Manual Integration API (Open API)
Please take note that :
- Duplicate Order IDs – To ensure the uniqueness of your order IDs and prevent any potential issues with duplicate entries, merchants can request assistance through our customer support at [email protected] .
If you have developed your own shopping cart and need to do a manual integration by yourself, here are the details.
A. Information required
To start, we will need the information as below. These can be retrieved in the senangPay Dashboard.
1. Go to Menu > Settings > Profile
2. Refer to the Shopping Cart Integration Link section. Get your Merchant ID and Secret Key information.
3. Then you will need to fill in the return URL. This is the URL where senangPay will redirect the buyer to after the payment has been processed.
4. Next, you need to fill the Callback URL. Callback URL is used as an alternative notification to the merchant shopping cart in case there is a breakdown in the transaction flow. For more info on the Callback URL, please read here
B. What parameters to send to senangPay
The table below lists the details of each parameter:
| Item | Detail |
|---|---|
|
detail *required* |
This is the description that will be displayed when making the payment. The maximum length is 500 characters. Any underscore (_) characters will be converted to space. Example Shopping_cart_id_30. Only A to Z, a to z, 1 to 0, dot, comma, dash and underscore allowed. |
|
amount *required* |
The amount to charge the buyer. The format must be in 2 decimal places. Example 25.50. |
|
order_id *required* |
This is the id used to identify the shopping cart when senangPay redirects the buyer back after the payment was made. The maximum length is 100 characters. Only A to Z, a to z, 0 to 9, and dash allowed. Example 3432D4. |
|
hash *required* |
The is the data to ensure the data integrity has passed from the merchant’s shopping cart to senangPay. Refer to How to generate the secure hash section for more info. |
|
name *required* |
This is the name to populate in the payment form so that customers do not have to key in their names. This is optional and does not have to be a part of the hash. Customers may overwrite the value in the payment form. |
|
*required* |
This is the email address to populate in the payment form so that customers do not have to key in their emails. This is optional and does not have to be a part of the hash. Customers may overwrite the value in the payment form. |
|
phone *required* |
This is the phone to populate in the payment form so that customer do not have to key in their phone. This is optional and not have to be part of the hash. Customer is able to overwrite the value in payment form. |
| timeout | This parameter specifies the timeout for the payment process in seconds. It is a numeric or integer value. For example, 8 minutes equal to 480 seconds. If provided, the payment process will automatically expire if not completed within the specific timeout period and user will be redirected to the merchant return URL. If omitted, there is no timeout applied. Minimum timeout would be 60 seconds, therefore value below than 60 seconds will be defaulted to minimum timeout. |
C. How to send the parameters to senangPay (Live)
1. The parameters can be sent through either GET or POST.
2. The URL is
https://app.senangpay.my/payment/
followed by your merchant ID.
3. Example:
https://app.senangpay.my/payment/14222653788472
D. How to send the parameters to senangPay (Sandbox)
1. The parameters can be sent either using GET or POST method.
2. The URL is
https://sandbox.senangpay.my/payment/
followed by your merchant ID.
3. Example:
https://sandbox.senangpay.my/payment/14222653788472
E. What Parameters does the shopping cart receive from senangPay
The table below lists the details of the elements:
| Item | Detail |
|---|---|
| status_id | This is to indicate the status of the payment. It only has 3 values which is ; 2 for pending authorization, 1 for successful and 0 for failed. |
| order_id | This is the order that is sent to senangPay. This is to identify the shopping cart transaction. |
| msg | This is the message to describe the payment status. The maximum length is 100 characters. Take note that the message may contain underscores. You can replace the underscore as space when displaying the message to your customers. Example: Payment_was_successful. |
| transaction_id | This is the transaction ID used by senangPay. You can use this ID to track the transaction in senangPay. The maximum length is 100 characters. Example 14363538840 |
| hash | This is the data to ensure that data integrity has passed from senangPay to the merchant’s shopping cart. Refer to section ‘How to verify if the secure hash is correct’ for more info. |
F. How parameters are sent from senangPay to the merchant’s shopping cart?
1. The parameters will be send using GET method.
2. The parameters are sent to URL as configured in the return URL. Refer to the ‘Info required’ section.
G. How to generate the secure hash
1. The secure hash is generated by using HMAC hashing algorithm with SHA256 or md5 on a string consisting of (according to sequence):
- Secret Key
- Detail
- Amount
- Order ID
2. For example if the values for the parameters are as below:
| Item | Detail |
|---|---|
|
Secret Key |
53-784 |
|
Detail |
Shopping_cart_id_30 |
|
Amount |
24.50 |
|
Order ID |
56 |
3. The string to be hashed is $str = 53-784Shopping_cart_id_3024.5056 which will generate the hash value of :
- md5($str) => 0bde51ff340f110ab7331a902aa969e7
- hash_hmac(‘SHA256′, $str, ’53-784’) => 74422328b44d30bf150fffbae89bbb42b885f9ac0960e2a3ddccc0cf9aa48e39
H. How to verify if the secure hash is correct
1. Merchants will need to generate the secure hash and compare the secure hash that was received from senangPay.
2. For example if the parameters received from senangPay are as below:
| Item | Detail |
|---|---|
|
secret key |
53-784 |
|
status_id |
1 |
|
order_id |
56 |
|
transaction_id |
14363538840 |
|
msg |
Payment_was_successful |
3. The string to be hashed is $str = 53-78415614363538840Payment_was_successful which will generate the hash value of :
- md5($str) => 69686562c29ad3f7955b1843a5c275ca
- hash_hmac(‘SHA256′, $str, ’53-784’) => 4ca7837c6c4ddb5f6ba573ea701235b2d04bc6400d32787539e07aaf319eb70f
4. Now you need to compare the hash value that you have generated with the hash value sent from senangPay. If the value does not match then the data may have been tampered.
I. Download sample code
For your reference, please refer to this sample code. Kindly download from here.