FPX Payment
For merchant
Environment | URL | Method |
Sandbox | https://sandbox.securepay.my/api/v1/payments | Post |
Production | https://securepay.my/api/v1/payments | Post |
Using authentication parameter below:
| |
uid (Merchant API UID) | 2aaa1633-e63f-4371-9b85-91d936aa56a1 |
token (Merchant API Auth Token) | ZyUfF8EmyabcMWPcaocX |
Checksum Token (Merchant Checksum Token) | 159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713 |

Parameter | Description | Condition | Example |
order_number | Unique order number generated by your end for reference. | compulsory | 20200425132755 |
buyer_name | Valid buyer full name in one line. | compulsory | AHMAD AMSYAR MOHD ALI |
buyer_email | Valid buyer email address for status update | compulsory | |
buyer_phone | Valid buyer phone number. | compulsory | +60123121678 |
transaction_amount | Amount format: 100.20 , 1000.00, 7000.30 | compulsory | 1540.40 |
product_description | Meaningful Product Description e.g. ● Payment for order number 123 ● Payment for vintage table part #89782 | compulsory | Payment for order no. 20200425132755 |
callback_url | Server to server. Securepay platform will post the payment status. | optional | |
redirect_url | Browser to browser, Securepay platform will post to the endpoint browser. | optional | |
checksum | Signed strings for verification. | compulsory | 2cb338beae0859.... |
token | API Token. | compulsory | ZyUfF8Emy.... |
params | Send up to 18 values or parameters e.g: reference1_label and reference1 .. reference18_label and reference18 | optional | "params": {"reference1_label" : "Size", "reference1" : "XL", "reference2_label" : "IC No" , reference2 : "890323035586" } |
redirect_post | Auto redirect to endpoint page. | optional | true |
shipping_address | Shipping address | optional | "shipping_address": {"contact_name":"John Doe John Kay", "contact_phone_number":"0133121999", "line1":"JLN UNGGUL 14/12","line2":"Bukit Harimau Belang", "postcode":"46000", "city":"Shah Alam","state":"Selangor"} |
billing_address | Billing address | optional | "billing_address": {"contact_name":"John Doe John Kay", "contact_phone_number":"0133121999", "line1":"JLN UNGGUL 14/12","line2":"Bukit Harimau Belang", "postcode":"46000", "city":"Shah Alam","state":"Selangor"} |
buyer_bank_code | Bank code generated from the banks list | Optional | MBB0228 |
model | If not specify the platform will use B2C as default model. If using B2B1, set the model to B2B1. The FPX bank list also need to match with the model | optional | B2C or B2B1 |
fpx_bank_selection | If using securepay page for bank selection page. The bank selection can be displayed as dropdown or grid | optional | dropdown or grid |
cancel_url | SecurePay page for bank selection. If set the cancel URL. Button cancel will appear. | optional | e.g: https://yourdom.com/securepay_cancel?order_number=123123 |
timeout_url | SecurePay page for bank selection. if set the timeout URL. The page will timeout within 3 minutes | optional | e.g: https://yourdom.com/securepay_timeout?order_number=123123 |
B2C or B2B1 please set on the API settings inside SecurePay Apps. Other settings also can be set at the settings page.



Only these parameters are needed to generate checksum:
buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
- Arrange the parameter variables in ascending order as below (including API uid)
buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
- Construct the parameter values string based on the position above.
[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1
- Sign the string with checksum token using HMAC SHA256
Ruby
PHP
string = "[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), checksum_token, string)
$string = "[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
$sign = hash_hmac('sha256', $string, $checksum_token)
- Generated checksum
75b54e403151b1e9b413df8ce5c426ef0dbbc9adcec58b8f5dd5c9c5c6b78844
Sending all parameters in request parameter table to the payment URL by using post method
PHP
Rails
<?php
//Author: [email protected], [email protected]
//Org : SecurePay
//We need more contribution on sample codes. Email me.
if(isset($_POST['order_number']))
{
//Change with your token
$uid = '9097b595-b77a-4321-94c0-0a6d323b5252';
$checksum_token = 'f4e4f07afb72a56fc6681d652713522436b50f087306efec39ab7d1be5b8c684';
$auth_token = '5BXhsTmVmRBKkg6xizNB';
$url = 'https://sandbox.securepay.my/api/v1/payments';
#$_POST['order_number'] = '20200425132755';
#$_POST['buyer_name'] = 'AHMAD AMSYAR MOHD ALI';
#$_POST['buyer_email'] = '[email protected]';
#$_POST['buyer_phone'] = '+60123121678';
#$_POST['transaction_amount'] = '10.00';
#$_POST['product_description'] = 'Payment for order no 20200425132755';
#$_POST['callback_url'] = "";
#$_POST['redirect_url'] = "";
#$_POST['token'] = $auth_token;
#$_POST['redirect_post'] = "true";
$order_number = $_POST['order_number'];
$buyer_name = $_POST['buyer_name'];
$buyer_phone = $_POST['buyer_phone'];
$buyer_email = $_POST['buyer_email'];
$product_description = $_POST['product_description'];
$transaction_amount = $_POST['transaction_amount'];
$callback_url = $_POST['callback_url'];
$redirect_url = $_POST['redirect_url'];
$redirect_post = "true";
if(isset($_POST['buyer_bank_code'])) {
$buyer_bank_code = $_POST['buyer_bank_code'];
}
//buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
$string = $buyer_email."|".$buyer_name."|".$buyer_phone."|".$callback_url."|".$order_number."|".$product_description."|".$redirect_url ."|".$transaction_amount."|".$uid;
#echo $string . "\n";
#string = "[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|5d80cc30-1a42-4f9f-9d6b-a69db5d26b01"
#$string = "[email protected]|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1";
#$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713";