FPX Payment

For partner

Preferred partner can have their own ID for processing payment. Merchant will use their own API credentials as usual.

Endpoint URL

Credentials

Using authentication parameter below:

Partner may have many merchants. The uid and token are merchant credentials, partner only need to supply their partner_uid only. While merchant need to use theirs. In some case, partner also can be a merchant.

API Credentials

Partner UID

Every partner will be issued one or more partner UID (partner_uid). SecurePay will identified partner account by using this identifier.

Request Parameters

B2C or B2B1 please set on the API settings inside SecurePay Apps. Other settings also can be set at the settings page.

API settings page

SecurePay bank selection page

Grid bank selection

Generate Checksum

Below is how to generate checksum parameter

Arrange the parameter variables in ascending order as below (except partner_uid)

buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid

Construct the parameter values string based on the position in point no 1.

amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1S

Sign the string with checksum token using HMAC256

string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), checksum_token, string)
=> "5475e02fc8c9443c055eef6bca36b5b5b7999e36c14d9890c45409ea56c53942"

$string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
$sign = hash_hmac('sha256', $string, $checksum_token)
=> "5475e02fc8c9443c055eef6bca36b5b5b7999e36c14d9890c45409ea56c53942"

Generate checksum from the above example:

75b54e403151b1e9b413df8ce5c426ef0dbbc9adcec58b8f5dd5c9c5c6b78844

Sending all parameters in Request Parameter Table to the payment URL by using post method

Sample Codes

<?php

//Author: amir@p.my, amir@securepay.my
//Org   : SecurePay
//We need more contribution on sample codes. Email me.

if(isset($_POST['order_number']))
{
//Change with your token	
$uid = '9097b595-b77a-4321-94c0-0a6d323b5252';
$checksum_token = 'f4e4f07afb72a56fc6681d652713522436b50f087306efec39ab7d1be5b8c684';
$auth_token = '5BXhsTmVmRBKkg6xizNB';
$partner_uid = 'ebea23429-024a-4803-8968-cca40814b234';
$url = 'https://sandbox.securepay.my/api/v1/payments';

#$_POST['order_number'] = '20200425132755';
#$_POST['buyer_name'] = 'AHMAD AMSYAR MOHD ALI';
#$_POST['buyer_email'] = 'amsyar@gmail.com';
#$_POST['buyer_phone'] = '+60123121678';
#$_POST['transaction_amount'] = '10.00';
#$_POST['product_description'] = 'Payment for order no 20200425132755';
#$_POST['callback_url'] = "";
#$_POST['redirect_url'] = "";
#$_POST['token'] = $auth_token;
#$_POST['redirect_post'] = "true";

$order_number = $_POST['order_number'];
$buyer_name = $_POST['buyer_name'];
$buyer_phone = $_POST['buyer_phone'];
$buyer_email = $_POST['buyer_email'];
$product_description = $_POST['product_description'];
$transaction_amount = $_POST['transaction_amount'];
$callback_url = $_POST['callback_url'];
$redirect_url = $_POST['redirect_url'];
$redirect_post = "true";
if(isset($_POST['buyer_bank_code'])) { 
	$buyer_bank_code = $_POST['buyer_bank_code']; 
}




//buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid 

$string = $buyer_email."|".$buyer_name."|".$buyer_phone."|".$callback_url."|".$order_number."|".$product_description."|".$redirect_url ."|".$transaction_amount."|".$uid;

#echo $string . "\n";
#string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|5d80cc30-1a42-4f9f-9d6b-a69db5d26b01"


#$string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1";
#$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713";

$sign = hash_hmac('sha256', $string, $checksum_token);

#echo $sign . "\n";

//
//echo $sign

//$hashed_string = hash_hmac($checksum_token.urldecode($_POST['product_description']).urldecode($_POST['transaction_amount']).urldecode($_POST['order_number']));

if(isset($_POST['buyer_bank_code'])) {  

$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token) 
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) . 
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&buyer_bank_code=".urlencode($buyer_bank_code)."&partner_uid=".urlencode($partner_uid);
}
else
{
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token) 
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) . 
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&partner_uid=".urlencode($partner_uid);	
}


#echo $post_data. "\n";

// Generated by curl-to-PHP: http://incarnate.github.io/curl-to-php/
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post_data);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_exec($ch);

$output = curl_exec($ch);

echo $output;

}




#header('Location: ' + $output);
#exit();

#curl_close($ch);

$order_number = rand(1111111111,9999999999);

$json = file_get_contents('https://sandbox.securepay.my/api/public/v1/banks/b2c');
$obj = json_decode($json, true);
//echo $obj->access_token;
//$obj->fpx_bankList

//print_r($obj['fpx_bankList']);

$options = "";

foreach ($obj['fpx_bankList'] as $value) {
	if($value['status_format2'])
	{
	    $options .= "<option value=". $value['code'] . ">" . $value['name'] . "</option>";
	}
	else
	{
		$options .= "<option value=". $value['code'] . " disabled>" . $value['name'] . " (offline)</option>";
	}
	//echo $value['code'];
}
 
//print_r($obj->fpx_bankList);

?>
<h1>SecurePay sample code for PHP</h1>
<hr> 
<h3>Form without bank list</h3>
<form action="" method="post">
  <label for="fname">Full name:</label><br>
  <input type="text" id="fname" name="buyer_name" value="John Doe"><br>
  <label for="lname">Email:</label><br>
  <input type="text" id="lname" name="buyer_email" value="john@gmail.com"><br>
  <label for="lname">Phone No:</label><br>
  <input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
  <label for="lname">Order number:</label><br>
  <input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
  <label for="lname">Descriptions:</label><br>
  <input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
  
  <label for="lname">Callback URL:</label><br>
  <input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Redirect URL:</label><br>
  <input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Amount:</label><br>
  <input type="text" id="lname" name="transaction_amount" value="199"><br>
  <br>
  <input type="submit" value="Submit">
</form>

<hr> 

<h3>Form with bank list</h3>


<form action="" method="post">
  <label for="fname">Full name:</label><br>
  <input type="text" id="fname" name="buyer_name" value="John Doe"><br>
  <label for="lname">Email:</label><br>
  <input type="text" id="lname" name="buyer_email" value="john@gmail.com"><br>
  <label for="lname">Phone No:</label><br>
  <input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
  <label for="lname">Order number:</label><br>
  <input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
  <label for="lname">Descriptions:</label><br>
  <input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
  <label for="lname">Amount:</label><br>
  <input type="text" id="lname" name="transaction_amount" value="199"><br>
  <label for="lname">Callback URL:</label><br>
  <input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Redirect URL:</label><br>
  <input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Select bank:</label><br>
  <select id="buyer_bank_code" name="buyer_bank_code"><?=$options?></select><br>
  
  <br>
  <input type="submit" value="Submit">
</form>

PreviousBank List NextPayment Session (beta)

Last updated 1 year ago

Generate Checksum

Below is how to generate checksum parameter

Arrange the parameter variables in ascending order as below (except partner_uid)

buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid

Construct the parameter values string based on the position in point no 1.

amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1S

Sign the string with checksum token using HMAC256

string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), checksum_token, string)
=> "5475e02fc8c9443c055eef6bca36b5b5b7999e36c14d9890c45409ea56c53942"

$string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1"
$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713"
$sign = hash_hmac('sha256', $string, $checksum_token)
=> "5475e02fc8c9443c055eef6bca36b5b5b7999e36c14d9890c45409ea56c53942"

Generate checksum from the above example:

75b54e403151b1e9b413df8ce5c426ef0dbbc9adcec58b8f5dd5c9c5c6b78844

Sending all parameters in Request Parameter Table to the payment URL by using post method

Sample Codes

<?php

//Author: amir@p.my, amir@securepay.my
//Org   : SecurePay
//We need more contribution on sample codes. Email me.

if(isset($_POST['order_number']))
{
//Change with your token	
$uid = '9097b595-b77a-4321-94c0-0a6d323b5252';
$checksum_token = 'f4e4f07afb72a56fc6681d652713522436b50f087306efec39ab7d1be5b8c684';
$auth_token = '5BXhsTmVmRBKkg6xizNB';
$partner_uid = 'ebea23429-024a-4803-8968-cca40814b234';
$url = 'https://sandbox.securepay.my/api/v1/payments';

#$_POST['order_number'] = '20200425132755';
#$_POST['buyer_name'] = 'AHMAD AMSYAR MOHD ALI';
#$_POST['buyer_email'] = 'amsyar@gmail.com';
#$_POST['buyer_phone'] = '+60123121678';
#$_POST['transaction_amount'] = '10.00';
#$_POST['product_description'] = 'Payment for order no 20200425132755';
#$_POST['callback_url'] = "";
#$_POST['redirect_url'] = "";
#$_POST['token'] = $auth_token;
#$_POST['redirect_post'] = "true";

$order_number = $_POST['order_number'];
$buyer_name = $_POST['buyer_name'];
$buyer_phone = $_POST['buyer_phone'];
$buyer_email = $_POST['buyer_email'];
$product_description = $_POST['product_description'];
$transaction_amount = $_POST['transaction_amount'];
$callback_url = $_POST['callback_url'];
$redirect_url = $_POST['redirect_url'];
$redirect_post = "true";
if(isset($_POST['buyer_bank_code'])) { 
	$buyer_bank_code = $_POST['buyer_bank_code']; 
}




//buyer_email|buyer_name|buyer_phone|callback_url|order_number|product_description|redirect_url|transaction_amount|uid 

$string = $buyer_email."|".$buyer_name."|".$buyer_phone."|".$callback_url."|".$order_number."|".$product_description."|".$redirect_url ."|".$transaction_amount."|".$uid;

#echo $string . "\n";
#string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|+60123121678||20200425132755|Payment for order no 20200425132755||1540.40|5d80cc30-1a42-4f9f-9d6b-a69db5d26b01"


#$string = "amsyar@gmail.com|AHMAD AMSYAR MOHD ALI|0123121678||20200425132755|Payment for order no 20200425132755||1540.40|2aaa1633-e63f-4371-9b85-91d936aa56a1";
#$checksum_token = "159026b3b7348e2390e5a2e7a1c8466073db239c1e6800b8c27e36946b1f8713";

$sign = hash_hmac('sha256', $string, $checksum_token);

#echo $sign . "\n";

//
//echo $sign

//$hashed_string = hash_hmac($checksum_token.urldecode($_POST['product_description']).urldecode($_POST['transaction_amount']).urldecode($_POST['order_number']));

if(isset($_POST['buyer_bank_code'])) {  

$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token) 
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) . 
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&buyer_bank_code=".urlencode($buyer_bank_code)."&partner_uid=".urlencode($partner_uid);
}
else
{
$post_data = "buyer_name=".urlencode($buyer_name)."&token=". urlencode($auth_token) 
."&callback_url=".urlencode($callback_url)."&redirect_url=". urlencode($redirect_url) . 
"&order_number=".urlencode($order_number)."&buyer_email=".urlencode($buyer_email).
"&buyer_phone=".urlencode($buyer_phone)."&transaction_amount=".urlencode($transaction_amount).
"&product_description=".urlencode($product_description)."&redirect_post=".urlencode($redirect_post).
"&checksum=".urlencode($sign)."&partner_uid=".urlencode($partner_uid);	
}


#echo $post_data. "\n";

// Generated by curl-to-PHP: http://incarnate.github.io/curl-to-php/
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post_data);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_exec($ch);

$output = curl_exec($ch);

echo $output;

}




#header('Location: ' + $output);
#exit();

#curl_close($ch);

$order_number = rand(1111111111,9999999999);

$json = file_get_contents('https://sandbox.securepay.my/api/public/v1/banks/b2c');
$obj = json_decode($json, true);
//echo $obj->access_token;
//$obj->fpx_bankList

//print_r($obj['fpx_bankList']);

$options = "";

foreach ($obj['fpx_bankList'] as $value) {
	if($value['status_format2'])
	{
	    $options .= "<option value=". $value['code'] . ">" . $value['name'] . "</option>";
	}
	else
	{
		$options .= "<option value=". $value['code'] . " disabled>" . $value['name'] . " (offline)</option>";
	}
	//echo $value['code'];
}
 
//print_r($obj->fpx_bankList);

?>
<h1>SecurePay sample code for PHP</h1>
<hr> 
<h3>Form without bank list</h3>
<form action="" method="post">
  <label for="fname">Full name:</label><br>
  <input type="text" id="fname" name="buyer_name" value="John Doe"><br>
  <label for="lname">Email:</label><br>
  <input type="text" id="lname" name="buyer_email" value="john@gmail.com"><br>
  <label for="lname">Phone No:</label><br>
  <input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
  <label for="lname">Order number:</label><br>
  <input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
  <label for="lname">Descriptions:</label><br>
  <input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
  
  <label for="lname">Callback URL:</label><br>
  <input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Redirect URL:</label><br>
  <input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Amount:</label><br>
  <input type="text" id="lname" name="transaction_amount" value="199"><br>
  <br>
  <input type="submit" value="Submit">
</form>

<hr> 

<h3>Form with bank list</h3>


<form action="" method="post">
  <label for="fname">Full name:</label><br>
  <input type="text" id="fname" name="buyer_name" value="John Doe"><br>
  <label for="lname">Email:</label><br>
  <input type="text" id="lname" name="buyer_email" value="john@gmail.com"><br>
  <label for="lname">Phone No:</label><br>
  <input type="text" id="lname" name="buyer_phone" value="+60129997979"><br>
  <label for="lname">Order number:</label><br>
  <input type="text" id="lname" name="order_number" value="<?=$order_number;?>"><br>
  <label for="lname">Descriptions:</label><br>
  <input type="text" id="lname" name="product_description" value="Payment for order no. <?=$order_number;?>"><br>
  <label for="lname">Amount:</label><br>
  <input type="text" id="lname" name="transaction_amount" value="199"><br>
  <label for="lname">Callback URL:</label><br>
  <input type="text" id="lname" name="callback_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Redirect URL:</label><br>
  <input type="text" id="lname" name="redirect_url" value="" placeholder="Optional"><br>
  
  <label for="lname">Select bank:</label><br>
  <select id="buyer_bank_code" name="buyer_bank_code"><?=$options?></select><br>
  
  <br>
  <input type="submit" value="Submit">
</form>