API Redirect Post

API Redirect Post use HTML as a programming language and is applicable to all issuers except loan merchants and credit card companies. The integration available is via the API provided below.

Last updated 5 months ago

API Redirect Post

API Redirect Post use HTML as a programming language and is applicable to all issuers except loan merchants and credit card companies. The integration available is via the API provided below.

Transaction Flow Diagram

Step 1. Merchant sends HTTPs Post Request containing payment details to E2Pay OPSG payment page. Payment Details contain the following field:

Merchant Code
Payment Method
Merchant Reference Number
Payment Amount
Currency
Product Description
Customer Name
Customer Email
Customer Contact
Merchant Remark
Signature (refer to 8.1)
Response URL
Backend URL

Step 2. User views and confirms payment details entered in Step 1. For credit card payment, the user will need to key-in credit card information.

Step 3. User continues to fill in Username only or Username and Password at E2Pay / bank website depending on bank policy (for non-credit card payment).

Step 4. User selects the account to debit the payment. (for non-credit card payment).

Step 5. User confirms the payment. If yes, go to next step. (for non-credit card payment).

Step 6. User views and prints the payment detail. (for non-credit card payment).

Step 7. E2Pay OPSG response back the payment status to merchant with a signature.

Step 8. For successful payment transaction, the merchant needs to compare the signature from E2Pay OPSG. Refer to 8.2.

Hit URL to E2Pay

Request & Response Parameter

FieldName

Data Type

Size

M/O

Description

MerchantCode

String

The Merchant Code Provided by E2Pay and use to uniquely identify the Merchant.

PaymentId

Integer

Refer to Appendix

RefNo

String

Unique merchant transaction number / Order ID

VaNumber

String

● Indicates virtual account number based on merchant unique number. Example: customer phone number. ● This parameter is mandatory for static VA.

Amount

Currency

The amount must not contain any decimal points, thousands separators or currency symbols. For example, Rp 10.000,00 is expressed as 1000000.

InvoiceRefNo

String

● Mandatory for Invoice system. ● Invoice number provided by merchant example: BL1912FDJRAMINV.

Currency

String

IDR

ProdDesc

String

100

Product description

UserName

String

100

Customer name

UserEmail

String

100

Customer email for receiving receipt

UserContact

String

Customer contact number

Remark

String

100

Merchant remark

Lang

String

Encoding type ISO-8859 – 1 – English

UTF-8 – Unicode GB2312 – Chinese Simplified

GDϭ8030 – Chinese Simplified

BIG5 – Chinese Traditional

Signature

String

SHA1 base code 64 signature (refer to 8 signature)

ResponseURL

String

Payment response page

BackendURL

String

Backend repsonse page page URL (refer to 6 backend post feature).

Note : M : Mandatory field. O : Optional field, value can be empty but parameter must exist.

Request Sample

<html>
    <body>
    <form method="post" name="ePayment"
    action="https://nms.e2pay.co.id/epayment/entry.asp">
    <input type="hidden" name="MerchantCode" value="ID00001">
    <input type="hidden" name="PaymentId" value=1>
    <input type="hidden" name="RefNo" value="A00000001">
    <input type="hidden" name="VaNumber" value="8292393802">
    <input type="hidden" name="Amount" value="300000">
    <input type="hidden" name="Currency" value="IDR">
    <input type="hidden" name="InvoiceRefNo" value="BL1912FDJRAMINV
    ">
    <input type="hidden" name="ProdDesc" value="Photo Print">
    <input type="hidden" name="UserName" value="John Tan">
    <input type="hidden" name="UserEmail" value="john@hotmail.com">
    <input type="hidden" name="UserContact" value="0126500100">
    <input type="hidden" name="Remark" value="85250509967">
    <input type="hidden" name="Lang" value="UTF-8">
    <input type="hidden" name="Signature"
    value="Q/iIMzpjZCrhJ2Yt2dor1PaFEFI=">
    <input type="hidden" name="ResponseURL"
    value="http://www.abc.com/payment/response.asp">
    <input type="hidden" name="BackendURL"
    value="http://www.abc.com/payment/backend_response.asp">
    <input type="submit" value="Proceed with Payment"
    name="Submit">
    </form>
    </body>
</html>

Field Name

Type (Size)

M/O

Description

MerchantCode

varchar (20)

The Merchant Code provided by E2Pay and use to uniquely identify the Merchant.

PaymentId

integer

Refer to Appendix

RefNo

varchar (18)

Unique merchant transaction number / Order

Amount

currency

The amount must not contain any decimal points, thousands separators or currency symbols. For example, Rp 10.000 is expressed as 1000000.

Currency

varchar (5)

IDR

Remark

varchar (100)

Merchant remark

TransId

varchar (30)

E2Pay OPSG Transaction ID

AuthCode

varchar (20)

Bank's approval code

Status

varchar (1)

Payment status

1 - Success

6 - Pending

0 - Fail

ErrDesc

varchar (100)

Payment status description (refer to appendix).

UniqueId

varchar (19)

Unique customer id from issuer

Signature

varchar (100)

SHA1 basecode 64 signature (refer to 8 signature).

M : Mandatory field. O : Optional field, value can be empty but parameter must exist.

Response Sample

ASP Sample Code

<%
    MerchantCode = Request.Form("MerchantCode")
    PaymentId = Request.Form("PaymentId")
    RefNo = Request.Form("RefNo")
    Amount = Request.Form("Amount")
    eCurrency = Request.Form("Currency")
    Remark = Request.Form("Remark")
    TransId = Request.Form("TransId")
    AuthCode = Request.Form("AuthCode")
    eStatus = Request.Form("Status")
    ErrDesc = Request.Form("ErrDesc")
    UniqueId = Request.Form("UniqueId")
    Signature = Request.Form("Signature")
%>

PHP Sample Code

<?php
    $merchantcode = $_REQUEST["MerchantCode"];
    $paymentid = $_REQUEST["PaymentId"];
    $refno = $_REQUEST["RefNo"];
    $amount = $_REQUEST["Amount"];
    $ecurrency = $_REQUEST["Currency"];
    $remark = $_REQUEST["Remark"];
    $transid = $_REQUEST["TransId"];
    $authcode = $_REQUEST["AuthCode"];
    $estatus = $_REQUEST["Status"];
    $errdesc = $_REQUEST["ErrDesc"];
    $uniqueid = $_REQUEST["UniqueId"];
    $signature = $_REQUEST["Signature"];
php?>
// <Add your programming code here>

Backend Post Feature

The Backend POST feature is server to server technology where it does not depend on the user’s web browser to return payment response data to merchant website. With this feature implemented, your system still can get the payment status on the backend (asynchronously). Note : 1. This Backend post feature will return status the transaction is a payment success or failed. 2. The Backend page should implement checking same like response page such as signature checking, and etc. to prevent user hijack merchant system. 3. The backend page should not have session related code so that merchant systems are still able accept payment status from E2Pay OPSG even if the user is logged out or the session is expired. 4. You need to implement a check to determine "backend page" to update the order so it won't update order status in merchant system more than 1 time. Note: After receiving the payment success status, E2Pay OPSG will simultaneously return payment status to "backend page". 5. The backend page is not a replacement for the response page. You will still need to continue to use the normal response page as usual.

Implementation

On the merchant website, create another page to accept backend post parameter from E2Pay OPSG. On the request page, specify the backend post URL by using "BackendURL" parameter. Example :

<input name="BackendURL" value="http://www.abc.com/backend_response.asp">
Continue next page...

On the 'backend_response.asp' page you need to write out the word 'OK' only (without quote) as an acknowledgement once the backend page success gets the payment status from E2Pay OPSG. E2Pay OPSG will re-try send the payment status to the 'backend_response.asp' page up to 5 times on different interval if no 'OK' acknowledgement detected. Example : In ASP >> response .write "OK" In PHP >> echo "OK";

Make sure just the word 'OK' only on the backend page and without any HTML tag on the page.

Re-Query Payment Status Parameter (Response URL to Enquiry.ASP)

Merchant HTTPS POST re-query payment status parameters to E2Pay OPSG.

Field Name

Type (Size)

M/O

Description

MerchantCode

Varchar (20)

Merchant code assigned by E2Pay

RefNo

Varchar (20)

Unique merchant transaction number / Order ID

Amount

Currency

Payment amount with two decimals

M : Mandatory field. O : Optional field, value can be empty but parameter must exist possible.

Message Reply On The Page From E2Pay OPSG

Possible reply from E2Pay OPSG

Description

Successful Payment

Invalidparameters

Parameters pass in incorrect

Record not found

Cannot found the record

Incorrectamount

Amount is different

Payment fail

Payment pending

Sample Source Code For Re-Query Function

<% 
    Function SendToE2PayInq (byval MerchantCode, byval RefNo, byval Amount)
    Dim TryNo, thenQString, URL, strReturn
    TryNo = 0
    QString = "MerchantCode=" & MerchantCode & "&RefNo=" & RefNo & "&Amount=" & Amount
    
    URL = "https://api-uat.e2pay.co.id/RMS/nms/requery_redirect_bridge.php"
    on ErrorResume Next
    Do Set xobj = Server.CreateObject ("Maxm12.ServerXMLHTTP.3.0")
    xobj.setTimeouts 30000, 60000, 60000, 60000
    xobj.open "POST", URL, false
    xobj.setRequestHeader "Content-Type-", "application/x-www-wform-urlencoded"
    xobj.sendQString
    TryNo = TryNo + 1
    Loop While xobj.status <> 200 and TryNo < 3
    
    If xobj.status <> 200 Then
        SendToePayInq = Err.Description & "(" & Err.Number & ")"
    Else
        SendToePayInq = xobj.responseText
    End If
    set xobj = nothing
    End Function
%>

<?php 
function Requery ($MerchantCode, $RefNo, $Amount) {

    $query = "https://api-uat.e2pay.co.id/RMS/nms/requery_redirect_bridge.php".
    $MerchantCode . "&RefNo=" . $RefNo . "&Amount=" . $Amount;
    $url = parse_url($query);
    $host = $url["host"];
    $path = $url["path"] . "?" . $url["query"];
    $timeout = 1;
    $fp = fsockopen ($host, 80, $errno, $errstr, $timeout);
    fputs ($fp, "GET $path HTTP/1.0\nHost: " . $host . "\n\n");
    
    while (!feof($fp)) {
        $buf .= fgets($fp, 128);
    }
        $lines = split("\n", $buf);
        $Result = $lines[count($lines)-1];
        fclose($fp);
    } else {
        #enter error handing code here
    }
    
    return $Result;
}
?>

Signature

To enhance security, please go through the following steps at the merchant payment status receiving page (Response URL) :

Check the payment amount from E2Pay OPSG is match with yours.
Compare the Signature from E2Pay OPSG with your own generated Signature.

SHA1 hash is a security feature that enables your script to identify the results of a transaction are actually from the appropriate authorization source and also for E2Pay OPSG to make sure the integrity of data received on a transaction request.

Using the SHA1 algorithm, a unique signature or fingerprint of the transaction can be created. This mathematical algorithm used to construct this signature is designed in such a way that any change to the information used in the calculation of the signature will cause a completely different signature to be created.

Also, the information used in the calculation of the signature cannot be discovered through any analysis of the signature itself.

This is done by using information from your account. Every transaction that is processed through the system has a corresponding hash signature of the transaction created during the transaction process.

Important Notice

Request & Response signature must be included and implemented in the request of every transaction.
Merchant system must implement checking on verification signature for every transaction

Request Signature

This signature must be included in the request of every transaction. This hash signature for a request is a hash of the following fields:

MerchantKey (Provided by E2Pay OPSG and share between E2Pay and merchant only
MerchantCode
RefNo
Amount
Currency

The filed must set in the following order : (MerchantKey & MerchantCode & RefNo & Amount & Currency).

Example :

MerchantKey = merchantkey MerchantCode = ID00001 RefNo = A00000001 Amount = 300000 (Note : 300000 represent amount Rp 3.000,00) Currency = IDR The hash would be calculated on the following string : merchantkeyID00001A00000001300000IDR

The resulting has signature value equals to (using SHA1 base64 hash algorithm) Q/iIMzpjZCrhJ2Yt2dor1PaFEFI=

Response Signature

The fields must set in the following order :

(MerchantKey & MerchantCode & PaymentId & RefNo & Amount & Currency & Status)

Example :

merchantkey = merchantkey MerchantCode = EP00005 PaymentId = 7 RefNo = 19201970148AM Amount = 300000 (Note: 300000 represent amount Rp 300.000) Currency = IDR Status = 1

The hash would be calculated on the following string: merchantkeyEP00005719201970148AM300000IDR1

The resulting has signature value equals to (using SHA1 base64 hash algorithm) OSsMZwT0jH4Wib3G2o/ZTQRSYPM=

Example

<?PHP
function E2Pay_signature($source) {
    return base64_encode(hex2bin(sha1($source)));
}

function hex2bin($hexSource) {
    for ($i=0;$i<strlen($hexSource);$i=$i+2) {
        $bin .= chr(hexdec(substr($hexSource,$i,2)));
    }
return $bin;
}
?>

Public Shared Function ComputeHash(ByVal Key As String) As String
Dim objSHA1 As New SHA1CryptoServiceProvider()
objSHA1.ComputeHash(system.Text.Encoding.UTF8.GetBytes(Key.ToCharArray))
Dim buffer() As Byte = objSHA1.Hash
Dim HashValue As String = System.Convert.ToBase64String(buffer)
Return HashValue
End Function

import java.security.*;
import sun.misc.BASE64Encoder;
import java.io.*;
public class test {
public static String encrypt(String password) {
    MessageDigest md;
    try {
    md = MessageDigest.getInstance("SHA");
    md.update(password.getBytes("UTF-8")); // step 3
    byte raw[] = md.digest(); // step 4
    String hash = (new BASE64Encoder()).encode(raw); // step 5
    return hash; // step 6
    } catch (NoSuchAlgorithmException e) {
    } catch (java.io.UnsupportedEncodingException e) {
    }
    return null;
    }
public static void main(String[] args) {
    System.out.println(encrypt("my password")); // string to hash is here
    }
}

var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */
var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */

/*
* These are the functions you'll usually want to call
* They take string arguments and return either hex or base-64 encoded strings
*/
function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));}
function e2paySignature(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz))+"=";}
function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));}
function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));}
function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));}
function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));}

/*
* Perform a simple self-test to see if the VM is working
*/
function sha1_vm_test()
{
    return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d";
}

/*
* Calculate the SHA-1 of an array of big-endian words, and a bit length
*/
function core_sha1(x, len) {
    /* append padding */
    x[len >> 5] |= 0x80 << (24 - len % 32);
    x[((len + 64 >> 9) << 4) + 15] = len;
    
    var w = Array(80);
    var a = 1732584193;
    var b = -271733879;
    var c = -1732584194;
    var d = 271733878;
    var e = -1009589776;

    for(var i = 0; i < x.length; i += 16)
    {
        var olda = a;
        var oldb = b;
        var oldc = c;
        var oldd = d;
        var olde = e;

        for(var j = 0; j < 80; j++)
        {
            if(j < 16) w[j] = x[i + j];
            else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
            var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)),
                safe_add(safe_add(e, w[j]), sha1_kt(j)));
            e = d;
            d = c;
            c = rol(b, 30);
            b = a;
            a = t;
        }

            a = safe_add(a, olda);
            b = safe_add(b, oldb);
            c = safe_add(c, oldc);
            d = safe_add(d, oldd);
            e = safe_add(e, olde);
    }
            return Array(a, b, c, d, e);
}
            
/*
* Perform the appropriate triplet combination function for the current
* iteration
*/
function sha1_ft(t, b, c, d) {
    if(t < 20) return (b & c) | ((~b) & d);
    if(t < 40) return b ^ c ^ d;
    if(t < 60) return (b & c) | (b & d) | (c & d);
    return b ^ c ^ d;
}

/*
* Determine the appropriate additive constant for the current iteration
*/
function sha1_kt(t) {
    return (t < 20) ? 1518500249: (t < 40) ? 1859775393:
    (t < 60) ? -1894007588: -899497514;
}

/*
* Calculate the HMAC-SHA1 of a key and some data
*/
function core_hmac_sha1(key, data) {
    var bkey = str2binb(key);
    if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz);
    var ipad = Array(16), opad = Array(16);
    
    for(var i = 0; i < 16; i++) {
    ipad[i] = bkey[i] ^ 0x36363636;
    opad[i] = bkey[i] ^ 0x5C5C5C5C;
    }
    
    var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz);
    return core_sha1(opad.concat(hash), 512 + 160);
}

/*
* Add integers, wrapping at 2^32. This uses 16-bit operations internally
* to work around bugs in some JS interpreters.
*/
function safe_add(x, y) {
    var lsw = (x & 0xFFFF) + (y & 0xFFFF);
    var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
    return (msw << 16) | (lsw & 0xFFFF);
}

/*
* Bitwise rotate a 32-bit number to the left.
*/
function rol(num, cnt) {
    return (num << cnt) | (num >>> (32 - cnt));
}

/*
* Convert an 8-bit or 16-bit string to an array of big-endian words
* In 8-bit function, characters >255 have their hi-byte silently ignored.
*/
function str2binb(str) {
    var bin = Array();
    var mask = (1 << chrsz) - 1;
    for(var i = 0; i < str.length * chrsz; i += chrsz)
    bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);
    return bin;
}

/*
* Convert an array of big-endian words to a string
*/
function binb2str(bin) {
    var str = "";
    var mask = (1 << chrsz) - 1;
    for(var i = 0; i < bin.length * 32; i += chrsz)
    str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask);
    return str;
}

/*
* Convert an array of big-endian words to a hex string.
*/
function binb2hex(binarray) {
    var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
    var str = "";
    
    for(var i = 0; i < binarray.length * 4; i++) {
    str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
    hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
    }
    return str;
}

/*
* Convert an array of big-endian words to a base-64 string
*/
function binb2b64(binarray) {
    var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
    var str = "";
    
    for(var i = 0; i < binarray.length * 4; i += 3) {
        var triplet = (((binarray[i >> 2] >> 8 * (3 - i %4)) & 0xFF) << 16)
        | (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 )
        | ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF);
        
        for(var j = 0; j < 4; j++) {
            if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
            else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
            }
    }
    return str;
    }

Please upload the js file to your server.
Inclide the js file in your production payment page in order to use the signature function.
Concatenate the value to be hash.
Call the following function in your javascript tag by passing in your string to hash to generate the signature. <script type="text/javascript" src="sha1.js"> </script> <script language="javascript"> document.write(e2paySignature(strToHash)); </script>
Pass the signature generated to e2pay payment page in the form element call "Signature"

Payment Re-Query Signature

Parameter

Type (size)

M/O

Description

Sample

SecretKey

varchar(12)

Provided by E2Pay. A private key that is used to make digital signature

merchantkey

MerchantCode

varchar(8)

The merchant code provided by E2Pay and use to uniquely identify the merchant

EP00005

PaymentId

integer

Unique payment channel id

RefNo

varchar(20)

Unique merchant transaction number

19201970148AM

TransId

varchar(20)

Payment Transaction Unique ID degenerated by e2pay

P1293365900

Currency

varchar(5)

Indonesian Rupiah (IDR)

IDR

The fields must set in the following order: (SecretKey & MerchantCode & PaymentId & RefNo & TransID & Currency)

Example :

SecretKey = merchantkey
MerchantCode = EP00005
PaymentId = 7
RefNo = 19201970148AM
TransID = P1293365900
Currency = IDR

The hash would be calculated on the following string: merchantkeyEP00005719201970148AM P1293365900IDR

The resulting hassignature value equalsto (using SHA1 base64 hash algorithm) +T/RZFXFPzdLuGp4LUfKljrb/eo=

Report & Notification

Allow merchants to login and view the reports online.

Transaction Report

Step 1. Merchant can visit E2Pay OPSG report page by keying-in :

Report URL : https://nms.e2pay.co.id/merchant-ss-app

Password : [provided by E2Pay OPSG]

Step 2. After login, select transaction date

Step 3. The payment transaction report will display on the screen.

Email Notification Disclaimer

Email notifications are NOT guaranteed by E2Pay OPSG as it is ISP dependent. Online Report is the primary channel to obtain transaction status. Email notification should not be taken as a replacement of the primary channel.

E-mail transmissions cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of the email, which arise as a result of e-mail transmission. E2Pay accepts no liability for the content of the email, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing.

Customer Payment Receipt Email

Customers will receive a payment detail͛s email after successful payment. Below is the email sample:

Subject: E2Pay - Payment details (Ref# T0009378700) Date: Thu, 26 Jan 2009 09:59:30 GMT From: Sales (sales@e2pay.co.id) To: John Tan (john@hotmail.com) Dear John Tan, We are pleased to inform you that your online payment via E2Pay is successful. Your credit card/bank account has been debited with IDR 3.000,00.
Please note that “Company Name” will be listed in your credit card/bank statement for this transaction.
Transaction Detail
Order No: A00000001 Transaction ID: T0009378700 Transaction Date: 26-1-2006 09:59:30 AM Transaction Amount: IDR 3.000,00 Payment Type: Credit Card Product Description: Photo Print ********************************************* Customer Support If you have any questions about our product and services, please contact PT I & J directly at : Tel No: 021-9999 0000 Fax No: 021-9999 0001 Email: support@i&j.com
***********************************************Please do not reply to this email as it was automatically generated.
If you found any fraudulent cases, please contact E2Pay immadiately at Tel: 021 52920138 Fax: 021 52920139 Email: support@e2pay.co.id

Merchant Payment Notification Email

The Merchant will also receive a payment notification email after successful payment. In order to ensure you are able received all our mail; do make sure you proceed with the following steps:

From your mailbox, please white-list E2Pay OPSG mail address by adding sales@e2pay.co.id into your friend list.
Also, please make sure your mailbox has not blacklisted our address which is the following sales@e2pay.co.id.
Allow us to serve you better by white listing our email address and domain e2pay.co.id. Please verify or allow your technical personnel (at the webhosting or email server) to verify the status of your email.

Below is the email sample:

Subject: E2Pay - Payment details (Ref# A00000001) Date: Thu, 26 Jan 2006 09:59:30 GMT From: E2Pay Support (sales@e2pay.co.id) To: ABC Admin (admin@abc.com) Dear I & J Admin, RefNo : A00000001 One new payment has been collected for PT ABC. Please check the payment report at E2Pay Online Report. Customer Detail Name : Ali Email : ali@hotmail.com Contact: 0392005555 Transaction Detail Payment ID : T0009378700 Payment Date Time : 26-1-2006 09:59:30 AM Payment Amount : IDR 3.000,00 Payment Type : Credit Card Product Description : Photo Print Remark : Sincerely, Your E2Pay Team Tel: 021 52920138 Fax: 021 52920139 Email: support@e2pay.co.id

E2Pay OPSG Integration FAQ

What method use to pass payment parameters value to E2Pay OPSG? By using the HTTP POST method.
What do I provide to E2Pay OPSG before the integration of a merchant account? Return a copy of completed Merchant Checklist to integration@e2pay.co.id and provide both the Request URL and Response URL of merchant website.
What are the merchant Request URL and Response URL? Request URL is a checkout page at merchant website that passes in E2Pay OPSG parameters to request payment page. Response URL is a page at merchant website that accepts payment status from E2Pay OPSG after transaction.
How do I perform a payment testing during the integration stage? You can use any valid credit card for testing purpose. Details required are the credit card number, expiry date, CVV number and the card holder name.
What transaction amount do I use for test payment?

Currency Code

Amount

Description

IDR

300000

The amount must not contain any decimal points, thousands separators or currency symbols. For example, Rp 3.000 is expressed as 300000.

6. What if I get an error message and is unable to reach E2Pay OPSG payment page?

Error Message

Description

Duplicate reference number

Do not re-use Reference Number that previously

payment success for transaction.

Invalid merchant code

The merchant code does not exist or

incorrect.

Invalid parameters

Some parameter posted to E2Pay OPSG

is invalid or empty.

Over limit per transaction

Payment amount exceeded the value per transaction that assigned to merchant account.

Payment not allowed

Payment method requested is not allowed

for the merchant account.

Permission not allow

Referrer URL of transaction request is not same as registered with E2Pay OPSG.

Signature not match

Signature on request page which pass to E2Pay OPSG is incorrectly generated. Refer section 8. Signature

Status not approved

Merchant account was suspended or not active.

7. Why do I get the return page URL not exist message display on web browser and is unable to see the E2Pay OPSG payment page? a) Make sure the correct merchant code is used. b) Provide the Request URL to integration@e2pay.co.id before the integration. c) Make sure response URL is specify through ResponseURL field in request page or had updated in E2Pay. 8. How do I ensure the integration is completed? a) Make sure parameters are properly passed to E2Pay OPSG and success reach E2Pay OPSG payment page. b) Success receives payment status from E2Pay OPSG after perform test transaction. c) Make sure implemented security control on the merchant response page. Example : Compare the Signature from E2Pay OPSG with the generated merchant response page. 9. How can I change the merchant information such as Request URL, contact number, company name and bank account number? Send an email to integration@e2pay.co.id to request for these changes. 10. What not to do after press Proceed Payment_button at E2Pay OPSG payment page? a) Do not disconnect your Internet connection. b) Do not close the web browser while transaction being process. c) Do not click Back button on web browser to avoid duplicate payment. 11. I am getting error description Fail (Card issuing bank do not honor the transaction) returned by E2Pay OPSG, what does it mean? Please contact credit card issuer bank to check whether the card can be used for online purchases. 12. Is there any function from E2Pay OPSG where I can query payment status if my system did not get payment status return from E2Pay OPSG? You can use the E2Pay OPSG Server Re-query function to query the transaction status. Please refer section 7 Re-query Payment Status.

Appendix

Payment ID

Payment Channel

Payment ID

E2pay Checkout Page

Credit Card

CIMB Rekpon

BCA

Mandiri

Mbayar Auth

Indomaret

CIMB Octo Mobile

Mbayar QR

Permata VA

Kredivo

Alfamart

LinkAja WCO

CIMB Octo Clicks

OVO

BNI VA

LinkAja Applink

LinkAja QRIS

DANA

Shopeepay QRIS

Shopeepay JumpApp

CIMB VA

BCA VA

BRISVA

BRI VA

GOPAY

QRIS CIMB

Indodana

Mandiri VA

Error Description

Error Message

Error Description

Duplicate reference number

Reference number must be unique for each transaction.

Invalid merchant

The merchant code does not exist or wrong merchant

code.

Invalid parameters

Some parameter posted to E2pay is invalid or empty.

Overlimit per transaction

You exceed the amount value per transaction.

Payment not allowed

The Payment method you requested is not allowed for this merchant code, please contact E2pay to enable your payment option.

Permission not allow

Request URL registered in E2pay merchant account does not match. Please register your website Request URL with E2pay.

Signature not match

The Signature generated is incorrect.

Status not approved

Account was suspended or not active.

Error Code

Code

Message

Description

pge2101

Invalid parameters

Some parameter posted to E2Pay is invalid or empty.

pge2103

Invalid merchant code

The merchant code does not exist or incorrect.

pge2104

Duplicate refference number

Do not re-use Reference Number that previously payment success for transaction.

pge2203

Signature not match

Signature on request page which pass to E2Pay is incorrectly generated. Refer section 8 for more information about Signature for request page.

Additional Note for BRI Virtual Account

Minimum User Contact: 10 Character (Only Number)

Maximum User Contact: 14 Character (Only Number)

Last updated 5 months ago

Transaction Flow Diagram

Step 1. Merchant sends HTTPs Post Request containing payment details to E2Pay OPSG payment page. Payment Details contain the following field:

Merchant Code
Payment Method
Merchant Reference Number
Payment Amount
Currency
Product Description
Customer Name
Customer Email
Customer Contact
Merchant Remark
Signature (refer to 8.1)
Response URL
Backend URL

Step 2. User views and confirms payment details entered in Step 1. For credit card payment, the user will need to key-in credit card information.

Step 3. User continues to fill in Username only or Username and Password at E2Pay / bank website depending on bank policy (for non-credit card payment).

Step 4. User selects the account to debit the payment. (for non-credit card payment).

Step 5. User confirms the payment. If yes, go to next step. (for non-credit card payment).

Step 6. User views and prints the payment detail. (for non-credit card payment).

Step 7. E2Pay OPSG response back the payment status to merchant with a signature.

Step 8. For successful payment transaction, the merchant needs to compare the signature from E2Pay OPSG. Refer to 8.2.

Hit URL to E2Pay

E2Pay OPSG payment posting URL (payment page) URL :

E2Pay OPSG payment re-query URL :

Request & Response Parameter

FieldName

Data Type

Size

M/O

Description

MerchantCode

String

The Merchant Code Provided by E2Pay and use to uniquely identify the Merchant.

PaymentId

Integer

Refer to Appendix

RefNo

String

Unique merchant transaction number / Order ID

VaNumber

String

● Indicates virtual account number based on merchant unique number. Example: customer phone number. ● This parameter is mandatory for static VA.

Amount

Currency

The amount must not contain any decimal points, thousands separators or currency symbols. For example, Rp 10.000,00 is expressed as 1000000.

InvoiceRefNo

String

● Mandatory for Invoice system. ● Invoice number provided by merchant example: BL1912FDJRAMINV.

Currency

String

IDR

ProdDesc

String

100

Product description

UserName

String

100

Customer name

UserEmail

String

100

Customer email for receiving receipt

UserContact

String

Customer contact number

Remark

String

100

Merchant remark

Lang

String

Encoding type ISO-8859 – 1 – English

UTF-8 – Unicode GB2312 – Chinese Simplified

GDϭ8030 – Chinese Simplified

BIG5 – Chinese Traditional

Signature

String

SHA1 base code 64 signature (refer to 8 signature)

ResponseURL

String

Payment response page

BackendURL

String

Backend repsonse page page URL (refer to 6 backend post feature).

Note : M : Mandatory field. O : Optional field, value can be empty but parameter must exist.

Request Sample

<html>
    <body>
    <form method="post" name="ePayment"
    action="https://nms.e2pay.co.id/epayment/entry.asp">
    <input type="hidden" name="MerchantCode" value="ID00001">
    <input type="hidden" name="PaymentId" value=1>
    <input type="hidden" name="RefNo" value="A00000001">
    <input type="hidden" name="VaNumber" value="8292393802">
    <input type="hidden" name="Amount" value="300000">
    <input type="hidden" name="Currency" value="IDR">
    <input type="hidden" name="InvoiceRefNo" value="BL1912FDJRAMINV
    ">
    <input type="hidden" name="ProdDesc" value="Photo Print">
    <input type="hidden" name="UserName" value="John Tan">
    <input type="hidden" name="UserEmail" value="john@hotmail.com">
    <input type="hidden" name="UserContact" value="0126500100">
    <input type="hidden" name="Remark" value="85250509967">
    <input type="hidden" name="Lang" value="UTF-8">
    <input type="hidden" name="Signature"
    value="Q/iIMzpjZCrhJ2Yt2dor1PaFEFI=">
    <input type="hidden" name="ResponseURL"
    value="http://www.abc.com/payment/response.asp">
    <input type="hidden" name="BackendURL"
    value="http://www.abc.com/payment/backend_response.asp">
    <input type="submit" value="Proceed with Payment"
    name="Submit">
    </form>
    </body>
</html>

Field Name

Type (Size)

M/O

Description

MerchantCode

varchar (20)

The Merchant Code provided by E2Pay and use to uniquely identify the Merchant.

PaymentId

integer

Refer to Appendix

RefNo

varchar (18)

Unique merchant transaction number / Order

Amount

currency

The amount must not contain any decimal points, thousands separators or currency symbols. For example, Rp 10.000 is expressed as 1000000.

Currency

varchar (5)

IDR

Remark

varchar (100)

Merchant remark

TransId

varchar (30)

E2Pay OPSG Transaction ID

AuthCode

varchar (20)

Bank's approval code

Status

varchar (1)

Payment status

1 - Success

6 - Pending

0 - Fail

ErrDesc

varchar (100)

Payment status description (refer to appendix).

UniqueId

varchar (19)

Unique customer id from issuer

Signature

varchar (100)

SHA1 basecode 64 signature (refer to 8 signature).

M : Mandatory field. O : Optional field, value can be empty but parameter must exist.

Response Sample

ASP Sample Code

<%
    MerchantCode = Request.Form("MerchantCode")
    PaymentId = Request.Form("PaymentId")
    RefNo = Request.Form("RefNo")
    Amount = Request.Form("Amount")
    eCurrency = Request.Form("Currency")
    Remark = Request.Form("Remark")
    TransId = Request.Form("TransId")
    AuthCode = Request.Form("AuthCode")
    eStatus = Request.Form("Status")
    ErrDesc = Request.Form("ErrDesc")
    UniqueId = Request.Form("UniqueId")
    Signature = Request.Form("Signature")
%>

PHP Sample Code

<?php
    $merchantcode = $_REQUEST["MerchantCode"];
    $paymentid = $_REQUEST["PaymentId"];
    $refno = $_REQUEST["RefNo"];
    $amount = $_REQUEST["Amount"];
    $ecurrency = $_REQUEST["Currency"];
    $remark = $_REQUEST["Remark"];
    $transid = $_REQUEST["TransId"];
    $authcode = $_REQUEST["AuthCode"];
    $estatus = $_REQUEST["Status"];
    $errdesc = $_REQUEST["ErrDesc"];
    $uniqueid = $_REQUEST["UniqueId"];
    $signature = $_REQUEST["Signature"];
php?>
// <Add your programming code here>

Backend Post Feature

Implementation

On the merchant website, create another page to accept backend post parameter from E2Pay OPSG. On the request page, specify the backend post URL by using "BackendURL" parameter. Example :

<input name="BackendURL" value="http://www.abc.com/backend_response.asp">
Continue next page...

Make sure just the word 'OK' only on the backend page and without any HTML tag on the page.

Re-Query Payment Status Parameter (Response URL to Enquiry.ASP)

Merchant HTTPS POST re-query payment status parameters to E2Pay OPSG.

Field Name

Type (Size)

M/O

Description

MerchantCode

Varchar (20)

Merchant code assigned by E2Pay

RefNo

Varchar (20)

Unique merchant transaction number / Order ID

Amount

Currency

Payment amount with two decimals

M : Mandatory field. O : Optional field, value can be empty but parameter must exist possible.

Message Reply On The Page From E2Pay OPSG

Possible reply from E2Pay OPSG

Description

Successful Payment

Invalidparameters

Parameters pass in incorrect

Record not found

Cannot found the record

Incorrectamount

Amount is different

Payment fail

Payment pending

Sample Source Code For Re-Query Function

<% 
    Function SendToE2PayInq (byval MerchantCode, byval RefNo, byval Amount)
    Dim TryNo, thenQString, URL, strReturn
    TryNo = 0
    QString = "MerchantCode=" & MerchantCode & "&RefNo=" & RefNo & "&Amount=" & Amount
    
    URL = "https://api-uat.e2pay.co.id/RMS/nms/requery_redirect_bridge.php"
    on ErrorResume Next
    Do Set xobj = Server.CreateObject ("Maxm12.ServerXMLHTTP.3.0")
    xobj.setTimeouts 30000, 60000, 60000, 60000
    xobj.open "POST", URL, false
    xobj.setRequestHeader "Content-Type-", "application/x-www-wform-urlencoded"
    xobj.sendQString
    TryNo = TryNo + 1
    Loop While xobj.status <> 200 and TryNo < 3
    
    If xobj.status <> 200 Then
        SendToePayInq = Err.Description & "(" & Err.Number & ")"
    Else
        SendToePayInq = xobj.responseText
    End If
    set xobj = nothing
    End Function
%>

<?php 
function Requery ($MerchantCode, $RefNo, $Amount) {

    $query = "https://api-uat.e2pay.co.id/RMS/nms/requery_redirect_bridge.php".
    $MerchantCode . "&RefNo=" . $RefNo . "&Amount=" . $Amount;
    $url = parse_url($query);
    $host = $url["host"];
    $path = $url["path"] . "?" . $url["query"];
    $timeout = 1;
    $fp = fsockopen ($host, 80, $errno, $errstr, $timeout);
    fputs ($fp, "GET $path HTTP/1.0\nHost: " . $host . "\n\n");
    
    while (!feof($fp)) {
        $buf .= fgets($fp, 128);
    }
        $lines = split("\n", $buf);
        $Result = $lines[count($lines)-1];
        fclose($fp);
    } else {
        #enter error handing code here
    }
    
    return $Result;
}
?>

Signature

To enhance security, please go through the following steps at the merchant payment status receiving page (Response URL) :

Check the HTTP_REFERER value is from pay.e2pay.co.id (only applicable if the merchant web site is working with SSL Certificate).
Check the payment amount from E2Pay OPSG is match with yours.
Compare the Signature from E2Pay OPSG with your own generated Signature.

Also, the information used in the calculation of the signature cannot be discovered through any analysis of the signature itself.

Important Notice

Request & Response signature must be included and implemented in the request of every transaction.
Merchant system must implement checking on verification signature for every transaction

Request Signature

This signature must be included in the request of every transaction. This hash signature for a request is a hash of the following fields:

MerchantKey (Provided by E2Pay OPSG and share between E2Pay and merchant only
MerchantCode
RefNo
Amount
Currency

The filed must set in the following order : (MerchantKey & MerchantCode & RefNo & Amount & Currency).

Example :

The resulting has signature value equals to (using SHA1 base64 hash algorithm) Q/iIMzpjZCrhJ2Yt2dor1PaFEFI=

Response Signature

The fields must set in the following order :

(MerchantKey & MerchantCode & PaymentId & RefNo & Amount & Currency & Status)

Example :

merchantkey = merchantkey MerchantCode = EP00005 PaymentId = 7 RefNo = 19201970148AM Amount = 300000 (Note: 300000 represent amount Rp 300.000) Currency = IDR Status = 1

The hash would be calculated on the following string: merchantkeyEP00005719201970148AM300000IDR1

The resulting has signature value equals to (using SHA1 base64 hash algorithm) OSsMZwT0jH4Wib3G2o/ZTQRSYPM=

Example

<?PHP
function E2Pay_signature($source) {
    return base64_encode(hex2bin(sha1($source)));
}

function hex2bin($hexSource) {
    for ($i=0;$i<strlen($hexSource);$i=$i+2) {
        $bin .= chr(hexdec(substr($hexSource,$i,2)));
    }
return $bin;
}
?>

Public Shared Function ComputeHash(ByVal Key As String) As String
Dim objSHA1 As New SHA1CryptoServiceProvider()
objSHA1.ComputeHash(system.Text.Encoding.UTF8.GetBytes(Key.ToCharArray))
Dim buffer() As Byte = objSHA1.Hash
Dim HashValue As String = System.Convert.ToBase64String(buffer)
Return HashValue
End Function

import java.security.*;
import sun.misc.BASE64Encoder;
import java.io.*;
public class test {
public static String encrypt(String password) {
    MessageDigest md;
    try {
    md = MessageDigest.getInstance("SHA");
    md.update(password.getBytes("UTF-8")); // step 3
    byte raw[] = md.digest(); // step 4
    String hash = (new BASE64Encoder()).encode(raw); // step 5
    return hash; // step 6
    } catch (NoSuchAlgorithmException e) {
    } catch (java.io.UnsupportedEncodingException e) {
    }
    return null;
    }
public static void main(String[] args) {
    System.out.println(encrypt("my password")); // string to hash is here
    }
}

var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */
var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */

/*
* These are the functions you'll usually want to call
* They take string arguments and return either hex or base-64 encoded strings
*/
function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));}
function e2paySignature(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz))+"=";}
function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));}
function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));}
function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));}
function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));}

/*
* Perform a simple self-test to see if the VM is working
*/
function sha1_vm_test()
{
    return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d";
}

/*
* Calculate the SHA-1 of an array of big-endian words, and a bit length
*/
function core_sha1(x, len) {
    /* append padding */
    x[len >> 5] |= 0x80 << (24 - len % 32);
    x[((len + 64 >> 9) << 4) + 15] = len;
    
    var w = Array(80);
    var a = 1732584193;
    var b = -271733879;
    var c = -1732584194;
    var d = 271733878;
    var e = -1009589776;

    for(var i = 0; i < x.length; i += 16)
    {
        var olda = a;
        var oldb = b;
        var oldc = c;
        var oldd = d;
        var olde = e;

        for(var j = 0; j < 80; j++)
        {
            if(j < 16) w[j] = x[i + j];
            else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
            var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)),
                safe_add(safe_add(e, w[j]), sha1_kt(j)));
            e = d;
            d = c;
            c = rol(b, 30);
            b = a;
            a = t;
        }

            a = safe_add(a, olda);
            b = safe_add(b, oldb);
            c = safe_add(c, oldc);
            d = safe_add(d, oldd);
            e = safe_add(e, olde);
    }
            return Array(a, b, c, d, e);
}
            
/*
* Perform the appropriate triplet combination function for the current
* iteration
*/
function sha1_ft(t, b, c, d) {
    if(t < 20) return (b & c) | ((~b) & d);
    if(t < 40) return b ^ c ^ d;
    if(t < 60) return (b & c) | (b & d) | (c & d);
    return b ^ c ^ d;
}

/*
* Determine the appropriate additive constant for the current iteration
*/
function sha1_kt(t) {
    return (t < 20) ? 1518500249: (t < 40) ? 1859775393:
    (t < 60) ? -1894007588: -899497514;
}

/*
* Calculate the HMAC-SHA1 of a key and some data
*/
function core_hmac_sha1(key, data) {
    var bkey = str2binb(key);
    if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz);
    var ipad = Array(16), opad = Array(16);
    
    for(var i = 0; i < 16; i++) {
    ipad[i] = bkey[i] ^ 0x36363636;
    opad[i] = bkey[i] ^ 0x5C5C5C5C;
    }
    
    var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz);
    return core_sha1(opad.concat(hash), 512 + 160);
}

/*
* Add integers, wrapping at 2^32. This uses 16-bit operations internally
* to work around bugs in some JS interpreters.
*/
function safe_add(x, y) {
    var lsw = (x & 0xFFFF) + (y & 0xFFFF);
    var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
    return (msw << 16) | (lsw & 0xFFFF);
}

/*
* Bitwise rotate a 32-bit number to the left.
*/
function rol(num, cnt) {
    return (num << cnt) | (num >>> (32 - cnt));
}

/*
* Convert an 8-bit or 16-bit string to an array of big-endian words
* In 8-bit function, characters >255 have their hi-byte silently ignored.
*/
function str2binb(str) {
    var bin = Array();
    var mask = (1 << chrsz) - 1;
    for(var i = 0; i < str.length * chrsz; i += chrsz)
    bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);
    return bin;
}

/*
* Convert an array of big-endian words to a string
*/
function binb2str(bin) {
    var str = "";
    var mask = (1 << chrsz) - 1;
    for(var i = 0; i < bin.length * 32; i += chrsz)
    str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask);
    return str;
}

/*
* Convert an array of big-endian words to a hex string.
*/
function binb2hex(binarray) {
    var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
    var str = "";
    
    for(var i = 0; i < binarray.length * 4; i++) {
    str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
    hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
    }
    return str;
}

/*
* Convert an array of big-endian words to a base-64 string
*/
function binb2b64(binarray) {
    var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
    var str = "";
    
    for(var i = 0; i < binarray.length * 4; i += 3) {
        var triplet = (((binarray[i >> 2] >> 8 * (3 - i %4)) & 0xFF) << 16)
        | (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 )
        | ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF);
        
        for(var j = 0; j < 4; j++) {
            if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
            else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
            }
    }
    return str;
    }

Please upload the js file to your server.
Inclide the js file in your production payment page in order to use the signature function.
Concatenate the value to be hash.
Call the following function in your javascript tag by passing in your string to hash to generate the signature. <script type="text/javascript" src="sha1.js"> </script> <script language="javascript"> document.write(e2paySignature(strToHash)); </script>
Pass the signature generated to e2pay payment page in the form element call "Signature"

Payment Re-Query Signature

Parameter

Type (size)

M/O

Description

Sample

SecretKey

varchar(12)

Provided by E2Pay. A private key that is used to make digital signature

merchantkey

MerchantCode

varchar(8)

The merchant code provided by E2Pay and use to uniquely identify the merchant

EP00005

PaymentId

integer

Unique payment channel id

RefNo

varchar(20)

Unique merchant transaction number

19201970148AM

TransId

varchar(20)

Payment Transaction Unique ID degenerated by e2pay

P1293365900

Currency

varchar(5)

Indonesian Rupiah (IDR)

IDR

The fields must set in the following order: (SecretKey & MerchantCode & PaymentId & RefNo & TransID & Currency)

Example :

SecretKey = merchantkey
MerchantCode = EP00005
PaymentId = 7
RefNo = 19201970148AM
TransID = P1293365900
Currency = IDR

The hash would be calculated on the following string: merchantkeyEP00005719201970148AM P1293365900IDR

The resulting hassignature value equalsto (using SHA1 base64 hash algorithm) +T/RZFXFPzdLuGp4LUfKljrb/eo=

Report & Notification

Allow merchants to login and view the reports online.

Transaction Report

Step 1. Merchant can visit E2Pay OPSG report page by keying-in :

Report URL : https://nms.e2pay.co.id/merchant-ss-app

Password : [provided by E2Pay OPSG]

Step 2. After login, select transaction date

Step 3. The payment transaction report will display on the screen.

Email Notification Disclaimer

Customer Payment Receipt Email

Customers will receive a payment detail͛s email after successful payment. Below is the email sample:

Subject: E2Pay - Payment details (Ref# T0009378700) Date: Thu, 26 Jan 2009 09:59:30 GMT From: Sales (sales@e2pay.co.id) To: John Tan (john@hotmail.com) Dear John Tan, We are pleased to inform you that your online payment via E2Pay is successful. Your credit card/bank account has been debited with IDR 3.000,00.
Please note that “Company Name” will be listed in your credit card/bank statement for this transaction.
Transaction Detail
Order No: A00000001 Transaction ID: T0009378700 Transaction Date: 26-1-2006 09:59:30 AM Transaction Amount: IDR 3.000,00 Payment Type: Credit Card Product Description: Photo Print ********************************************* Customer Support If you have any questions about our product and services, please contact PT I & J directly at : Tel No: 021-9999 0000 Fax No: 021-9999 0001 Email: support@i&j.com
***********************************************Please do not reply to this email as it was automatically generated.
If you found any fraudulent cases, please contact E2Pay immadiately at Tel: 021 52920138 Fax: 021 52920139 Email: support@e2pay.co.id
*E2Pay OPSG is an Online Payment Switching Gateway provided by E2Pay. For more information, please visit

Merchant Payment Notification Email

The Merchant will also receive a payment notification email after successful payment. In order to ensure you are able received all our mail; do make sure you proceed with the following steps:

From your mailbox, please white-list E2Pay OPSG mail address by adding sales@e2pay.co.id into your friend list.
Also, please make sure your mailbox has not blacklisted our address which is the following sales@e2pay.co.id.
Allow us to serve you better by white listing our email address and domain e2pay.co.id. Please verify or allow your technical personnel (at the webhosting or email server) to verify the status of your email.

Below is the email sample:

Subject: E2Pay - Payment details (Ref# A00000001) Date: Thu, 26 Jan 2006 09:59:30 GMT From: E2Pay Support (sales@e2pay.co.id) To: ABC Admin (admin@abc.com) Dear I & J Admin, RefNo : A00000001 One new payment has been collected for PT ABC. Please check the payment report at E2Pay Online Report. Customer Detail Name : Ali Email : ali@hotmail.com Contact: 0392005555 Transaction Detail Payment ID : T0009378700 Payment Date Time : 26-1-2006 09:59:30 AM Payment Amount : IDR 3.000,00 Payment Type : Credit Card Product Description : Photo Print Remark : Sincerely, Your E2Pay Team Tel: 021 52920138 Fax: 021 52920139 Email: support@e2pay.co.id

E2Pay OPSG Integration FAQ

What method use to pass payment parameters value to E2Pay OPSG? By using the HTTP POST method.
What do I provide to E2Pay OPSG before the integration of a merchant account? Return a copy of completed Merchant Checklist to integration@e2pay.co.id and provide both the Request URL and Response URL of merchant website.
What are the merchant Request URL and Response URL? Request URL is a checkout page at merchant website that passes in E2Pay OPSG parameters to request payment page. Response URL is a page at merchant website that accepts payment status from E2Pay OPSG after transaction.
How do I perform a payment testing during the integration stage? You can use any valid credit card for testing purpose. Details required are the credit card number, expiry date, CVV number and the card holder name.
What transaction amount do I use for test payment?

Currency Code

Amount

Description

IDR

300000

The amount must not contain any decimal points, thousands separators or currency symbols. For example, Rp 3.000 is expressed as 300000.

6. What if I get an error message and is unable to reach E2Pay OPSG payment page?

Error Message

Description

Duplicate reference number

Do not re-use Reference Number that previously

payment success for transaction.

Invalid merchant code

The merchant code does not exist or

incorrect.

Invalid parameters

Some parameter posted to E2Pay OPSG

is invalid or empty.

Over limit per transaction

Payment amount exceeded the value per transaction that assigned to merchant account.

Payment not allowed

Payment method requested is not allowed

for the merchant account.

Permission not allow

Referrer URL of transaction request is not same as registered with E2Pay OPSG.

Signature not match

Signature on request page which pass to E2Pay OPSG is incorrectly generated. Refer section 8. Signature

Status not approved

Merchant account was suspended or not active.

Appendix

Payment ID

Payment Channel

Payment ID

E2pay Checkout Page

Credit Card

CIMB Rekpon

BCA

Mandiri

Mbayar Auth

Indomaret

CIMB Octo Mobile

Mbayar QR

Permata VA

Kredivo

Alfamart

LinkAja WCO

CIMB Octo Clicks

OVO

BNI VA

LinkAja Applink

LinkAja QRIS

DANA

Shopeepay QRIS

Shopeepay JumpApp

CIMB VA

BCA VA

BRISVA

BRI VA

GOPAY

QRIS CIMB

Indodana

Mandiri VA

Error Description

Error Message

Error Description

Duplicate reference number

Reference number must be unique for each transaction.

Invalid merchant

The merchant code does not exist or wrong merchant

code.

Invalid parameters

Some parameter posted to E2pay is invalid or empty.

Overlimit per transaction

You exceed the amount value per transaction.

Payment not allowed

The Payment method you requested is not allowed for this merchant code, please contact E2pay to enable your payment option.

Permission not allow

Request URL registered in E2pay merchant account does not match. Please register your website Request URL with E2pay.

Signature not match

The Signature generated is incorrect.

Status not approved

Account was suspended or not active.

Error Code

Code

Message

Description

pge2101

Invalid parameters

Some parameter posted to E2Pay is invalid or empty.

pge2103

Invalid merchant code

The merchant code does not exist or incorrect.

pge2104

Duplicate refference number

Do not re-use Reference Number that previously payment success for transaction.

pge2203

Signature not match

Signature on request page which pass to E2Pay is incorrectly generated. Refer section 8 for more information about Signature for request page.

Additional Note for BRI Virtual Account

Minimum User Contact: 10 Character (Only Number)

Maximum User Contact: 14 Character (Only Number)