Description
n8n-nodes-phonepe
This n8n community node lets you integrate PhonePe Payment Gateway into your workflows. It supports payment creation, status checking, refunds, and secure webhook verification.
๐ Features
- Create Payment Links – Generate UPI payment links for customers
- Check Payment Status – Query transaction status in real-time
- Process Refunds – Initiate full or partial refunds
- Verify Webhooks – Cryptographically validate PhonePe callbacks to prevent fraud
๐ฆ Installation
Community Nodes (Recommended)
- Go to Settings > Community Nodes in your n8n instance
- Click Install and enter:
n8n-nodes-phonepe - Agree to the risks and click Install
Manual Installation
npm install n8n-nodes-phonepe
For self-hosted n8n, restart your instance after installation.
๐ Credentials Setup
You'll need PhonePe merchant credentials to use this node:
- Merchant ID – Your unique merchant identifier (e.g.,
PGTESTPAYUAT86) - Salt Key – Secret key for checksum generation
- Salt Index – Usually
1(check your PhonePe dashboard)
Getting Test Credentials
For development, use PhonePe's sandbox environment:
- Merchant ID:
PGTESTPAYUAT86 - Salt Key:
099eb0cd-02cf-4e2a-8aca-3e6c6aff0399 - Salt Index:
1
โ ๏ธ Never use sandbox credentials in production!
Getting Production Credentials
- Register at PhonePe Merchant Dashboard
- Complete KYC verification
- Find credentials under Settings > API Keys
๐ฏ Operations
1. Create Payment Link
Generate a payment link for customers to complete UPI payments.
Inputs:
- Transaction ID (max 35 alphanumeric characters)
- Amount in INR (minimum โน1)
- Redirect URL (where to send customers after payment)
- Callback URL (webhook endpoint for payment updates)
Output:
{
"success": true,
"code": "PAYMENT_INITIATED",
"data": {
"merchantId": "PGTESTPAYUAT86",
"merchantTransactionId": "TX123456",
"instrumentResponse": {
"type": "PAY_PAGE",
"redirectInfo": {
"url": "https://mercury-uat.phonepe.com/transact/pg?token=..."
}
}
}
}
2. Check Payment Status
Query the current status of any transaction.
Inputs:
- Transaction ID of the payment to check
Output:
{
"success": true,
"code": "PAYMENT_SUCCESS",
"data": {
"merchantId": "PGTESTPAYUAT86",
"merchantTransactionId": "TX123456",
"transactionId": "T2411191234567890123456",
"amount": 10000,
"state": "COMPLETED"
}
}
3. Refund Payment
Initiate a full or partial refund for completed transactions.
Inputs:
- Original Transaction ID
- Refund Amount in INR (must be > 0 and โค original amount)
Output:
{
"success": true,
"code": "PAYMENT_PENDING",
"data": {
"merchantId": "PGTESTPAYUAT86",
"merchantTransactionId": "TX123456_REFUND_1700123456789",
"transactionId": "TR2411191234567890123456",
"amount": 5000,
"state": "PENDING"
}
}
4. Verify Webhook
๐ Security Feature – Validate that webhook callbacks are genuinely from PhonePe, not spoofed by attackers.
Why This Matters:
Without verification, an attacker could send fake "payment successful" webhooks to your system, causing you to ship products without receiving payment.
Inputs:
- Webhook Payload (base64) – The
responsefield from PhonePe's callback - X-VERIFY Header – The signature header from the webhook request
Output:
{
"isValid": true,
"status": "VERIFIED",
"message": "Webhook signature is valid",
"webhookData": {
"merchantId": "PGTESTPAYUAT86",
"transactionId": "T2411191234567890123456",
"amount": 10000,
"state": "COMPLETED"
}
}
๐ Example Workflows
Basic Payment Flow
1. Manual Trigger
โ
2. PhonePe Node โ Create Payment Link
โ
3. Send Email with payment link
Webhook Verification Flow
1. Webhook Trigger (receives PhonePe callback)
โ
2. PhonePe Node โ Verify Webhook
โ
3. IF Node โ Check if "isValid" is true
โ
โโ TRUE โ Update database, Send confirmation
โโ FALSE โ Log security alert, Notify admin
Refund Processing
1. Customer requests refund
โ
2. PhonePe Node โ Check Payment Status
โ
3. IF Node โ Check if state is "COMPLETED"
โ
4. PhonePe Node โ Refund Payment
โ
5. Send refund confirmation email
๐ Security Best Practices
1. Always Verify Webhooks
Never trust webhook data without verification. Use the "Verify Webhook" operation before processing payments.
2. Use HTTPS Callback URLs
PhonePe requires HTTPS endpoints for production. Use ngrok or similar tools for local testing.
3. Validate Transaction IDs
The node validates that transaction IDs are:
- Alphanumeric (letters, numbers, hyphens, underscores)
- Maximum 35 characters
- Unique per transaction
4. Rate Limiting
Implement rate limiting in your workflows to prevent API abuse. PhonePe may suspend accounts that exceed rate limits.
5. Store Credentials Securely
- Never commit credentials to version control
- Use n8n's encrypted credential storage
- Rotate salt keys periodically in production
๐ Troubleshooting
"Invalid X-VERIFY header"
- Cause: Incorrect salt key or salt index
- Solution: Verify credentials in PhonePe dashboard
"Transaction ID already exists"
- Cause: Duplicate transaction ID
- Solution: Generate unique IDs (append timestamp:
TX${Date.now()})
"Amount must be greater than 0"
- Cause: Invalid amount input
- Solution: Ensure amount is a positive number in INR
"Webhook signature is invalid"
- Cause: Webhook may be spoofed or credentials don't match
- Solution: Verify you're using the correct merchant credentials
๐งช Testing
See TESTING.md for detailed testing instructions with the sandbox environment.
๐ Resources
๐ค Contributing
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request with tests
๐ License
๐ฌ Support
- Issues: GitHub Issues
- Questions: n8n Community Forum
- Email: mhp8195@gmail.com
โ ๏ธ Disclaimer
This is a community-maintained node, not officially supported by PhonePe. Use at your own risk and ensure compliance with PhonePe's terms of service.
Built with โค๏ธ for the n8n community
