Merchant Hosted

A. What is Merchant Hosted?

1. Merchant hosted is where merchant can capture card information and pass to senangPay to process the payment. Using this method, you will bypass senangPay’s payment form. This feature is only applicable to selected senangPay’s merchant.

2. If you require integration that require senangPay’s payment form, please refer to Open API documentation.

 

B. Basic Info

To start, we will need the information as below. These can be retrieve from senangPay dashboard.

1. Go to Menu > Settings > Profile

2. Refer to Shopping Cart Integration Link section. Get your Merchant ID and Secret Key information.

3. Then you will need to fill in the return URL. This is the URL where senangPay will redirect the buyer after the payment has been processed.

4. Next, you need to fill the Callback URL. Callback URL is used as alternative notification to merchant shopping cart in case there is a breakdown in transaction flow.

 

C. What parameters to send to senangPay

Below are the details of the elements in the table . This is the credit card expiry month/row_column]

ItemDetail
detailThis is the description to be displayed when making the payment. The maximum length is 500 characters. Any underscore (_) characters will be converted to space.
Example: Shopping_cart_id_30. Only A to Z, a to z, 1 to 0, comma, dash and underscore is allowed.
amountThe amount to charge the buyer. The format must be in 2 decimal places.
Example: 25.50
order_idThis is the id used to identify the shopping cart when senangPay redirect back the buyer after the payment was made. The maximum length is 100 characters.
Example: 3432D4. Only A to Z, a to z, 1 to 0 and dash is allowed.
hashThis is the data to ensure the data integrity passed from the merchant’s shopping cart to senangPay. Refer to How to generate the secure hash section for more info.
nameThis is the name of the customer that perform the payment
emailThis is the email of the customer that perform the payment. Transaction confirmation email will be sent to this email.
phoneThis is the phone number of the customer that perform the payment.
cc_nameThis is the credit card holder name
cc_numberthis is the credit card number.
cc_expiry_monthThis is the credit card expiry month
cc_expiry_yearThis is the credit card expiry year
cc_ccvThis is the credit card ccv

 

D. How to send the parameters to senangPay

1. The parameters can be send either using GET or POST method.

2. The URL is:

https://app.senangpay.my/payment/merchant-hosted/

followed by your merchant id

3. Example:

https://app.senangpay.my/payment/merchant-hosted/14222653788472

 

E.  What parameters will you receive from senangPay

Below are the details of the elements in the table.

ItemDetail
status_idThis is to indicate the status of the payment. It only has 2 values which is 1 for successful and 0 for failed.
order_idThis is the the order that was sent to senangPay. This is to identify the shopping cart transaction.
msgThis is the message to describe the payment status. The maximum length is 100 characters. Take note that the message mat contain underscore. You can replace the underscore as space when displaying the message to your customer.
Example: Payment_was_successful.
transaction_idThis is the transaction ID used by senangPay. You can use this ID to track the transaction in senangPay. The maximum length is 100 characters.
Example: 14363538840.
hashThis is the data to ensure the data integrity passed from senangPay to the merchant’s shopping cart. Refer to section How to verify it the secure has is correct for more info.

 

F. How senangPay send the parameters to merchant’s shopping cart

1. The parameters will be send using GET method.

2. The parameters are sent to URL as configured in the return URL Refer to Info required section

 

G. How to generate the secure Hash

1. The secure hash is generated by using md5 on a string consisting of (according to sequence):

    • Secret Key
    • Detail
    • Amount
    • Order ID
    • Name
    • Email
    • Phone Number
    • Credit Card Name
    • Credit Card Number
    • Credit Card Expiry Month
    • Credit Card Expiry Year
    • Credit Card CCV

2. For example, if the values for the parameters are as below:

ItemDetail
secret key2-340
detailShopping_cart_id_30
amount25.50
order_id56
nameabu
emailabu@gmail.com
phone0123456789
cc_nameabu
cc_number5111111111111118
cc_expiry_month05
cc_expiry_year21
cc_ccv101
hash3084c95c47660e2066c40961ed333519
3. Request parameter for md5 :
<?php

$secret_key = '2-340';
$detail = 'Shopping_cart_id_30';
$amount = '25.50';
$order_id = '56';
$name = 'abu';
$email = 'abu@gmail.com';
$phone = '0123456789';
$cc_name = 'abu';
$cc_number = '5111111111111118';
$cc_expiry_month = '05';
$cc_expiry_year = '21';
$cc_ccv = '101';

$string_to_hash = $secret_key.$detail.$amount.$order_id.$name.$email.$phone.$cc_name.$cc_number.$cc_expiry_month.$cc_expiry_year.$cc_ccv;

    $hash = md5($string_to_hash);
?>

which will generate hash values as :

  • 33c02a4e7f281d1ec16aff599e307040

4. Request parameter if you using sha256 :

<?php

$secret_key = '2-340';
$detail = 'Shopping_cart_id_30';
$amount = '25.50';
$order_id = '56';
$name = 'abu';
$email = 'abu@gmail.com';
$phone = '0123456789';
$cc_name = 'abu';
$cc_number = '5111111111111118';
$cc_expiry_month = '05';
$cc_expiry_year = '21';
$cc_ccv = '101';

$string_to_hash = $secret_key.$detail.$amount.$order_id.$name.$email.$phone.$cc_name.$cc_number.$cc_expiry_month.$cc_expiry_year.$cc_ccv;

    $hash = hash_hmac('sha256',$string_to_hash,$secret_key);
?>

which will generate hash values as :

  • 052caf0f548d8cf654d1436bb9f98375d424b0a044ea36f20d5fc1e4f98abeff

 

H. How to verify if the secure hash is correct

1. Merchant will need to generate the secure hash and compare the secure hash that was received from senangPay.

2. For example, if the parameters received from senangPay are as below:

ItemDetail
secret_key2-340
status_id1
order_id56
transaction_id14363538840
msgPayment_was_successful

3. Verify respond if you using md5 :

$status_id = '1';
$order_id = '56';
$transaction_id = '14363538840';
$msg = 'Payment_was_successful';

$string_to_hash = $secret_key.$status_id.$order_id.$transaction_id.$msg;

    $hash = md5($string_to_hash);
?>

which will generate hash value as :

  • 49197d877cb4fa7bd770134506b7fb0a

4.  Verify respond if you using sha256 :

$status_id = '1';
$order_id = '56';
$transaction_id = '14363538840';
$msg = 'Payment_was_successful';

$string_to_hash = $secret_key.$status_id.$order_id.$transaction_id.$msg;

    $hash = hash_hmac('sha256',$string_to_hash,$secret_key);
?>

which will generate hash value as : 

  • 5d1b62649fd73ece981e6b6236f3f3789322400f6c1844815fe5347051ce8ba1

5. Now you need to compare the hash value that you have generated with the hash value sent from senangPay. If the value does not match, then data may have been tempered.