espay logo

Credit Card


Signature

All requests to and from the Espay server require a signature parameter. All traders must validate this parameter to ensure that the request only comes from the Espay server and the Merchant server.

Transaction signatures are generated using the SHA256 hash algorithm. The following explains how to generate transaction signatures:

  1. Signature key: A key is used to generate a signature that is provided by the Espay Integration Team
  2. comm_code: Parameter dealer code provided by the Espay Integration Team
  3. trx_id: Transaction ID of the merchant
  4. amount: Amount of the dealer

The order of signature combining process is as follows:

Tokenization:

  1. Signature Key
  2. comm_code
  3. trx_id
  4. amount

Capture:

  1. Signature Key
  2. comm_code
  3. trx_id
  4. amount

Void:

  1. Signature Key
  2. comm_code
  3. trx_id

Refund:

  1. Signature Key
  2. comm_code
  3. trx_id
  4. amount

These fields must be arranged in the following order, separated by ##

##comm_code##trx_id##amount##

Next, the string must be converted to UPPERCASE before the hash is performed.
Example :

##SGWTEST##test001##100000##

All strings must be capitalized as follows:

##SGWTEST##TEST001##100000##

Results according to Hashes and Algorithm256

d0f8d02e651802c0c6984794adc78c9b09cd53d504ee13456d8ee2121d20

Tokenization

This process is used when the merchant already has credit card information provided by Espay and wants to make transactions with the token.

Flow Message

Merchant → Espay

Method

HTTP Post

API URL

Development : https://sandbox-api.espay.id/rest/creditcard/tokenpayment

Production : https://api.espay.id/rest/creditcard/tokenpayment

Parameter Request:

Parameter Name Max Length Mandatory Description
rq_uuid 64 Yes Request ID. Unique ID to identify this message with other messages
rq_datetime 19 Yes Date and time on the partner server at which the message was sent
comm_code 32 Yes Dealer code registered at Espay
masked_card_no 20 Yes Masked credit card number
store_card_number 20 Yes Token given by Espay
trx_id 32 Yes A unique transaction ID number to identify the order / settlement / invoice.
description 19 Yes Payment Description
cardname 32 Yes Name of the credit card holder
email 32 Yes Credit card holder's email
ccy 5 Yes Currency
amount 20 Yes Payment amount
call_back_url 32 No Url back
signature 64 Yes The signature is created by the dealer and validated by Espay. More information can be found on this page

After making a request using the example above, the client receives a response as follows:

Parameter Response:

Parameter Name Max Length Mandatory Description
rq_uuid 4 Yes Request ID. Unique ID to identify this message and other messages
rs_datetime 32 Yes The date and time of the Espay server on which the reply message was sent
trx_id 32 Yes A unique transaction ID number to identify the order / settlement / invoice.
error_code 4 Yes Web service error code, 0000 = Successful, 9999 = Failed / timed out
error_code is only used to report the success / failure of this service as the status of successful / failed payments is sent through the payment notification service
error_message 32 Yes Error description

Capture Payment

This process is used when the trader wants to capture a transaction that is currently in progress.

Flow Message

Merchant → Espay

Method

HTTP Post

API URL

Development : https://sandbox-api.espay.id/rest/creditcard/capturepayment
Production : https://api.espay.id/rest/creditcard/capturepayment

Parameter Request:

Parameter Name Max Length Mandatory Description
rq_uuid 64 Yes Request ID. Unique ID to identify this message with other messages
rq_datetime 19 Yes Date and time on the partner server at which the message was sent
comm_code 32 Yes Dealer code registered at Espay
trx_id 32 Yes A unique transaction ID number to identify the order / settlement / invoice.
amount 20 Yes Payment amount
signature 64 Yes The signature is created by the dealer and validated by Espay. More information can be found on this page

After making a request using the example above, the client receives a response as follows:

Parameter Response:

Parameter Name Max Length Mandatory Description
rq_uuid 4 Yes Request ID. Unique ID to identify this message and other messages
rs_datetime 32 Yes The date and time of the Espay server on which the reply message was sent
trx_id 32 Yes A unique transaction ID number to identify the order / settlement / invoice.
status_transaction 32 Yes Enter the current transaction status
S: success
Q: Failed
error_code 4 Yes Web service error code, 0000 = Successful, 9999 = Failed / timed out
error_code is only used to report the success / failure of this service as the status of successful / failed payments is sent through the payment notification service
error_message 32 Yes Error description

Void Payment

This process is used when the trader wants to cancel an ongoing transaction.

Flow Message

Merchant → Espay

Method

HTTP Post

API URL

Development : https://sandbox-api.espay.id/rest/creditcard/voidpayment

Production : https://api.espay.id/rest/creditcard/voidpayment

Parameter Request:

Parameter Name Max Length Mandatory Description
rq_uuid 64 Yes Request ID. Unique ID to identify this message with other messages
rq_datetime 19 Yes Date and time on the partner server at which the message was sent
comm_code 32 Yes Dealer code registered at Espay
trx_id 32 Yes A unique transaction ID number to identify the order / settlement / invoice.
amount 20 Yes Payment amount
signature 64 Yes The signature is created by the dealer and validated by Espay. More information can be found on this page

After making a request using the example above, the client receives a response as follows: Parameter Response:

Parameter Response:

Parameter Name Max Length Mandatory Description
rq_uuid 4 Yes Request ID. Unique ID to identify this message and other messages
rs_datetime 32 Yes The date and time of the Espay server on which the reply message was sent
trx_id 32 Yes A unique transaction ID number to identify the order / settlement / invoice.
status_transaction 32 Yes Enter the current transaction status
S: success
Q: Failed
error_code 4 Yes Web service error code, 0000 = Successful, 9999 = Failed / timed out
error_code is only used to report the success / failure of this service as the status of successful / failed payments is sent through the payment notification service
error_message 32 Yes Error message

Refund Payment

This process is used when the merchant wants to refund a transaction that is currently in progress.

Flow Message

Merchant → Espay

Method

HTTP Post

API URL

Development : https://sandbox-api.espay.id/rest/creditcard/refundpayment
Production : https://api.espay.id/rest/creditcard/refundpayment

Parameter Request:

Parameter Name Max Length Mandatory Description
rq_uuid 64 Yes Request ID. Unique ID to identify this message with other messages
rq_datetime 19 Yes Date and time on the partner server at which the message was sent
comm_code 32 Yes Dealer code registered at Espay
trx_id 32 Yes A unique transaction ID number to identify the order / settlement / invoice.
amount 20 Yes Payment amount
signature 64 Yes The signature is created by the dealer and validated by Espay. More information can be found on this page

After making a request using the example above, the client receives a response as follows:

Parameter Response:

Parameter Name Max Length Mandatory Description
rq_uuid 4 Yes Request ID. Unique ID to identify this message and other messages
rs_datetime 32 Yes The date and time of the Espay server on which the reply message was sent
trx_id 32 Yes A unique transaction ID number to identify the order / settlement / invoice.
status_transaction 32 Yes Enter the current transaction status
S: success
Q: Failed
error_code 4 Yes Web service error code, 0000 = Successful, 9999 = Failed / timed out
error_code is only used to report the success / failure of this service as the status of successful / failed payments is sent through the payment notification service
error_message 32 Yes Error description 
Sample Request Tokenization

		
POST /rest/creditcard/tokenpayment HTTP/1.1
Host: sandbox-api.espay.id
Connection: keep-alive
Content-Length: 250
Content-Type: application/x-www-form-urlencoded
Accept: */*

rq_uuid=SGWHMSAMPOERNAfcf63291-9681-4934-8103-fe9598b5fddd
&rq_datetime=2021-10-12 15:17:00
&comm_code=SGWHMSAMPOERNA03
&masked_card_no=411111XXXXXX1111
&store_card_number=13051910361234614100
&trx_id=ESP1580208016A0VT
&description=Pembelian Iqos
&cardname=test&email=test@sgo.co.id
&ccy=IDR
&amount=10000
&signature=d59c9333f478457a357bdf1fd12ce07cbf0ec9ed29c18b521f5f37f4327879d3
		
	
Sample Request Capture Payment

		
POST /rest/creditcard/capturepayment HTTP/1.1
Host: sandbox-api.espay.id
Connection: keep-alive
Content-Length: 250
Content-Type: application/x-www-form-urlencoded
Accept: */*

rq_uuid=SGWMOVIC0c7f0065-c706-4b65-863d-689ab495a67a
&rq_datetime=2021-10-12 15:17:00
&comm_code=SGWMOVIC
&trx_id=MOV12102111361093
&amount=300000
&signature=2c9a29f21e7f33356abb69fe6857ea267070f2559e2463c078310f1ddcc5e06c
		
	
Sample Request Void Payment

		
POST /rest/creditcard/voidpayment HTTP/1.1
Host: sandbox-api.espay.id
Connection: keep-alive
Content-Length: 250
Content-Type: application/x-www-form-urlencoded
Accept: */*

rq_uuid=SGWMOVICfcf63291-9681-4934-8103-fe9598b5fddd
&rq_datetime=2021-10-12 15:17:00
&comm_code=SGWMOVIC
&trx_id=MOV12102111506156
&amount=300000
&signature=ec7a711b2fff5ca0d48419991f5f471dbe2ade63b5fb12eaf7ea2a0044171a36
		
	
Sample Request Refund Payment

		
POST /rest/creditcard/refundpayment HTTP/1.1
Host: sandbox-api.espay.id
Connection: keep-alive
Content-Length: 250
Content-Type: application/x-www-form-urlencoded
Accept: */*

rq_uuid=SGWMOVIC0c7f0065-c706-4b65-863d-689ab495a67a
&rq_datetime=2021-10-12 15:17:00
&comm_code=SGWMOVIC
&trx_id=MOV12102111361093
&amount=300000
&signature=2c9a29f21e7f33356abb69fe6857ea267070f2559e2463c078310f1ddcc5e06c
		
	
Sample Response Tokenization

		
	{
		"rq_uuid":"SGWHMSAMPOERNAfcf63291-9681-4934-8103-fe9598b5fddd",
		"rs_datetime":"2021-10-12 15:17:16",
		"trx_id":"MOV12102111506156",
		"error_code":"0000",
		"error_message":"Success"
	}
		
	
Sample Response Capture Payment

		
	{
		"rq_uuid":"SGWMOVIC0c7f0065-c706-4b65-863d-689ab495a67a",
		"rs_datetime":"2021-10-12 15:17:19",
		"trx_id":"MOV12102111361093",
		"status_transaction":"S",
		"error_code":"0000",
		"error_message":"Success"
	}
		
	
Sample Response Void Payment

		
	{
		"rq_uuid":"SGWMOVICfcf63291-9681-4934-8103-fe9598b5fddd",
		"rs_datetime":"2021-10-12 15:17:16",
		"trx_id":"MOV12102111506156",
		"status_transaction":"V",
		"error_code":"0000",
		"error_message":"Success"
	}
		
	
Sample Response Refund Payment

		
	{
		"rq_uuid":"SGWMOVIC0c7f0065-c706-4b65-863d-689ab495a67a",
		"rs_datetime":"2021-10-12 15:17:19",
		"trx_id":"MOV12102111361093",
		"status_transaction":"S",
		"error_code":"0000",
		"error_message":"Success"
	}