Secure payments via API Tokenization with verified cards

1.0 Pay credit card using token

Item	Detail
URL endpoint (POST)	https://app.senangpay.my/apiv1/pay_cc
Sandbox URL endpoint (POST)	https://app.senangpay.my/apiv1/pay_cc

Item

Detail

URL endpoint (POST)

https://app.senangpay.my/apiv1/pay_cc

Sandbox URL endpoint (POST)

https://app.senangpay.my/apiv1/pay_cc

1.1 Authorization Header (Basic Auth)

Type	Basic
Username	< your-merchant-id > As listed in the profile settings page.
Password	None, leave empty.

Type

Basic

Username

< your-merchant-id > As listed in the profile settings page.

Password

None, leave empty.

1.2 Request Parameter (All Mandatory)

Parameter Name

Parameter value/description

name

Your customer name. Maximum length is 100.

Example : Abu Bin Ali

Your customer email.

Example : ahmad@google.com

detail

Your order detail. Maximum length is 100.

Example : Order for product id #4

phone

Your customer phone number.

Example : 0109876543

order_id

Your order id. Can be number or string. Other character is invalid.

Example : 123

amount

Your order amount in integer format. Convert from decimals as necessary.

Example : if the amount is RM 2.00, you need to send 200.

token

Generated token from Get Token API

hash

A string generated using your secret key (found in your profile settings) with the HMAC SHA256 algorithm. The format is as follows: <your merchant id><name><email><phone><detail><order_id><amount> *Note: Do not include the < > characters.*

1.3 Response Parameter

Parameter Name

Parameter value / description

status

Your transaction status. 1 if successful. 0 if failed.

transaction_id

Your transaction ID number.

order_id

Your original order ID.

amount_paid

Amount transacted from the credit card in integer format.

Example : If the amount transacted is RM 2.00, it will output 200.

msg

Transaction status message. You'll receive "Payment was successful" for successful payments, or an error message if the transaction failed.

hash

A string generated using your secret key with HMAC SHA256. Format: <merchant_id><status_id><order_id> <transaction_id><amount_paid><msg> Exclude the < > characters.

1.4 Sample Response

{
   "status":1,
   "transaction_id":"14951544812820",
   "order_id":"1234",
   "amount_paid":1000,
   "msg":"Payment was successful",
   "hash":"99b6e99bb0aa663101b1e4f6f8d69c2efb41ef81a5a7aa030bf76a098a03d233"
}

Charge credit card using token

POSThttps://sandbox.senangpay.my/apiv1/pay_cc

Authorization

Body

namestring

Example: "Abu Bin Ali"

emailstring

Example: "ahmad@google.com"

detailstring

Example: "Order for product id 4"

phoneinteger

Example: 123456789

order_idstring

Example: "3432D4"

amountinteger

Example: 25.5

tokenstring

Generated token from Get Token API

Example: "D12820HJ"

hashstring

Hash generated using HMAC SHA256. Construct the hash as follows hash_hmac(‘SHA256’, < your merchant id >< name >< email >< phone >< detail >< order_id >< amount >, <merchant_secret_key>) without the < > character

Example: "a8167dd09f01ebed0b18e67b2cc2424a0d058ccc83d94803482ecdeedff7728f"

Response

Charge credit card using token

Body

statusinteger

Your transaction status. 1 if successful. 0 if failed.

Example: 1

transaction_idstring

Unique transaction ID

Example: 15899864888614642

order_idstring

Example: "3432D4"

amount_paidinteger

If the amount transacted is RM 2.00, it will output 200.

Example: 200

msgstring

Transaction status message

Example: "Payment was successful"

hashstring

Hash generated using HMAC SHA256. Construct the hash as follows hash_hmac(‘SHA256’, < your merchant id >< status_id >< order_id >< transaction_id >< amount_paid >< msg >, <merchant_secret_key>) without the < > character

Example: "a8167dd09f01ebed0b18e67b2cc2424a0d058ccc83d94803482ecdeedff7728f"

Request

<?php
  $curl = curl_init();

  curl_setopt_array($curl, array(
      CURLOPT_URL => 'https://sandbox.senangpay.my/apiv1/pay_cc',
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_ENCODING => '',
      CURLOPT_MAXREDIRS => 10,
      CURLOPT_TIMEOUT => 0,
      CURLOPT_FOLLOWLOCATION => true,
      CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
      CURLOPT_CUSTOMREQUEST => 'POST',
      CURLOPT_POSTFIELDS => http_build_query(array(
          'name' => 'amir',
          'email' => 'amir@email',
          'detail' => 'test',
          'phone' => '123456789',
          'order_id' => '123',
          'amount' => '200',
          'token' => '55200660d03fcd38d179659d487d69d17a98bbf4ee5de4b8bca2269c3b62e230',
          'hash' => '7eec18b9fe609ef5eea650d5aea9bb0a96ae7c83b101a872012dc9d5c07273b3'
      )),
      CURLOPT_HTTPHEADER => array(
          'Content-Type: application/x-www-form-urlencoded',
          'Authorization: Basic <token>'
      ),
  ));

  $response = curl_exec($curl);

  curl_close($curl);
  echo $response;
?>

Response

{
  "status": 1,
  "transaction_id": 15899864888614642,
  "order_id": "3432D4",
  "amount_paid": 200,
  "msg": "Payment was successful",
  "hash": "a8167dd09f01ebed0b18e67b2cc2424a0d058ccc83d94803482ecdeedff7728f"
}

** The "Test it" option is available when using Firefox or Safari to test the API

2.0 Enable/disable credit card

Item

Detail

URL endpoint (POST)

https://app.senangpay.my/apiv1/update_token_status

2.1 Authorization header (Basic Auth)

Type	Basic
Username	< your-merchant-id > As listed in the profile settings page.
Password	None, leave empty.

Type

Basic

Username

< your-merchant-id > As listed in the profile settings page.

Password

None, leave empty.

2.2 Request Parameter (All Mandatory)

Parameter Name	Parameter value / description
token	Generated token from Get Token API

Parameter Name

Parameter value / description

token

Generated token from Get Token API

2.3 Response Parameter

Parameter Name

Parameter value/description

msg

Message for the token is successfully disabled or enabled.

token

Generated token from Get Token API that has been disabled or enabled.

Enable / disable Credit Cards

Enable or disable Credit Card by token

POSThttps://sandbox.senangpay.my/apiv1/update_token_status

Authorization

Body

tokenstring

Generated token from Get Token API

Example: "6bcc32c3cf4c6de03f4b3c967a36606d965d54cd51eb6cb7507555e2ad7b4521"

Response

Response update token status

Body

msgstring

Status message.

Example: "Credit card successfully disabled"

tokenstring

Generated token from Get Token API

Example: "6bcc32c3cf4c6de03f4b3c967a36606d965d54cd51eb6cb7507555e2ad7b4521"

Request

<?php
  $curl = curl_init();

  curl_setopt_array($curl, array(
      CURLOPT_URL => 'https://sandbox.senangpay.my/apiv1/update_token_status',
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_ENCODING => '',
      CURLOPT_MAXREDIRS => 10,
      CURLOPT_TIMEOUT => 0,
      CURLOPT_FOLLOWLOCATION => true,
      CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
      CURLOPT_CUSTOMREQUEST => 'POST',
      CURLOPT_POSTFIELDS => http_build_query(array(
          'token' => '55200660d03fcd38d179659d487d69d17a98bbf4ee5de4b8bca2269c3b62e230'
      )),
      CURLOPT_HTTPHEADER => array(
          'Content-Type: application/x-www-form-urlencoded',
          'Authorization: Basic <token>'
      ),
  ));

  $response = curl_exec($curl);

  curl_close($curl);
  echo $response;
?>

Response

{
  "msg": "Credit card successfully disabled",
  "token": "6bcc32c3cf4c6de03f4b3c967a36606d965d54cd51eb6cb7507555e2ad7b4521"
}

** The "Test it" option is available when using Firefox or Safari to test the API

3.0 Validate payment token

Item

Detail

URL endpoint (POST)

https://app.senangpay.my/apiv1/validate_token

3.1 Authorization header (Basic Auth)

Type	Basic
Username	< your-merchant-id > As listed in the profile settings page.
Password	None, leave empty.

Type

Basic

Username

< your-merchant-id > As listed in the profile settings page.

Password

None, leave empty.

3.2 Request Parameter (All Mandatory)

Parameter Name	Parameter value / description
token	Generated token from Get Token API

Parameter Name

Parameter value / description

token

Generated token from Get Token API

3.3 Response Parameter

Parameter Name

Parameter value/description

status

Token validation result.

1 for success
0 for failure.

msg

Message on token validation. "Card has been successfully verified" if successful, or an error message if not.

token

The token from the Get Token API, unchanged, showing whether it's enabled or disabled.

Check token validity

Endpoint to validates the supplied token

POSThttps://sandbox.senangpay.my/apiv1/validate_token

Authorization

Body

tokenstring

Generated token from Get Token API

Example: "6bcc32c3cf4c6de03f4b3c967a36606d965d54cd51eb6cb7507555e2ad7b4521"

Response

Validate token

Body

statusinteger

Token validation status. 1 if success. 0 if failed.

Example: 1

msgstring

Status message.

Example: "Card has been successfully verified"

tokenstring

Generated token from Get Token API

Example: "6bcc32c3cf4c6de03f4b3c967a36606d965d54cd51eb6cb7507555e2ad7b4521"

Request

<?php
  $curl = curl_init();

  curl_setopt_array($curl, array(
      CURLOPT_URL => 'https://sandbox.senangpay.my/apiv1/validate_token',
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_ENCODING => '',
      CURLOPT_MAXREDIRS => 10,
      CURLOPT_TIMEOUT => 0,
      CURLOPT_FOLLOWLOCATION => true,
      CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
      CURLOPT_CUSTOMREQUEST => 'POST',
      CURLOPT_POSTFIELDS => http_build_query(array(
          'token' => '55200660d03fcd38d179659d487d69d17a98bbf4ee5de4b8bca2269c3b62e230'
      )),
      CURLOPT_HTTPHEADER => array(
          'Content-Type: application/x-www-form-urlencoded',
          'Authorization: Basic <token>'
      ),
  ));

  $response = curl_exec($curl);

  curl_close($curl);
  echo $response;
?>

Response

{
  "status": 1,
  "msg": "Card has been successfully verified",
  "token": "6bcc32c3cf4c6de03f4b3c967a36606d965d54cd51eb6cb7507555e2ad7b4521"
}

** The "Test it" option is available when using Firefox or Safari to test the API

Previous3D Get Token

Last updated 15 days ago