Introduction
Welcome to the Pay APIWelcome to the Pay API
The Pay API aim to create a payment gateway for online merchants. With Pay API, you will be able to accept cryptocurrencies and traditional payment such as credit card. We strongly suggest you to contact us before using it as we can help you understand which APIs you need in your scenarios. Feel free to try it out. Please don't hesitate to contact us if you have any queries.
Download Postman Collection with Demo AccountDownload Postman Collection with Demo Account
You will be able to access Pay API endpoints with the demo account in the postman collection. The credential of demo account are all set in collection variables. Please change them when you receive your own staging credential.
As we have to set webhook domain for each account, you will be able to check webhook data in Webhook.site - Test, process and transform emails and HTTP requests
Secure API InvocationSecure API Invocation
To allow API invocations are secured between two channels, we need to:
- For staging and production environment, whitelist API servers' IPs
- Send you two keys, `secret key and api key. Secret key is used in encryption of password or any sensitive value. API key would be send through http header.
How to Prepare HTTP HeaderHow to Prepare HTTP Header
These parameters can help us verify who you are and make sure the consistency of requests.
| Parameter Name | Data Type | Example | Description |
|---|---|---|---|
| api | string | The API key we provide you. | |
| nonce | string | 1640313017000 | Representation of current unix timestamps in milliseconds |
| sign | string | A composite signature produced based on How to Prepare Signature |
Please make sure that the unix timestamp should be sent to Pay API within 30 seconds after this timestamp has been generated.
How to Prepare SignatureHow to Prepare Signature
AlgorithmAlgorithm
We use HMAC.SHA384 algorithm to generate signatures.
Parameters Used for Generating SignaturesParameters Used for Generating Signatures
| Key | Data Type | Example | Description |
|---|---|---|---|
| secret key | string | xxxxxxxxx | The secret key we provide you. |
| url | string | /payment/pay-api/v1/public/rate | Which API url you are going to access |
|
| nonce | string | 1640313017000 | current unix timestamps in milliseconds
|
|request body | JSON string | | As it might send requests with different content type, to determine how to prepare it, please refer to Content-Type: application/json |
Content-Type: application/jsonContent-Type: application/json
- The order of parameters is NOT important.
Calculate for POST method:
url: /payment/pay-api/v1/deposit/fiat
request-nonce: 1640313017000
request body: {"referenceId":"localtest001","email":"localtest001@mail.com","firstName":"John","lastName":"Doe","country":"US","currency":"USD","amount":30,"clientOrderId":"abc63cc3-5315-43ee-b6d3-c90205734a4e","redirectUrl":"https://www.google.com","extra":"hanktest"}
sign: HMAC.SHA384(secretKey, (url+nonce+body))
= HMAC.SHA384('xxxxxxxxx', '/payment/pay-api/v1/deposit/fiat1640313017000{"referenceId":"localtest001","email":"localtest001@mail.com","firstName":"John","lastName":"Doe","country":"US","currency":"USD","amount":30,"clientOrderId":"abc63cc3-5315-43ee-b6d3-c90205734a4e","redirectUrl":"https://www.google.com","extra":"hanktest"}')
= dcba18a9542333c1b89d1ed6d21c9dc12e260ee9f284fb2dd12efb87f53d12979a8566316068e24289d1c4e8e83273aaCalculate for GET method:
url: /payment/pay-api/v1/public/rate
request-nonce: 1640313017000
sign: HMAC.SHA384(secretKey, (url+nonce+body))
= HMAC.SHA384('xxxxxxxxx', '/payment/pay-api/v1/public/rate1640313017000')
= 0784690d0d4df39303c06c6dede49415ce5dd0e884b40a43a64eb151af92dc452b91c00fe888215c51c1f9f7ece856d7Content-Type: multipart/form-dataContent-Type: multipart/form-data
Calculate for POST method:
As we need to make sure the plain texts used to calculate by you and us are the same, here you will need to order all Text parameters alphabetically and then change it to JSON string.
For instance, there are several parameters of Upload User KYC files endpoints:
merchantUserId: 9485ee4c-4cc7-49f3-8b33-6542b9a92c73
firstName: Jane
lastName: Williams
email: test@gmail.com
idNumber: 1928310292
idType: 1
nationality: USA
idFileFront: <File in binary>
idFileBack: <File in binary>
selfie: <File in binary>As the last 3 parameters are not Text, we transform these parameters into JSON string with alphabetical order, excluding last 3 file parameters.
{
"email": "test@gmail.com",
"firstName": "Jane",
"idNumber": "1928310292",
"idType": "1",
"lastName": "Williams",
"merchantUserId": "9485ee4c-4cc7-49f3-8b33-6542b9a92c73",
"nationality": "USA"
}Then remove blank in the JSON string and use it to calculate signature.
url: /payment/pay-api/v1/user/kyc/upload
request-nonce: 1640313017000
sign: HMAC.SHA384(secretKey, (url+nonce+body))
= HMAC.SHA384('xxxxxxxxx', '/payment/pay-api/v1/user/kyc/upload1640313017000{"merchantUserId": "9485ee4c-4cc7-49f3-8b33-6542b9a92c73","firstName": "Jane","lastName": "Williams","email": "test@gmail.com","idNumber": "1928310292","idType": "1","nationality": "USA"}')
= 3610fef1cc749f1d805671d38576cd80641ada4d46d0b6657f0b9754e86a3d04eca10adce5bff620aea5800920fc9067Work FlowsWork Flows
Pay API service provides you solutions for accepting cryptocurrency and fiat. To understand the whole flows:
- For integrating with crypto solution, please refer to
Crypto Solutionfor further information. - For accepting fiat payment, please refer to
Payment Solutionfor further information.
Error Codes from APIError Codes from API
| Code | Description |
|---|---|
| 11000004 | KYC info is needed. Please contact us. |
| 11000007 | User hasn't bound 2FA. |
| 11000008 | User 2FA check failed. |
| 11000009 | User OTPCode check failed. |
| 11000010 | User OTPCode not found. |
| 11000011 | The user has no permission for the operation. |
| 11000012 | Cannot find wallet. |
| 11000013 | Insufficient Balance in Wallet. |
| 11000017 | User residence country is empty. |
| 11000019 | Incorrect crypto address. |
| 11000024 | System coin settings error. |
| 11000025 | Coin cannot be found. |
| 11000029 | Unknown currency. |
| 11000039 | Invalid Protocol. |
| 11000042 | The user status is not activated. |
| 11000043 | Do not support [%s] action. |
| 11000046 | User ask OTP too frequently. |
| 11000049 | Forbidden by system level. |
| 11000061 | Amount is less than 0. |
| 11000091 | The amount is invalid. |
| 11000101 | The deposit amount is invalid. |
| 11000102 | Country (%s) is not allowed to use the service. |
| 11000104 | The number of addresses has reached the maximum available limit for creation. |
| 11000200 | The withdraw amount is invalid. |
| 11000202 | Wallet operation failed. |
| 11000206 | Reached the KYC limit for crypto withdrawals. |
| 11000305 | Service is not supported now. |
| 11000400 | Single amount is too low. |
| 11000401 | Single amount is too high. |
| 11000402 | Reach amount limit. |
| 11000403 | Reach txn time limit. |
| 11090000 | Merchant authentication failed. |
| 11090001 | Merchant User Error. |
| 11090002 | Merchant Setting Error. Reason: |
| 11090003 | Not Supported Request. Reason: |
| 11090004 | Permission Denied With the Coin and Protocol. |
| 11090005 | Duplicated reference id: |
| 11090006 | User hasn't bound with current merchant. |
| 11090007 | The merchantUserId has bound. Please provide userKey instead of merchantUserId. |
| 11090008 | Amount should not be equals to or less than 0. |
| 11090009 | Cannot find user. |
| 11090010 | Over address number limitation. |
| 11090011 | The amount is invalid. |
| 11090012 | Insufficient balance. |
| 11090020 | Duplicated client order id: |
| 11090097 | Callback process failed: |
| 11090098 | System error. |
| 11090099 | Request parameters error. Reason: |