is pending completion of a challenge process.
  • AUTHENTICATION_REJECTED: The issuer rejected the authentication request and requested that you do not attempt authorization of a payment.
  • AUTHENTICATION_REQUIRED: Payer authentication is required for this payment, but was not provided.
  • AUTHENTICATION_SUCCESSFUL: The payer was successfully authenticated.
  • AUTHENTICATION_UNAVAILABLE: The payer was not able to be authenticated due to a technical or other issue.
How do I view authentication details in Merchant Administration?

You can view authentication details for both individual RuPay authentications and authentications that proceeded with the payment in Merchant Administration. Search for the order or transaction in the search page and view the authentication details.

Copyright © 2023 Mastercard