QR Payment

QR Code Payment is a non-contact payment method where payments are made by scanning a QR code from the mobile application. The image above is a flow that illustrates the payment process using a QR code with ESPAY as the payment gateway.

Now mobile payment is the way to go in Indonesia

ESPAY adopts this technology for leverage and to be at the forefront of mobile payment, both QR Payment and Push Payment. Multiple e-wallet issuers cause inefficiency in term of integration. Espay makes it hassle free and simplifies integration, and it also provides solution to merchants to obtain all multiple mobile payments that let you accept payments from all kinds of e-wallet issuers, so your customers can just scan to pay and you can increase sales!

How Does It Work?

With such convenient payment method, transactions become more enjoyable. It gives users a much better transaction experience than before.

"Payment methods that change your transaction experience"

Each request will be verified by basic authentication, so every request sent must include the authorization Header, with the basic value followed by username and password, with username:password format that has been encoded with Base64 encoding.

Example :

Username: Aladdin

Password: Jasmine

Format before being encoded :

Aladdin:Jasmine

Base64 encoding result :

QWxhZGRpbjpKYXNtaW5l

Header sent :

Authorization : Basic

QWxhZGRpbjpKYXNtaW5l

Failed authentication will receive http 401 header

Web Service to Push to Pay to Payment Application

Message Flow

Merchant → Espay

Method

HTTP Post

API URL

Endpoint Development: https://sandbox-api.espay.id/rest/digitalpay/pushtopay
Endpoint Production: https://api.espay.id/rest/digitalpay/pushtopay

Parameter Request:

Name Field	Attribute	Mandatory	Description
rq_uuid	64	Yes	Request identifier. Unique ID to identify these messages with other messages
rq_datetime	19	Yes	Date and time on the Espay application server when the message was sent
comm_code	32	Yes	The seller code is registered in the Espay application
order_id	20	Yes	Transaction number / invoice ID / unique ID that identifies the order / invoice / invoice
product_code	10	Yes	The desired product code. Push to Pay : OVO JENIUS QR : QRIS
amount	13	Yes	Number of invoices to pay
customer_id	64	Yes	Customer data OVO = Phone Number JENIUS = Cashtag ($cashtag)
promo_code	64	No	Promo Code
is_sync	1	No	1 = Sync / 0 = Async Default Async
branch_id	64	Optional	Branch ID
pos_id	64	Optional	POS ID Machine
description	20	Yes	Order description
signature	64	Yes	Validation by the seller requires a signature

Parameter Response:

Name Field	Attribute	Mandatory	Description
error_code	4	Yes	If error_code equal 0000 = Successful If error_code is not the same as 0000 = Failed to call request to Payment Application
error_message	32	Yes	If error_code equal 0000 = Successful If error_code is not the same as 0000 = Failed to call request to Payment Application
trx_id	32	Yes	Transaction ID of Espay
QRLink	64	Yes	URL QR https://api.espay.id/gojek/QR/uafu-134fd-erdf-353--erdf-353-/
QRCode	BLOB	Yes	data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGB gcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UxwcKDcpLDAxNDQ0Hyc5PTgyP…..
order_id	20	Optional	Transaction number / invoice ID / unique ID that identifies the order / invoice / invoice
customer_id	32	Optional	Customer data OVO = Phone Number JENIUS = Cashtag ($cashtag) GOPAY = Phone Number LINKAJA = Phone Number
trx_status	2	Optional	Transaction Status
amount	13	Optional	Invoice Amount
approval_code	64	Optional	Approval code, reference of Bank
product_code	10	Optional	Product code

Each request must be signed for validation. The customer receives a secret key in a separate document. The key is processed into a signature using the following steps:

Step 1 :
Combine the parameters used in the following order:

##rq_uuid##comm_code##product_code##order_id##amount##mode##key##

Example :

rq_uuid : 123ABC-DEF456
comm_code : MYCOMMCODE
product_code : OVO
order_id : ORDER001
amount : 10000
key : S3cr317kEY
mode : PUSHTOPAY

The string is as follows:

Result = ##123ABC-DEF456##MYCOMMCODE##OVO##ORDER001##10000##PUSHTOPAY##S3cr317kEY##

Step 2 :
The results of step 1 in capital letters are as follows:

##123ABC-DEF456##MYCOMMCODE##OVO##ORDER001##10000##PUSHTOPAY##S3CR317KEY##

Step 3 :
Hash results from step 2 with sha256:

$sha256 = hash(sha256, '##123ABC-DEF456##MYCOMMCODE##OVO##ORDER001##10000##PUSHTOPAY##S3CR317KEY##')

Result = aa19e37e1bf6d5cfb23d59988d397f9ba6e79cf6853606e45a6809e0ca9a7b5d

The results of step 3 are used as the value of the signature parameter.

ESPAY server also filters the IP address which accesses the ESPAY server. So please contact ESPAY team to register your IP.

Response Code	Description
0000	COMPLETED SUCCESFULLY
9999	SUSPECT / TIMEOUT
802	MAX/MIN PAYMENT AMOUNT EXCEEDED
801	TRANSACTION ERROR, INQUIRY DATA NOT FOUND
800	INSUFFICIENT FUNDS
614	UNABLE TO PROCESS TRANSACTION AT CERTAIN HOURS
612	UNABLE TO PROCESS TRANSACTION, PLEASE TRY AGAIN LATER
611	TRANSACTION DECLINE, PLEASE CONTACT YOUR ADMINISTRATOR
610	YOU CAN PERFORM THE SAME TRANSACTION IN 5 MINUTES
601	IP ADDRESS REJECTED / UNREGISTERED
406	INQUIRY DATA IS INVALID
405	PRODUCT DENIED
404	PRODUCT NOT AVAILABLE
403	AMOUNT IS NOT SET
300	INQUIRY NOT AVAILABLE
210	DUPLICATE UUID
205	INVALID REQUEST
040	BILLER SYSTEM MALFUNCTION
09	REQUEST IN PROGRESS
13	TXN AMT IS DIFFER WITH TOTAL BILL AMT
14	PAYMENT NBR NOT FOUND
15	NO SUCH ISSUER
17	SERVICE UNAVAILABLE (MAINTENANCE)
18	DISPUTE
22	SUSPECTED MALFUNCTION
34	SUSPECTED FRAUD
36	RESTRICTED
60	CARD ACCEPTOR CONTACT ACQUIRER
61	TRANSACTION EXCEEDS APPROVAL AMOUNT LIMIT
64	ORIGINAL AMOUNT INCORRECT
65	EXCEED FREQUENCY LIMIT
66	CARD ACCEPTOR, CALL ACQUIRER SECURITY
67	HOT CARD RETAIN CARD
68	LATE RESPONSE FROM BILLER
72	VOUCHER / DENOM NOT AVAILABLE