Documentation
Authenticate the user with the system and obtain the authentication token.
| Method | Base URL | Endpoint |
|---|---|---|
| POST | https://uatsandbox.sathapana.com.kh:2284 | /PaymentGateway/OAuthTokenGenerate |
| Type | Params\Key | Value | Field Description | Content Type\Media Type |
|---|---|---|---|---|
| Header | grant_type | client_credentials | The grant type | application/x-www-form-urlencoded |
| Body | client_id client_secret | string string | The client identity The client secret code | application/x-www-form-urlencoded |
Grant_type: client_credentials
application/x-www-form-urlencoded
application/x-www-form-urlencoded
client_id: will provide via email
client_secret: will provide via email
| Status | Response |
|---|---|
| 000 | refresh_token_expires_in (integer) – The expired refresh token in second. access_token (string) – An access token contains the security credentials for a login session and identifies the user, the user's groups, the user's privileges, and, in some cases, a particular application. refresh_token (string) – Refresh tokens are the credentials that can be used to acquire new access tokens. ... When current access tokens expire or become invalid, the authorization server provides refresh tokens to the client to obtain new access tokens. code (string) – The response code. For detailed information please go to see the last page of this document. status (string) – The response status. For detailed information please go to see the last page of this document. |
| 012 | |
| 013 | |
| 014 | |
| 016 | |
Open session to get started with payment process.
| Method | Base URL | Endpoint |
|---|---|---|
| POST | https://uatsandbox.sathapana.com.kh:2284 | /PaymentGateway/1.1/OpenSession |
| Type | Params\Key | Value | Field Description | Content Type\Media Type |
|---|---|---|---|---|
| Header | Content-Type Authorization api_key channel | application/json string string string | The accept type The access tokens. You must pass the Token Type plus Access Token Bearer <Token> The merchant identity Request from app to app, web view or others. If request from app to app the value is A2A. For web view use WV. | application/json |
| Body | Request Return Params [optional] | string string | The encryption of the data that was sent from the partnership/merchant. This field, banks create for partnership allow them to use for their whatever purpose. It’s optional. Example: Bank can send this value back with the call_back_url to push status for partnership/merchant after the making payment. Then partnership/merchant can verify with this value. | application/json |
Authorization: Bearer 4265f9c4-3e1a-4717-9916-948328fd2f6f
Content-Type: application/json
api_key: will provide via email
channel: WV/A2A
The original body
{
"customerId":"partner_customer_id", [optional]
"customerName":"Heng Somnang",
"txnId":"partner_txn_id",
"txnDescription":"EPayment to SPN", [optional]
"txnCurrency":"USD",
"totalAmount":"9.00",
"totalFee":"0.50", [optional]
"totalDiscount": "0.00", [optional]
"companyName":"Company ABC", [optional]
"listProduct": [optional]
[
{
"productName":"Cafe 001",
"qty":"2",
"amount":"3.00",
"subTotal":"6.00",
},
{
"productName":"Cafe 002",
"qty":"1",
"amount":"3.00",
"subTotal":"3.00",
}
]
}The encryption body
{
"request": "PFpg28z9pMxX3EtpYARrOs4XAwSaDs5F3MQg377jqSeJE4rWfuT1cLXpbD3kWrRH3dx/5THOte65XlQpRXUXf0cGa0Dyr6XXi6r6PpQLh/b7+xdThaHLGn4KzI8VST0LMi4ngiNma6eVtgqtnGU9ccFXQIVlSWcA6EmVJKHp1zFcuKM0EFJuEc+35M6LeDJgx/+RoOolPOiG1bnP1pSAn0ckI5iBLkd0IO0wTrCN0lV3eILmQC6fC6Zx8/pIaujbCeYJmbPOW7yOfudW0iM17mOMw5eQe7AxL4sTaTIegXIFBNcx+6CegHk5mWTKgx7y3xrVE42Rfiwq5kLsEk6tQRD71irNGI5soiYFkgIQ4taL9gAOlgUzizr4zLF6Iquo1Fra+8iGAcVD3e0X6LV+CJ/YgtIR7sni7miIJMfsvfMxl4zLy6S3C7es+JgksZBHfveRun/7D/MvWtoMhCvC8KZuLg59ExyAvDvc3eTZKSJ7/nfxpy0KXD4JXwAH1jRunNmBBdV5qcmegJbzpP4OTBO6MVZZxWc00CZ3YaUNFnR5ymCUUfqWty1v+6hPY8B8",
"returnParams": "OolPOiG1bnP1pSAn0ckI5iB5THOte65XlQpRXUXf0cGa0Dyr6XXi6r6PpQLh/b7+x
dThaHLGn4KzI8VST0LMi4ngiNma6eVtgqtnGU9ccFXQIVlSWcA6EmVJKHp1zFcuKM0EFJuEc "
}Will provide via email
| Status | Response |
|---|---|
| 000 | sessionDuration (string) – The session lifetime between Open Session and Validate Session. paymentToken (string) – The encrypted data that is sent from partner/merchant. This data is required to pass back again in Validate Session Service. sessionToken (string) – The session id that is going to be used for the whole payment process from start to end. iOSURL (string) – The iOS’s deep link URL. This field is encrypted and will have value when requested from App to App. androidURL (string) – The Android’s deep link URL. This field is encrypted and will have value when requested from App-to-App Platform. pgWebURL (string) – The payment gateway web view URL. This field is encrypted and will have value when requested from Payment Gateway Web View Platform. code (string) – The response code. For detailed information please go to see the last page of this document. status (string) – The response status. For detail information please go to see the last page of this document. |
| 010 | |
| 011 | |
| 999 | |
| Error Network Access Level | Request has timed out |
Validate the session before making payment, make sure the session token is still alive and correct.
Request| Method | Base URL | Endpoint |
|---|---|---|
| POST | https://uatsandbox.sathapana.com.kh:2284 | /PaymentGateway/1.1/ValidateSession |
| Type | Params\Key | Value | Field Description | Content Type\Media Type |
|---|---|---|---|---|
| Header | Content-Type Authorization api_key channel | application/json string string string | The accept type The access tokens. You must pass the Token Type plus Access Token Bearer <Token> The merchant identity Request from app to app, web view or QR. If request from app to app the value is A2A. For web view use WV and QR, please pass the word QR. If you pass the A2A, you won’t get the QR STRING. If you pass QR, you will get the information only about QR Code. For WV will get more information such as Deep Link URL…etc. | application/json |
| Body | sessionToken | string | The session ID that uses for the whole payment process | application/json |
Authorization: Bearer 4265f9c4-3e1a-4717-9916-948328fd2f6f
Content-Type: application/json
api_key: will provide via email
channel: wv/a2a/QR
{
"sessionToken": "pyrxGroSvQvZcpQhbHhV4Jxwg0krfOmtj8hh8Bgw30Uw9xKRReOAL1Fr2FgnfUR"
}| Status | Response |
|---|---|
| 000 | This response is for the requested channel: QR code (string) – The response code. For detailed information please go to see the last page of this document. status (string) – The response status. For detailed information please go to see the last page of this document. is_valid (string) – The status of session validation. True is pass. False is failed. qrString (string) – The QR Code. sessionDuration (string) – The session lifetime. orderDetail (string) – The order data. |
| 000 | This response is for requested channel: WV/A2A code (string) – The response code. For detailed information please go to see the last page of this document. status (string) – The response status. For detailed information please go to see the last page of this document. androidURL (string) – The deep-link URL of Android iOSURL (string) – The deep-link URL of iOS logo (string) – The path of logo image marchantName (string) – The partner/merchant's name merchantCCY (string) – The currency of the merchant uses for making payment internalDiscountAmount (string) – The bank discounts grandTotal (string) – The total after bank discount is_valid (string) – The status of session validation. True is pass. False is failed. qrString (string) – The QR Code. sessionDuration (string) – The session lifetime. orderDetail (string) – The order data. |
| 010 | |
| 011 | |
| 015 | |
| 099 | |
| Error Network Access Level | Request has timed out. |
Validate session KHQR before making payment, make sure the session token is still alive and correct.
Request| Method | Base URL | Endpoint |
|---|---|---|
| POST | https://uatsandbox.sathapana.com.kh:2284 | /PaymentGateway/1.1/ValidateSessionKHQR |
| Type | Params\Key | Value | Field Description | Content Type\Media Type |
|---|---|---|---|---|
| Header | Content-Type Authorization api_key channel | application/json string string string | The accept type The access tokens. You must pass the Token Type plus Access Token Bearer <Token> The merchant identity Request from app to app, web view or QR. If request from app to app the value is A2A. For web view use WV and QR, please pass the word QR. If you pass the A2A, you won’t get the QR STRING. If you pass QR, you will get the information only about QR Code. For WV will get more information such as Deep Link URL…etc. | application/json |
| Body | sessionToken | string | The session ID that uses for the whole payment process. | application/json |
Authorization: Bearer 4265f9c4-3e1a-4717-9916-948328fd2f6f
Content-Type: application/json
api_key: will provide via email
channel: wv/a2a/QR
{
"sessionToken": "pyrxGroSvQvZcpQhbHhV4Jxwg0krfOmtj8hh8Bgw30Uw9xKRReOAL1Fr2FgnfUR"
}| Status | Response |
|---|---|
| 000 | This response is for the requested channel: QR code (string) – The response code. For detailed information please go to see the last page of this document. status (string) – The response status. For detailed information please go to see the last page of this document. is_valid (string) – The status of session validation. True is pass. False is failed. qrString (string) – The KHQR Code. sessionDuration (string) – The session lifetime. orderDetail (string) – The order data. |
| 000 | This response is for requested channel: WV/A2A code (string) – The response code. For detail information please go to see at the last page of this document. status (string) – The response status. For detail information please go to see at the last page of this document. androidURL (string) – The deep-link URL of Android iOSURL (string) – The deep-link URL of iOS logo (string) – The path of logo image marchantName (string) – The partner/merchant's name merchantCCY (string) – The currency of the merchant uses for making payment internalDiscountAmount (string) – The bank discounts grandTotal (string) – The total after bank discount is_valid (string) – The status of session validation. True is pass. False is failed. qrString (string) – The KHQR Code. sessionDuration (string) – The session lifetime. orderDetail (string) – The order data. |
| 010 | |
| 011 | |
| 015 | |
| 099 | |
| Error Network Access Level | Request has timed out. |
Provide the payment transaction status by ORDER_ID from merchant/partner.
Request| Method | Base URL | Endpoint |
|---|---|---|
| POST | https://uatsandbox.sathapana.com.kh:2284 | /PaymentGateway/1.1/TransactionInquiry |
| Type | Params\Key | Value | Field Description | Content Type\Media Type |
|---|---|---|---|---|
| Header | Content-Type Authorization api_key | application/json string string | The accept type The access tokens. You must pass the Token Type plus Access Token Bearer <Token> The merchant identity | application/json |
| Body | merchant_id | string | The transaction ordering from merchant/partner. | application/json |
Authorization: Bearer 4265f9c4-3e1a-4717-9916-948328fd2f6f
Content-Type: application/json
api_key: will provide via email
{
"merchantOrderId": "pyrxGroSvQvZcpQhbHhfUR"
}| Status | Response |
|---|---|
| 000 | code (string) – The response code. For detailed information please go to see the last page of this document. status (string) – The response status. For detailed information please go to see the last page of this document. bankRefNumber (string) – The bank transaction reference. debitCCY (string) – The payer/customer currency. debitAmt (string) – The payer/customer amount. creditCCY (string) – The merchant/partner currency. creditAmt (string) – The merchant/partner amount. merchantOrderId (string) – The order ID. txnDate (string) – The transaction processing date. createdDate (string) – The transaction creation date. txnStatus (string) – The transaction status can be SUCCESS/FAILED. |
| 011 | |
| 404 | |
| Error Network Access Level | Request has timed out. |
A. Payment Gateway Web
a. URL: https://uatpayment.sathapana.com.kh
b. Parameter:
• Language: language of payment gateway page.
+ Khmer: km
+ English: en
+ Japanese: ja
+ Chinese: zh
+ French: fr
+ Spanish: es
• Merchant ID: also known as [api_key]
• Redirect URL: the redirect URL after finished the payment
• Session Token: the one that return in [Open Session]
+ Please apply URL Encode before parsing it into URL
c. Completed URL:
https://uatpayment.sathapana.com.kh?language=en&merchantId=gsjkfhdsiof&sessionToken=
456789dfghjyuhjygkj&redirect=https://www.abc.com
B. Deep Linking
a. Android
i. URL: Provide via API (Open Session & Validate Session)
ii. Parameter:
• Value (Json object)
a. API Key: also known as [Merchant ID]
b. Session Token: the one that return in [Open Session]
iii. Completed URL:
1. BEFORE ENCOND JSON DATA:
Base_URL/?value={"sessionToken":"SESSION_TOKEN_VALUE","apiKey":"API_KEY_VALUE"}
2. AFTER ENCODE JSON DATA:
Base_URL/?value=%7B%22sessionToken%22%3A%22SESSION_TOKEN_VALUE
%22%2C%22apiKey%22%3A%22API_KEY_VALUE%22%7D
b. iOS
i. URL: Provide via API (Open Session & Validate Session)
ii. Parameter:
• Value (Json object)
a. API Key: also known as [Merchant ID]
b. Session Token: the one that return in [Open Session]
iii. Completed URL:
3. BEFORE ENCOND JSON DATA:
Base_URL/?value={"sessionToken":"SESSION_TOKEN_VALUE","apiKey":"API_KEY_VALUE"}
4. AFTER ENCODE JSON DATA:
Base_URL/?value=%7B%22sessionToken%22%3A%22SESSION_TOKEN_VALUE
%22%2C%22apiKey%22%3A%22API_KEY_VALUE%22%7D
This service is used to push back the payment status to merchant/partner. So, merchant/partner must provide the call_back_url to the bank and in Open Session’s request, merchant/partner can send value in field [returnParams] to the bank. Bank will use this field’s value to send back to merchant/partner in this call back service for merchant/partner to do any validations before accepting the payment status.
Method:
POSTHeader
Content-Type: application/json
Accept: application/json
Body:
The sending body is in encryption mode like below.
{
"data": "RxrPdCH3EzkXvXdJcyazsAlzFuyRaGXd6EFxCa9NuYPczCBVoy486K7rBhYd1c/lN+FYjqHs0ckAA7kdGdm/P4TxbTZTsszVYz7SBqD6HT19N51/UHPSUOJoNJRIKQWiPgxhlLBgrLazEqNcU7A4s8MTB1/ekCSwKCCRX/gWG79AWhBip+QiE1V4whXzjl7F5LXUQm1fd01C6Ndu0lctN4owkVIW0UZSLlMOMgrD21akxMrOmidBt1tt+yTLC7mkOMsY8aF1U56sZmF6Fr4XQU8fRA/kd3f+y4eOulLfMlyw1vw6p1px+X6OEcNpFtdOfjHfLd8d0jOaV9pUR/hfH66rX4ZCRNU3XJYMmF5POYZAxnZZzpVoLL5moT30jwbS"
}After the decryption:
{
"returnParams": "qvLCwVj7NNKIHJb6ZMrGv9Mro2CBwze0Fa9LZpcQcsnfc1GIe6RQwUICPlDUptxOBfx5hbGZnqcLZDKEG4rPV5pSRbPYnG+6Al4irXnzXyePVyIFVOI7KWbbu8OpBenQ5G4yFnYhsHn+3Dw5c9fib9LGkOqYQmpFdiY55RwE0Sg=",
"txnReference": "001PGWT201660027",
"txnId": "partner_txn_id",
"sessionToken": "zY7EZkBrnUHBT8ZPfxeGVDYU0LgeZwLR31//RrxRgsSJHCWwaQX54frIEJQnV2s
AksM6tOpge1MQvb+Q6MCGDQ==",
"param1": "9.00",
"param2": "USD",
"param3": "",
"param4": "",
"param5": "",
"code": "000",
"status": "Transaction proceeds successfully!"
}returnParams (string) – The value that we keep since Open Session process, for merchant/partner to do any validations before accepting the payment status.
txnReference (string) – The bank’s transaction reference.
txnId (string) – The original transaction Id from merchant/partner.
param1 (string) – The transaction amount.
param2 (string) – The transaction currency.
param3 (string) – Any values can be set in the future.
param4 (string) – Any values can be set in the future.
param5 (string) – Any values can be set in the future.
code (string) – The response code.
status (string) – The response message.
● Client – Client application.
● Status – Bank custom status code of the service responding.
● All the possible responses are listed under ‘Responses’ for each method. Only one of them is issued per request server.
● All responses are in JSON format.
● All request parameters are mandatory unless explicitly marked as [optional]
● The type of values accepted for a request parameter are shown in the values column like this [10|<any number>]. The | symbol means OR. If the parameter is [optional], the default value is shown in blue bold text, as 10 is written in [10|<any number>].
● A2A – App to App
● WV – Web View
a. Date
i. yyyy-MM-dd (2021-01-25)
b. Date Time
i. yyyy-MM-dd hh:mm:ss.fff (2021-01-25 2:15:30.1800)
c. Decimal (amount)
i. xx.xx (20.50)
All status codes are standard custom status codes under Sathapana Bank. The below ones are used in this API.
| 000 | Success. |
| 001 | Transaction is failed. |
| 002 | The Account do not have enough available balance. |
| 003 | This Account cannot perform transaction. |
| 004 | Transaction has already been processed. |
| 005 | You have reached maximum retry times. |
| 006 | Invalid Account. |
| 007 | Transaction amount is less than minimum allowed. |
| 008 | Transaction amount is more than maximum allowed. |
| 009 | Timeout Request to Core System. |
| 010 | Bad API Key. |
| 011 | Invalid Token or Missing Authorization header. |
| 012 | Invalid Client ID. |
| 013 | Unauthorized Client. |
| 014 | Invalid/Missing Grant Type Parameter Value. |
| 015 | Session Expired. |
| 016 | Bad request content type. |
| 017 | Transaction is Processing. |
| 018 | Failed to Decrypt. |
| 019 | Invalid/Wrong JSON Format. |
| 020 | Invalid/Wrong OTP. |
| 021 | The OTP is already expired. |
| 400 | Bad request. |
| 404 | The transaction not found. |
| 999 | General Error. |