- Integration Guidelines
- Supported Features (Security)
- RuPay Payer Authentication
RuPay Payer Authentication
RuPay payer authentication allows you to authenticate RuPay cardholders before initiating a RuPay payment. The payer will be redirected via the RuPay PaySecure network to a site hosted by the issuer to enter a One-Time-Password (OTP). You receive the authentication result that will enable you to decide whether you want to proceed with the payment or not.
RuPay payment authentication is only available in India.
Prerequisites
- Your National Payments Corporation of India (NPCI) merchant-acquirer link on the gateway must be enabled to process RuPay authentication.
Integrating to use RuPay payer authentication
The gateway supports the following integration options for RuPay authentication.
- Hosted Checkout: This is the easiest integration option. With Hosted Checkout integrations version 55 and later, Rupay authentication is automatically available when you are enabled and configured for it by your payment service provider.
- Authentication API: This is a server-side integration option that gives you total control over your integration but requires the highest integration effort. Use this option if you are required to customize API interactions between the payer's browser and the gateway. You must perform operations needed for managing the integration flows directly from your merchant server to the gateway server.
- JavaScript API: This is a client-side JavaScript integration if you want to initiate RuPay authentication from your website's payment page. Use this option if you want to allow the payer to submit their payment details directly to the gateway from the browser.
To initiate RuPay authentication and other authentication operations directly from the payer's browser, you must first establish the authentication channel where your merchant server must communicate with the gateway server for creating a session on the gateway. The gateway generated session Id is then included in all browser-initiated authentication requests as the password parameter (see session-based authentication).