1. Create Order

Create an order from with Cashfree from your backend


Order creation must happen from your backend (as this API uses your secret key).

To process any payment on Cashfree Payment Gateway, the merchant needs to create an order in the Cashfree system. On successful creation of the order, you will receive a payment_session_id which can be used in our Javascript Checkout SDK to redirect to Cashfree's checkout page.

Cashfree provides two environments, one being the sandbox environment for developers to test the payment flow & responses and the other being production environment which gets shipped to production. The URL for these are -
Production -> https://api.cashfree.com/pg/orders
Sandbox -> https://sandbox.cashfree.com/pg/orders

Curl Request

Following is a sample curl request that can be used.

curl  --request POST \
 --url https://sandbox.cashfree.com/pg/orders \
 --header 'Content-Type: application/json' \
 --header 'x-api-version: 2022-09-01' \
 --header 'x-client-id: <App ID>' \
 --header 'x-client-secret: <Secret Key>' \
 --data '{
  "order_id": "order_1626945143520",
  "order_amount": 10.12,
  "order_currency": "INR",
  "order_note": "Additional order info",
  "customer_details": {
   "customer_id": "12345",
    "customer_name": "name",
    "customer_email": "[email protected]",
    "customer_phone": "9816512345"
  "cf_order_id": 1539553,
  "created_at": "2021-07-19T16:13:35+05:30",
  "customer_details": {
    "customer_id": "7112AAA812234",
    "customer_name": null,
    "customer_email": "[email protected]",
    "customer_phone": "9908734801"
  "entity": "order",
  "order_amount": 5.01,
  "order_currency": "INR",
  "order_expiry_time": "2021-08-18T16:13:34+05:30",
  "order_id": "order_271vWwzSQOHe01ZVXpEcguVxQSRqr",
  "order_meta": {
    "return_url": "https://b8af79f41056.eu.ngrok.io?order_id={order_id}",
    "notify_url": "https://b8af79f41056.eu.ngrok.io/webhook.php",
    "payment_methods": null
  "order_note": null,
  "order_status": "PAID",
  "payment_session_id": "session_7NvteR73Fh11P3f3bNdcubIAJgBJJgGK9diC6U5jvr_jfWBS8o-Z2iPf20diqBMVfWDwvARGrISZRCPoDSWjw4Eb1GrKtoZZQT_BWyXW25fD",
  "payments": {
    "url": "https://sandbox.cashfree.com/pg/orders/order_271vWwzSQOHe01ZVXpEcguVxQSRqr/payments"
  "refunds": {
    "url": "https://sandbox.cashfree.com/pg/orders/order_271vWwzSQOHe01ZVXpEcguVxQSRqr/refunds"
  "settlements": {
    "url": "https://sandbox.cashfree.com/pg/orders/order_271vWwzSQOHe01ZVXpEcguVxQSRqr/settlements"

Use test API keys for creating order in Sandbox/test environment and prod API keys for creating order in production environment. Refer here to know how to generate or view API keys.

order_idstring optional (min 3, max 50, alphanumeric with _ and -)Order identifier for your system.order_8123
order_amountfloat required (provide in two decimal places)Order amount.101.12 (INR 101.12 implies
rupees 100 and 12 paisa)
order_currencystring requiredValid order currency. We use the ISO 4217 currency list.INR
customer_detailsobject requiredThis is a custom object which contains customer_detailsSee below for details of this object
order_metaobject optionalThis is a custom object which contains information about available payment modes for this order, webhook url and notify url.See below for details of this object.
order_expiry_timestring optionalTime after which the order expires. This is the time after which customers will not be able to make the payment "attempt". Any delayed payment received from the bank side post this time (whose attempt was done within expiry time) will be reversed.2021-07-29T00:00:00Z
order_notestring optionalOrder related extra detail

There are two objects in the above payload which require some more context - customer_details and order_meta

Customer Details

The customer details are required for risk checks and in providing a seamless experience to repeat customers.

customer_idstring required (alphanumeric with - and _ allowed)This is is the identifier for the customer in your system. (Example - customer1234)
customer_namestring required (Special characters are not allowed)Name of your customer.
customer_emailstring required Email id of the customer[email protected]
customer_phonestring required Phone of the customerPlease provide valid 10 digit phone number.

Order Meta

The meta object can be used to control the payment behaviour. You can customize the payment options available to the customer for this order and also configure the webhook endpoint.

return_urlstring optionalThis is the return url for redirection based payments. When a customer makes a card payment they are redirected from your website to the bank's OTP page. From there the customer is redirected back to your The return_url must contain placeholder {order_id}. When redirecting the customer back to the return url from the bank’s OTP page, Cashfree will replace these placeholder with the actual value for that order.

Example - Let's say you provide a return url like https://merchant.in/pg/process_return?order_id={order_id}
when the customer is getting back to your page from the bank's OTP page. We will hit the following url - https://merchant.in/pg/process_return?cf_id=order_12

Only https url allowed in production, http is allowed only in sandbox.

Refer here for more details on how to handle return URL
notify_urlstring optionalThe webhook url is required to get successful or failed webhooks after a payment on an order is completed.

Only https url allowed in production, http is allowed only in sandbox.
payment_methodsstring optionalList of payment modes. Use the following values - cc, dc, ccc, ppc, nb, upi, paypal, emi, app paylater.

For example, if you want to accept only net banking and UPI from customers, you must pass the following value - "nb,upi".


If the order creation is successful you will receive a 200 response and the order entity in response. This order entity contains relevant details for the order and the details provided in the request.

We recommend that you store the following parameters at your end cf_order_id, payment_session_id, and the order_status. The below table should help you understand the order response.

cf_order_idThis is the identifier for this order in Cashfree's system.
created_atThe time when this order was created in Cashfree's system.
order_idOrder Id provided by the merchant. If merchant does not provide an order id we auto-generate one.
order_amount , order_currencyOrder amount and the currency for this order.
order_expiry_timeThis is the maximum time beyond which Cashfree will not accept payment for this order.
payment_session_idThis is the session id which will used in JS SDK to redirect to checkout page. See next steps for a better understanding.
order_statusThe order status -ACTIVE, PAID, EXPIRED.

An order when created is ACTIVE in the Cashfree Payments system. It will either be paid or get expired after a certain time.
order_noteThe note passed by the merchant for this order.
customer_detailsThese are the customer details passed by the merchant.
order_metaMeta details passed for this order. return_url, notify_url and payment_methods.
paymentsThis is a URL that can be used to access all the payment attempts on this Order. See API for more details.
refundsThis is a URL which can be used to access all the refunds for this Order. See API for more details.
settlementsThis is a URL which can be used to access all the settlement amount and settlement related information for this Order. See API for more details.

Backend code

Here is a sample backend code that needs to be hosted by you to create an order. This endpoint will be consumed by your javascript code to fetch a token. Please note that the curl fields are hardcoded in the below PHP code.


$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://sandbox.cashfree.com/pg/orders",
  CURLOPT_POSTFIELDS => "{\"customer_details\":{\"customer_id\":\"12345\",\"customer_email\":\"[email protected]\",\"customer_phone\":\"9908734801\"},\"order_amount\":4,\"order_currency\":\"INR\",\"order_note\":\"test order\"}",
    "Accept: application/json",
    "Content-Type: application/json",
    "x-api-version: 2022-09-01",
    "x-client-id: <app Id>",
     "x-client-secret: <secret key>"

$response = curl_exec($curl);
$err = curl_error($curl);


if ($err) {
  header('Content-Type: application/json; charset=utf-8');
  echo json_encode(array("error" => 1));
  echo "cURL Error #:" . $err;

} else {
  $result = json_decode($response, true);
  header('Content-Type: application/json; charset=utf-8');
  $output = array("payment_session_id" => $result["payment_session_id"]);
  echo json_encode($output);

Javascript code

Once you have tested the backend code which creates a token for a specific order, we must call this endpoint from the frontend. Below we simply show how to do this in jquery.

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
  var paymentSessionId = "";
  const getSessionAndPay = function(){
    url: "http://localhost/cashfree/jssdk/fetchtoken.php",
    success: function(result) {
      paymentSessionId = result["payment_session_id"]
      // comment this out for now, we will use this later!
      //cfCheckout.pay(orderToken, payType);
  return false

Create order in production environment

Use Prod API keys for creating order in prod environment and follow the above mentioned steps. Refer here to know how to generate or view prod API keys.

You also need to whitelist your domain name on Cashfree Payments system. Refer here to know how to do Whitelisting.

Please note that prod environment can be accessed only when PG is activated for your account.

What’s Next

Once you have created the order, the customer needs to pay for that order. Let's see how that is done!