Flutter SDK

Flutter is an open-source SDK. It is used by developers to develop solutions for different operating systems and the web from a single codebase.

The Cashfree Flutter SDK allows you to integrate Cashfree Payment Gateway with your application and start collecting payments from your customers. It opens the payment page in a webview. The Cashfree SDK has been designed to minimise the complexity of handling and integrating payments in your Flutter project.

The Cashfree Flutter SDK is available here.

Integration Steps

To integrate Cashfree SDK with your Flutter application,

  1. Initiate Payment - Invoke a payment API from the Cashfree SDK with the token generated when the customer initiates payment for an order from your application. Cashfree SDK displays appropriate screens to the customer for the payment.

  2. Receive and handle response - Cashfree SDK returns a response after the payment flow is complete.

  3. Verify response - We recommend you to verify the payment response using webhooks and by checking the signature value returned in the payment response.

Step 1: Create an account with Cashfree and get the API Keys.

  1. Go to Cashfree website and create an account. Click here for detailed steps on how to create and activate your account.

  2. Login to your Merchant Dashboard using the same credentials.

  3. In the Payment Gateway section click View Dashboard > Credentials. For security purposes, you need to enter your password for verification.

  4. Copy the app ID and the secret key. These values are required to create the order token from your server. Order tokens are used to authenticate the API calls made from Cashfree Flutter SDK.

Step 2: Integrate Cashfree SDK in your application

To integrate the SDK, follow the steps below:

Step 2a: Add Dependency

Open the pubspec.yaml file located inside the app folder, and add cashfree_pg: under dependencies.

cashfree_pg: 2.0.0+17

Step 2b: Add permissions (Android)

The Cashfree PG SDK requires that you add the INTERNET permission in your Android Manifest file.

<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application ...>
  • Android Gradle Plugin Version - 4.1.1 or higher

  • Android Gradle Version - 6.5 or higher

Step 2c: Set the tools:node attribute to merge in the definition of your application element in the Android Manifest file.

<application
...
tools:node="merge">
<!--Only add it if you need Auto OTP reading feature is enabled-->
<meta-data android:name="com.google.android.gms.version"
android:value="@integer/google_play_services_version" />
</application>

Step 3: Generate Token (From Backend)

The cftoken is used to authenticate the payment requests made from SDK. It has to be generated for every payment attempt made for an order. Pass this token to the SDK while initiating the payment for that order. For generating a cftoken you need to use our token generation API.

Ensure that this API is called only from your backend as it uses a secret key. This API should never be called from the App.

Request Description to Generate Token

Production - set the URL tohttps://api.cashfree.com/api/v2/cftoken/order

Testing - set the URL to https://test.cashfree.com/api/v2/cftoken/order

You need to send orderId, orderCurrency and orderAmount as a JSON object to the API endpoint and in response, you will receive a token. See the description of the request below.

curl -XPOST -H 'Content-Type: application/json'
-H 'x-client-id: <YOUR_APP_ID>'
-H 'x-client-secret: <YOUR_SECRET_KEY>'
-d '{
"orderId": "<ORDER_ID>",
"orderAmount":<ORDER_AMOUNT>,
"orderCurrency": "<ORDER_CURRENCY>"
}' '<TEST_OR_PROD_API_URL>’'

Request Example: Replace YOUR_APP_ID and YOUR_SECRET_KEY with actual values.

curl -XPOST -H 'Content-Type: application/json' -H 'x-client-id: 7051d9675fae9ae886f9de1b1507' -H 'x-client-secret: 90c0919f5f4b31a06eb8ba3042f57272166ccdfb' -d '{
"orderId": "Order0001",
"orderAmount":1,
"orderCurrency":"INR"
}' 'https://test.cashfree.com/api/v2/cftoken/order'

Response Example

{
"status": "OK",
"message": "Token generated",
"cftoken": "v79JCN4MzUIJiOicGbhJCLiQ1VKJiOiAXe0Jye.s79BTM0AjNwUDN1EjOiAHelJCLiIlTJJiOik3YuVmcyV3QyVGZy9mIsEjOiQnb19WbBJXZkJ3biwiIxADMwIXZkJ3TiojIklkclRmcvJye.K3NKICVS5DcEzXm2VQUO_ZagtWMIKKXzYOqPZ4x0r2P_N3-PRu2mowm-8UXoyqAgsG"
}

The "cftoken" is used to authenticate your payment request.

Step 4: Initiate Payment

To initiate payments, your application passes the order info and the cftoken to the SDK. The relevant payment screen is displayed to the customer where they enter the required information and make the payment. Flutter SDK verifies the payment after it is complete and sends a response to the application. The application handles the response appropriately.

The order details passed during the token generation and the payment initiation should match. Else, you will get an `Invalid order details` error.

Wrong appId and token will result in `Unable to authenticate merchant` error. The token generated for payment is valid for 5 minutes within which the payment has to be initiated. Else, you will get an `Invalid token` error.

Step 5. Receive and Handle Response

When you invoke the SDK function, it returns Future as response.

Step 6. Verify Response

We recommend you to verify the payment response using webhooks. You can also verify the response by checking the signature in the payment response.

Sample Application

Click here to view the sample application.

Web Checkout

Web Checkout is the standard flow for Cashfree Flutter SDK. In this flow, the SDK loads a webview which renders the payment page. The customer can fill the required payment details here to complete the payment. The Web Checkout can be used in two ways:

  1. Web Checkout using Cashfree UI: Customer selects the payment mode and enters the payment details within the Cashfree's web payment page to complete the payment.

  2. Seamless Web Checkout: Customer selects the payment mode and enters payment details in your application. These details are then passed on to the Cashfree SDK. Webview is launched only for two-factor authentication.

For both the modes you need to invoke the doPayment() method. However, there are a few additional parameters you need to pass for seamless integration.

Web Checkout using Cashfree UI

Here, you can use our prebuilt Cashfree UI to accept payments. For both Web Checkout and Seamless Web Checkout you need to invoke the doPayment() method. However, there are a few extra parameters you need to pass for seamless integration method.

doPayment

Future<Map<dynamic, dynamic>> doPayment(Map<String, dynamic> inputs)

Initiates the payment in a webview. The customer will be taken to the payment page on the cashfree server where they will have the option to pay through any payment option that is activated on their account. Once the payment is done the webview will close and the response will be delivered in the callback.

Parameters:

Seamless Web Checkout

When your business requires a customised payment flow, you can use the seamless integration method. You can implement the payment page as per your requirement and then use our SDK to authorise the payment. Once the payment details are collected the OTP or the two-factor authentication page will open in a webview. After the payment is confirmed the webview closes and you will receive a response.

We recommend that you use Web Checkout using Cashfree UI integration unless you are certain that you require a customised payment flow.

The following sections describe the additional parameters for each of the payment methods:

Credit/Debit Card

Add the following parameters to the params map before invoking doPayment() method to initiate a seamless card transaction.

inputs[ "paymentOption"] = “card”;
inputs[ "card_number"] = “4434260000000008”; //Replace Card number
inputs[ "card_expiryMonth"] = “05”; // Card Expiry Month in MM
inputs[ "card_expiryYear"] = “2021”; // Card Expiry Year in YYYY
inputs[ "card_holder"] = “John Doe”; // Card Holder name
inputs[ "card_cvv"] = “123”; // Card CVV

Net Banking

Add the following parameters to the params map before invoking doPayment() method to initiate a seamless net banking transaction. All valid bank codes are available here.

inputs[ "paymentOption"] = “nb”;
inputs[ "paymentCode"] = “3333”; // Put correct bank code here

Wallet

Add the following parameters to the params map before invoking doPayment() method to initiate a seamless wallet transaction. All valid wallet codes are available here.

inputs[ "paymentOption"] = “wallet”;
inputs[ "paymentCode"] = “4001”; // Put correct wallet code here

UPI

Add the following parameters to the params map before invoking doPayment() method to initiate a seamless UPI transaction.

inputs[ "paymentOption"] = “upi”;
inputs[ "upi_vpa"] = “[email protected]”; // Put correct upi vpa here

Paypal

Add the following parameters to the params map before invoking doPayment() method to initiate a seamless Paypal transaction.

inputs[ "paymentOption"] = "paypal";

Sample Code

//Replace with actual values
String stage = "TEST";
String orderId = "Order Id";
String orderAmount = "ORDER AMOUNT";
String tokenData = "TOKEN_DATA";
String customerName = "Customer Name";
String orderNote = "Order Note";
String orderCurrency = "INR";
String appId = "APP_ID";
String customerPhone = "9999999999";
String customerEmail = "[email protected]";
String notifyUrl = "https://test.gocashfree.com/notify";
Map<String, dynamic> inputParams = {
"orderId": orderId,
"orderAmount": orderAmount,
"customerName": customerName,
"orderNote": orderNote,
"orderCurrency": orderCurrency,
"appId": appId,
"customerPhone": customerPhone,
"customerEmail": customerEmail,
"stage": stage,
"notifyUrl": notifyUrl
};
CashfreePGSDK.doPayment(inputParams)
.then((value) => value?.forEach((key, value) {
print("$key : $value");
//Do something with the result
}));
}

UPI Intent

When the doUPIPayment method is invoked the customer is shown a list of all the installed UPI applications on their phone. After the customer selects their preferred application, the payment confirmation page will open in the application. After payment completion, the response is delivered through a “Future”.

Steps to integrate

After generating the token and adding permissions for Android (mentioned above), the following are the steps to Integrate the UPI Intent into your flutter application:

1. Open the iOS application using XCode or any text editor and add the following into its info.plist file

<key>LSApplicationCategoryType</key>
<string></string>
<key>LSApplicationQueriesSchemes</key>
<array>
<string>phonepe</string>
<string>tez</string>
<string>paytm</string>
</array>

2. Import the cashfree-pg in your .dart file by using the following

import ‘package:cashfree_pg/cashfree_pg.dart’

doUPIPayment

Future<Map<dynamic, dynamic>> doUPIPayment(Map<String, dynamic> inputs)

This function initiates the UPI Payment and the customer is shown a list of all the UPI client applications (Paytm, GPay, PhonePe etc.) on their phone. This allows the customer to select any UPI application of their choice to pay with. Once the payment is completed the UPI page will close and the response will be delivered through a Future. (See Sample Code below).

Parameters

A map of relevant parameters described in the Request Parameters.

Payments on Test server will go via UPI simulator and will be considered as mock payments. Switch to Production server to do live payments.

Create a new order ID every time you invoke the UPI payment flow since UPI intent flow can be initiated once per order ID.

Sample Code

//Replace with actual values
String stage = "TEST";
String orderId = "Order Id";
String orderAmount = "ORDER AMOUNT";
String tokenData = "TOKEN_DATA";
String customerName = "Customer Name";
String orderNote = "Order Note";
String orderCurrency = "INR";
String appId = "APP_ID";
String customerPhone = "9999999999";
String customerEmail = "[email protected]";
String notifyUrl = "https://test.gocashfree.com/notify";
Map<String, dynamic> inputParams = {
"orderId": orderId,
"orderAmount": orderAmount,
"customerName": customerName,
"orderNote": orderNote,
"orderCurrency": orderCurrency,
"appId": appId,
"customerPhone": customerPhone,
"customerEmail": customerEmail,
"stage": stage,
"notifyUrl": notifyUrl
};
CashfreePGSDK.doUPIPayment(inputParams)
.then((value) => value?.forEach((key, value) {
print("$key : $value");
//Do something with the result
}));
}

Seamless UPI Intent

When you want to show your own customised payment screen with specific UPI payment applications, you can use our seamless UPI integration method. Here customers click on the required application and make the payment. You can implement the payment page as per your requirement and then use our SDK to authorise the payment.

Follow the steps below for seamless UPI intent flow:

1. Call the getUPIApps method to get the list of all installed UPI applications.

CashfreePGSDK.getUPIApps().then((value) => {
// Value is a List of MAP<String, String>
// It consists of 3 keys "displayName", "id" and a base64 string "icon"
// You can convert the base64 string to image and display the app icon
})
});
//NOTE:- If you wish to use the application Icon provided by Cashfree,
the below code can be used to convert base64 String to image.
Uint8List _imageBytesDecoded;
_imageBytesDecoded = Base64Codec().decode(app["icon"]);
// Inside a Widget, you can use this to show icons
Center(
child: this._imageBytesDecoded != null ? Image.memory(_imageBytesDecoded,fit: BoxFit.cover,) : Icon(Icons.image),
)

2. Send "id" retrieved by the above method as value to the key "appName".

Map<String, dynamic> inputParams = {
.................
.................
.................
.................
.................
"appName": selectedApp["id"], // This is one of the Map<> from the getUPIApps() method
};
// Then invoke the doUPIPayment Method
CashfreePGSDK.doUPIPayment(inputParams)
.then((value) => value?.forEach((key, value) {
print("$key : $value");
//Do something with the result
}));

Parameters:

  • params: A map of all the relevant parameters described in the Request Parameters section below.

Customise Appbar

If you want to customise the appbar colour and the text color, use the following parameters:

  1. color1: Appbar background color.

  2. color2: Text and back arrow color.

inputs[ "color1"] = “00FFFF”; // Use hexadecimal values for background color
inputs[ "color2"] = “00FFFF”; // Use hexadecimal values for text color

Verify Response

It is recommended to verify the payment response from the SDK using one of the following methods.

Webhook Notifications

We send a notification from Cashfree backend to your backend whenever a payment is successful for an order. This is useful for users in cases when the internet connection is not stable after payment. This will allow you to reconcile all the successful orders at your end. The notification will be sent to notifyUrl which is specified during order creation. The parameters sent in notification are described here.

To specify notifyUrl, add it with other parameters (orderId, orderAmount etc.) as shown below:

inputs[ "notifyUrl"] = “https://example.com/path/to/notify/url/”;

Notifications are usually instant but rarely can take a minute to hit your server. Make sure that your url supports https. Notifications are sent only in the case of successful payments. Sometimes you may receive the same notification two or more times. It is recommended to ensure that your implementation of the webhook is idempotent. Ensure that you verify the signature in the webhook response.

Verify Signature

Verify the signature value in the payment response to check the authenticity of the transaction response. In every response, we add a digital signature to establish the authenticity of the message. We require you to verify this received signature at your end. This will verify if the response has tampered. This verification has to be done on your server as it will involve secretKey which should not be exposed on the client side.

PHP
PYTHON
JAVA
CSHARP
PHP
<?php
$orderId = $_POST["orderId"];
$orderAmount = $_POST["orderAmount"];
$referenceId = $_POST["referenceId"];
$txStatus = $_POST["txStatus"];
$paymentMode = $_POST["paymentMode"];
$txMsg = $_POST["txMsg"];
$txTime = $_POST["txTime"];
$signature = $_POST["signature"];
$data = $orderId.$orderAmount.$referenceId.$txStatus.$paymentMode.$txMsg.$txTime;
$hash_hmac = hash_hmac('sha256', $data, $secretkey, true) ;
$computedSignature = base64_encode($hash_hmac);
if ($signature == $computedSignature) {
// Proceed
} else {
// Reject this call
}
?>
PYTHON
import hashlib
import hmac
import base64
@app.route('/notify_url/', methods=["POST"])
def notify_url_process():
postData = {
"orderId" : request.form['orderId'],
"orderAmount" : request.form['orderAmount'],
"referenceId" : request.form['referenceId'],
"txStatus" : request.form['txStatus'],
"paymentMode" : request.form['paymentMode'],
"txMsg" : request.form['txMsg'],
"txTime" : request.form['txTime'],
}
signatureData = postData["orderId"] + postData["orderAmount"] + postData["referenceId"] + postData["txStatus"] + postData["paymentMode"] + postData["txMsg"] + postData["txTime"]
message = bytes(signatureData).encode('utf-8')
#get secret key from your config
secret = bytes(secretKey).encode('utf-8')
signature = base64.b64encode(hmac.new(secret,
message,digestmod=hashlib.sha256).digest())
JAVA
LinkedHashMap<String, String> postData = new LinkedHashMap<String, String>();
postData.put("orderId", ORDERID);
postData.put("orderAmount", ORDERAMOUNT);
postData.put("referenceId", REFERENCE_ID);
postData.put("txStatus", TXN_STATUS);
postData.put("paymentMode", PAYMENT_MODE);
postData.put("txMsg", TX_MSG);
postData.put("txTime", TX_TIME);
String data = "";
Set<String> keys = postData.keySet();
for (String key : keys) {
data = data + postData.get(key);
}
String secretKey = "" // Get secret key from config;
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key_spec = new
SecretKeySpec(secretKey.getBytes(),"HmacSHA256");
sha256_HMAC.init(secret_key_spec);
String signature = Base64.getEncoder().encodeToString(sha256_HMAC.doFinal(data.getBytes()));
CSHARP
using System;
using System.Security.Cryptography;
using System.Collections.Generic;
namespace Rextester {
public class Program {
private string CreateToken(string message, string secret){
secret = secret ?? "";
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(message);
using (var hmacsha256 = new HMACSHA256(keyByte))
{
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
return Convert.ToBase64String(hashmessage);
}
}
public static void Main(string[] args) {
string secret = "<your_secret_key>";
string data = "";
data = data + "FEX101";
data = data + "10.00";
data = data + "19992";
data = data + "SUCCESS";
data = data + "pg";
data = data + "payment done";
data = data + "2018-02-02 17:29:12";
Program n = new Program();
string signature = n.CreateToken(data, secret);
Console.WriteLine(signature);
}
}
}

Request and Response Parameters

Request Parameters

Parameter

Required

Description

color1

Yes

Background color value of the top bar as Hex String. ex:- "#FFFFFF"

color2

Yes

Text color of the topbar as Hex String. ex:- "#000000"

stage

Yes

Environment - TEST or PROD

appId

Yes

Your app id

orderId

Yes

Order/Invoice Id

orderAmount

Yes

Bill amount of the order

orderNote

No

A help text to make customers know more about the order

orderCurrency

Yes

Currency code of the order. Default is INR.

customerName

No

Name of the customer

customerPhone

Yes

Phone number of customer

customerEmail

Yes

Email ID of the customer

tokenData

Yes

Token generated here

notifyUrl

No

Notification URL for server-server communication. Useful when a user's connection drops after completing payment.

paymentModes

No

Allowed payment modes for this order. Available values: cc, dc, nb, paypal, upi, wallet. Leave it blank if you want to display all modes.

Response parameters

These parameters contain the details of the transaction.

Parameter

Description

orderId

Order id for which transaction has been processed. Ex: GZ-212

orderAmount

Amount of the order. Ex: 256.00

paymentMode

Payment mode of the transaction.

referenceId

Cashfree generated unique transaction Id. Ex: 140388038803

txStatus

Payment status for that order. Values can be : SUCCESS, FLAGGED, PENDING, FAILED, CANCELLED.

paymentMode

Payment mode used by customers to make the payment. Ex: DEBIT_CARD, MobiKwik, etc

txMsg

Message related to the transaction. Will have the reason, if payment failed

txTime

Time of the transaction

type

Fixed value : CashFreeResponse. To identify the response is from Cashfree SDK.

signature

Response signature

  • There can be scenarios where the SDK is not able to verify the payment within a short period of time. The status of such orders will be PENDING.

  • If the Webview closes immediately after it is opened then it could be because of some issues with the input that is passed to the SDK. Check the inputs passed and if you still need further help reach out to us at [email protected].

  • If you are getting INCOMPLETE as the transaction status please reach out to your account manager or [email protected] To know more about the transaction statuses, click here.

Checklist

Checklist to Go Live

  • Ensure you trigger https://api.cashfree.com/api/v2/cftoken/orderendpoint to generate the Token.

  • Pass the Production appId/secretKey in the x-client-id and x-client-secret of the token request API. Obtain these appId/secretKey here in the Production section.

  • When calling doPayment() ensure that the stage parameter is PROD.

  • When calling doPayment() ensure the params map is sent to your appId. Ensure it is the correct production appId.

Checklist to Test the Integration

  • Ensure you trigger https://test.cashfree.com/api/v2/cftoken/orderendpoint to generate the Token

  • Pass the Test appId/secretKey in the x-client-id and x-client-secret of the token request API. Obtain these appId/secretKey here in the Sandbox section.

  • When calling doPayment() ensure that the stage parameter is TEST.

  • When calling doPayment() ensure the params map is sent to your appId. Ensure it is the correct test appId.

FAQs

1. Gradle error message is displayed while building Android APK. How do I resolve it?

- Could not determine the dependencies of task ':app:compileDebugJavaWithJavac'. - Could not resolve all dependencies for configuration ':app:debugCompileClasspath'. - Problems reading data from Binary store

If you get any of the above errors, follow the steps below:

  1. Open the Flutter project folder.

  2. Open android/build.gradle file. Change classpath("com.android.tools.build:gradle:x.y.z") to classpath("com.android.tools.build:gradle:4.1.1") or higher.

  3. Open android/gradle/wrapper/gradle-wrapper.properties. Change "distributionUrl=https\://services.gradle.org/distributions/gradle-a.b-all.zip" to "distributionUrl=https\://services.gradle.org/distributions/gradle-6.5-all.zip" or higher.

  4. Build the android project.

2. Error message is displayed while building Android APK using the command flutter build apk --split-per-abi. How do I resolve it?

Failure: Build failed with an exception in script '/Users/user/Documents/flutter-SDK/flutter/packages/flutter_tools/gradle/flutter.gradle' line: 646 - A problem occurred evaluating root project 'android'. - A problem occurred configuring project ':app'. - The value for this property cannot be changed any further.

If you see the above error, follow the steps below:

  1. Check flutter version using flutter --version.

  2. If flutter version is Flutter 1.22.6 • channel stable, change the channel to beta by running the following commands: a. flutter channel beta b. flutter upgrade

  3. Run this command to build the APK flutter build apk --split-per-abi.

3. Error message is displayed while building Android APK:Execution failed for task ':app:generateReleaseBuildConfig'. How do I resolve it?

Failure: Build failed with an exception. Execution failed for task ':app:generateReleaseBuildConfig'. > Failed to calculate the value of task ':app:generateReleaseBuildConfig' property 'buildConfigPackageName'. > Failed to query the value of property 'packageName'. > org.xml.sax.SAXParseException; systemId: file:/Users/user/Desktop/another_test/android/app/src/main/AndroidManifest.xml; lineNumber: 13; columnNumber: 28; The prefix "tools" for attribute "tools:node" associated with an element type "application" is not bound. If you see the above error, follow the steps below:

  1. Open the Flutter project folder.

  2. Open “android/app/src/main/AndroidManifest.xml” and add the below code:

    <manifest………….

    xmlns: tools=”http://schemas.android.com/tools

    ……>