Seamless Payment Request

Seamless lets you keep the customer on your own pages while collecting payment instrument details. Omniware acts as a backend processor: you POST the instrument details, Omniware returns a transaction ID, and the customer is redirected (in the card case to the issuer's 3D-secure page; for UPI to the customer's UPI app) — finally landing back on your return_url.

warning

Seamless requires PCI-DSS certification for card flows. Without it, handling raw card numbers on your servers is a contractual and legal violation. Use the hosted Payment Request instead.

Contact your Omniware relationship manager if you would like assistance with PCI-DSS compliance.

Endpoint

POST https://pgbiz.omniware.in/v2/paymentseamlessrequest
Content-Type: application/x-www-form-urlencoded

In production you typically post this from your server (form-encoded), then 302-redirect the customer's browser to the URL Omniware returns.

Request parameters

Identity & order

api_keystring (36)required

order_idstring (30)required

Your unique merchant reference. Duplicates are rejected.

modestring (4)

TEST or LIVE. Defaults to LIVE.

amountdecimal(15,2)required

currencystring (3)required

3-letter ISO code, typically INR.

descriptionstring (500)required

Customer details

namestring (100)required

emailstring (100)required

phonestring (50)required

address_line_1string (100)

address_line_2string (100)

citystring (50)required

statestring (50)

countrystring (50)required

Must be IND.

zip_codestring (20)required

User-defined

udf1string (300)

udf2string (300)

udf3string (300)

udf4string (300)

udf5string (300)

Payment instrument

bank_codestring (20)required

Identifies the payment mode and channel. See Bank codes for the full list. Examples: VISC (Visa Credit Card), MASC (Mastercard Credit Card), HDFN (HDFC Net Banking), UPIU (UPI Collect).

For card payments (`bank_code` is a card code)

card_numberstring (19)

11–19 digit PAN. Conditional — required for card bank codes.

expiry_datestring (7)

MM/YYYY. Conditional.

card_holder_namestring (30)

Conditional.

cvvstring (4)

CVV / CVC. Conditional. Never store after this request.

For UPI Collect (`bank_code=UPIU`)

payer_virtual_addressstring (50)

Customer's UPI VPA, e.g. 9900990099@upi. Conditional — required when bank_code is UPIU.

Redirect URLs

return_urlstring (300)required

Omniware POSTs here on a successful transaction.

return_url_failurestring (300)

Failed transactions. Defaults to return_url.

return_url_cancelstring (300)

User-cancelled transactions.

hashstring (255)required

Response flow

On a successful seamless request, Omniware:

Assigns a transaction ID.
Redirects the customer's browser to the appropriate bank or 3D-secure page for the chosen bank_code — handled automatically when you POST the form from the customer's browser.
Posts the final outcome to your return_url once the bank flow completes (or the customer cancels).

There is no intermediate JSON response to your server in the typical flow — the customer's browser is the transport. Capture the final outcome from return_url and verify the hash.

Response on `return_url`

Same shape as the Payment Request response:

{
  "transaction_id": "HDVISC1299876438",
  "payment_mode": "Credit Card",
  "payment_channel": "Visa",
  "payment_datetime": "01-03-2024 16:45:39",
  "response_code": 0,
  "response_message": "Transaction Successful",
  "error_desc": null,
  "order_id": "ORD-1001",
  "amount": "149.00",
  "currency": "INR",
  "description": "Order 1001",
  "name": "Amit Kumar",
  "email": "amit@example.com",
  "phone": "9900990099",
  "address_line_1": "...",
  "address_line_2": "...",
  "city": "Bangalore",
  "state": "Karnataka",
  "country": "IND",
  "zip_code": "560001",
  "udf1": null, "udf2": null, "udf3": null, "udf4": null, "udf5": null,
  "cardmasked": "437748******0069",
  "hash": "..."
}

response_message is one of Transaction Successful, Transaction Failed, or Transaction Cancelled.

cardmasked is the masked PAN used for the transaction; it's only included if your merchant account is explicitly enabled to receive it — otherwise the field is null. Speak to your Omniware relationship manager if you need it surfaced for reconciliation.

Always verify the hash before trusting the response.

Compliance notes

What 'PCI-DSS scope' means

Any server that touches the raw PAN, CVV, or full track data is in PCI-DSS scope. That means quarterly ASV scans, annual audits, network segmentation, encrypted storage requirements, and more. Use Omniware's hosted page (or a PCI-compliant iframe / tokenisation layer) if you can.

Never store CVV

The card schemes forbid storage of CVV after authorisation, even encrypted. Pass it through to Omniware and discard.

Tokenisation

For recurring or one-click payments, use card tokenisation (network or issuer) instead of storing PANs. Ask Omniware support to enable tokenisation on your account.

Endpoint​

Request parameters​

Identity & order​

Customer details​

User-defined​

Payment instrument​

For card payments (bank_code is a card code)​

For UPI Collect (bank_code=UPIU)​

Redirect URLs​

Response flow​

Response on return_url​

Compliance notes​