Quickstart
This walkthrough redirects a customer to Omniware's hosted payment page and brings them back to your site with the result. It is the fastest path to collecting money.
Need to send money instead of collect? Jump to the Payouts overview.
Prerequisites
- An
api_keyandsaltfrom your Omniware dashboard. - A backend that can compute a SHA-512 hash and POST a form.
- A public
return_urlon your site to receive the result.
1. Build the hash
Sort all request parameters by key, join their non-empty values with |, prepend the salt, hash with SHA-512, and uppercase the result. See Hash calculation for code in every supported language.
2. Submit the payment request
POST to https://pgbiz.omniware.in/v2/paymentrequest as form-urlencoded. A minimal request:
- cURL
- PHP
- Node.js
- Python
- Java
curl -X POST https://pgbiz.omniware.in/v2/paymentrequest \
-d "api_key=YOUR_API_KEY" \
-d "order_id=ORD-1001" \
-d "amount=149.00" \
-d "currency=INR" \
-d "description=Order 1001" \
-d "name=Amit Kumar" \
-d "email=amit@example.com" \
-d "phone=9900990099" \
-d "city=Bangalore" \
-d "country=IND" \
-d "zip_code=560001" \
-d "return_url=https://yoursite.com/payment/return" \
-d "hash=YOUR_COMPUTED_HASH"
<?php
$params = [
"api_key" => $apiKey,
"order_id" => "ORD-1001",
"amount" => "149.00",
"currency" => "INR",
"description" => "Order 1001",
"name" => "Amit Kumar",
"email" => "amit@example.com",
"phone" => "9900990099",
"city" => "Bangalore",
"country" => "IND",
"zip_code" => "560001",
"return_url" => "https://yoursite.com/payment/return",
];
$params["hash"] = generateHashKey($params, $salt); // see Hash calculation
$ch = curl_init("https://pgbiz.omniware.in/v2/paymentrequest");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
import crypto from "node:crypto";
function generateHash(params, salt) {
const sorted = Object.keys(params).sort();
const hashData = [salt, ...sorted.map(k => params[k]).filter(v => v && String(v).length > 0)].join("|");
return crypto.createHash("sha512").update(hashData).digest("hex").toUpperCase();
}
const params = {
api_key: process.env.OMNIWARE_API_KEY,
order_id: "ORD-1001",
amount: "149.00",
currency: "INR",
description: "Order 1001",
name: "Amit Kumar",
email: "amit@example.com",
phone: "9900990099",
city: "Bangalore",
country: "IND",
zip_code: "560001",
return_url: "https://yoursite.com/payment/return",
};
params.hash = generateHash(params, process.env.OMNIWARE_SALT);
const body = new URLSearchParams(params);
const res = await fetch("https://pgbiz.omniware.in/v2/paymentrequest", { method: "POST", body });
import hashlib
import requests
def generate_hash(params: dict, salt: str) -> str:
parts = [salt] + [str(params[k]) for k in sorted(params) if str(params[k])]
return hashlib.sha512("|".join(parts).encode()).hexdigest().upper()
params = {
"api_key": API_KEY,
"order_id": "ORD-1001",
"amount": "149.00",
"currency": "INR",
"description": "Order 1001",
"name": "Amit Kumar",
"email": "amit@example.com",
"phone": "9900990099",
"city": "Bangalore",
"country": "IND",
"zip_code": "560001",
"return_url": "https://yoursite.com/payment/return",
}
params["hash"] = generate_hash(params, SALT)
r = requests.post("https://pgbiz.omniware.in/v2/paymentrequest", data=params)
import java.net.http.*;
import java.net.URI;
import java.security.MessageDigest;
import java.util.*;
import java.util.stream.Collectors;
static String generateHash(Map<String, String> params, String salt) throws Exception {
StringBuilder hashData = new StringBuilder(salt);
params.entrySet().stream()
.sorted(Map.Entry.comparingByKey())
.filter(e -> e.getValue() != null && !e.getValue().isEmpty())
.forEach(e -> hashData.append("|").append(e.getValue()));
MessageDigest md = MessageDigest.getInstance("SHA-512");
byte[] digest = md.digest(hashData.toString().getBytes());
StringBuilder hex = new StringBuilder();
for (byte b : digest) hex.append(String.format("%02X", b));
return hex.toString();
}
Map<String, String> params = new TreeMap<>();
params.put("api_key", apiKey);
params.put("order_id", "ORD-1001");
params.put("amount", "149.00");
params.put("currency", "INR");
params.put("description", "Order 1001");
params.put("name", "Amit Kumar");
params.put("email", "amit@example.com");
params.put("phone", "9900990099");
params.put("city", "Bangalore");
params.put("country", "IND");
params.put("zip_code", "560001");
params.put("return_url", "https://yoursite.com/payment/return");
params.put("hash", generateHash(params, salt));
String body = params.entrySet().stream()
.map(e -> e.getKey() + "=" + java.net.URLEncoder.encode(e.getValue(), "UTF-8"))
.collect(Collectors.joining("&"));
HttpRequest req = HttpRequest.newBuilder()
.uri(URI.create("https://pgbiz.omniware.in/v2/paymentrequest"))
.header("Content-Type", "application/x-www-form-urlencoded")
.POST(HttpRequest.BodyPublishers.ofString(body))
.build();
In production you'll typically render an HTML form with these fields and auto-submit it from the browser, so the customer ends up on the Omniware hosted page directly.
3. Handle the return
After the customer pays (or cancels), Omniware will POST the result back to your return_url. Recompute the hash on the returned fields and check it matches the hash Omniware sent. Only then mark the order paid.
See the full parameter list and response schema on the Payment Request page.
What to try next
Generate a one-time payment URL on your server and hand it to your mobile app — no hash exposure on-device.
Pull authoritative status by order ID instead of trusting the redirect.
Wrap the parameters in AES-256-CBC for an extra layer when going through untrusted intermediaries.
Receive S2S callbacks for payments and settlements instead of polling.