SecurePay
Search…
FPX Payment
For merchant

Endpoint URL

Environment
URL
Method
Sandbox
https://sandbox.securepay.my/api/v1/payments
Post
Production
https://securepay.my/api/v1/payments
Post

Credentials

Using authentication parameter below:
uid (Merchant API UID)
2aaa1633-e63f-4371-9b85-91d936aa56a1
token (Merchant API Auth Token)
ZyUfF8EmyabcMWPcaocX
Checksum Token (Merchant Checksum Token)
159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713

API Credentials

Request Parameters

Parameter
Description
Condition
Example
order_number
Unique order number generated by your end for reference.
compulsory
20200425132755
buyer_name
Valid buyer full name in one line.
compulsory
AHMAD AMSYAR MOHD ALI
buyer_email
Valid buyer email address for status update
compulsory
buyer_phone
Valid buyer phone number.
compulsory
+60123121678
transaction_amount
Amount format: 100.20 , 1000.00, 7000.30
compulsory
1540.40
product_description
Meaningful Product Description e.g.
● Payment for order number 123
● Payment for vintage table part #89782
compulsory
Payment for order no. 20200425132755
callback_url
Server to server. Securepay platform will post the payment status.
optional
redirect_url
Browser to browser, Securepay platform will post to the endpoint browser.
optional
checksum
Signed strings for verification.
compulsory
2cb338beae0859....
token
API Token.
compulsory
ZyUfF8Emy....
params
Send up to 18 values or parameters e.g: reference1_label and reference1 .. reference18_label and reference18
optional
"params": {"reference1_label" : "Size", "reference1" : "XL", "reference2_label" : "IC No" , reference2 : "890323035586" }
redirect_post
Auto redirect to endpoint page.
optional
true
shipping_address
Shipping address
optional
"shipping_address": {"contact_name":"John Doe John Kay", "contact_phone_number":"0133121999", "line1":"JLN UNGGUL 14/12","line2":"Bukit Harimau Belang", "postcode":"46000", "city":"Shah Alam","state":"Selangor"}
billing_address
Billing address
optional
"billing_address": {"contact_name":"John Doe John Kay", "contact_phone_number":"0133121999", "line1":"JLN UNGGUL 14/12","line2":"Bukit Harimau Belang", "postcode":"46000", "city":"Shah Alam","state":"Selangor"}
buyer_bank_code
Bank code generated from the banks list
Optional
MBB0228
model
If not specify the platform will use B2C as default model. If using B2B1, set the model to B2B1. The FPX bank list also need to match with the model
optional
B2C or B2B1
fpx_bank_selection
If using securepay page for bank selection page. The bank selection can be displayed as dropdown or grid
optional
dropdown or grid
cancel_url
SecurePay page for bank selection. If set the cancel URL. Button cancel will appear.
optional
e.g:
https://yourdom.com/securepay_cancel?order_number=123123
timeout_url
SecurePay page for bank selection. if set the timeout URL. The page will timeout within 3 minutes
optional
e.g:
https://yourdom.com/securepay_timeout?order_number=123123
B2C or B2B1 please set on the API settings inside SecurePay Apps. Other settings also can be set at the settings page.

API settings page

SecurePay bank selection page

Grid bank selection

Generate Checksum

Only these parameters are needed to generate checksum: buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
  • Arrange the parameter variables in ascending order as below (including API uid)
buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
  • Construct the parameter values string based on the position above.
[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1
  • Sign the string with checksum token using HMAC SHA256
Ruby
PHP
string = "[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1​"
checksum_token = "​159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713​"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), checksum_token, string)
$string ="​[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1​"
$checksum_token ="159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713​"
$sign = hash_hmac('sha256', $string, $checksum_token)
  • Generated checksum
75b54e403151b1e9b413df8ce5c426ef0dbbc9adcec58b8f5dd5c9c5c6b78844

Post the parameters

Sending all parameters in request parameter table to the payment URL by using post method

Sample Codes

PHP
Rails
<?php
//Org : SecurePay
//We need more contribution on sample codes. Email me.
if(isset($_POST['order_number']))
{
//Change with your token
$uid = '9097b595-b77a-4321-94c0-0a6d323b5252';
$checksum_token = 'f4e4f07afb72a56fc6681d652713522436b50f087306efec39ab7d1be5b8c684';
$auth_token = '5BXhsTmVmRBKkg6xizNB';
$url = 'https://sandbox.securepay.my/api/v1/payments';
#$_POST['order_number'] = '20200425132755';
#$_POST['buyer_name'] = 'AHMAD AMSYAR MOHD ALI';
#$_POST['buyer_email'] = '[email protected]';
#$_POST['buyer_phone'] = '+60123121678';
#$_POST['transaction_amount'] = '10.00';
#$_POST['product_description'] = 'Payment for order no 20200425132755';
#$_POST['callback_url'] = "";
#$_POST['redirect_url'] = "";
#$_POST['token'] = $auth_token;
#$_POST['redirect_post'] = "true";
$order_number = $_POST['order_number'];
$buyer_name = $_POST['buyer_name'];
$buyer_phone = $_POST['buyer_phone'];
$buyer_email = $_POST['buyer_email'];
$product_description = $_POST['product_description'];
$transaction_amount = $_POST['transaction_amount'];
$callback_url = $_POST['callback_url'];
$redirect_url = $_POST['redirect_url'];
$redirect_post = "true";
if(isset($_POST['buyer_bank_code'])) {
$buyer_bank_code = $_POST['buyer_bank_code'];
}
//buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
$string = $buyer_email."|".$buyer_name."|".$buyer_phone."|".$callback_url."|".$order_number."|".$product_description."|".$redirect_url ."|".$transaction_amount."|".$uid;
#echo $string . "\n";
#string = "[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|5d80cc30-1a42-4f9f-9d6b-a69db5d26b01​"
#$string = "[email protected]|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1​";
#$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713​";
$sign = hash_hmac('sha256', $string, $checksum_token);
#echo $sign . "\n";
//
//echo $sign
//$hashed_string = hash_hmac($checksum_token.urldecode($_POST['product_description']).urldecode($_POST['transaction_amount']).urldecode($_POST['order_number']));
if(isset($_POST['buyer_bank_code'])) {
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token)
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) .
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&buyer_bank_code=".urlencode($buyer_bank_code);
}
else
{
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token)
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) .
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign);
}
#echo $post_data. "\n";
// Generated by curl-to-PHP: http://incarnate.github.io/curl-to-php/
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_exec($ch);
$output = curl_exec($ch);
echo $output;
}
#header('Location: ' + $output);
#exit();
#curl_close($ch);
$order_number = rand(1111111111,9999999999);
$json = file_get_contents('https://sandbox.securepay.my/api/public/v1/banks/b2c');
$obj = json_decode($json, true);
//echo $obj->access_token;
//$obj->fpx_bankList
//print_r($obj['fpx_bankList']);
$options = "";
foreach ($obj['fpx_bankList'] as $value) {
if($value['status_format2'])
{
$options .= "<option value=". $value['code'] . ">" . $value['name'] . "</option>";
}
else
{
$options .= "<option value=". $value['code'] . " disabled>" . $value['name'] . " (offline)</option>";
}
//echo $value['code'];
}
//print_r($obj->fpx_bankList);
?>
<h1>SecurePay sample code for PHP</h1>
<hr>
<h3>Form without bank list</h3>
<form action="" method="post">
<label for="fname">Full name:</label><br>
<input type="text" id="fname" name="buyer_name" value="John Doe"><br>
<label for="lname">Email:</label><br>
<input type="text" id="lname" name="buyer_email" value="[email protected]"><br>
<label for="lname">Phone No:</label><br>
<input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
<label for="lname">Order number:</label><br>
<input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
<label for="lname">Descriptions:</label><br>
<input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
<label for="lname">Callback URL:</label><br>
<input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
<label for="lname">Redirect URL:</label><br>
<input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
<label for="lname">Amount:</label><br>
<input type="text" id="lname" name="transaction_amount" value="199"><br>
<br>
<input type="submit" value="Submit">
</form>
<hr>
<h3>Form with bank list</h3>
<form action="" method="post">
<label for="fname">Full name:</label><br>
<input type="text" id="fname" name="buyer_name" value="John Doe"><br>
<label for="lname">Email:</label><br>
<input type="text" id="lname" name="buyer_email" value="[email protected]"><br>
<label for="lname">Phone No:</label><br>
<input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
<label for="lname">Order number:</label><br>
<input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
<label for="lname">Descriptions:</label><br>
<input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
<label for="lname">Amount:</label><br>
<input type="text" id="lname" name="transaction_amount" value="199"><br>
<label for="lname">Callback URL:</label><br>
<input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
<label for="lname">Redirect URL:</label><br>
<input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
<label for="lname">Select bank:</label><br>
<select id="buyer_bank_code" name="buyer_bank_code"><?=$options?></select><br>
<br>
<input type="submit" value="Submit">
</form>

Last modified 1yr ago
Copy link
Outline
Endpoint URL
Credentials
API Credentials
Request Parameters
Generate Checksum
Post the parameters
Sample Codes