From zero-code to full API control. Pick the approach that matches your team.
Install the WooCommerce plugin on your WordPress store. No code required — configure credentials and go live.
Single API call to create a payment session. Redirect to our hosted checkout — we handle the rest.
Full control over payments, refunds, enquiry, and webhooks via our comprehensive API.
Server-to-server UPI payments. Generate QR codes for desktop or open UPI apps directly on mobile.
Watch the payment journey step by step
User initiates payment on your application.
Real-time fraud check and dynamic routing.
Authorization and fund settlement via UPI/Cards.
Server notification & UI success screen.
Redirect customers to our PCI-compliant checkout page. Supports UPI, cards, and net banking — optimized for every device.
Four steps from zero to production. Follow along with the code samples below.
Sign up on SabPaisa, choose Payment Gateway as your product, and grab your API Key and Secret Key from Dashboard → Developers → API Keys.
Concatenate merchantId|merchantTxnId|amount|currency|timestamp and sign with HMAC-SHA256 using your Secret Key. Always generate server-side.
POST to /api/v2/payments with the checksum and customer details. Redirect the customer to the returned checkoutUrl?clientSecret={clientSecret}.
1import 'package:sabpaisa/sabpaisa.dart';
2
3final sabpaisa = SabPaisaClient(SabPaisaConfig(
4 apiKey: 'sp_your_api_key',
5 merchantId: 'YOUR_MERCHANT_ID',
6 secretKey: 'sec_your_secret_key',
7 clientCode: 'YOUR_CLIENT_CODE',
8 env: Environment.staging,
9));
10
11// Create payment & redirect to checkout
12final payment = await sabpaisa.payments.createSession(
13 const CreatePaymentRequest(
14 merchantTxnId: 'ORDER_123',
15 amount: 50000, // Rs 500.00 in paise
16 customerName: 'John Doe',
17 customerEmail: '[email protected]',
18 customerMobile: '9876543210',
19 ),
20);
21
22// Redirect in-app (Chrome Custom Tabs / SFSafariViewController)
23await sabpaisa.payments.redirectToCheckout(payment);1<?php
2
3// Step 1: Generate checksum
4$input = "{$merchantId}|{$merchantTxnId}|{$amount}|INR|{$timestamp}";
5$checksum = hash_hmac('sha256', $input, $SECRET_KEY);
6
7// Step 2: Create payment session
8$ch = curl_init('https://merchant-api.sabpaisa.in/api/v2/payments');
9curl_setopt_array($ch, [
10 CURLOPT_RETURNTRANSFER => true,
11 CURLOPT_POST => true,
12 CURLOPT_HTTPHEADER => [
13 'X-Api-Key: ' . $API_KEY,
14 'Content-Type: application/json'
15 ],
16 CURLOPT_POSTFIELDS => json_encode([
17 'merchantId' => $merchantId,
18 'merchantTxnId' => $merchantTxnId,
19 'amount' => $amount,
20 'currency' => 'INR',
21 'returnUrl' => $returnUrl,
22 'timestamp' => $timestamp,
23 'checksum' => $checksum
24 ])
25]);
26
27$response = json_decode(curl_exec($ch), true);
28curl_close($ch);
29
30// Redirect to $response['checkoutUrl']
31header('Location: ' . $response['checkoutUrl']);1curl -X POST https://merchant-api.sabpaisa.in/api/v2/payments \
2 -H "X-Api-Key: YOUR_API_KEY" \
3 -H "Content-Type: application/json" \
4 -d '{
5 "merchantId": "MID_001",
6 "merchantTxnId": "ORD_123_1707840000",
7 "amount": 99900,
8 "currency": "INR",
9 "returnUrl": "https://yoursite.com/result",
10 "timestamp": 1707840000,
11 "checksum": "a1b2c3...hmac_sha256",
12 "customerName": "Bhargav",
13 "customerEmail": "[email protected]",
14 "customerPhone": "9876543210"
15 }'After payment, the customer is redirected to your returnUrl with parameters and a signature. Always verify server-side using the Transaction Enquiry API or Webhooks — never trust client-side parameters alone.
One integration, eight payment methods. UPI, cards, net banking, wallets, NEFT, RTGS, and cash challan — supported from day one.
GPay, PhonePe, Paytm, BHIM & all UPI apps
Visa, Mastercard, Amex, RuPay
Visa, Mastercard, RuPay
SBI, HDFC, ICICI, Axis & 50+ banks
Paytm, Amazon Pay, Mobikwik, Freecharge
Bank transfer via all major banks
Real-time high-value transfers
Pay by cash at bank branches
Receive instant server-to-server webhook notifications when payment status changes. Verify signatures with HMAC-SHA256 for secure, reliable updates.
1<?php
2$rawBody = file_get_contents('php://input');
3$sigHeader = $_SERVER['HTTP_X_SABPAISA_SIGNATURE'] ?? '';
4
5// Split signature: timestamp.base64_signature
6[$timestamp, $receivedSig] = explode('.', $sigHeader, 2);
7
8// Check timestamp freshness (5 min)
9$now = round(microtime(true) * 1000);
10if (abs($now - intval($timestamp)) > 300000) {
11 http_response_code(401);
12 echo json_encode(['error' => 'Signature expired']);
13 exit;
14}
15
16// Verify signature (base64, NOT hex)
17$toSign = $timestamp . '.' . $rawBody;
18$expectedSig = base64_encode(
19 hash_hmac('sha256', $toSign, getenv('SABPAISA_WEBHOOK_SECRET'), true)
20);
21
22if (!hash_equals($expectedSig, $receivedSig)) {
23 http_response_code(401);
24 echo json_encode(['error' => 'Invalid signature']);
25 exit;
26}
27
28$payload = json_decode($rawBody, true);
29
30switch ($payload['event']) {
31 case 'payment.success':
32 // Update order, send confirmation
33 break;
34 case 'payment.failed':
35 // Notify customer
36 break;
37 case 'payment.expired':
38 // Release inventory
39 break;
40}
41
42echo json_encode(['status' => 'received']);X-SabPaisa-Signature header using HMAC-SHA256 (base64) with your Webhook Secret Key before processing any webhook event. See the Webhook Integration Guide for the full documentation.Whether you're a startup or enterprise, SabPaisa PG 3.0 adapts to your payment needs.
One-click checkout for online stores. Cart integration, partial refunds, and order tracking.
Recurring billing, plan upgrades, pro-rata charges, and automated invoice generation.
Split payments between sellers, escrow support, and multi-party settlement.
Fee collection, installment plans, scholarship discounts, and multi-campus billing.
Go from zero to accepting payments in under 30 minutes. Sandbox credentials included — no approval needed.
Pay to DEMO MERCHANT
₹500