FPX Payment

For merchant

Endpoint URL

Environment

URL

Method

Sandbox

https://sandbox.securepay.my/api/v1/payments

Post

Production

https://securepay.my/api/v1/payments

Post

Credentials

Using authentication parameter below:

uid (Merchant API UID)

2aaa1633-e63f-4371-9b85-91d936aa56a1

token (Merchant API Auth Token)

ZyUfF8EmyabcMWPcaocX

Checksum Token (Merchant Checksum Token)

159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713

API Credentials

Request Parameters

Parameter

Description

Condition

Example

order_number

Unique order number generated by your end for reference.

compulsory

20200425132755

buyer_name

Valid buyer full name in one line.

compulsory

AHMAD AMSYAR MOHD ALI

buyer_email

Valid buyer email address for status update

compulsory

amsyar@gmail.com

buyer_phone

Valid buyer phone number.

compulsory

+60123121678

transaction_amount

Amount format: 100.20 , 1000.00, 7000.30

compulsory

1540.40

product_description

Meaningful Product Description e.g.

● Payment for order number 123

● Payment for vintage table part #89782

compulsory

Payment for order no. 20200425132755

callback_url

Server to server. Securepay platform will post the payment status.

optional

redirect_url

Browser to browser, Securepay platform will post to the endpoint browser.

optional

checksum

Signed strings for verification.

compulsory

2cb338beae0859....

token

API Token.

compulsory

ZyUfF8Emy....

params

Send up to 18 values or parameters e.g: reference1_label and reference1 .. reference18_label and reference18

optional

"params": {"reference1_label" : "Size", "reference1" : "XL", "reference2_label" : "IC No" , reference2 : "890323035586" }

redirect_post

Auto redirect to endpoint page.

optional

true

shipping_address

Shipping address

optional

"shipping_address": {"contact_name":"John Doe John Kay", "contact_phone_number":"0133121999", "line1":"JLN UNGGUL 14/12","line2":"Bukit Harimau Belang", "postcode":"46000", "city":"Shah Alam","state":"Selangor"}

billing_address

Billing address

optional

"billing_address": {"contact_name":"John Doe John Kay", "contact_phone_number":"0133121999", "line1":"JLN UNGGUL 14/12","line2":"Bukit Harimau Belang", "postcode":"46000", "city":"Shah Alam","state":"Selangor"}

buyer_bank_code

Bank code generated from the banks list

Optional

MBB0228

model

If not specify the platform will use B2C as default model. If using B2B1, set the model to B2B1. The FPX bank list also need to match with the model

optional

B2C or B2B1

fpx_bank_selection

If using securepay page for bank selection page. The bank selection can be displayed as dropdown or grid

optional

dropdown or grid

cancel_url

SecurePay page for bank selection. If set the cancel URL. Button cancel will appear.

optional

e.g:

https://yourdom.com/securepay_cancel?order_number=123123

timeout_url

SecurePay page for bank selection. if set the timeout URL. The page will timeout within 3 minutes

optional

e.g:

https://yourdom.com/securepay_timeout?order_number=123123

B2C or B2B1 please set on the API settings inside SecurePay Apps. Other settings also can be set at the settings page.

API settings page

SecurePay bank selection page

Grid bank selection

Generate Checksum

Arrange the parameter variables in ascending order as below (including API uid)


buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid

Construct the parameter values string based on the position above.


amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1

Sign the string with checksum token using HMAC SHA256


string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), checksum_token, string)


$string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
$sign = hash_hmac('sha256', $string, $checksum_token)

Generated checksum

75b54e403151b1e9b413df8ce5c426ef0dbbc9adcec58b8f5dd5c9c5c6b78844

Post the parameters

Sending all parameters in request parameter table to the payment URL by using post method

Sample Codes

<?php

//Author: amir@p.my, amir@securepay.my
//Org   : SecurePay
//We need more contribution on sample codes. Email me.

if(isset($_POST['order_number']))
{
//Change with your token	
$uid = '9097b595-b77a-4321-94c0-0a6d323b5252';
$checksum_token = 'f4e4f07afb72a56fc6681d652713522436b50f087306efec39ab7d1be5b8c684';
$auth_token = '5BXhsTmVmRBKkg6xizNB';
$url = 'https://sandbox.securepay.my/api/v1/payments';

#$_POST['order_number'] = '20200425132755';
#$_POST['buyer_name'] = 'AHMAD AMSYAR MOHD ALI';
#$_POST['buyer_email'] = 'amsyar@gmail.com';
#$_POST['buyer_phone'] = '+60123121678';
#$_POST['transaction_amount'] = '10.00';
#$_POST['product_description'] = 'Payment for order no 20200425132755';
#$_POST['callback_url'] = "";
#$_POST['redirect_url'] = "";
#$_POST['token'] = $auth_token;
#$_POST['redirect_post'] = "true";

$order_number = $_POST['order_number'];
$buyer_name = $_POST['buyer_name'];
$buyer_phone = $_POST['buyer_phone'];
$buyer_email = $_POST['buyer_email'];
$product_description = $_POST['product_description'];
$transaction_amount = $_POST['transaction_amount'];
$callback_url = $_POST['callback_url'];
$redirect_url = $_POST['redirect_url'];
$redirect_post = "true";
if(isset($_POST['buyer_bank_code'])) { 
	$buyer_bank_code = $_POST['buyer_bank_code']; 
}




//buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid 

$string = $buyer_email."|".$buyer_name."|".$buyer_phone."|".$callback_url."|".$order_number."|".$product_description."|".$redirect_url ."|".$transaction_amount."|".$uid;

#echo $string . "\n";
#string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|5d80cc30-1a42-4f9f-9d6b-a69db5d26b01"


#$string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1";
#$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713";

$sign = hash_hmac('sha256', $string, $checksum_token);

#echo $sign . "\n";

//
//echo $sign

//$hashed_string = hash_hmac($checksum_token.urldecode($_POST['product_description']).urldecode($_POST['transaction_amount']).urldecode($_POST['order_number']));

if(isset($_POST['buyer_bank_code'])) {  

$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token) 
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) . 
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&buyer_bank_code=".urlencode($buyer_bank_code);
}
else
{
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token) 
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) . 
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign);	
}


#echo $post_data. "\n";

// Generated by curl-to-PHP: http://incarnate.github.io/curl-to-php/
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post_data);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_exec($ch);

$output = curl_exec($ch);

echo $output;

}




#header('Location: ' + $output);
#exit();

#curl_close($ch);

$order_number = rand(1111111111,9999999999);

$json = file_get_contents('https://sandbox.securepay.my/api/public/v1/banks/b2c');
$obj = json_decode($json, true);
//echo $obj->access_token;
//$obj->fpx_bankList

//print_r($obj['fpx_bankList']);

$options = "";

foreach ($obj['fpx_bankList'] as $value) {
	if($value['status_format2'])
	{
	    $options .= "<option value=". $value['code'] . ">" . $value['name'] . "</option>";
	}
	else
	{
		$options .= "<option value=". $value['code'] . " disabled>" . $value['name'] . " (offline)</option>";
	}
	//echo $value['code'];
}
 
//print_r($obj->fpx_bankList);

?>
<h1>SecurePay sample code for PHP</h1>
<hr> 
<h3>Form without bank list</h3>
<form action="" method="post">
  <label for="fname">Full name:</label><br>
  <input type="text" id="fname" name="buyer_name" value="John Doe"><br>
  <label for="lname">Email:</label><br>
  <input type="text" id="lname" name="buyer_email" value="john@gmail.com"><br>
  <label for="lname">Phone No:</label><br>
  <input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
  <label for="lname">Order number:</label><br>
  <input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
  <label for="lname">Descriptions:</label><br>
  <input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
  
  <label for="lname">Callback URL:</label><br>
  <input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Redirect URL:</label><br>
  <input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Amount:</label><br>
  <input type="text" id="lname" name="transaction_amount" value="199"><br>
  <br>
  <input type="submit" value="Submit">
</form>

<hr> 

<h3>Form with bank list</h3>


<form action="" method="post">
  <label for="fname">Full name:</label><br>
  <input type="text" id="fname" name="buyer_name" value="John Doe"><br>
  <label for="lname">Email:</label><br>
  <input type="text" id="lname" name="buyer_email" value="john@gmail.com"><br>
  <label for="lname">Phone No:</label><br>
  <input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
  <label for="lname">Order number:</label><br>
  <input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
  <label for="lname">Descriptions:</label><br>
  <input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
  <label for="lname">Amount:</label><br>
  <input type="text" id="lname" name="transaction_amount" value="199"><br>
  <label for="lname">Callback URL:</label><br>
  <input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Redirect URL:</label><br>
  <input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Select bank:</label><br>
  <select id="buyer_bank_code" name="buyer_bank_code"><?=$options?></select><br>
  
  <br>
  <input type="submit" value="Submit">
</form>

PreviousBank List NextPartner

Last updated 3 years ago

Was this helpful?

Endpoint URL

Environment

URL

Method

Sandbox

https://sandbox.securepay.my/api/v1/payments

Post

Production

https://securepay.my/api/v1/payments

Post

Credentials

Using authentication parameter below:

uid (Merchant API UID)

2aaa1633-e63f-4371-9b85-91d936aa56a1

token (Merchant API Auth Token)

ZyUfF8EmyabcMWPcaocX

Checksum Token (Merchant Checksum Token)

159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713

API Credentials

Request Parameters

Parameter

Description

Condition

Example

order_number

Unique order number generated by your end for reference.

compulsory

20200425132755

buyer_name

Valid buyer full name in one line.

compulsory

AHMAD AMSYAR MOHD ALI

buyer_email

Valid buyer email address for status update

compulsory

amsyar@gmail.com

buyer_phone

Valid buyer phone number.

compulsory

+60123121678

transaction_amount

Amount format: 100.20 , 1000.00, 7000.30

compulsory

1540.40

product_description

Meaningful Product Description e.g.

● Payment for order number 123

● Payment for vintage table part #89782

compulsory

Payment for order no. 20200425132755

callback_url

Server to server. Securepay platform will post the payment status.

optional

redirect_url

Browser to browser, Securepay platform will post to the endpoint browser.

optional

checksum

Signed strings for verification.

compulsory

2cb338beae0859....

token

API Token.

compulsory

ZyUfF8Emy....

params

Send up to 18 values or parameters e.g: reference1_label and reference1 .. reference18_label and reference18

optional

"params": {"reference1_label" : "Size", "reference1" : "XL", "reference2_label" : "IC No" , reference2 : "890323035586" }

redirect_post

Auto redirect to endpoint page.

optional

true

shipping_address

Shipping address

optional

billing_address

Billing address

optional

buyer_bank_code

Bank code generated from the banks list

Optional

MBB0228

model

If not specify the platform will use B2C as default model. If using B2B1, set the model to B2B1. The FPX bank list also need to match with the model

optional

B2C or B2B1

fpx_bank_selection

If using securepay page for bank selection page. The bank selection can be displayed as dropdown or grid

optional

dropdown or grid

cancel_url

SecurePay page for bank selection. If set the cancel URL. Button cancel will appear.

optional

e.g:

https://yourdom.com/securepay_cancel?order_number=123123

timeout_url

SecurePay page for bank selection. if set the timeout URL. The page will timeout within 3 minutes

optional

e.g:

https://yourdom.com/securepay_timeout?order_number=123123

B2C or B2B1 please set on the API settings inside SecurePay Apps. Other settings also can be set at the settings page.

API settings page

SecurePay bank selection page

Grid bank selection

Generate Checksum

Arrange the parameter variables in ascending order as below (including API uid)


buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid

Construct the parameter values string based on the position above.


amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1

Sign the string with checksum token using HMAC SHA256


string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), checksum_token, string)


$string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
$sign = hash_hmac('sha256', $string, $checksum_token)

Generated checksum

75b54e403151b1e9b413df8ce5c426ef0dbbc9adcec58b8f5dd5c9c5c6b78844

Post the parameters

Sending all parameters in request parameter table to the payment URL by using post method

Sample Codes

<?php

//Author: amir@p.my, amir@securepay.my
//Org   : SecurePay
//We need more contribution on sample codes. Email me.

if(isset($_POST['order_number']))
{
//Change with your token	
$uid = '9097b595-b77a-4321-94c0-0a6d323b5252';
$checksum_token = 'f4e4f07afb72a56fc6681d652713522436b50f087306efec39ab7d1be5b8c684';
$auth_token = '5BXhsTmVmRBKkg6xizNB';
$url = 'https://sandbox.securepay.my/api/v1/payments';

#$_POST['order_number'] = '20200425132755';
#$_POST['buyer_name'] = 'AHMAD AMSYAR MOHD ALI';
#$_POST['buyer_email'] = 'amsyar@gmail.com';
#$_POST['buyer_phone'] = '+60123121678';
#$_POST['transaction_amount'] = '10.00';
#$_POST['product_description'] = 'Payment for order no 20200425132755';
#$_POST['callback_url'] = "";
#$_POST['redirect_url'] = "";
#$_POST['token'] = $auth_token;
#$_POST['redirect_post'] = "true";

$order_number = $_POST['order_number'];
$buyer_name = $_POST['buyer_name'];
$buyer_phone = $_POST['buyer_phone'];
$buyer_email = $_POST['buyer_email'];
$product_description = $_POST['product_description'];
$transaction_amount = $_POST['transaction_amount'];
$callback_url = $_POST['callback_url'];
$redirect_url = $_POST['redirect_url'];
$redirect_post = "true";
if(isset($_POST['buyer_bank_code'])) { 
	$buyer_bank_code = $_POST['buyer_bank_code']; 
}




//buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid 

$string = $buyer_email."|".$buyer_name."|".$buyer_phone."|".$callback_url."|".$order_number."|".$product_description."|".$redirect_url ."|".$transaction_amount."|".$uid;

#echo $string . "\n";
#string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|5d80cc30-1a42-4f9f-9d6b-a69db5d26b01"


#$string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1";
#$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713";

$sign = hash_hmac('sha256', $string, $checksum_token);

#echo $sign . "\n";

//
//echo $sign

//$hashed_string = hash_hmac($checksum_token.urldecode($_POST['product_description']).urldecode($_POST['transaction_amount']).urldecode($_POST['order_number']));

if(isset($_POST['buyer_bank_code'])) {  

$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token) 
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) . 
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&buyer_bank_code=".urlencode($buyer_bank_code);
}
else
{
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token) 
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) . 
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign);	
}


#echo $post_data. "\n";

// Generated by curl-to-PHP: http://incarnate.github.io/curl-to-php/
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post_data);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_exec($ch);

$output = curl_exec($ch);

echo $output;

}




#header('Location: ' + $output);
#exit();

#curl_close($ch);

$order_number = rand(1111111111,9999999999);

$json = file_get_contents('https://sandbox.securepay.my/api/public/v1/banks/b2c');
$obj = json_decode($json, true);
//echo $obj->access_token;
//$obj->fpx_bankList

//print_r($obj['fpx_bankList']);

$options = "";

foreach ($obj['fpx_bankList'] as $value) {
	if($value['status_format2'])
	{
	    $options .= "<option value=". $value['code'] . ">" . $value['name'] . "</option>";
	}
	else
	{
		$options .= "<option value=". $value['code'] . " disabled>" . $value['name'] . " (offline)</option>";
	}
	//echo $value['code'];
}
 
//print_r($obj->fpx_bankList);

?>
<h1>SecurePay sample code for PHP</h1>
<hr> 
<h3>Form without bank list</h3>
<form action="" method="post">
  <label for="fname">Full name:</label><br>
  <input type="text" id="fname" name="buyer_name" value="John Doe"><br>
  <label for="lname">Email:</label><br>
  <input type="text" id="lname" name="buyer_email" value="john@gmail.com"><br>
  <label for="lname">Phone No:</label><br>
  <input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
  <label for="lname">Order number:</label><br>
  <input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
  <label for="lname">Descriptions:</label><br>
  <input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
  
  <label for="lname">Callback URL:</label><br>
  <input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Redirect URL:</label><br>
  <input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Amount:</label><br>
  <input type="text" id="lname" name="transaction_amount" value="199"><br>
  <br>
  <input type="submit" value="Submit">
</form>

<hr> 

<h3>Form with bank list</h3>


<form action="" method="post">
  <label for="fname">Full name:</label><br>
  <input type="text" id="fname" name="buyer_name" value="John Doe"><br>
  <label for="lname">Email:</label><br>
  <input type="text" id="lname" name="buyer_email" value="john@gmail.com"><br>
  <label for="lname">Phone No:</label><br>
  <input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
  <label for="lname">Order number:</label><br>
  <input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
  <label for="lname">Descriptions:</label><br>
  <input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
  <label for="lname">Amount:</label><br>
  <input type="text" id="lname" name="transaction_amount" value="199"><br>
  <label for="lname">Callback URL:</label><br>
  <input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Redirect URL:</label><br>
  <input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Select bank:</label><br>
  <select id="buyer_bank_code" name="buyer_bank_code"><?=$options?></select><br>
  
  <br>
  <input type="submit" value="Submit">
</form>