FPX Payment

For partner

Preferred partner can have their own ID for processing payment. Merchant will use their own API credentials as usual.

Endpoint URL

Environment

URL

Method

Sandbox

https://sandbox.securepay.my/api/v1/payments

POST

Production

https://securepay.my/api/v1/payments

POST

Credentials

Using authentication parameter below:

uid (Merchant API UID)

2aaa1633-e63f-4371-9b85-91d936aa56a1

token (Merchant API Auth Token)

ZyUfF8EmyabcMWPcaocX

Checksum Token

159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713

Partner may have many merchants. The uid and token are merchant credentials, partner only need to supply their partner_uid only. While merchant need to use theirs. In some case, partner also can be a merchant.

API Credentials

Partner UID

Every partner will be issued one or more partner UID (partner_uid). SecurePay will identified partner account by using this identifier.

Request Parameters

Parameter

Description

Condition

Example

order_number

Unique order number generated by merchant end for reference.

Compulsory

20200425132755

buyer_name

Valid buyer full name in one line.

Compulsory

AHMAD AMSYAR MOHD ALI

buyer_email

Valid buyer email address for status update

Compulsory

[email protected]

buyer_phone

Valid buyer phone number e.g: +60123121989

Compulsory

+60123121678

transaction_amount

Amount format: 100.20 , 1000.00, 7000.30

Compulsory

1540.40

product_description

Meaningful Product Description e.g.

  • Payment for order number 123

  • Payment for vintage table part #89782

Compulsory

Payment for order no 20200425132755

checksum

Signed strings for verification.

Compulsory

2cb338beae0859e.......

token

API token

Compulsory

ZyUfF8EmyabcMWPcaocX

callback_url

Server to server. Securepay platform will post the payment status.

Optional

redirect_url

Browser to browser, Securepay platform will post to the endpoint browser.

Optional

partner_uid

Partner UID value

Compulsory

c52853e0-24d6 .....

uid

API UID

Compulsory

2aaa1633-e63f ......

redirect_post

Auto redirect to endpoint page.

Optional

true

params

Send up to 18 values or parameters e.g: reference1_label and reference1 .. reference18_label and reference18

optional

"params": {"reference1_label" : "Size", "reference1" : "XL", "reference2_label" : "IC No" , "reference2" : "830102035587"

buyer_bank_code

Bank code generated from the banks list

Optional

MBB0228

shipping_address

Shipping address

optional

"shipping_address":{"contact_name":"John Doe John Kay", "contact_phone_number":"0133121999", "line1":"JLN UNGGUL 14/12","line2":"Bukit Harimau Belang", "postcode":"46000", "city":"Shah Alam","state":"Selangor"}

billing_address

Billing address

optional

"billing_address":{"contact_name":"John Doe John Kay", "contact_phone_number":"0133121999", "line1":"JLN UNGGUL 14/12","line2":"Bukit Harimau Belang", "postcode":"46000", "city":"Shah Alam","state":"Selangor"}

model

If not specify the platform will use B2C as default model. If using B2B1, set the model to B2B1. The FPX bank list also need to match with the model

optional

B2C or B2B1

fpx_bank_selection

If using securepay page for bank selection page. The bank selection can be displayed as dropdown or grid

optional

dropdown or grid

cancel_url

SecurePay page for bank selection. If set the cancel URL. Button cancel will appear.

optional

e.g:

https://yourdom.com/securepay_cancel?order_number=123123

timeout_url

SecurePay page for bank selection. if set the timeout URL. The page will timeout within 3 minutes

optional

e.g:

https://yourdom.com/securepay_timeout?order_number=123123

B2C or B2B1 please set on the API settings inside SecurePay Apps. Other settings also can be set at the settings page.

API settings page

SecurePay bank selection page

Grid bank selection

Generate Checksum

Below is how to generate checksum parameter

  1. Arrange the parameter variables in ascending order as below (except partner_uid)

buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
  1. Construct the parameter values string based on the position in point no 1.

[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1S
  • Sign the string with checksum token using HMAC256

Ruby
PHP
Ruby
string = "​[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1​"
checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713​"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), checksum_token, string)
=> "5475e02fc8c9443c055eef6bca36b5b5b7999e36c14d9890c45409ea56c53942"
PHP
$string = "[email protected]|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1​"
$checksum_token ="​159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713​"
$sign = hash_hmac('sha256', $string, $checksum_token)
=> "5475e02fc8c9443c055eef6bca36b5b5b7999e36c14d9890c45409ea56c53942"

Generate checksum from the above example:

75b54e403151b1e9b413df8ce5c426ef0dbbc9adcec58b8f5dd5c9c5c6b78844

Sending all parameters in Request Parameter Table to the payment URL by using post method

Sample Codes

PHP
Rails
PHP
<?php
//Org : SecurePay
//We need more contribution on sample codes. Email me.
if(isset($_POST['order_number']))
{
//Change with your token
$uid = '9097b595-b77a-4321-94c0-0a6d323b5252';
$checksum_token = 'f4e4f07afb72a56fc6681d652713522436b50f087306efec39ab7d1be5b8c684';
$auth_token = '5BXhsTmVmRBKkg6xizNB';
$partner_uid = 'ebeadaa9-024a-4803-8968-cca40814ba66';
$url = 'https://sandbox.securepay.my/api/v1/payments';
#$_POST['order_number'] = '20200425132755';
#$_POST['buyer_name'] = 'AHMAD AMSYAR MOHD ALI';
#$_POST['buyer_email'] = '[email protected]';
#$_POST['buyer_phone'] = '+60123121678';
#$_POST['transaction_amount'] = '10.00';
#$_POST['product_description'] = 'Payment for order no 20200425132755';
#$_POST['callback_url'] = "";
#$_POST['redirect_url'] = "";
#$_POST['token'] = $auth_token;
#$_POST['redirect_post'] = "true";
$order_number = $_POST['order_number'];
$buyer_name = $_POST['buyer_name'];
$buyer_phone = $_POST['buyer_phone'];
$buyer_email = $_POST['buyer_email'];
$product_description = $_POST['product_description'];
$transaction_amount = $_POST['transaction_amount'];
$callback_url = $_POST['callback_url'];
$redirect_url = $_POST['redirect_url'];
$redirect_post = "true";
if(isset($_POST['buyer_bank_code'])) {
$buyer_bank_code = $_POST['buyer_bank_code'];
}
//buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid
$string = $buyer_email."|".$buyer_name."|".$buyer_phone."|".$callback_url."|".$order_number."|".$product_description."|".$redirect_url ."|".$transaction_amount."|".$uid;
#echo $string . "\n";
#string = "[email protected]|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|5d80cc30-1a42-4f9f-9d6b-a69db5d26b01​"
#$string = "[email protected]|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1​";
#$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713​";
$sign = hash_hmac('sha256', $string, $checksum_token);
#echo $sign . "\n";
//
//echo $sign
//$hashed_string = hash_hmac($checksum_token.urldecode($_POST['product_description']).urldecode($_POST['transaction_amount']).urldecode($_POST['order_number']));
if(isset($_POST['buyer_bank_code'])) {
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token)
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) .
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&buyer_bank_code=".urlencode($buyer_bank_code)."&partner_uid=".urlencode($partner_uid);
}
else
{
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token)
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) .
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&partner_uid=".urlencode($partner_uid);
}
#echo $post_data. "\n";
// Generated by curl-to-PHP: http://incarnate.github.io/curl-to-php/
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_exec($ch);
$output = curl_exec($ch);
echo $output;
}
#header('Location: ' + $output);
#exit();
#curl_close($ch);
$order_number = rand(1111111111,9999999999);
$json = file_get_contents('https://sandbox.securepay.my/api/public/v1/banks/b2c');
$obj = json_decode($json, true);
//echo $obj->access_token;
//$obj->fpx_bankList
//print_r($obj['fpx_bankList']);
$options = "";
foreach ($obj['fpx_bankList'] as $value) {
if($value['status_format2'])
{
$options .= "<option value=". $value['code'] . ">" . $value['name'] . "</option>";
}
else
{
$options .= "<option value=". $value['code'] . " disabled>" . $value['name'] . " (offline)</option>";
}
//echo $value['code'];
}
//print_r($obj->fpx_bankList);
?>
<h1>SecurePay sample code for PHP</h1>
<hr>
<h3>Form without bank list</h3>
<form action="" method="post">
<label for="fname">Full name:</label><br>
<input type="text" id="fname" name="buyer_name" value="John Doe"><br>
<label for="lname">Email:</label><br>
<input type="text" id="lname" name="buyer_email" value="[email protected]"><br>
<label for="lname">Phone No:</label><br>
<input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
<label for="lname">Order number:</label><br>
<input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
<label for="lname">Descriptions:</label><br>
<input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
<label for="lname">Callback URL:</label><br>
<input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
<label for="lname">Redirect URL:</label><br>
<input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
<label for="lname">Amount:</label><br>
<input type="text" id="lname" name="transaction_amount" value="199"><br>
<br>
<input type="submit" value="Submit">
</form>
<hr>
<h3>Form with bank list</h3>
<form action="" method="post">
<label for="fname">Full name:</label><br>
<input type="text" id="fname" name="buyer_name" value="John Doe"><br>
<label for="lname">Email:</label><br>
<input type="text" id="lname" name="buyer_email" value="[email protected]"><br>
<label for="lname">Phone No:</label><br>
<input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
<label for="lname">Order number:</label><br>
<input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
<label for="lname">Descriptions:</label><br>
<input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
<label for="lname">Amount:</label><br>
<input type="text" id="lname" name="transaction_amount" value="199"><br>
<label for="lname">Callback URL:</label><br>
<input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
<label for="lname">Redirect URL:</label><br>
<input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
<label for="lname">Select bank:</label><br>
<select id="buyer_bank_code" name="buyer_bank_code"><?=$options?></select><br>
<br>
<input type="submit" value="Submit">
</form>
Rails