Callback and Redirect URL

Redirect URL (redirect_url)

Merchant/partner can set redirect_url during sending payment POST parameters. Redirect URL is browser to browser communication. After the bank transaction from the browser. The user will be redirected to this URL, merchant can set their own page. Information will be posted (POST method) to the URL. By default user will be redirected to SecurePay status page if the redirect URL is nil.

Callback URL (callback_url)

Merchant/partner can set callback_url during sending payment POST parameters. Callback URL is server to server communication. SecurePay server sends the transaction status to the merchant callback server (based on callback URL). It's very important, if error occur on the redirect URL.

Parameter from redirect and callback URL

This parameters will be sent to the URL by using POST method.

Parameter

Description

source

FPX or Credit Card

payment_status

True or False

currency

RM or other currency

transaction_amount

Transaction amount

transaction_amount_received

Amount received, if payment_status false set to 0.00

order_number

Order number send previously by merchant partner

merchant_reference_number

This number is generated by SecurePay Platform

exchange_number

This number is generated by SecurePay Platform

buyer_name

Buyer name

buyer_phone

Buyer phone

buyer_email

Buyer email

payment_id

For reference

client_ip

Client IP address

status_url

SecurePay status URL

retry_url

Any failed payment, can make retry using this links

receipt_url

SecurePay PDF receipt URL

checksum

Checksum generated by SecurePay for verification by merchant/partner

transaction_fee

Transaction fee amount paid, merchant - deduct from amount, customer - customer will for the fee, credit - deduct from credit account.

payment_mode

merchant - deduct from amount, customer - customer will for the fee, credit - deduct from credit account.

payment_method

fpx online banking or fpx credit card

fpx_model

B2C - consumer or B2B1 - business

fpx_debit_auth_code

00 - success, 99 - pending approval, other codes - unsuccessful .. If perform B2B1, there will be code 99 , after approval the server will send callback with code 00

params

Resend params from API

Checksum is use to verify message that are received by SecurePay Platform for redirect and callback. The verification will be done on the merchant/partner side. (the string also need to include uid).

Guide to generate checksum

Compulsory to use function that automatically sort the key and later replace with the value. Params will keep updating time to time.

Example

PHP
Rails or Ruby
PHP
<?php
//Compulsory to use function that automatically sort the key and later replace with the value. Params will keep updating time to time.
private $checksum_token;
public function verify(Request $request)
{
$data = $request->all();
ksort($data);
$checksum = $data['checksum'];
unset($data['checksum']);
$string = implode('|', $data);
$sign = hash_hmac('sha256', $string, $this->checksum_token);
return ($sign == $checksum);
}
?>
Rails or Ruby
#Compulsory to use function that automatically sort the key and later replace with the value. Params will keep updating time to time.
#Token: df8aa0d55308ee762d2a5ce675cb9cfb4f85a59e41723573010e9c3f99f5457b
#Data: {:source=>"FPX", :fpx_name=>"[email protected]()/ .-&BUYER", :fpx_bank=>"SBI BANK A", :fpx_transaction_id=>"2106141733330972", :fpx_status=>true, :fpx_status_message=>"Transaction Approved", :fpx_transaction_time=>"20210614173333", :fpx_model=>"B2C", :fpx_debit_auth_code=>"00", :payment_status=>true, :payment_method=>"fpx_online_banking", :payment_mode=>"customer", :transaction_fee=>"1.50", :currency=>"MYR", :amount=>"25.64", :order_number=>"20210614173332470", :merchant_reference_number=>nil, :exchange_number=>"MHQWK1623663213", :buyer_name=>"MOHD KHAIRI MOHD ADNAN", :buyer_phone=>"+600139803112", :buyer_email=>"[email protected]", :payment_stage=>"payment_successful", :merchant_name=>"Muslimah Next Store", :merchant_co_number=>"x111222122y", :payment_id=>5747, :client_ip=>"60.53.196.69", :uid=>"c111e3bc3c9c22d572dc", :status_url=>"https://sandbox.securepay.my/api/v1/status/MHQWK1623663213?uid=c111e3bc3c9c22d572dc", :retry_url=>nil, :receipt_url=>"https://sandbox.securepay.my/api/v1/receipt/MHQWK1623663213.pdf?uid=c111e3bc3c9c22d572dc", :params=>nil, :created_at=>Mon, 14 Jun 2021 17:33:48 +08 +08:00, :created_at_unixtime=>"1623663228", :token=>"6mtetdxEvzj6KJ9htyTy"}
def CheckSum.generate(token = "no_token", **data)
data_sort_asc = data.sort_by {|k, v| k}
data_string = data_sort_asc.map {|k,v| v}.join("|")
generate_checksum = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, data_string)
return generate_checksum
end
#Step 1 Sort key: amount|buyer_email|buyer_name|buyer_phone|client_ip|created_at|created_at_unixtime|currency|exchange_number|fpx_bank|fpx_debit_auth_code|fpx_model|fpx_name|fpx_status|fpx_status_message|fpx_transaction_id|fpx_transaction_time|merchant_co_number|merchant_name|merchant_reference_number|order_number|params|payment_id|payment_method|payment_mode|payment_stage|payment_status|receipt_url|retry_url|source|status_url|token|transaction_fee|uid
#Step 2 replace with value: 25.64|[email protected]|MOHD KHAIRI MOHD ADNAN|+600139803112|60.53.196.69|2021-06-14 17:33:48 +0800|1623663228|MYR|MHQWK1623663213|SBI BANK A|00|B2C|[email protected]()/ .-&BUYER|true|Transaction Approved|2106141733330972|20210614173333|x111222122y|Muslimah Next Store||20210614173332470||5747|fpx_online_banking|customer|payment_successful|true|https://sandbox.securepay.my/api/v1/receipt/MHQWK1623663213.pdf?uid=c111e3bc3c9c22d572dc||FPX|https://sandbox.securepay.my/api/v1/status/MHQWK1623663213?uid=c111e3bc3c9c22d572dc|6mtetdxEvzj6KJ9htyTy|1.50|c111e3bc3c9c22d572dc
#Generated Checksum: 41712f0c155d1799c08e13add760de00b6a39e5a340360569253c360c2a40bbf