A Developer's Guide to Integrating Custom Indian Payment Gateways in Shopify

By WovLab Team | April 22, 2026 | 10 min read

Why Standard Shopify Payment Apps in India Aren't Always the Best Fit

For many Indian businesses launching on Shopify, the default payment options like Shopify Payments or popular apps from Razorpay and PayU seem like a straightforward choice. They are easy to set up and get you running quickly. However, as your business scales, the limitations of these one-size-fits-all solutions become glaringly apparent. The decision to integrate custom payment gateway in Shopify India often moves from a "nice-to-have" to a critical business necessity. Standard apps can impose surprisingly high Transaction Discount Rates (TDR), offer slow settlement periods (T+2 or T+3 days), and provide limited control over the customer checkout experience. Furthermore, they may lack support for specific payment methods popular in Tier-2 or Tier-3 cities, or fail to accommodate complex business models like marketplaces with multi-vendor payouts, or nuanced subscription billing.

A standard payment app might charge a flat 2% TDR. For a store doing ₹5 crore in annual revenue, that's ₹10 lakhs in fees. A direct integration with a banking partner could lower that to 1.3%, saving the business ₹3.5 lakhs annually—capital that can be reinvested into growth.

This lack of flexibility is where the problem lies. You're forced to operate within the constraints set by the app provider, which may not align with your operational needs or financial goals. When you need faster access to your cash, lower transaction costs, or a checkout flow that supports unique offers, the standard options fall short. This is the primary driver for merchants seeking a more robust, custom-built solution.

The Technical Roadmap: Understanding Shopify's Payment Integration APIs

When you decide to build a custom payment connector, you're primarily working with Shopify's Offsite Payment Gateway framework. While Shopify once had a Hosted Payment SDK (HPSDK), it is now deprecated for new public applications, making the offsite method the standard for modern integrations. This approach involves redirecting the customer from your Shopify checkout page to the secure, hosted page of your chosen Indian payment gateway (like CCAvenue, BillDesk, or PayGlocal). After the payment is attempted, the gateway redirects the user back to Shopify.

The entire process is orchestrated through a series of API interactions managed by a middleware application that you build and host. This middleware acts as the crucial bridge between Shopify and your payment provider. The key components are:

• Payment Initiation: Your application receives a request from Shopify's checkout process. It then generates the necessary payment parameters (amount, currency, order ID) and securely redirects the user to the payment gateway's URL with an encrypted payload.
• Callback URL (Webhook Listener): This is a public-facing endpoint on your middleware server that the payment gateway calls asynchronously to notify you of the transaction's status—success, failure, or pending. This is the most critical part of the integration.
• Redirect URL: After the payment attempt, the gateway sends the user's browser back to a "return URL" you specify. This is where you thank the customer or provide status information while your backend processes the webhook.
• Shopify Admin API: Upon receiving a successful payment confirmation via the webhook, your middleware uses the Shopify Admin API (either REST or GraphQL) to find the corresponding order and update its status to "paid".

The core principle of an offsite integration is trust but verify. You redirect the customer away from Shopify, but you never trust the redirect back as proof of payment. Only a cryptographically signed, server-to-server webhook notification from the gateway can be trusted to update an order's payment status.

Step-by-Step: Building Your Offsite Payment Gateway Connector

Building your own payment connector is a methodical process that requires careful attention to security and data flow. It's not a simple plug-and-play operation but a robust software development task. Here is a high-level walkthrough to help you integrate a custom payment gateway in Shopify India.

1. Establish Gateway Partnership: Before writing any code, you must have a merchant account with your chosen Indian payment gateway (e.g., CCAvenue, Instamojo, HDFC). Obtain your Merchant ID, Access Code, and Encryption Key. These are your secret credentials and must be stored securely.
2. Create a Shopify Custom App: In your Shopify Partner Dashboard, create a new "Custom App". You will need to request the appropriate API access scopes. The most important ones are write_orders and read_orders. This app will give you the Shopify API key and secret necessary for your middleware to communicate with your store.
3. Develop the Initiation Endpoint: This is the starting point. When a customer confirms their order, Shopify will send a POST request to your app's initiation URL. Your code must:
   • Receive the checkout data (amount, currency, order details).
   • Generate a unique transaction ID and save it.
   • Create a request payload according to your gateway's documentation. This often involves creating a string of parameters and encrypting it with the provided key.
   • Respond with a redirect to the payment gateway's processing URL, including the encrypted payload.
4. Build the Webhook Handler (Callback URL): This is the most critical piece of your application. This endpoint will receive server-to-server POST requests from the payment gateway. It must:
   • Receive the encrypted transaction data from the gateway.
   • Decrypt the data using your secret key.
   • Validate the checksum/signature. This is a non-negotiable security step to ensure the request is authentic and hasn't been tampered with.
   • Check the transaction status ('Success', 'Failure', etc.).
   • If successful, find the corresponding Shopify order using the transaction ID you saved earlier.
   • Use the Shopify Admin API to mark the order as "paid".
   • Handle failure cases by logging the error, and potentially notifying an administrator.
5. Handle the Customer Return: The payment gateway will redirect the user's browser back to a URL you provide. This page should be user-friendly. It can query the order status and show a "Thank You" message for a successful payment or a "Please Try Again" message for a failure, guiding them back to the checkout page without losing their cart.

Real-World Example: Integrating CCAvenue for a High-Volume D2C Store

Let's consider a practical scenario. A fast-growing Indian D2C brand selling artisanal snacks was processing around ₹50 lakhs in monthly orders. They were using a standard Shopify payment app and facing two major issues: a high TDR of 2.2% and a settlement cycle of T+3 days, which was constricting their cash flow for inventory procurement.

The Challenge: The standard app was costing them over ₹1.1 lakhs per month in fees. The delay in receiving funds meant they couldn't pay suppliers on time without dipping into credit, adding to their operational costs. They needed a solution to lower fees and get faster access to their money.

The WovLab Solution: We proposed and built a custom offsite payment connector to integrate CCAvenue directly. CCAvenue offered them a significantly lower, volume-based MDR of 1.4% and a guaranteed T+1 settlement cycle. The integration was architected using a lightweight Node.js application hosted on AWS Lambda, making it serverless, scalable, and cost-effective.

The Technical Implementation:

1. The Node.js middleware was set up as a Shopify Custom App.
2. Upon checkout, the app captured the order details, generated the required `amount`, `order_id`, and other parameters for CCAvenue's non-seamless integration.
3. It encrypted this data using the brand's unique CCAvenue Working Key and redirected the customer to the CCAvenue payment page.
4. A dedicated API Gateway endpoint was created to serve as the webhook (callback) listener. When CCAvenue processed the payment, it sent a POST request to this endpoint.
5. The Node.js function decrypted the response, validated the checksum to confirm its authenticity, and checked the `order_status`.
6. For a 'Success' status, the function used the Shopify GraphQL API to find the order by its ID and create a transaction, marking it as paid. This automatically triggered the brand's fulfillment workflow.

The result was transformative. The TDR reduction from 2.2% to 1.4% saved the brand over ₹40,000 per month (nearly ₹5 lakhs annually). More importantly, the T+1 settlement unlocked significant working capital, allowing them to improve their inventory turnover and supplier relationships dramatically.

Critical Pitfalls to Avoid: Security, Webhook Validation, and UX

Building a custom payment integration is powerful, but it comes with significant responsibilities. A single mistake can lead to revenue loss, security vulnerabilities, and a disastrous customer experience. When you decide to integrate a custom payment gateway in Shopify India, you must be vigilant about these common pitfalls.

• Inadequate Security Practices: Your gateway credentials (Merchant ID, keys) are equivalent to your bank account password. Never store them in frontend code or commit them to a public Git repository. They must be stored as secure environment variables on your server. All communication between your middleware, Shopify, and the payment gateway must use HTTPS.
• Skipping Webhook Signature Validation: This is the single most critical security step. Every payment gateway sends a cryptographic signature or checksum with its webhook request, usually in the headers. Your code must recalculate this signature on your end using the request body and your secret key, and then compare it to the one received. If they don't match, you must discard the request. Without this check, a malicious actor could send a fake "success" request to your endpoint and get free products.
• Poor User Experience on Failure or Pending: What happens when a customer's payment fails? A poorly designed integration might leave them on an ugly, confusing error page from the gateway. A great integration redirects them back to the Shopify checkout page with a clear message like, "Your payment could not be processed. Please check your details or try another method." Similarly, for payment methods like UPI which can be pending, the user should be taken to a page that says "Your order is confirmed. We are awaiting payment confirmation and will notify you via email."
• Lack of Idempotency: Network issues can sometimes cause a payment gateway to send the same webhook notification multiple times. Your system must be idempotent, meaning it can handle duplicate requests without causing errors. Before processing a webhook, check if the Shopify order is already marked as paid. If it is, simply acknowledge the request with a success response (HTTP 200) but do not attempt to update the order again. This prevents duplicate transaction entries and potential accounting nightmares.

Avoiding these pitfalls requires a security-first mindset and thorough testing of every possible scenario, not just the "happy path" where the payment is successful on the first try.

Need a Seamless Checkout? Partner with WovLab for Custom Payment Integration

As we've seen, the path to a custom payment solution is complex and fraught with technical challenges. While the rewards—lower fees, better cash flow, and a superior customer experience—are substantial, the risks of a flawed implementation are equally high. A single security oversight in webhook validation or improper data handling can expose your business to fraud and revenue loss. This is where expert guidance becomes invaluable.

At WovLab, we specialize in building secure, scalable, and seamless payment solutions for ambitious Indian brands. We don't just write code; we architect robust systems that solve real business problems. Our expertise extends across the entire digital commerce ecosystem, from AI-powered fraud detection to enterprise-level ERP integrations.

When you partner with us to integrate a custom payment gateway in Shopify India, you get:

• Expert Architecture: We design and build a secure middleware application tailored to your specific gateway and business logic.
• Bank-Level Security: We implement non-negotiable security protocols, including end-to-end encryption and rigorous webhook validation, to protect every transaction.
• Optimized User Experience: We ensure a smooth, branded, and intuitive checkout journey for your customers, handling success, failure, and pending payment states gracefully.
• Ongoing Support & Maintenance: We don't just build and disappear. We offer ongoing support to ensure your payment system runs flawlessly as your business and technologies evolve.

Stop letting generic payment apps dictate your costs and customer experience. Take control of your most critical revenue channel. Contact the experts at WovLab today for a consultation on building a custom payment integration that gives you a competitive edge.