# Philippines Payment API Documentation
# 1. How to get API Key
The user logs in to the cash register -> Developer Center -> API Key -> Create API key. API Key has a separate configuration page and is bound to a fixed IP address ("0.0.0.0" means no IP interception filtering, any IP can be accessed), and different API Keys can be configured to meet different needs. Please do not disclose your Access Key and Secret Key to avoid asset loss. After the Secret Key is generated, it cannot be viewed again. Please save it in time. If you forget the Secret Key, please recycle the key pair in the backstage of the merchant and apply for a new key pair.
# 1.1 How to create API KEY
• Click Developer Center-API Key
• 1Choose whether to enable the debug mode (After debugging mode is enabled, you will have a standard prompt message and log view address for any errors)
• 2Select API Key permission
• 3Enter the whitelist address (0.0.0.0 means any IP address can be accessed)
Note: (When entering the whitelist domain name, you should pay attention to using "," to isolate multiple IPs.)
• 4 click create to generate API KEY
(After the API KEY is generated, you can copy, view, edit, and delete it in the My API KEY list below. Note that the Secret key only appears once when it is generated. Please save it properly. If you forget the Secret Key, Please recycle the key pair and apply for a new one.)
• Click Edit to close or open [Start Debugging] and modify the API Key permission and whitelist address. After the modification is complete, click Save
Note: Please wait patiently for 90 seconds for the API Key to take effect after creating or editing the API Key
# 2. How to use API Key
The current API Key is to add a parameter list in the header of the request
Parameter name | Parameter description | Type | Required |
---|---|---|---|
access_key | Api Key access key (eg: TPhoa7ZQ) | String | Yes |
timestamp | Millisecond-level timestamp (13 digits, such as: 1679669488472) | String | Yes |
nonce | UUID (36 bits such as: 02f7a04f-53cc-47d4-bb3f-fae69dab49ac) The five parts are 8 characters, 4 characters, 4 characters, 4 characters, and 12 characters, with "-" in the middle interval | String | yes |
sign | Parameter signature (eg: GXx2wYUD6UVr+zcmeCSFFPzcBLA=) | String | Yes |
# 3. Technology side parameter access process
# 4. How to sign the interface
# Signature Description
API requests are very likely to be tampered with during transmission over the internet. In order to ensure that the request has not been changed, all private interfaces except public interfaces (basic information, market data, etc.) must use your API Key is used for signature verification to verify whether parameters or parameter values have changed during transmission.
A legitimate request consists of the following parts:
- access_key: API access key;
- secret_key: The key used for signature encryption (only visible once when applying for an API Key in the background, please copy and save it in a safe place, and do not disclose it);
- timestamp: The time (UTC time) when you made the request. Such as: 1632811287325 (13 digits). Including this value in a query request helps prevent third parties from intercepting your request;
- nonce: random UUID string. Such as: 053a1b81-48a0-4bb1-96b2-60f6e509d911 (36 bits);
- sign: The value calculated by the signature, which is used to ensure that the signature is valid and has not been tampered with;
- All interfaces need to pass the above public parameters except secret_key in the http request header (header). The public parameters include (access_key, timestamp, nonce, sign) and other signature parameters are described in the API interface as allow.
# Signature steps
1. Define a Map dictionary type object, and put the parameters in the request into it in the form of key-value
2. Put access_key, timestamp, and nonce into the Map defined in the first step
3. Sort the attributes in the Map in ascending order (lexicographic order) according to the ASCII code and convert the Map to a string in the form of "key1=value1&key2=value2"
4. Encrypt the character string converted in the previous step with secret_key by HMAC_SHA1 and perform Base64 transcoding to obtain the value of the sign parameter. secret_key is the information in the apikey created on the cashier platform
5. Add the sign value and other required parameters to the request header, and send the request to the target interface
# Signature debugging tools
SignUtil: User login to cash register -> Developer Center -> API Documentation -> Signature Tool The Signature tool page is displayed (The access_key in the tool, please use a valid access_key and please set the IP whitelist that allows this access_key access to 0.0.0.0, we strongly recommend the used Access_key is discarded after debugging)
# 5. Interface list
# 5.1 Test interface connectivity
request method
Get
Request URL
/ping
response data
{"version":"1.0.1","timestamp":1688116827306}
Response parameter description
Param | Type | Desc |
---|---|---|
version | String | If this parameter is returned, all interfaces in this document can be requested normally |
timestamp | int64 | Unix timestamp |
# 5.2 Create a new collection order
request method
post
Request URL
/api/v3/ph/createCollectingOrder
Request type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
request header
Param | Desc | Sample |
---|---|---|
access_key | Acquisition from merchant background | pFqV75X3 |
timestamp | Unix timestamp 13 digits milliseconds | 1679724896223 |
nonce | UUID V4 | 794c26b0-d33c-4394-b2bb-c485eca16d9e |
sign | Calculated signature | kAXyh+eerqrefyaF8dyFB0M4FVo= |
request parameters
{
'amount': '100',
'channelType': 'QRIS',
'externalOrderId': '18033454',
'notifyUrl': 'https://tofficeapi.hambit.co/api/v1/hambit/hambit-api/test/testNotifySuccess',
'remark': 'wsxtest'
}
Description of request parameters
Param | Desc | Sample | Require |
---|---|---|---|
amount | Receipt amount, the decimal point cannot exceed 2 digits (String) | 100 | required |
channelType | payment type (String) oneof=QRIS WALLET BANK | QRIS | required |
externalOrderId | Merchant order number max=64 (String) | 18033454 | required |
notifyUrl | notification URL (String, URL) | http://192.168.1.135:30001 | optional |
remark | remark max=255 (String) | wsxtest | optional |
returnUrl | return URL (String, URL) | http://192.168.1.135:30001 | optional |
response type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
response data
{
"code": "200",
"success": true,
"msg": "成功",
"msgEn": "SUCCESS",
"data": {
"cashierUrl": "https://t-cashier-fiat.hambit.co/OCURRPAID202405280254181716864858801DEV001OO0000000200016489?data=eyJjYXNoaWVyQ3VycmVuY3lBbW91bnQiOjEwMC4wMDAsImNhc2hpZXJFeHBpcmVUaW1lIjoxNzE2ODY2NjU4ODEyLCJjYXNoaWVySWQiOiJPQ1VSUlBBSUQyMDI0MDUyODAyNTQxODE3MTY4NjQ4NTg4MDFERVYwMDFPTzAwMDAwMDAyMDAwMTY0ODkiLCJjYXNoaWVyVXJsIjoiaHR0cHM6Ly90LWNhc2hpZXItZmlhdC5oYW1iaXQuY28vT0NVUlJQQUlEMjAyNDA1MjgwMjU0MTgxNzE2ODY0ODU4ODAxREVWMDAxT08wMDAwMDAwMjAwMDE2NDg5IiwiY3VycmVuY3kiOiJQSFAiLCJjdXJyZW5jeU9yZGVyVm8iOnsiYW1vdW50IjoxMDAuMDAwLCJjaGFubmVsSWQiOjE3ODI5NjIyNzQzMDE5MTUxMzcsImN1cnJlbmN5IjoiUEhQIiwiZXh0ZXJuYWxPcmRlcklkIjoiMjA3OTc4MDEiLCJtZXJjaGFudE5hbWUiOiJ5dXJpX21lciIsIm9yZGVySWQiOiJPQ1VSUlBBSUQyMDI0MDUyODAyNTQxODE3MTY4NjQ4NTg4NDdERVYwMDFPTzAwMDAwMDA0MDAwMTY0OTAiLCJvcmRlclN0YXR1cyI6IkF3YWl0aW5nIFBheW1lbnQiLCJvcmRlclN0YXR1c0NvZGUiOjEsIm9yZGVyVGltZSI6MTcxNjg2NDg1ODg0OCwicGF5UGFyYW0iOiIwMDAyMDEwMTAyMTIyODYwMDAxMXBoLnBwbWkucDJtMDExMURDUEhQSE0xWFhYMDMxOTE2OTU1Nzk3NzA3MTAxNTMwNjgwNTAzMDExNTIwNDYwMTY1MzAzNjA4NTQwMzEwMDU4MDJQSDU5MTNoYW1iaXQgaGFtYml0NjAwN1BhdGVyb3M2MjM4MDAxMXBoLnBwbWkucDJtMDUxOTE2NTU3NTk1MTc5MzYyNjY3NTI2MzA0QjREOSIsInBheVR5cGUiOjEwNSwicGF5VHlwZU5hbWUiOiJRUklTIiwidHJhZGVOb3RlIjoid3N4dGVzdCJ9LCJpc0NyZWF0ZU9yZGVyIjp0cnVlLCJtZXJjaGFudElkIjoxNzg1OTQ1ODExOTc2MTk2MDk3LCJwYXlUeXBlIjoxMDUsInZlcnNpb24iOiJ2MSJ9\u0026pm=W3siY3VycmVuY3lUeXBlIjoiTVhOIiwicGF5VHlwZXMiOlt7ImNvZGUiOjEwMiwidmFsdWUiOiJCQU5LIn1dfSx7ImN1cnJlbmN5VHlwZSI6IlBIUCIsInBheVR5cGVzIjpbeyJjb2RlIjoxMTIsInZhbHVlIjoiV2FsbGV0In0seyJjb2RlIjoxMDUsInZhbHVlIjoiUVJJUyJ9XX0seyJjdXJyZW5jeVR5cGUiOiJCUkwiLCJwYXlUeXBlcyI6W3siY29kZSI6MTAxLCJ2YWx1ZSI6IlBJWCJ9LHsiY29kZSI6MTAzLCJ2YWx1ZSI6IlBJWF9EWU5BTUlDIn1dfSx7ImN1cnJlbmN5VHlwZSI6IlJVQiIsInBheVR5cGVzIjpbeyJjb2RlIjoxMDUsInZhbHVlIjoiUVJJUyJ9XX1d",
"currency": "PHP",
"currencyOrderVo": {
"orderId": "OCURRPAID202405280254181716864858847DEV001OO0000000400016490",
"externalOrderId": "20797801",
"currency": "PHP",
"amount": "100",
"tradeNote": "wsxtest"
}
}
}
Response parameter description
Param | Type | Desc |
---|---|---|
cashierUrl | String | cashier link |
currency | String | currency code |
amount | String | Receipt amount |
externalOrderId | String | Merchant order ID |
orderId | String | System order ID |
tradeNote | String | Note |
# 5.3 Create a new transfer order
request method
post
Request URL
/api/v3/ph/createTransferOrder
Request type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
request header
Param | Desc | Sample |
---|---|---|
access_key | Acquisition from merchant background | pFqV75X3 |
timestamp | Unix timestamp 13 digits milliseconds | 1679724896223 |
nonce | UUID V4 | 794c26b0-d33c-4394-b2bb-c485eca16d9e |
sign | Calculated signature | kAXyh+eerqrefyaF8dyFB0M4FVo= |
request parameters
{
'currencyAmount': '50',
'channelType': 'BANK',
'externalOrderId': '49096298',
'BankName': 'coins.ph电子钱包',
'UserInfoName': 'Sam',
'AccountNo': '09311606128',
'UserInfoNo': '11967164793',
'Remark': 'Hambit test',
'NotifyUrl': 'https://tofficeapi.hambit.co/api/v1/hambit/hambit-api/test/testNotifySuccess'
}
Description of request parameters
Param | Desc | Sample | Require |
---|---|---|---|
channelType | payment type oneof=BANK (String) | BANK | required |
bankName | bank name (String) | coins.ph电子钱包 | required |
currencyAmount | payment amount (String) | 50 | required |
externalOrderId | Merchant order ID max=64 (String) | 49096298 | required |
userInfoName | userInfoName(String) | Sam | required |
accountNo | Receiving account(String) | 09311606128 | required |
userInfoNo | Phone number(String) | 11967164793 | required |
remark | remark max=255 (String) | 123 | optional |
notifyUrl | notification URL (String) | http://192.168.1.135:30001 | optional |
response type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
response data
{
"code": "200",
"success": true,
"msg": "成功",
"msgEn": "SUCCESS",
"data": {
"orderId": "OCURRDRAW202405280215551716862555918DEV001OO0000000200016478",
"orderStatus": "Accepted",
"externalOrderId": "49096298",
"currencyType": "PHP"
}
}
Response parameter description
Param | Type | Desc |
---|---|---|
currencyType | String | Fiat currency type |
externalOrderId | String | merchant order id |
orderId | String | System order ID |
orderStatus | String | order status |
# 5.4 Query Collection Orders
request method
post
Request URL
/api/v3/ph/query/collectingOrder
Request type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
request header
Param | Desc | Sample |
---|---|---|
access_key | Acquisition from merchant background | pFqV75X3 |
timestamp | Unix timestamp 13 digits milliseconds | 1679724896223 |
nonce | UUID V4 | 794c26b0-d33c-4394-b2bb-c485eca16d9e |
sign | Calculated signature | kAXyh+eerqrefyaF8dyFB0M4FVo= |
request parameters
{
"externalOrderId":"20797801",
"orderId":"OCURRPAID202405280254181716864858847DEV001OO0000000400016490"
}
Description of request parameters
| Param | Desc | Require | | --------------- | --------------------------- | ----- --- | | externalOrderId | Merchant order number max=64 (String) | required | | orderId | system order number (String) | required |
response type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
response data
{
"code": "200",
"success": true,
"msg": "成功",
"msgEn": "SUCCESS",
"data": [
{
"orderId": "OCURRPAID202405280254181716864858847DEV001OO0000000400016490",
"cashierId": "OCURRPAID202405280254181716864858801DEV001OO0000000200016489",
"orderType": 1,
"orderResourceType": 2,
"userId": "1785945811976196097",
"orderStatus": 1,
"orderTime": 1716864859000,
"channelOrderId": "202405281795287458837016576",
"externalOrderId": "20797801",
"orderAmount": "100",
"orderActualAmount": null,
"orderFee": null,
"orderPayTime": null,
"orderCompleteTime": null,
"currencyType": "PHP",
"payType": 105,
"tradeNote": "wsxtest",
"notifyUrl": "https://tofficeapi.hambit.co/api/v1/hambit/hambit-api/test/testNotifySuccess",
"markStatus": 0,
"errorMsg": null,
"errorMsgEn": null,
"accountType": "",
"accountName": "",
"accountNo": "",
"orderTypeCode": "Pay",
"orderResourceTypeCode": "Currency",
"orderStatusCode": "Accepted",
"payTypeCode": ""
}
]
}
Response parameter description
Param | Type | Desc |
---|---|---|
orderId | String | order ID |
cashierId | String | Cashier ID |
orderType | int64 | order type 1- pending payment 2- payment successful |
orderResourceType | int64 | The business type of the order |
userId | String | user ID |
orderStatus | int64 | order status |
orderTime | int64 | order initiation time |
channelOrderId | String | The order ID of the channel associated with the order |
externalOrderId | String | Merchant order ID |
orderAmount | String | order amount |
orderActualAmount | String | actual order amount |
orderFee | int64 | order fee |
orderPayTime | int64 | order payment time |
currencyType | String | currency type |
payType | int64 | payment type 102:BANK 202:BANK |
tradeNote | String | Note |
notifyUrl | String | callback URL |
markStatus | int64 | mark status |
errorMsg | String | error message |
errorMsgEn | String | error message en |
accountType | String | account type |
accountName | String | account name |
accountNo | String | account number |
orderTypeCode | String | order type code |
orderResourceTypeCode | String | The business type code of the order |
orderStatusCode | String | orderStatusc Description |
payTypaCode | String | payment type code reference payType |
# 5.5 Query transfer orders
request method
post
Request URL
/api/v3/ph/query/transferOrder
Request type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
request header
Param | Desc | Sample |
---|---|---|
access_key | Acquisition from merchant background | pFqV75X3 |
timestamp | Unix timestamp 13 digits milliseconds | 1679724896223 |
nonce | UUID V4 | 794c26b0-d33c-4394-b2bb-c485eca16d9e |
sign | Calculated signature | kAXyh+eerqrefyaF8dyFB0M4FVo= |
request parameters
{
"externalOrderId":"49096298",
"orderId":"OCURRDRAW202405280215551716862555918DEV001OO0000000200016478"
}
Description of request parameters
| Param | Desc | Require | | --------------- | --------------------------- | ----- --- | | externalOrderId | Merchant order number max=64 (String) | required | | orderId | system order number (String) | required |
response type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
response data
{
"code": "200",
"success": true,
"msg": "成功",
"msgEn": "SUCCESS",
"data": [
{
"orderId": "OCURRDRAW202405280215551716862555918DEV001OO0000000200016478",
"cashierId": "",
"orderType": 2,
"orderResourceType": 2,
"userId": "1785945811976196097",
"orderStatus": 16,
"orderTime": 1716862556000,
"channelOrderId": "202405281795277804635680768",
"externalOrderId": "49096298",
"orderAmount": "50",
"orderActualAmount": "55.5",
"orderFee": "5.5",
"orderPayTime": null,
"currencyType": "PHP",
"payType": 202,
"tradeNote": "Hambit test",
"notifyUrl": "https://tofficeapi.hambit.co/api/v1/hambit/hambit-api/test/testNotifySuccess",
"markStatus": 0,
"errorMsg": "merchant account no enough balance.",
"errorMsgEn": "merchant account no enough balance.",
"accountType": "",
"accountName": "",
"accountNo": "09311606128",
"orderTypeCode": "Transfer",
"orderResourceTypeCode": "Currency",
"orderStatusCode": "Failed",
"payTypeCode": "BANK"
}
]
}
Response parameter description
Param | Type | Desc |
---|---|---|
orderId | String | order ID |
cashierId | String | Cashier ID |
orderType | int64 | order type |
orderResourceType | int64 | The business type of the order |
userId | String | user ID |
orderStatus | int64 | order status 1-accepted 2-bank processing 4-Failed(Bank rejection) 8-success 16-Failed |
orderTime | int64 | order initiation time |
channelOrderId | String | The order ID of the channel associated with the order |
externalOrderId | String | Merchant order ID |
orderAmount | String | order amount |
orderActualAmount | String | actual order amount |
orderFee | int64 | order handling fee |
orderPayTime | int64 | order payment time |
currencyType | String | currency type |
payType | int64 | payment type 102:BANK 202:BANK |
tradeNote | String | Note |
notifyUrl | String | callback URL |
markStatus | int64 | mark status |
errorMsg | String | error message |
errorMsgEn | String | error message en |
accountType | String | account type |
accountName | String | account name |
accountNo | String | account number |
orderTypeCode | String | order type code |
orderResourceTypeCode | String | The business type code of the order |
orderStatusCode | String | orderStatus description |
payTypeCode | String | payment type code reference payType |
# 5.6 Query balance
request method
Get
Request URL
/api/v3/ph/query/balance
request type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
request header
Param | Desc | Sample |
---|---|---|
access_key | Merchant background acquisition | pFqV75X3 |
timestamp | Unix timestamp 13 digit milliseconds | 1679724896223 |
nonce | UUID V4 | 794c26b0-d33c-4394-b2bb-c485eca16d9e |
sign | computed signature | kAXyh+eerqrefyaF8dyFB0M4FVo= |
response type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
response data
{
"code": "200",
"success": true,
"msg": "成功",
"msgEn": "SUCCESS",
"data": [
{
"accountBalance": "0",
"accountFreezeAmount": "30000",
"accountStatusId": 4,
"accountWaitSettledAmount": "0",
"currencyType": "PHP",
"accountStatus": "InAndOut"
}
]
}
Response parameter description
Param | type | Desc |
---|---|---|
accountBalance | String | Account Available Balance |
accountFreezeAmount | String | Account frozen amount |
accountStatusId | int64 | account status id |
accountWaitSettledAmount | String | Amount to be transferred from the account |
currencyType | String | Fiat currency type |
accountStatus | String | Account Status |
# 5.7 Query Bank
request method
POST
Request URL
/api/v3/ph/query/bank
Request type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
request header
Param | Desc | Sample |
---|---|---|
access_key | Acquisition from merchant background | pFqV75X3 |
timestamp | Unix timestamp 13 digits milliseconds | 1679724896223 |
nonce | UUID V4 | 794c26b0-d33c-4394-b2bb-c485eca16d9e |
sign | Calculated signature | kAXyh+eerqrefyaF8dyFB0M4FVo= |
request parameters
{
"bankName":"coins.ph电子钱包"
}
If you need to query all bank values, pass an empty string, as follows:
{"bankName": ""}
Description of request parameters
Param | Desc | Require |
---|---|---|
bankName | bank name (String) | required |
response type
Header: { 'Content-Type': 'application/json;charset=utf-8'}
response data
{
"code": "200",
"success": true,
"msg": "成功",
"msgEn": "SUCCESS",
"data": [
{
"bankName": "coins.ph电子钱包",
"bankCode": "BC00003",
"currencyType": "PHP"
}
]
}
Response parameter description
Param | Type | Desc |
---|---|---|
bankName | String | bank name |
bankCode | String | bank code |
currencyType | String | currency type |
# 5.8 Bank List (Bank List for reference only, please refer to the query bank interface to return the data bill of lading)
BankName | BankName |
---|---|
gcash电子钱包 | Development Bank of the Philippines |
maya电子钱包 | Deutsche Bank AG - Manila Branch |
omnipay电子钱包 | Rural Bank of Digos |
grabpay电子钱包 | Dumaguete Bank |
coins.ph电子钱包 | RURAL BANK OF SAN MEDJUGORJE |
VIB | Dungganon Bank |
VPBANK(VPB) | EastWest Bank |
BIDV | Komo/ EastWest Rural Bank |
VIETINBANK(CTG) | Equicom Savings Bank |
SHB | First Consolidated Bank |
ABBANK | GoTyme Bank |
AGRIB | Guagua Rural Bank |
VCB | ASENSO/Rural Bank of Guinobatan |
TECHCOMBANK(TCB) | Industrial Bank of Korea - Manila |
ACB | Industrial and Commercial Bank of China Limited - Manila Branch |
SCB | Rural Bank of Sta. Ignacia |
MB | ING Bank N.V |
EXIMBANK(EIB) | ISLA Bank (A Thrift Bank), Inc. |
SACOMBANK(STB) | JP Morgan Chase Bank, N.A - Manila Branch |
DONG A BANK | KEB Hana Bank u2013 Manila Branch |
GPBANK | Laguna Prestige Bank |
SAIGONBANK | LANDBANK / OFBank |
PGBANK | Lazada Wallet (Alipay Ph.) |
OCEANBANK | Legazpi Savings Bank |
NAM A BANK | Malayan Bank Savings |
TPBANK | Maya Bank |
HD BANK | Maybank |
VIET A BANK | Mindanao Consolidated CoopBank |
OCB | Mega Intl Commercial Bank - Manila Branch |
SEABANK | Metrobank |
LienVietPostBank(LPB) | Mizuho Bank, Ltd. u2013 Manila Branch |
MARITIME BANK(MSB) | Money Mall Rural Bank, Inc. |
VIETBANK | Rural Bank of Montalban |
BVB | MUFG Bank, Ltd. - Manila Branch |
CAKE | MVSM Bank (A Rural Bank Since 1953) Inc.[Marikina Valley San Mateo Bank] |
CBBANK | NetBank |
CIMB | Bangko Nuestra Seu00f1ora Del Pilar |
DBS | Own Bank |
HSBC | Partner Rural Bank (Cotabato), Inc. |
IVB | PayMaya/ Maya Wallet |
KIEN LONG BANK | Philippine Business Bank, Inc., A Savings Bank |
NCB | PBCOM |
PBVN | PDAX |
PVCOMBANK | PhilTrust Bank |
VIET CAPITAL BANK | PNBMPHMMTOD |
VRB | Producers Savings Bank Corporation |
WOORI | PSBank |
SHINHAN BANK | Queenbank |
paymaya | Quezon Capital Rural Bank |
gcash | Rang-Ay Bank |
Al-Amanah Islamic Invest. Bank | RBT Bank |
AllBank (A Thrift Bank), Inc. | RCBC / Diskartech |
ANZ Banking Group Ltd | Robinsons Bank |
Asia United Bank | Rural Bank of Rosario (La Union), Inc. |
BananaPay | Seabank |
Bangko Kabayan | Security Bank |
Bangkok Bank - Manila Branch | Security Bank 2 |
Bangko Mabuhay | Shinhan Bank u2013 Manila Branch |
Bank of America, N.A. - Manila Branch | Rural Bank of Silay City |
bank of China | SMBC - Manila Branch |
Bank of Commerce | CARD SME Bank |
BDO Network Bank | Standard Chartered Bank |
BDO Bank | Sterling Bank of Asia |
Binangonan Rural Bank (BRBDigital) | Sun Savings Bank |
Bank of Florida | Tonik Bank |
BPI | UCPB Savings Bank |
BanKo, A subsidiary of BPI | Union Bank of the Philippines |
Camalig Bank | UnionDigital Bank |
Cantilan Bank | UNOBank |
CARD Bank | United Overseas Bank Limited, Manila Branch |
Cathay United Bank - Manila Branch | USSC |
Country Builders Bank, Inc. (A Rural Bank) | veterans |
China Bank | Wealth Bank |
China Bank Savings | Yuanta Bank |
CIMB Bank Philippines | |
CIS Bayad Center/ Bayad | |
Citibank, N.A. - Manila Branch | |
Community Rural Bank of Romblon (Romblon), Inc. | |
CTBC Bank (Philippines) Corp. |
# 6. Callback information
# 6.1 How to call back the interface for signature verification
# Signature Verification Instructions
API requests are likely to be tampered with during transmission over the internet. In order to ensure that the callback has not been changed, you can set the callback parameter signature authentication. The setting method is: log in to the cashier -> developer center -> callback address -> add.
# Signature Verification Steps
The overall process is roughly the same as the signature, but the data used for signature verification is different. The signature is to construct the data by itself, and the signature is to obtain the data (header, json)
Take out the sign value in the header;
Define a Map dictionary type object, put the json parameters in the request in the form of key-value
Take out the access_key, timestamp, and nonce in the header and put them into the Map defined in the previous step
Sort the keys in the Map according to the ASCII code from small to large (lexicographic order) and convert the Map into a string in the form of "key1=value1&key2=value2";
Use the secret_key to encrypt the character string converted in the previous step with HMAC_SHA1 and perform Base64 transcoding to obtain the signed signature value and the sign extracted from the header in the first step for string verification. If they match, the signature verification will pass, otherwise, the signature verification will fail. . The secret_key here needs to match the access_key when placing an order.
# 6.2 Payment callback
callback data
{
"currencyType": "PHP",
"errorMsg": "",
"errorMsgEn": "",
"externalOrderId": "25334044",
"markStatus": 0,
"orderActualAmount": 100.000000,
"orderAmount": 100.000000,
"orderFee": 10.000000,
"orderId": "OCURRPAID202307140206491689300409258DOCKER020000000400000109",
"orderPayTime": 1689300518000,
"orderStatus": "Payment success",
"orderStatusCode": 2,
"orderTime": 1689300409000,
"payParam": "https://hambitpay.h5.cashfastpay.com/payment/20230714020650887175049479?amount=100¤cy=PEN",
"payType": 102,
"payTypeName": "BANK",
"tradeNote": "wsx12312"
}
Callback data description
Param | Type | Desc |
---|---|---|
currencyType | String | Fiat currency type |
errorMsg | String | error message |
errorMsgEn | String | error message en |
externalOrderId | String | Merchant order ID |
markStatus | int64 | mark status |
orderActualAmount | float64 | The actual payment amount of the order |
orderAmount | float64 | order creation amount |
orderFee | float64 | handling fee |
orderId | String | order ID |
orderPayTime | int64 | order payment time |
orderStatus | String | orderStatusCode Description |
orderStatusCode | int64 | order status code 1- pending payment 2- payment successful |
orderTime | int64 | order creation time |
payParam | String | payment type |
pay Ttype | int64 | payment type 101-PIX 201-PIX 102-BANK 202-BANK |
payTypeName | String | payment type name |
tradeNote | String | Note |
Merchants can log in to the backstage of the merchant at any time to manually trigger callbacks (manual callbacks are not recommended for non-final orders), and the order status and other related information in the callback information is the real actual status (please pay attention to the order status for manual callbacks, If the status of the manual callback order is not final, the platform will still initiate a notification when the order becomes final, please pay attention to the redundant processing at the business level)
# 6.3 transfer callback
callback data
{
"currencyType": "PHP",
"accountCode": "40012",
"accountName": "BBVA MEXICO",
"orderId": "OCURRDRAW202307171006541689588414537BMS001OO0000000200000694",
"accountType": "3",
"orderFee": "3",
"orderStatus": "In bank processing",
"externalOrderId": "79159948",
"payTypeName": "BANK",
"orderAmount": "40",
"orderTime": 1689588415000,
"payType": 202,
"userInfoName": "Abraham Meza Aragon",
"accountNo": "4152314092856502",
"orderStatusCode": 2,
"markStatus": 0
}
Callback data description
Param | Type | Desc |
---|---|---|
currencyType | String | currency type |
accountCode | String | account code |
accountName | String | account name |
orderId | String | order ID |
accountType | String | account type |
orderFee | String | Order Fee |
orderStatus | String | orderStatusCode description |
externalOrderId | int64 | Merchant order ID |
payTypeName | float64 | payment type name |
orderAmount | float64 | order creation amount |
orderTime | String | order creation time |
orderPayTime | int64 | Order payment time |
orderTime | int64 | order creation time |
payType | int64 | Payment type |
userInfoName | String | username |
accountNo | String | account number |
orderStatusCode | String | Order Status Code 1-accepted 2-bank processing 4-Failed(Bank rejection) 8-success 16-Failed |
markStatus | String | User credential type |
Merchants can log in to the backend of the merchant at any time to manually trigger a callback (it is not recommended to initiate a manual callback if the order is not in the final state). The status of the callback order is not final, and the platform will still initiate a notification when the order becomes final, please pay attention to the redundant processing at the business level)
# 6.4 Callback response
Remarks: All callbacks include signature information. It is recommended that merchants do a callback signature verification. After receiving the callback information, the merchant will confirm the final status of the order. Please respond to the website
Regarding the following information (content-type: application/json), if there is no normal response from the server, it will be within 30 minutes, with a total of 2 every three minutes
Notice
{"code":200,"success":true}
# 6.5 Callback Notification URL
*** Log in to the backstage of the merchant to configure the unified callback address (manually specify the callback UR address in the order, which has a higher priority than the uniformly configured callback address. For example, if the notifyUrl parameter is specified in the order, it will be used regardless of whether there is a unified configuration of the callback notification address. notifyUrl address in the order)***
Note that the http response status_code has the highest priority, as long as the response status_code=200 is received, the response data will be ignored
# 7. Public response code
filed | Type | Default value and comment |
---|---|---|
code | String | Success "200" For others, please refer to failure code |
success | Bool | success true, failure false, and code to keep the meaning of synchronization |
msg | String | The textual description returned by the first-level code |
data | Object | Reference interface list chapter |
# 8. Failure code
Code | Desc |
---|---|
200 | Normal |
300 | Parameter exception |
301 | IP Unauthorized |
307 | Signature error |
500 | System Error |