Leave a Comment / Cheat Sheet / By

Custom Payment Gateways

  • Direct Control: Money moves directly from client to your HDFC account.
  • Instant Settlement: Achieve T+0 speed without 3rd party delays.
  • No Middlemen: Bypass platforms like Razorpay or Cashfree entirely.
Direct Bank

Direct Bank API Setup

  • Merchant API: Connect directly to HDFC or ICICI business servers.
  • Safety First: Transactions are handled inside the bank's secure network.
  • T+0 Benefit: Funds are credited based on your direct bank contract.
API Connection

UPI: Zero Day Holding

  • Dynamic QR: Generate a unique code for every single customer.
  • Intent Flow: Automatically opens GPay/PhonePe on mobile devices.
  • Real-time: Money hits your account the second the PIN is entered.
UPI QR

Security & Requirements

  • Checksum: Use SHA-256 to prevent hackers from tampering with data.
  • Webhooks: Automated server alerts when a payment is successful.
  • Compliance: Use Bank PSP pages to avoid complex PCI-DSS costs.
Security Shield

What is an API?

  • A Bridge: It connects your website to the bank.
  • The Waiter: You give it an order, it goes to the kitchen (Bank), and brings back the food (Response).
  • Interface: It allows two different computers to talk to each other.
API Bridge

Website ↔ API ↔ Bank

How the Flow Works

  • Step 1 (Request): Your site tells the bank: "Collect ₹500 from this user."
  • Step 2 (Security): The API checks the SHA-256 digital seal to prevent fraud.
  • Step 3 (Response): The bank says "Success" and moves money to your account.
Security

Why Use Direct APIs?

  • T+0 Settlement: Money goes to your HDFC account instantly.
  • No Holding: Third parties (Razorpay/Cashfree) won't hold your money for days.
  • Higher Trust: Your website works directly with a trusted bank.
Bank Direct

The Code: Python

import requests

# The Bank's API Address
api_url = "https://api.hdfcbank.com/v1/pay"

data = {
  "merchant_id": "YOUR_ID",
  "amount": "500.00",
  "hash": "SHA-256_SEAL"
}

# Sending the request
response = requests.post(api_url, data=data)
print(response.text)

The Code: PHP

<?php
$url = "https://api.hdfcbank.com/v1/pay";

$data = [
  "merchant_id" => "YOUR_ID",
  "amount"      => "500.00"
];

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$result = curl_exec($ch);
echo $result;
?>
Quick Quiz: API & Security

Question: If a hacker tries to change the payment amount during a transaction, which technology will alert the bank?