Product Guides
Sign InCreate Account

Best Practices

Learn the best practices to follow before beginning with the integration.

Verify Signature to Avoid Data Tampering

We recommend this as a Mandatory step to confirm the authenticity of the details returned to you on the return URL for successful payments.

Signature Verification Documentation

Check Order Status

Use our Get Orders API from the backend to check the order/payment status before providing service to the customers.

Get Orders API Payments Life Cycle Documentation

Configure Webhooks

Contact our support team to configure webhook events to avoid callback failures.

Webhook Documentation Support Team Email

Implement Flexible JSON Parsing

We recommend designing your systems to gracefully ignore any additional or unknown fields in the JSON payload during integration. This ensures forward compatibility as our platform evolves or introduces new optional fields, and aligns with industry-standard robust API design principles, preventing integration issues from unexpected data.

Incoming Request Example 
{
  "transactionId": "TXN123456",
  "amount": 10000,
  "currency": "INR",
  "extraField": "IgnoreThisNode"
}

You should process the known fields (transactionId, amount, currency) and gracefully ignore the extraField.

Avoid Hardcoding Parameters

To ensure a scalable integration, do not hardcode values such as API keys, environment flags, or identifiers in your system while integrating. Hardcoded values increase the risk of failures when changes occur on the platform. Using configuration files or environment variables makes your integration easier to maintain and adapt across environments (e.g., sandbox vs production).

TLS Version

We recommend you to use "TLS_v_1.2" or the higher TLS versions to avoid any transaction failures.

Conduct Sanity Testing

Before fully implementing TLS 1.2 and updating the cipher suites, perform application testing to confirm seamless communication across systems and applications within your environment.

Implement Strong Cipher Suites

Configure TLS-enabled services to use only strong cipher suites with robust encryption algorithms and key exchange mechanisms. All other ciphers should be disabled.

List of accepted Ciphers:

TLS_AES_128_CCM_8_SHA256
TLS_AES_128_CCM_SHA256
TLS_ECCPWD_WITH_AES_128_CCM_SHA256
TLS_ECCPWD_WITH_AES_256_CCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CCM
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_256_CCM
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256
TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

📘

Note:

  • You can only test Credit/Debit Cards, Net Banking (via SBI),Cross Border & Pay by Points on UAT/Staging Environment.
  • UPI payments are processed in real-time, even in the UAT environment. Please test using a minimal transaction amount.
  • Production credentials will be shared with you after UAT sign-off, to test all flows in the soft production environment before going live.
  • Please share the Return and webhook URL for configuration and whitelisting before going Live.
  • For any incremental updates or support related to integration, please contact our Integration Team.

Updated about 2 hours ago

Products

New Releases

Resources

Sales & Support

Privacy Policy | Terms of Use
Ask AI
Assistant
Order Lifecycle
Refunds
Settlements
Checkout
Dashboard
International Payments
How do I implement webhook notifications for payment status updates, and what's the recommended way to verify webhook authenticity?
How do I integrate Pine Labs payment gateway with my React Native mobile app and what are the required API credentials?
Can I customize the payment UI for card transactions, and what parameters can I pass to modify the checkout experience for my customers?
Assistant