FPX Payment

For merchant

Endpoint URL

Environment

URL

Method

Sandbox

https://sandbox.securepay.my/api/v1/payments

Post

Production

https://securepay.my/api/v1/payments

Post

Credentials

Using authentication parameter below:

uid (Merchant API UID)

2aaa1633-e63f-4371-9b85-91d936aa56a1

token (Merchant API Auth Token)

ZyUfF8EmyabcMWPcaocX

Checksum Token (Merchant Checksum Token)

159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713

API Credentials

Request Parameters

Parameter

Description

Condition

Example

order_number

Unique order number generated by your end for reference.

compulsory

20200425132755

buyer_name

Valid buyer full name in one line.

compulsory

AHMAD AMSYAR MOHD ALI

buyer_email

Valid buyer email address for status update

compulsory

[email protected]

buyer_phone

Valid buyer phone number.

compulsory

+60123121678

transaction_amount

Amount format: 100.20 , 1000.00, 7000.30

compulsory

1540.40

product_description

Meaningful Product Description e.g.

● Payment for order number 123

● Payment for vintage table part #89782

compulsory

Payment for order no. 20200425132755

callback_url

Server to server. Securepay platform will post the payment status.

optional

redirect_url

Browser to browser, Securepay platform will post to the endpoint browser.

optional

checksum

Signed strings for verification.

compulsory

2cb338beae0859....

token

API Token.

compulsory

ZyUfF8Emy....

params

Send up to 6 values or parameters e.g: reference1_label and reference1 .. reference6_label and reference6

optional

"params": {"reference1_label" : "Size", "reference1" : "XL", "reference2_label" : "IC No" , reference2 : "890323035586" }

redirect_post

Auto redirect to endpoint page.

optional

true

Generate Checksum

  1. Arrange the parameter variables in ascending order as below (including API uid)

buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
  • Construct the parameter values string based on the position above.

[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1
  • Sign the string with checksum token using HMAC SHA256

Ruby
PHP
Ruby
string = "[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1​"
checksum_token = "​159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713​"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), checksum_token, string)
PHP
$string ="​[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1​"
$checksum_token ="159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713​"
$sign = hash_hmac('sha256', $string, $checksum_token)
  • Generated checksum

75b54e403151b1e9b413df8ce5c426ef0dbbc9adcec58b8f5dd5c9c5c6b78844

Post the parameters

Sending all parameters in request parameter table to the payment URL by using post method

Sample Codes

PHP
Rails
PHP
<?php
//Org : SecurePay
//We need more contribution on sample codes. Email me.
if(isset($_POST['order_number']))
{
//Change with your token
$uid = '9097b595-b77a-4321-94c0-0a6d323b5252';
$checksum_token = 'f4e4f07afb72a56fc6681d652713522436b50f087306efec39ab7d1be5b8c684';
$auth_token = '5BXhsTmVmRBKkg6xizNB';
$url = 'https://sandbox.securepay.my/api/v1/payments';
#$_POST['order_number'] = '20200425132755';
#$_POST['buyer_name'] = 'AHMAD AMSYAR MOHD ALI';
#$_POST['buyer_email'] = '[email protected]';
#$_POST['buyer_phone'] = '+60123121678';
#$_POST['transaction_amount'] = '10.00';
#$_POST['product_description'] = 'Payment for order no 20200425132755';
#$_POST['callback_url'] = "";
#$_POST['redirect_url'] = "";
#$_POST['token'] = $auth_token;
#$_POST['redirect_post'] = "true";
$order_number = $_POST['order_number'];
$buyer_name = $_POST['buyer_name'];
$buyer_phone = $_POST['buyer_phone'];
$buyer_email = $_POST['buyer_email'];
$product_description = $_POST['product_description'];
$transaction_amount = $_POST['transaction_amount'];
$callback_url = $_POST['callback_url'];
$redirect_url = $_POST['redirect_url'];
$redirect_post = "true";
if(isset($_POST['buyer_bank_code'])) {
$buyer_bank_code = $_POST['buyer_bank_code'];
}
//buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
$string = $buyer_email."|".$buyer_name."|".$buyer_phone."|".$callback_url."|".$order_number."|".$product_description."|".$redirect_url ."|".$transaction_amount."|".$uid;
#echo $string . "\n";
#string = "[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|5d80cc30-1a42-4f9f-9d6b-a69db5d26b01​"
#$string = "[email protected]|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1​";
#$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713​";
$sign = hash_hmac('sha256', $string, $checksum_token);
#echo $sign . "\n";
//
//echo $sign
//$hashed_string = hash_hmac($checksum_token.urldecode($_POST['product_description']).urldecode($_POST['transaction_amount']).urldecode($_POST['order_number']));
if(isset($_POST['buyer_bank_code'])) {
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token)
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) .
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&buyer_bank_code=".urlencode($buyer_bank_code);
}
else
{
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token)
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) .
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign);
}
#echo $post_data. "\n";
// Generated by curl-to-PHP: http://incarnate.github.io/curl-to-php/
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_exec($ch);
$output = curl_exec($ch);
echo $output;
}
#header('Location: ' + $output);
#exit();
#curl_close($ch);
$order_number = rand(1111111111,9999999999);
$json = file_get_contents('https://sandbox.securepay.my/api/public/v1/banks/b2c');
$obj = json_decode($json, true);
//echo $obj->access_token;
//$obj->fpx_bankList
//print_r($obj['fpx_bankList']);
$options = "";
foreach ($obj['fpx_bankList'] as $value) {
if($value['status_format2'])
{
$options .= "<option value=". $value['code'] . ">" . $value['name'] . "</option>";
}
else
{
$options .= "<option value=". $value['code'] . " disabled>" . $value['name'] . " (offline)</option>";
}
//echo $value['code'];
}
//print_r($obj->fpx_bankList);
?>
<h1>SecurePay sample code for PHP</h1>
<hr>
<h3>Form without bank list</h3>
<form action="" method="post">
<label for="fname">Full name:</label><br>
<input type="text" id="fname" name="buyer_name" value="John Doe"><br>
<label for="lname">Email:</label><br>
<input type="text" id="lname" name="buyer_email" value="[email protected]"><br>
<label for="lname">Phone No:</label><br>
<input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
<label for="lname">Order number:</label><br>
<input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
<label for="lname">Descriptions:</label><br>
<input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
<label for="lname">Callback URL:</label><br>
<input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
<label for="lname">Redirect URL:</label><br>
<input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
<label for="lname">Amount:</label><br>
<input type="text" id="lname" name="transaction_amount" value="199"><br>
<br>
<input type="submit" value="Submit">
</form>
<hr>
<h3>Form with bank list</h3>
<form action="" method="post">
<label for="fname">Full name:</label><br>
<input type="text" id="fname" name="buyer_name" value="John Doe"><br>
<label for="lname">Email:</label><br>
<input type="text" id="lname" name="buyer_email" value="[email protected]"><br>
<label for="lname">Phone No:</label><br>
<input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
<label for="lname">Order number:</label><br>
<input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
<label for="lname">Descriptions:</label><br>
<input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
<label for="lname">Amount:</label><br>
<input type="text" id="lname" name="transaction_amount" value="199"><br>
<label for="lname">Callback URL:</label><br>
<input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
<label for="lname">Redirect URL:</label><br>
<input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
<label for="lname">Select bank:</label><br>
<select id="buyer_bank_code" name="buyer_bank_code"><?=$options?></select><br>
<br>
<input type="submit" value="Submit">
</form>
Rails