Payment Gateway

Razorpay

India's full-stack payments platform — UPI-native, RBI-regulated, with 100+ currency acceptance

Builder Verdict

Pick Razorpay if you're registered in India (or Malaysia/Singapore via Curlec) and need native UPI, Autopay, and local payment methods — it's the default for Indian SaaS and D2C, but account-stability complaints are common enough to plan around.

Complexity

◆◆ Moderate

Region

India (+ Malaysia/SG via Curlec)

Fees

2% + GST (domestic)

Razorpay is India's leading full-stack payments and business banking platform, founded in 2014 and holding a final RBI Payment Aggregator license since December 2023. It processes payments across cards, UPI, netbanking, wallets, and EMI for 450k+ Indian merchants, accepts payments from customers in 100+ currencies across 160+ countries, and layers products like Route (marketplace splits), Subscriptions, Payment Pages, and RazorpayX (business banking) on top of the core gateway.

Last full audit: April 15, 2026

Trust Score Breakdown

Account Stability

55/100

Trustpilot rating of 1.7/5 (397 reviews) and extensive complaint volume on consumercomplaints.in and PissedConsumer around sudden settlement freezes, KYC re-verification loops, and opaque risk decisions. Razorpay was also among the payment aggregators whose funds (~₹18 crore) were frozen by ED in 2022–2024 during investigations into Chinese lending apps and crypto scams — no findings against Razorpay itself, but merchant funds were affected.

Developer Experience

82/100

Well-regarded Indian developer experience — feather-light SDKs for Node/Python/PHP/Ruby/Java/.NET, clear Checkout and Orders API, usable Dashboard, webhook event coverage for 40+ event types, official plugins for WooCommerce/Magento/Shopify. Known rough edges: documentation is scattered across docs/blog/FAQ, Subscriptions requires careful state handling, and webhook signature verification has a float-precision footgun that breaks HMAC comparison in some SDKs.

Payout Reliability

62/100

Standard T+2 business-day settlement for domestic (T+7 for international) is predictable when an account is in good standing. However, settlement holds of 60–120 days are a recurring community complaint, often triggered by risk-review flags with limited transparency on resolution timelines. Instant Settlements (T+0) are available at 0.5–0.7% for a fee.

Support Quality

45/100

Primary complaint category across review sites. No standard 24/7 phone line for merchants — support is ticket-based via dashboard/email with reports of multi-day silences, duplicate ticket creation without resolution, and repeated document requests. Trustpilot/PissedConsumer reviews consistently cite 'no human response' for settlement-hold escalations. Better response times reported for integration/API issues than for risk/settlement disputes.

Track Record

78/100

Founded 2014; unicorn since 2020; $483M revenue in FY24 with 4.5x profit growth. Holds final RBI Payment Aggregator license (December 2023) after a year-long onboarding embargo during RBI audits. Expanded internationally via Curlec acquisition in Malaysia (2022) and Singapore (2024). High uptime; serves 450k+ merchants including major Indian enterprises. ED investigations are industry-wide (Razorpay, PayU, Cashfree, Paytm, Easebuzz all affected), not Razorpay-specific findings.

Transparency

68/100

Core pricing (2% + 18% GST domestic, 3% + GST international, 1% + GST bank transfers) is clearly published on razorpay.com/pricing with no setup/AMC fees. Less transparent: chargeback/dispute fee is not publicly listed, Instant Settlement fees range 0.5–0.7% negotiated per-merchant, and settlement-hold criteria are not disclosed. GST applies only to the platform fee, which is clearly documented.

Availability Matrix

Region	Countries	Currencies	Payout Timing
India (primary market)	India — merchants must be registered entities with PAN, GST (where applicable), and an Indian current account	INR settlement; accepts INR from domestic customers and 100+ presentment currencies from international customers	T+2 business days (domestic, standard). T+0 via Instant Settlements at 0.5–0.7% fee.
Malaysia (via Curlec by Razorpay)	Malaysia — merchants must have SSM (Suruhanjaya Syarikat Malaysia) registration. Licensed by Bank Negara Malaysia; PayNet member.	MYR settlement	Varies per Curlec schedule
Singapore (via Curlec by Razorpay)	Singapore — merchants must have ACRA (Accounting and Corporate Regulatory Authority) registration.	SGD settlement	Varies per Curlec schedule
International customer acceptance (from India/Curlec merchants)	Customers in 160+ countries including US, UK, Australia, Canada, UAE, EU (via local payment methods like Giropay, Sofort, Trustly)	100+ presentment currencies (USD, EUR, GBP, AUD, CAD, SGD, AED, JPY, etc.); settles to merchant in INR/MYR/SGD	T+7 business days for international card payments
NOT Available (merchant signup)	Merchants outside India, Malaysia, and Singapore cannot register directly. US/EU/UK-based businesses cannot use Razorpay — use Stripe, Paddle, or similar instead.	N/A	N/A

Feature Snapshot

✓

One-time Payments (Checkout)

Standard Checkout, Custom Checkout, and Orders API. Accepts cards, UPI, netbanking, wallets, EMI in one hosted flow.

✓

UPI & UPI AutoPay

Native UPI support including UPI 2.0 AutoPay for recurring mandates (Intent, Collect, QR flows). Standard ₹15,000 mandate limit, ₹1 lakh+ for insurance/mutual fund/credit-card-bill categories per 2026 RBI rules.

✓

Subscriptions / Recurring Billing

Razorpay Subscriptions on top of the gateway. Supports fixed, quantity-based, and add-on plans via card + UPI AutoPay + e-NACH mandates. Adds ~0.99% on top of gateway fee per successful subscription charge.

✓

Payment Links

Generate shareable payment URLs via dashboard or API. Send via SMS, email, WhatsApp, chatbot. Supports one-time and recurring.

✓

Payment Pages

Hosted custom-branded payment pages without a website. Supports custom form fields and one-time/recurring collection.

✓

Marketplace / Split Payments (Route)

Razorpay Route splits a single payment across multiple linked accounts with per-transfer fees only on successful splits. Transfer APIs support hold/release logic for escrow-style flows.

✓

EMI & No-Cost EMI

Debit-card EMI, credit-card EMI, cardless EMI, and No-Cost EMI via the Affordability Suite. Priced at 3% + GST. Multiple bank partners.

✓

Invoicing

API-driven invoice generation with hosted PDFs, reminders, and online payment acceptance. GST-compliant templates.

✓

Smart Collect (virtual accounts)

Bank transfer + UPI virtual accounts for reconciled B2B collection. Assigns unique virtual account numbers/UPI IDs per customer.

✓

International Payments

Accept cards and local payment methods from 160+ countries. Includes Giropay (DE), Sofort (EU), Trustly (UK/EU), plus Visa/MC/Amex/Diners. Settles to INR.

✓

3D Secure Authentication

3DS1 and 3DS2 supported for cards. Automatically applied per issuer/network rules; enables liability shift.

✓

Fraud Prevention (Thirdwatch)

Razorpay Thirdwatch provides ML-driven RTO (return-to-origin) prediction and fraud scoring. Integrated into Razorpay Magic Checkout.

✓

Tokenization

Server-side network tokenization (CoF — Card on File) per RBI rules. Raw PAN never stored by merchants. Merchant-level tokens for easy refunds and recurring.

✓

Instant Settlements

T+0 settlement for a 0.5–0.7% fee. Custom pricing for marketplace/high-volume sellers. Smart Settlements route through RTGS for near-real-time.

✓

Webhooks

HMAC-SHA256 signature verification via x-razorpay-signature header. Up to 5 webhook URLs per account. Supports payment, order, subscription, refund, dispute, and Route events.

Customer Portal

No standalone end-customer self-serve portal like Stripe's. Subscription management UI must be built by the merchant on top of the Subscriptions API.

✓

In-Person / POS Payments

Razorpay POS offers Soundbox, card reader (Pine Labs partnership), and QR-code collection for offline acceptance.

✓

Business Banking (RazorpayX)

Current account alternative with payouts API, vendor payments, payroll, corporate cards. Adjacent to the gateway but separate pricing.

Tax / GST Automation

Platform fee GST is itemized on invoices; no equivalent of Stripe Tax for end-customer GST calculation — merchants handle their own GST.

✓

Refunds (Instant & Normal)

Source-only refunds to original payment method. Instant Refunds for supported banks/methods; otherwise 5–7 business days. Refunds do not return the gateway fee.

Pricing Breakdown

Standard domestic transaction (cards, netbanking, wallets) 2% + 18% GST (on the 2% platform fee, not the transaction)

UPI transactions 2% + GST platform fee (0% MDR to banks per RBI Zero-MDR policy)

RuPay debit cards Covered under Zero-MDR policy; Razorpay platform fee applies

International cards (Visa / MC / Amex / Diners) 3% + GST

International bank transfers 1% + GST

EMI (debit, credit, cardless, No-Cost) 3% + GST

Subscriptions add-on +0.99% on top of the gateway fee per successful recurring charge

Instant Settlements (T+0) 0.5% – 0.7% of the withdrawal amount (custom pricing for high-volume merchants)

Setup / AMC / cancellation fees ₹0 — no setup, no annual maintenance, no cancellation fees

International chargeback protection (optional) +1% (brings international rate to ~4% total)

Chargeback / dispute fee Not publicly listed on pricing page; communicated per-merchant. Source refund is mandatory on accepted disputes.

Enterprise / high-volume custom pricing Available for businesses processing over ₹5 lakh/month — negotiated rates below 2%

Security & Compliance

PCI DSS Level 1 Service Provider (highest tier) — certified annually. RBI-authorized Payment Aggregator.

ISO 27001 & SOC 2 ISO 27001 certified and SOC 2 compliant for information security management.

Encryption TLS 1.2+ (EV SSL certificate) for all endpoints; AES-256 at rest; industry-standard ciphers.

3D Secure 3DS1 and 3DS2 supported for cards. Applied per issuer/network mandate; enables liability shift.

Tokenization (RBI CoF) Server-side network tokenization per RBI Card-on-File guidelines (effective October 2022). Raw PAN never stored by merchants; merchant-specific tokens used for recurring and refunds.

Fraud Prevention (Thirdwatch) ML-based risk scoring on cards, UPI, and netbanking. RTO prediction for e-commerce. Rule-based block/allow lists.

Webhook Security HMAC-SHA256 signature via x-razorpay-signature header. Official SDKs include verify_webhook_signature helpers.

RBI Regulatory Status Final RBI Payment Aggregator license granted December 2023 after year-long audit. Bank Negara Malaysia licensed via Curlec.

Integration Prompt

✂

Copy & use this 4823-char integration prompt

Production-ready prompt for Claude / GPT / Cursor — handles setup, security, webhooks & gotchas

You are integrating Razorpay as the payment gateway for a [Django / Next.js / Node / etc.] application. Razorpay is India-native — the merchant account must be registered in India, Malaysia (Curlec), or Singapore (Curlec), and default settlement is in INR/MYR/SGD.

## Setup
1. Install the SDK:
   - Python: `pip install razorpay`
   - Node: `npm install razorpay`
   - PHP: `composer require razorpay/razorpay`
2. Store credentials in environment variables — never hardcode:
   - `RAZORPAY_KEY_ID` (publishable, starts with `rzp_test_` or `rzp_live_`)
   - `RAZORPAY_KEY_SECRET` (private — server-only)
   - `RAZORPAY_WEBHOOK_SECRET` (set separately in Dashboard → Settings → Webhooks)
3. Validate on startup that all three exist and that test vs live keys match the current environment.

## Recommended Integration: Orders API + Checkout
Always create an Order server-side first — never trust the client to set the amount. Then open Razorpay Checkout with the order_id.

```python
import razorpay
client = razorpay.Client(auth=(KEY_ID, KEY_SECRET))

order = client.order.create({
    'amount': 50000,           # in paise — ₹500 = 50000
    'currency': 'INR',
    'receipt': f'order_{internal_id}',
    'notes': {'internal_id': str(internal_id)}
})
# Pass order['id'] to the client; the client opens Checkout with it.
```

On the client, open Checkout with the returned order_id and handler that POSTs the razorpay_payment_id, razorpay_order_id, and razorpay_signature back to your server for verification.

## Signature Verification (Critical)
After payment, the client sends three fields back. Verify them server-side before marking the order paid:

```python
try:
    client.utility.verify_payment_signature({
        'razorpay_order_id': order_id,
        'razorpay_payment_id': payment_id,
        'razorpay_signature': signature
    })
    # Mark order paid
except razorpay.errors.SignatureVerificationError:
    # Reject — do not fulfill
    return HttpResponse(status=400)
```

## Webhook Handling
Never rely solely on the client-side redirect. Subscribe to webhooks for authoritative state.

1. In Dashboard → Settings → Webhooks, subscribe to at minimum: `payment.captured`, `payment.failed`, `order.paid`, `refund.processed`, `payment.dispute.created`, and (if using subscriptions) `subscription.charged`, `subscription.activated`, `subscription.halted`.
2. Verify signature against the **raw request body** — do NOT parse-then-reserialize (float precision will break HMAC):

```python
import hmac, hashlib

def razorpay_webhook(request):
    raw_body = request.body                                # bytes — do not decode/reparse
    received_sig = request.META.get('HTTP_X_RAZORPAY_SIGNATURE', '')
    expected = hmac.new(
        settings.RAZORPAY_WEBHOOK_SECRET.encode(),
        raw_body,
        hashlib.sha256
    ).hexdigest()
    if not hmac.compare_digest(expected, received_sig):
        return HttpResponse(status=400)
    event = json.loads(raw_body)
    # Idempotency: check event['id'] against a processed-events table before fulfilling.
    return HttpResponse(status=200)
```

3. Respond 200 within 5 seconds; process fulfillment asynchronously.

## Security Best Practices
- Use Razorpay Checkout (hosted) so raw card data never touches your server — keeps you at SAQ-A PCI scope.
- Per RBI Card-on-File rules, never store raw PAN — use Razorpay network tokens (`token_id` from customer object) for any recurring/retry.
- Always use HTTPS; Razorpay rejects HTTP endpoints.
- For subscriptions, prefer UPI AutoPay over card e-mandates for higher success rates and RBI-compliant 24-hour pre-debit notifications.
- Use idempotency keys on Order creation to prevent duplicate orders on client retries.

## Testing
- Test cards: `4111 1111 1111 1111` (success), `5104 0600 0000 0008` (success, Mastercard), CVV any, expiry any future. OTP: `1111` or `123456`.
- Test UPI: `success@razorpay` (captured), `failure@razorpay` (failed).
- Test netbanking: pick any bank → select 'success' or 'failure' on the mock bank page.
- Always test: successful payment, failed payment, 3DS challenge, refund, dispute creation webhook, and a settled-then-refunded flow.

## Common Gotchas
- Amounts are in **paise** (1 INR = 100 paise). A ₹500 charge is `amount: 50000`.
- GST (18%) applies to the platform fee, NOT the transaction amount. Invoice accordingly.
- International card settlements are T+7, not T+2 — plan cash flow.
- Webhook signature verification is against raw bytes; never `json.parse → json.stringify` before checking.
- Subscriptions charge model: you create a Plan, then a Subscription against it; the first charge is authorized via Checkout and subsequent charges are autopaid. State transitions are webhook-driven.
- Refunds do not return the gateway fee — price this into your refund policy.

Replace [Django / Next.js / etc.] with your stack. Follows PCI DSS best practices and handles common edge cases.

Common Pitfalls

7 items

Settlement holds of 60–120 days without clear cause

A repeated complaint across Trustpilot (1.7/5), consumercomplaints.in, and PissedConsumer: settlements put on hold citing 'risk and compliance requirements' with no specific reason, and even after submitting all KYC/invoices the resolution loop stretches past 60 days and sometimes to the stated 120-day cap. Mitigation: submit complete KYC before first transaction, keep chargeback rate near zero, avoid sudden volume spikes, and maintain direct escalation contact with your account manager if you have one.

Support is ticket-only; no 24/7 phone line

Support is dashboard/email ticket-based with no standard 24/7 phone escalation for merchants. Urgent settlement or dispute tickets can sit for multiple days; multiple representatives often re-request the same documents. Mitigation: use the integrations partner program or a dedicated account manager for higher tiers; escalate via Twitter/X @razorpay for urgent visibility.

India/Malaysia/Singapore only for merchants

Only entities registered in India (PAN + current account), Malaysia (SSM via Curlec), or Singapore (ACRA via Curlec) can sign up as merchants. US/EU/UK-based businesses cannot use Razorpay even to collect from Indian customers — they need Stripe International, Paddle, or similar. Mitigation: if you're not registered in one of these countries, this gateway isn't an option; don't architect around it.

Webhook signature verification breaks on float precision

Razorpay serializes some floating-point fields with precision drift (e.g., 23.4 becomes 23.399999999999), which causes HMAC-SHA256 verification to fail when the receiver re-serializes the payload. Fix: verify the signature against the raw request body (bytes), not a re-serialized JSON — all official SDKs do this, but custom webhook handlers often reserialize and break. Never parse then re-stringify the body before signature check.

International card effective rate can exceed 4%

Base 3% + 18% GST on platform fee + optional 1% chargeback protection + partner bank FX spread can push effective international card cost past 4%. Plus T+7 settlement delays cash flow vs domestic T+2. Mitigation: price in a foreign-transaction buffer for non-India customers, or route high-value international via bank transfer (1% + GST) where practical.

RBI / ED regulatory risk affected merchant funds historically

During 2022–2024 investigations into Chinese lending apps and crypto scams (including GainBitcoin / HPZ Token), the ED froze approximately ₹18 crore held at Razorpay (and hundreds of crore across PayU, Easebuzz, Cashfree, Paytm). Individual merchants with linked transactions had their settlements blocked pending inquiry. No findings against Razorpay itself, but this is industry-wide regulatory exposure merchants should be aware of.

Subscriptions / recurring docs are scattered

Indie developers report that Razorpay Subscriptions documentation is spread across docs, blog posts, and the FAQ, and webhook event sequencing for subscription charge/authorize/failed states requires manual state-machine modeling. Mitigation: start from the Subscriptions API reference, subscribe to all subscription.* webhook events in test mode, and mirror state transitions in your DB before going live.

Community Pulse

Indian developers generally praise Razorpay's API ergonomics, SDK quality, and the breadth of India-specific payment methods (UPI, Autopay, netbanking, EMI) as the most developer-friendly option in the Indian market. However, community sentiment on account-stability and support is sharply negative — Trustpilot sits at 1.7/5 (397 reviews), with recurring themes of 60–120-day settlement holds without clear cause, unresponsive ticket-based support, and opaque risk decisions. Subscription integration is called out as painful due to scattered docs and a webhook float-precision gotcha that silently breaks HMAC verification. Despite the complaints, most Indian SaaS and D2C teams still default to Razorpay because viable India-native alternatives (Cashfree, PhonePe for Business, PayU) have comparable or worse reputations.

💬 Razorpay Reviews (1.7/5, 397 reviews) Trustpilot · 2026

💬 RazorPay: Review and Alternatives for SaaS in 2026 Dodo Payments Blog · 2026

💬 Razorpay Subscription Integration Guide for SaaS (with Real Indie Dev Pain & Code) Indie Hackers · 2025

💬 Razorpay Webhook Signature Mismatch: Float Precision Issue Medium · 2025

💬 Razorpay Complaints & Reviews (1.8K+ reviews) PissedConsumer / ConsumerComplaints.in · 2026

💬 Razorpay ED Investigation 2025: HPZ Token Scam, Frozen Funds & Fintech Fallout The Attorneys · 2025

Sentiment last updated: April 2026 · We summarize — never copy — community content. Links go to original threads.

Changelog

Apr 15, 2026 logo

Added brand logo: downloaded SVG from Wikimedia Commons (public domain — logo consists of simple geometric shapes/text, author attribution: Razorpay), rendered to 400px-wide transparent PNG via resvg_py. Final dimensions 400x85, 14KB, average brightness 44 (dark navy) — logo_bg left empty so default cream card applies.
Apr 15, 2026 pricing

Initial population: 2% + 18% GST domestic, 3% + GST international cards, 1% + GST international bank, 3% + GST EMI, +0.99% Subscriptions add-on, 0.5–0.7% Instant Settlements, ₹0 setup/AMC. Chargeback/dispute fee marked unverified (not on public pricing page).
Apr 15, 2026 availability

Initial population: India primary (merchant registration), Malaysia + Singapore via Curlec acquisition, international customer acceptance from 160+ countries in 100+ currencies. NOT-available row added for non-India/MY/SG merchants.
Apr 15, 2026 features

Initial population: 20 features verified (Checkout, UPI AutoPay, Subscriptions, Payment Links/Pages, Route, EMI, Invoicing, Smart Collect, International, 3DS, Thirdwatch fraud, Tokenization, Instant Settlements, Webhooks, POS, RazorpayX, Refunds). Customer portal and tax/GST marked partial.
Apr 15, 2026 security

Initial population: PCI DSS Level 1, ISO 27001, SOC 2, TLS 1.2+ (EV SSL), AES-256 at rest, 3DS1/3DS2, RBI CoF tokenization, Thirdwatch fraud, HMAC-SHA256 webhook signing, RBI Payment Aggregator licensed (Dec 2023).
Apr 15, 2026 pitfalls

Initial population: 7 pitfalls — settlement holds, ticket-only support, India/MY/SG-only merchants, webhook float-precision HMAC issue, international rate stacking past 4%, RBI/ED regulatory exposure, scattered Subscriptions docs.
Apr 15, 2026 community

Initial community_pulse written: dev-experience positive (API/SDK/India payment methods), account-stability and support negative (1.7/5 Trustpilot, 60–120-day holds), subscriptions integration painful. 6 threads linked.
Apr 15, 2026 trust_score

Initial scoring: overall 65. payout_reliability 62, account_stability 55, developer_experience 82, transparency 68, support_quality 45, track_record 78. Weighted overall = 65.4.
Apr 15, 2026 integration_prompt

Generated integration_prompt covering Orders API + Checkout, signature verification, webhook handling against raw bytes (float-precision safe), RBI CoF tokenization, paise amount convention, test cards/UPI handles.

Back to Gateway Index

LearnWithHasan.com · Payment Gateway Index · No affiliate links · Builder-first