Complete Guide to Cashfree Payment Integration for Indian SaaS Developers in 2026

If you are building a SaaS product for the Indian market, Cashfree is one of the most important integrations you will make. It supports UPI, net banking, 150+ banks, all major wallets, and credit and debit cards in a single integration. The developer experience is good and the documentation is solid. Here is a complete integration guide with the security patterns that matter.

Why Cashfree for Indian SaaS

The primary reason to choose Cashfree over Stripe for Indian payments is the payment method coverage. Stripe supports cards well but UPI support has historically been limited for Indian merchants. Cashfree was built for the Indian payments ecosystem and has excellent UPI, net banking, and wallet support out of the box. For a SaaS product targeting Indian SMBs and enterprises, offering UPI and net banking alongside cards is often the difference between completing a sale and losing it.

Cashfree also offers a Subscriptions API for recurring billing, which is the core requirement for SaaS products. Cashfree's Subscriptions documentation covers the full lifecycle: creating plans, managing subscriptions, handling failures, and processing refunds.

Account Setup and API Keys

Create an account at merchant.cashfree.com. You will need to complete KYC verification before going live, but you can get sandbox credentials immediately for development. Cashfree provides separate App IDs and Secret Keys for sandbox and production environments. Never hardcode these in your application; use environment variables.

Treat your Cashfree Secret Key with the same care as a database password. It should be stored in environment variables or a secrets manager (AWS Secrets Manager, HashiCorp Vault), never committed to version control, and rotated immediately if you suspect exposure.

The Payment Order Flow

Cashfree uses a server-side order creation model, which is the correct and secure approach. The flow is:

1. User initiates checkout on your frontend.
2. Your server calls the Cashfree Create Order API with order details (amount, currency, customer info, return URL).
3. Cashfree returns an order_id and a payment_session_id.
4. Your frontend uses the Cashfree JavaScript SDK with the payment_session_id to display the payment UI.
5. After payment, Cashfree redirects to your return URL with order status parameters.
6. Your server verifies the payment status by calling the Cashfree Order API with the order_id.
7. Only after server-side verification do you fulfill the order.

Step 7 is critical. Never trust the payment status from the frontend redirect parameters alone. Always verify server-side before fulfilling.

Webhook Integration and Security

Webhooks are essential for handling asynchronous payment events: payment completions that happen after your user closes the browser, subscription renewals, payment failures, and refunds. Configure your webhook endpoint in the Cashfree merchant dashboard and implement signature verification for every incoming webhook.

Cashfree sends a x-webhook-signature header with each webhook. To verify it:

1. Extract the raw request body as a string (before any JSON parsing).
2. Compute HMAC-SHA256 of the raw body using your Cashfree Secret Key.
3. Base64-encode the result.
4. Compare with the x-webhook-signature header value using a constant-time comparison function.

Reject any webhook that fails signature verification. An unverified webhook endpoint can be exploited to inject fake payment success events, bypassing your billing entirely.

Subscription Billing for SaaS

For recurring SaaS billing, use Cashfree's Subscriptions API. The key concepts are Plans (define the billing amount and interval) and Subscriptions (link a customer to a plan). Create plans once in your system setup. When a user subscribes, create a Cashfree Subscription, link it to your plan, and redirect the user through the mandate authorization flow (which authorizes Cashfree to charge them on the defined schedule).

Once the mandate is authorized, Cashfree handles recurring charges automatically and sends webhooks for each charge attempt, success, and failure. Your webhook handler updates the subscription status in your database and triggers any business logic (granting or revoking access, sending renewal emails).

Handling Payment Failures Gracefully

Payment failures are inevitable, especially for recurring subscriptions. Design your failure handling before you launch. When a subscription payment fails, send an immediate notification to the customer with a link to update their payment method. Implement a grace period (typically 3 to 7 days for SaaS) before restricting access. Retry failed payments with an exponential backoff schedule (immediately, after 1 day, after 3 days, after 7 days) before canceling the subscription.

Testing Your Integration

Cashfree's sandbox provides test card numbers, test UPI handles, and test net banking credentials for verifying the full payment flow in development. Test all payment method types, test failure scenarios (insufficient funds, failed UPI, bank timeout), and test webhook delivery with the webhook testing tools in the Cashfree dashboard.

At Innovativus, we integrate Cashfree for Indian SaaS clients as part of our full-stack development work. If you need help implementing or debugging a Cashfree integration, get in touch.