3D Get Token
Why 3D?
3D authentication provides a more secure way of authenticating the ownership of the card holders. When requesting a payment token, card holder need to enter the OTP (one time password) to prove that they are the owner of the card. This will block any use of unauthorized cards for senangPay tokenization.
How does it work?
This is not a RESTful API. The flow of the new Get Token method consists of multiple web views. You can either have an HTML form that will send the required parameters OR you can send as query string parameters (GET). If you are implementing tokenization on a mobile app, you need to implement it in a web view/iframe. We wish to convey our apologies because, at the moment, we are not providing any SDK.
Will senangPay charge card holders for card validation?
senangPay may make two transactions of RM1 on the card, to prove that the card is valid and can perform both 3D and 2D transactions. Both transactions will be reversed back to the card. However, it may take several days for the bank to reverse the money back to the card.
Tokenization Return URL & Callback URL
Before anything else, you need to provide the Tokenization Return URL and Callback URL. Tokenization Return URL is the URL where senangPay will redirect the card holders to after the payment (card validation) has been processed. This will the the page where the user will see or landed after card validation.
1. While Tokenization Callback URL is the URL to your backend, where senangPay will send notifications about the card validation status.
2. You need to provide the URLs at Your senangPay Dashboard > Settings > Profile > Shopping Cart Integration Link
3. Fill in the Tokenization Return URL and Tokenization Callback URL field.
Integration Method
1. 3D Get token (This is not REST)
Production URL Endpoint (GET/POST) | https://app.senangpay.my/tokenization/{merchant_id} |
Sandbox URL Endpoint (GET/POST) | https://sandbox.senangpay.my/tokenization/{merchant_id} |
2. Request Parameter (All Mandatory)
Item | Details |
---|---|
order_id | Used by your system to track the request and response. It can be any value. |
name | Your customer’s name. Maximum length is 100.
|
Your customer’s email.
| |
phone | Your customer’s phone number.
|
hash | This hash confirms you are an active senangPay merchant. Generate it using HMAC SHA256 with your senangPay secret key. Here’s a simple PHP example: For example, hashing
|
3. Respond Parameter
Item | Details |
---|---|
| Token creation status.
|
| The order id provided earlier. |
| Generated if card validation succeeds, used for future payments. If validation fails, the token value is |
| Last four digits of the card, displayed as |
| Indicates the card type, either |
| Card validation status message. Provides different messages Card validation status message, detailing success or failure reasons. |
| Generated by senangPay to verify the response. Use HMAC SHA256 with your secret key to validate it. Here’s a PHP example: $hash = hash_hmac(‘sha256’,$string_to_hash,$secret_key); ?> |
** The "Test it" option is available when using Firefox or Safari to test the API
4. Callback
The callback URL is used as an alternative notification to merchant backend in case there is a breakdown in transaction flow. This is optional so you can opt not to use this feature. However, this feature is recommended to ensure data integrity between a merchant’s system and senangPay.
The callback process will send the same parameters as what is being sent to the return URL. The callback URL must print out a simple ‘OK’ without any HTML tags. The OK response is needed in order for the callback function to know if it has successfully sent the callback data.
senangPay will fire the callback one minute after the validation is done.
Last updated