PayMaya Payments Processing Platform (P3) API
PayMaya P3 (Payments Processing Platform) is PayMaya’s Acquiring Platform for processing payment-related transactions.
Note: The merchant/third party is responsible for PCI compliance and may be required to provide PayMaya with additional documentation and/or their attestation of compliance.
API Version
v1.6.0
Release Notes
P3 API Overview ¶
API Authentication
P3 APIs require key-based authentication. APIs and features accessible to each API consumer are defined by the public and/or secret key that the API consumer will use.
For each API call, the API consumer must pass an Authorization header (using Basic access authentication), with the API key encoded in Base64 MIME encoding.
Example:
Given secret key sk-AAAbA4QasPuGfPAApZWpeh7yT1ZBellDpwKyRk8lBBB:
Authorization: Basic c2stQUFBYkE0UWFzUHVHZlBBQXBaV3BlaDd5VDFaQmVsbERwd0t5Ums4bEJCQg==
Transaction Cut-Off Schedule for Voids and Refunds
Purchases and Captures made through PayMaya P3 can either be voided or refunded.
You can void purchases and captures done on or before 11:59:59 PM (PH Standard Time) cut-off of the same day transaction date, otherwise refunding is your option. You can do multiple and partial refunds for a purchase or capture, as long as the total refund amount does not exceed the full amount of the transaction.
Sample scenarios:
| Transaction time | Void cut-off time | Refund start time |
|---|---|---|
| Feb 13, 2017 10:23 AM | until Feb 13, 2017 11:59:59 PM | from Feb 14, 2017 12:00:00 AM onwards |
| Feb 13, 2017 09:23 PM | until Feb 13, 2017 11:59:59 PM | from Feb 14, 2017 12:00:00 AM onwards |
| Feb 13, 2017 11:59 PM | until Feb 13, 2017 11:59:59 PM | from Feb 14, 2017 12:00:00 AM onwards |
| Feb 14, 2017 12:00 AM | until Feb 14, 2017 11:59:59 PM | from Feb 15, 2017 12:00:00 AM onwards |
Authorizations made through PayMaya P3 can be voided, but not refunded. Authorizations can be voided as long as the transaction is not past the hold period for P3, and no captures have been made. Refer to Authorization Hold Periods for more details.
PayMaya P3 retains transactions only up to a period of 90 days in its Sandbox environment and 390 days in its Production environment.
3-D Secure Authentication Support
PayMaya P3 supports authorizations for 3-D Secure authenticated e-commerce transactions. However, as PayMaya P3 is only a payment processor, the service does not handle the actual authentication procedure. The 3rd party API consumer is responsible for performing the 3-D Secure authentication leg, including, but not limited to, integrating with its own or a 3rd party merchant plug-in (MPI). The result of the authentication can then be included to e-commerce Sale/Purchase and/or Authorization requests to complete a 3-D Secure authenticated purchase/authorization.
Communication Timeout Setting
The following communication timeout settings are recommended:
| Case | Recommended Timeout | Remarks |
|---|---|---|
| Connection Timeout | 10 seconds | Time to wait before client can establish TCP connection with PayMaya P3 |
| Wait for Response (Read Timeout) | 60 seconds | Time to wait before client gives up on the request going to PayMaya P3 |
In the case of a Read Timeout, the API client may either:
-
Call
Void Transactionif the transaction is voidable, or -
Call
Check Transactionto know if the transaction proceeded. API client may proceed accordingly depending on the response ofCheck Transaction.
Idempotency and Retransmissions
P3 POST APIs support optional idempotency for retransmissions. Any request with the header X-Idempotency-Key will be checked if it is a first transmission or a retransmission (i.e. there exists a similar request with the same X-Idempotency-Key).
-
For first transmissions, processing proceeds as normal
-
For retransmissions, the response of the corresponding first transmission is returned. Retransmission responses are marked with the header
X-Response-Retransmissionset totrue.
In the case that a retransmission is sent while a first transmission is still ongoing, a pending response is returned with the HTTP status 202.
{
"status": "ONGOING",
"message": "Transaction had been received and is still ongoing"
}When matching retransmissions against first transmissions, the following details must match.
-
requesting party
-
header
Request-Reference-No -
request method
-
request URL
-
header
X-Idempotency-Key
Note that other parts of the request are not inspected. Only the specified details are used for idempotency matching. When the aforementioned details match, the request is considered a retransmission regardless of other details (like request body and etc.).
Details of first transmissions are kept strictly for 6 hours only for candidate retransmission matching. This feature is intended to be used within short intervals only (generally for retries and retries with backoffs) and thus we recommend to use this only for retransmission intervals guaranteed shorter than 6 hours.
Including Metadata
The Authorizations and Payments API supports adding metadata in the headers of the request message.
Geo-Tagging Requests
To geo-tag a request, add a Latitude header and a Longitude header in decimal degrees (DD) format.
For example, a request sent from the United States Capitol would include the following headers:
Latitude: 38.8897
Longitude: -77.0089Transaction / Scenario Guide ¶
Guide for Different Transaction Types
Depending on the merchant and/or transaction being processed, different request semantics may apply.
Recurring Transactions
A transaction is classified as recurring if it meets the following criteria:
-
The merchant needs to charge the consumer on defined intervals / schedule (e.g., every 15th of the month)
-
Merchant has secured approval from the consumer that a recurring charge will be placed on the consumer’s mode of payment
Recurring transactions are supported for E-Commerce transactions. In order to perform a recurring transaction:
-
Client should process the initial transaction as it would for a normal single transaction. This includes 3-DS authentication, initial authorization with 3-DS values and card security code (CSC), if any.
-
For recurring transactions after the initial transaction, the client should perform the transaction with the
transaction.frequencyIndicatorin the request set toRECURRING. This should no longer include the 3-DS and CSC values.
Note that P3 does not match the recurring transactions with their corresponding original transactions. It is up to the client to ensure that recurring transactions are only performed after a corresponding successful original transaction. Chargebacks may apply for incorrectly processed recurring transactions.
Additional Notes
3-D Secure is not supported for Recurring transactions.
Transactions using Vaulted/Stored Credentials
P3 API clients may opt to store the cardholder’s credit card information (PAN, expiry date) after 1 transaction for use in future transactions (refered to as vaulting). In this case, the P3 API client is reponsible for looking up the credit card information on their own vault (or any logical storage) before performing the authorization via P3 API.
Normally, a vaulted card transaction no longer contains the card security code (CSC). Issuers may decline these transactions more often due to the lack of a secondary authentication mechanism (since both 3-DS and CSC validation are no longer performed). For these transactions, the P3 API client must indicate that the credit card information of the transaction came from its storage by setting the flag payer.fundingInstrument.card.vaulted to true. This allows the issuers to relax their acceptance requirements, since it is assumed that PayMaya and/or the P3 API client has already previously authenticated the cardholder by different means.
Recurring transactions (i.e., transaction.frequencyIndicator = RECURRING) are automatically tagged as vaulted transactions, regardless of the value of payer.fundingInstrument.card.vaulted, since it is assumed that either the merchant or the payment gateway has stored the card credentials for future use.
Indicating Initiator and Intent of an Authorization Transaction
For Authorization and Sale/Purchase transactions, the P3 API client may indicate the initiator and the intent of the transaction using the transaction.initiator and transaction.intent fields, respectively. The transaction initiator is the entity that initiated the authorization request, while the transaction intent is a general description of the purpose of the authorization request. The value of these fields may be used by Issuers when determining the approval status of an authorization transaction.
Initiators
The following initiators are supported by the API:
-
CONSUMER- (default value) Indicates that the consumer initiated the transaction (e.g., consumer explicitly purchased an item from the merchant) -
MERCHANT- Indicates that the merchant initiated the transaction (e.g., charging subsequent miscellaneous fees after the original transaction)
If not specified, P3 API assumes that the transaction was initiated by the CONSUMER.
Intents
The following intents are supported by the API:
-
PAYMENT- (default value) Indicates that the authorization request is being done to collect payment from the consumer for goods/services rendered. -
VAULTING- Indicates that the P3 API client intends to store the consumer’s credentials after a successful authorization. Normally, authorizations with theVAULTINGintent are voided/refunded afterwards, as the results are only used for validating the consumer’s credentials. This value should be set even if the client intends to collect payment from the authorization request as well, as long as the client intends to store the credentials afterwards.
If not specified, P3 API assumes that the transaction is intended for PAYMENT.
Recurring transactions (i.e., transaction.frequencyIndicator = RECURRING) are automatically tagged as merchant-initiated transactions, regardless of the value of transaction.initiator, since it is assumed that the consumer is no longer presenting the authorization credentials in these types of transactions.
Payment Transaction Models ¶
Transaction Models
P3 supports 2 models for payment transactions:
-
Purchase / Sale
-
Authorization + Capture
The following shows the differences in the lifecycle of a payment for both models made through P3:
Purchase / Sale
In Purchase / Sale model, successful purchase transactions are automatically included at the end of the day’s batch processing for clearing. In the case of cancellation, a purchase transaction may either be voided (if cancelling on the same day of the purchase transaction) or refunded (if cancelling on succeeding days after the purchase transaction).
The following APIs can be used in this model:
-
/p3/pay- Purchase / Sale -
/p3/void- Void Purchase -
/p3/refund- Refund Purchase
Authorization + Capture
In Authorization + Capture model, payment transactions are done in two parts:
-
Authorization - Authorize and reserve the availability of funds for the transaction. The issuer will only authorize and reserve the funds for the transaction. The cardholder will not be billed until the transaction gets cleared.
-
Capture - Completes the Authorization transaction, and informs PayMaya that the transaction is ready to be cleared. Captured transactions are included at the end of the day’s batch processing for clearing. The cardholder will be billed upon successful clearing of a captured transaction.
This is useful for merchants that have delayed fulfillment processes and wants to synchronize the lifecycle of the payment with the goods and/or services being offered. For example, a merchant running an e-commerce platform may do an authorization as soon as the customer performs “checkout” of the goods, but only capture the payment as soon as availability of the items have been confirmed.
The following APIs can be used in this model:
-
/p3/authorize- Authorization -
/p3/capture- Capture -
/p3/void- Void Authorization or Void Capture -
/p3/refund- Refund Capture
Authorization Types
-
NORMAL Indicates a Normal Authorization transaction, this authorization request can be captured and cleared for amounts less than or equal to the authorization amount.
-
FINAL Indicates a Final Authorization transaction, this authorization request can be only be captured and cleared for amounts equal to the authorization amount (i.e., partial captures are not supported).
-
PREAUTHORIZATION Indicates a Preauthorization transaction, this authorization request can be captured and cleared for amounts greater than (not yet supported), less than, or equal to the authorization amount. On certain conditions, a preauthorization may have longer hold periods than normal authorizations. Please refer to Authorization Hold Periods for more details.
Authorization Hold Periods
A successful Authorization is saved (held) by P3 until the transaction is not past its hold period. Authorizations past their corresponding hold period that do not have successful captures, or were not voided, will be automatically voided by P3, resulting to the authorization hold being dropped.
The following table summarizes the authorization hold periods defined by P3 depending on certain conditions:
| Scheme | Normal Authorization Hold Period | Final Authorization Hold Period | Pre-Authorization Hold Period |
|---|---|---|---|
| MasterCard | 6 days | 6 days | 29 days |
| Visa | 6 days | 6 days | 6 days / 29 days A |
| JCB | 6 days | 6 days | 6 days |
A - For Visa, pre-authorized transactions can have longer hold periods (29 days) if the following conditions are met:
- Merchant falls under one of the ff categories:
- Lodging (e.g. hotels, resorts, lodging reservation systems)
- Vehicle Rental
- Cruise Lines
It is up to the P3 API Client to ensure that authorizations are successfully captured before the hold period expires for the transactions to be included in the settlement for the merchant.
Test Configuration ¶
The following accounts / data can be used for testing the API calls documented here.
Merchants
| Merchant ID | Merchant Type | Transaction Privileges |
|---|---|---|
| EFS100000126 | Individual | E-Commerce, Recurring Transactions |
| EFS100001149 | Individual | E-Commerce, Card Present |
| EFS100001033 | Payment Facilitator | E-Commerce, Card Present |
Secret Keys
| Secret Key | API Privileges |
|---|---|
sk-aXQdorOOF0zGMfyVAzTH9CbAFvqq1Oc7PAXcDlrz5zz |
All APIs (Sandbox Access) |
Test Cards
| Card Type | Card Number | Expiry Year | Expiry Month | CSC/CVV | 3-DS Password | Remarks |
|---|---|---|---|---|---|---|
| MasterCard | 2223000010239199 | 2025 | 12 | 111 | N/A | CSC successful |
| MasterCard | 5457210001000019 | 2025 | 12 | 111 | N/A | CSC successful |
| MasterCard | 5204730000002662 | 2025 | 12 | 266 | N/A | CSC failed |
| MasterCard | 5453010000095323 | 2027 | 12 | 323 | secone1 | 3-DS Enabled, Enrolled |
| Visa | 4761340000000019 | 2022 | 12 | 946 | N/A | CSC successful |
| Visa | 4123700000000025 | 2022 | 12 | 260 | N/A | CSC successful |
| Visa | 4012001037141112 | 2027 | 12 | 212 | N/A | 3-DS Enabled, Enrolled |
| Visa | 4012001038443335 | 2027 | 12 | 774 | N/A | 3-DS Enabled, Cardholder Not Enrolled |
| JCB | 3562320109617106 | 2021 | 12 | 000 | N/A | CSC successful |
| JCB | 3572000100200166935 | 2021 | 12 | 000 | N/A | CSC successful |
| JCB | 3550998345701117 | 2020 | 12 | 000 | secure66 | 3-DS Enabled, Enrolled |
| JCB | 3550998397311146 | 2020 | 12 | 000 | N/A | ACS Not Registered, DS Registered |
Web APIs ¶
Accounts ¶
Account Balance InquiryPOST/accounts/balance/inquiry
Example URI
Card Present Balance InquiryHeaders
Content-Type: application/json
Request-Reference-No: A1D099C2-2479-4AAC-9F87-B2A304450BBB
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==Body
{
"payer": {
"fundingInstrument": {
"card": {
"cardNumber": "4761340000000043",
"expiryMonth": "12",
"expiryYear": "2022",
"firstName": "SMART E MONEY",
"lastName": "INC",
"cardPresentFields": {
"cardSeqNum": "001",
"emvIccData": "ggIcAIQHoAAAAAMQEJUFgAAAAACaAxcEGZwBAF8qAgYInwIGAAAAAAEAnwMGAAAAAAAAnxASBgEKA6CAAAoCAAAAAABuefOZnxoCBgifHghQWU1ZUE9TMZ8mCA5/WLUnW3KxnycBgJ8zAyAgyJ80Ax4DAJ81ASGfNgIAyp83BKOXolWfQQQAAAAB",
"track2": ";4834427000590355=19092010000000000914?2"
},
"type": "CREDIT",
"account": "DEFAULT",
"pin": {
"block": "B0726345EBF1DEB9",
"format": "ISO-0",
"keyId": "F33900F3-7115-4F1F-ADD2-B5D02E9721E9"
}
}
}
},
"merchant": {
"id": "EFS100001149",
"metadata": {
"refNo": "ORDER-123954"
},
"acquiringTerminal": {
"id": "PYMYPOS1",
"inputCapability": {
"magstripeReader": true,
"emvChip": true
},
"posEntryMode": {
"panEntry": "05",
"pinEntry": "2"
},
"onMerchantPremise": true,
"terminalAttended": true,
"cardCaptureSupported": false,
"cardholderActivatedTerminal": true
}
},
"trace": {
"batchNo": "000001",
"traceNo": "000001"
}
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"merchant": {
"type": "object",
"properties": {
"metadata": {
"type": "object",
"properties": {
"refNo": {
"type": "string",
"limit": "1..36",
"pattern": "*",
"description": "(OPTIONAL) Reference number of the merchant for the transaction."
}
},
"description": "(OPTIONAL) Transaction-specific metadata for the merchant involved"
},
"id": {
"type": "string",
"description": "Unique ID issued by PayMaya to the merchant."
},
"acquiringTerminal": {
"type": "object",
"properties": {
"id": {
"type": "string",
"limit": "1..36",
"pattern": "[-a-zA-Z_0-9]+",
"description": "Unique ID of the terminal."
},
"inputCapability": {
"type": "object",
"properties": {
"keyEntry": {
"type": "boolean",
"description": "Indicates whether or not the terminal has a keypad (physical or electronic) to accept manual input of card data (default: false)"
},
"magstripeReader": {
"type": "boolean",
"description": "Indicates whether or not the terminal supports reading of contact magnetic stripe cards (swipe) (default: false)"
},
"emvChip": {
"type": "boolean",
"description": "Indicates whether or not the terminal supports reading of contact chip cards (dip) (default: false)"
},
"contactless": {
"type": "boolean",
"description": "Indicates whether or not the terminal supports reading of contactless chip cards (tap) (default: false)"
},
"contactlessMagstripe": {
"type": "boolean",
"description": "Indicates whether or not the terminal supports reading of contactless magnetic stripe chip cards (tap) (default: false)"
}
},
"description": "Indicates the capabilities of the terminal that read the card"
},
"posEntryMode": {
"type": "object",
"properties": {
"panEntry": {
"type": "string",
"enum": [
"00 - PAN Entry Mode is unknown (default)",
"01 - Manual Entry",
"02 - Magnetic stripe read, but full unaltered contents not provided",
"05 - PAN auto entry via chip",
"07 - Auto-entry via contactless magnetic chip",
"79 - Chip card at chip-capable terminal was unable to process transaction using data on the chip or magnetic stripe on the card - therefore, PAN entry via manual entry",
"80 - Chip card at chip-capable terminal was unable to process transaction using data on the chip therefore the terminal defaulted to the magnetic stripe read for the PAN. This is referred to as fallback.",
"90 - Magnetic stripe read and full, unaltered contents provided",
"91 - Auto-entry via contactless magnetic strip"
],
"description": "Indicates how the card's PAN was entered into the terminal at the time of the transaction"
},
"pinEntry": {
"type": "string",
"enum": [
"0 - Unspecified or Unknown (default)",
"1 - Terminal has PIN entry capability",
"2 - Terminal does not have PIN entry capability",
"8 - Terminal has PIN entry capability but PIN pad is not currently operative."
],
"description": "Indicates the terminal's PIN input capability at the time of the transaction"
}
},
"description": "Indicates how the card was actually read by the terminal"
},
"onMerchantPremise": {
"type": "boolean",
"description": "Indicates whether or not the terminal is within the merchant's area of control"
},
"terminalAttended": {
"type": "boolean",
"description": "Indicates whether or not the merchant directly attends to the terminal"
},
"cardCaptureSupported": {
"type": "boolean",
"description": "Indicates whether or not the terminal has capabilities to capture (store) cards upon directive from the issuer"
},
"cardholderActivatedTerminal": {
"type": "boolean",
"description": "Indicates whether or not the cardholder activates and initiates transactions on the terminal directly instead of the merchant"
},
"type": {
"type": "string",
"description": "Indicates the type of terminal being used for the transaction",
"enum": [
"POS",
"MPOS",
"ATM",
"IN_TRANSIT",
"IN_FLIGHT"
]
}
},
"description": "Information about the terminal used to read the contents of a card."
}
},
"description": "Information about the merchant performing the request for the cardholder."
},
"payer": {
"type": "object",
"properties": {
"fundingInstrument": {
"type": "object",
"properties": {
"card": {
"type": "object",
"properties": {
"cardNumber": {
"type": "string",
"description": "Personal Account Number (PAN) of the card used by the cardholder"
},
"expiryMonth": {
"type": "string",
"limit": "1..2",
"pattern": "0?[1-9]|1[0-2]",
"description": "Numeric format of the month (MM) when the card was set by the issuer to expire"
},
"expiryYear": {
"type": "string",
"limit": "4..4",
"pattern": "[\\d]{4}",
"description": "Numeric format of the year when (YYYY) the card was set by the issuer to expire"
},
"firstName": {
"type": "string",
"description": "First name of the cardholder"
},
"lastName": {
"type": "string",
"description": "Last name of the cardholder"
},
"cardPresentFields": {
"type": "object",
"properties": {
"cardSeqNum": {
"type": "string",
"limit": "3..3",
"pattern": "[0-9]{3}+",
"description": "Sequence number of the card read from the chip. Only present for EMV/chip-based transactions."
},
"emvIccData": {
"type": "string",
"limit": "1..340",
"description": "EMV ICC binary data read from the card, in Base64 encoding."
},
"track1": {
"type": "string",
"description": "Track 1 (magnetic stripe) data as read from the card. For chip cards, provided by \"Track 1 Equivalent Data\" read from the chip."
},
"track2": {
"type": "string",
"description": "Track 2 (magnetic stripe) data as read from the card. For chip cards, provided by \"Track 2 Equivalent Data\" read from the chip."
}
},
"description": "Details of the card read by a terminal (for card present transactions)"
},
"type": {
"type": "string",
"description": "(OPTIONAL) Indicates the type of the card used for the transaction",
"enum": [
"CREDIT",
"DEBIT"
]
},
"account": {
"type": "string",
"description": "(OPTIONAL) Indicates the type of the account used for the transaction (default: DEFAULT)",
"enum": [
"DEFAULT",
"SAVINGS",
"CURRENT",
"CREDIT"
]
},
"pin": {
"block": {
"type": "string",
"description": "PIN block encrypted under the PIN encryption key"
},
"format": {
"type": "string",
"description": "Format of the PIN block as generated by the terminal",
"enum": [
"ISO-0 - ISO 9564-1 & ANSI X9.8 format 0",
"ISO-1 - ISO 9564-1 format 1",
"ISO-3 - ISO 9564-1 & ANSI X9.8 format 3"
]
},
"keyId": {
"type": "string",
"description": "Key ID of the encryption key used to encrypt the PIN block"
}
}
}
}
}
}
},
"description": "Information about the cardholder where the source of funds for the transaction will come from."
},
"trace": {
"type": "object",
"properties": {
"batchNo": {
"type": "string",
"limit": "1..8",
"pattern": "[A-Za-z0-9]{1,8}",
"description": "(OPTIONAL, alphanum) batch of authorizations where the transaction is included"
},
"traceNo": {
"type": "string",
"limit": "1..6",
"pattern": "[A-Za-z0-9]{1,6}",
"description": "(OPTIONAL, alphanum) terminal-generated number for this transaction"
}
},
"description": "(OPTIONAL) Values supplied by the transaction originator / terminal that can be used for reconciliation of transactions"
}
}
}200Headers
Content-Type: application/jsonBody
{
"transactionReferenceNo": "02c8edb3-301a-4ce6-a8b2-cbcf37dbd5b5",
"createdAt": "2017-05-31T10:15:28.677Z",
"balance": {
"current": {
"value": 10000,
"currency": "PHP"
},
"available": {
"value": 10000,
"currency": "PHP"
}
},
"payer": {
"fundingInstrument": {
"card": {
"cardNumber": "4761340000000043",
"expiryMonth": "12",
"expiryYear": "2022"
}
}
},
"merchant": {
"id": "EFS100001149",
"acquiringTerminal": {
"id": "PYMYPOS1"
}
}
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"paymentTransactionReferenceNo": {
"type": "string",
"description": "Unique reference number for the purchase request generated by P3. Merchants should keep track of this value for use in succeeding Void Purchase or Refund Purchase requests."
},
"createdAt": {
"type": "Calendar",
"description": "Local time of the host when the transaction was processed."
},
"balance": {
"type": "object",
"properties": {
"current": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
}
},
"available": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
}
}
}
},
"receipt": {
"type": "object",
"properties": {
"transactionId": {
"type": "string",
"description": "Unique identifier returned by the issuer for this transaction."
},
"approvalCode": {
"type": "string",
"description": "Approval Code / Authorization Identification Code generated by the issuer to indicate the approval of a transaction"
},
"batchNo": {
"type": "string",
"description": "(alphanum, 8) Value supplied by P3, or the value of `transaction.trace.batchNo` during the request (if supplied), which indicates the batch of transactions that the specific transaction has been grouped with. Merchants may keep track of this value for reconnaissance."
},
"traceNo": {
"type": "string",
"description": "(alphanum, 8) Value of `transaction.trace.traceNo` during the request (if supplied)"
},
"receiptNo": {
"type": "string",
"description": "(alphanum, 12) A receipt / reference number generated by the acquirer. Can be used by all parties (cardholder, merchant, payment gateway, acquirer, issuer) when looking up a specific transaction record for reconnaisance."
}
},
"description": "Additional transaction reference numbers generated by either the issuing bank or the acquiring host."
},
"payer": {
"type": "object",
"properties": {
"fundingInstrument": {
"type": "object",
"properties": {
"card": {
"type": "object",
"properties": {
"cardNumber": {
"type": "string",
"description": "Personal Account Number (PAN) of the card used by the cardholder"
},
"expiryMonth": {
"type": "string",
"limit": "1..2",
"pattern": "0?[1-9]|1[0-2]",
"description": "Numeric format of the month (MM) when the card was set by the issuer to expire"
},
"expiryYear": {
"type": "string",
"limit": "4..4",
"pattern": "[\\d]{4}",
"description": "Numeric format of the year when (YYYY) the card was set by the issuer to expire"
},
"firstName": {
"type": "string",
"description": "First name of the cardholder"
},
"lastName": {
"type": "string",
"description": "Last name of the cardholder"
},
"cardPresentFields": {
"type": "object",
"properties": {
"cardSeqNum": {
"type": "string",
"limit": "3..3",
"description": "Sequence number of the card read from the chip. Only present for EMV/chip-based transactions."
},
"emvIccData": {
"type": "string",
"limit": "1..340",
"description": "EMV ICC binary data read from the card, in Base64 encoding."
},
"track1": {
"type": "string",
"description": "Track 1 (magnetic stripe) data as read from the card. For chip cards, provided by \"Track 1 Equivalent Data\" read from the chip."
},
"track2": {
"type": "string",
"description": "Track 2 (magnetic stripe) data as read from the card. For chip cards, provided by \"Track 2 Equivalent Data\" read from the chip."
}
},
"description": "Details of the card read by a terminal (for card present transactions)"
}
}
}
}
}
},
"description": "information about the paying entity. Sensitive information (e.g., card number) may be masked."
},
"authorizationData": {
"emvIccData": {
"type": "string",
"limit": "1..340",
"description": "EMV ICC binary data returned by the Issuer. To be used for post-processing (e.g., Issuer Authentication by EMV EXTERNAL AUTHENTICATE or 2nd GENERATE AC)"
}
}
}
}Check Transactions ¶
Use these calls to check results of transactions that the client submitted to P3 for processing.
Reference Numbers in Parameters
Reference Numbers in parameters ({refNo}) can be any of the following reference numbers:
-
*transactionReferenceNogenerated by P3 for successful transactions. -
logRefgenerated by P3 for failed/declined transactions. -
Request-Reference-Noprovided by the merchant / payment gateway as part of the request. -
merchant.metadata.refNo(request body) (OPTIONAL) - A reference number sent by the merchant involved in the transaction. If the API caller is a merchant, this field can be populated with the same value as theRequest-Reference-No, or ommitted in favor of the value ofRequest-Reference-No. Payment Gateways can use this field to include the reference number sent by their transacting merchant to identify the transaction. -
merchant.paymentFacilitator.subMerchants[0].metadata.refNo(request body) (OPTIONAL) - A reference number sent by the sub-merchant involved in a transaction sent by a payment facilitator.
Check TransactionGET/transactions/{refNo}
Use this call to check the status of a transaction given a reference number.
Example URI
- refNo
string(required) Example: 02c8edb3-301a-4ce6-a8b2-cbcf37dbd5b5TRN, logRef, or any of the available reference numbers
Headers
Content-Type: application/json
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==200Headers
Content-Type: application/jsonBody
{
"timestamp": "2017-05-31T10:15:28.677Z",
"requestReferenceNo": "A1D099C2-2479-4AAC-9F87-B2A304450PAY",
"transactionReferenceNo": "02c8edb3-301a-4ce6-a8b2-cbcf37dbd5b5",
"requestType": "PAYMENT",
"transactionType": "EC",
"responseCode": "0000",
"authorizedAmount": {
"currency": "PHP",
"value": 10.5
},
"capturedAmount": {
"currency": "PHP",
"value": 10.5
},
"refundedAmount": {
"currency": "PHP",
"value": 10.5
},
"voidedAmount": {
"currency": "PHP",
"value": 10.5
},
"merchant": {
"id": "EFS100001149",
"metadata": {
"refNo": "ORDER-123954"
},
"paymentFacilitator": {
"subMerchants": [
{
"id": "SUBMER01",
"name": "Leslie's Record Bar",
"metadata": {
"refNo": "ORDER-123954"
}
}
]
},
"acquiringTerminal": {
"id": "PYMYPOS1",
"posEntryMode": {
"panEntry": "00",
"pinEntry": "0"
}
}
},
"receipt": {
"transactionId": "01234567ABCD",
"approvalCode": "000167",
"batchNo": "20170601",
"traceNo": "000001",
"receiptNo": "805322262599"
}
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"timestamp": {
"type": "string",
"description": "Timestamp when the transaction was performed."
},
"requestReferenceNo": {
"type": "string",
"description": "Reference number (from header `Request-Reference-No`) provided by the merchant for the transaction being looked-up."
},
"transactionReferenceNo": {
"type": "string",
"description": "Reference number provided by P3 for the transaction being looked up."
},
"requestType": {
"type": "string",
"enum": [
"PAYMENT",
"VOID",
"REFUND"
],
"description": "Type of request of the original transaction."
},
"transactionType": {
"type": "string",
"enum": [
"EC",
"CP",
"MT"
],
"description": "For purchase transactions, type of the transaction performed"
},
"originalTransactionReferenceNo": {
"type": "string",
"description": "Reference number provided by p3 for the original transaction tagged by the transaction (e.g. `VOID`, `REFUND`) being looked up."
},
"responseCode": {
"type": "string",
"description": "response code returned by P3"
},
"message": {
"type": "string",
"description": "In case of failed transactions, the error message returned by P3 in the decline response"
},
"authorizedAmount": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
},
"description": "The amount authorized for the transaction."
},
"capturedAmount": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
},
"description": "The amount captured for the transaction."
},
"refundedAmount": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
},
"description": "The amount refunded for the transaction."
},
"voidedAmount": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
},
"description": "The amount voided for the transaction."
},
"merchant": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Merchant ID"
},
"metadata": {
"type": "object",
"properties": {
"refNo": {
"type": "string",
"limit": "1..36",
"pattern": "*",
"description": "(OPTIONAL) Reference number of the merchant for the transaction."
}
},
"description": "(OPTIONAL) Transaction-specific metadata for the merchant involved"
},
"paymentFacilitator": {
"type": "object",
"properties": {
"subMerchants": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"limit": "1..15",
"pattern": "[-a-zA-Z_0-9]+"
},
"name": {
"type": "string",
"limit": "1..22",
"pattern": "[-' .,a-zA-Z_0-9]+"
},
"metadata": {
"type": "object",
"properties": {
"refNo": {
"type": "string",
"limit": "1..36",
"pattern": "*",
"description": "(OPTIONAL) Reference number of the merchant for the transaction."
}
},
"description": "(OPTIONAL) Transaction-specific metadata for the merchant involved"
}
}
}
}
}
},
"acquiringTerminal": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Terminal ID"
},
"posEntryMode": {
"type": "object",
"properties": {
"panEntry": {
"type": "string",
"enum": [
"00",
"01",
"02",
"05",
"07",
"79",
"80",
"90",
"91"
],
"description": "Indicates how the card's PAN was entered into the terminal at the time of the transaction"
},
"pinEntry": {
"type": "string",
"enum": [
"0",
"1",
"2",
"8"
],
"description": "Indicates the terminal's PIN input capability at the time of the transaction"
}
}
}
}
}
},
"description": "The merchant that performed the authorization."
},
"receipt": {
"type": "object",
"properties": {
"transactionId": {
"type": "string",
"description": "Unique identifier returned by the issuer for this transaction."
},
"approvalCode": {
"type": "string",
"description": "Approval Code / Authorization Identification Code generated by the issuer to indicate the approval of a transaction"
},
"batchNo": {
"type": "string",
"description": "(alphanum, 8) Value supplied by P3, or the value of `transaction.trace.batchNo` during the request (if supplied), which indicates the batch of transactions that the specific transaction has been grouped with. Merchants may keep track of this value for reconnaissance."
},
"traceNo": {
"type": "string",
"description": "(alphanum, 8) Value of `transaction.trace.traceNo` during the request (if supplied)"
},
"receiptNo": {
"type": "string",
"description": "(alphanum, 12) A receipt / reference number generated by the acquirer. Can be used by all parties (cardholder, merchant, payment gateway, acquirer, issuer) when looking up a specific transaction record for reconnaisance."
}
},
"description": "Additional transaction reference numbers generated by either the issuing bank or the acquiring host"
}
}
}Update Transaction Parameters (Sandbox Only)POST/transactions/{refNo}{?refundable}
Caution
This API is available in sandbox only.
Use this call to update parameters of a transaction given a reference number.
Example URI
- refNo
string(required) Example: 02c8edb3-301a-4ce6-a8b2-cbcf37dbd5b5TRN, logRef, or any of the available reference numbers
- refundable
boolean(optional) Example: truetruesets the transaction as refundable,falsesets the transaction as non-refundable
Headers
Content-Type: application/json
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==204List TransactionsGET/transactions/{?mid,refNo,page,size,from,to,sort,order}
Use this call to get a list of transactions performed by the client based on the provided parameters.
Example URI
- mid
string(optional) Example: EFS100001149Merchant ID to query (default: all merchant IDs related to the API key)
- refNo
string(optional) Example: 02c8edb3-301a-4ce6-a8b2-cbcf37dbd5b5Reference Number to query (default: all reference numbers for transactions matching the other parameters)
- page
string(optional) Example: 1Page / offset to start the query (default: 1)
- size
string(optional) Example: 10Number of transactions to return per page (default: 10, max: 500)
- from
string(optional) Example: 2018-01-31T10:15:28.677ZISO 8601 representation of date/time to start the lookup from (default: matches transactions for all time)
- to
string(optional) Example: 2018-01-31T18:15:28.677ZISO 8601 representation of date/time until when to lookup transactions (default: matches transactions for all time)
- sort
enum(optional) Default: timestamp Example: timestampDefines which data will be used to sort the results
- timestamp - Sort by timestamp
- order
enum(optional) Default: desc Example: descConfigure how the results should be sorted
-
desc - Sort by the given
sortdirective, in descending order -
asc - Sort by the given
sortdirective, in ascending order
-
Headers
Content-Type: application/json
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==200Headers
Content-Type: application/jsonBody
{
"page": 1,
"size": 1,
"results": [
{
"timestamp": "2017-05-31T10:15:28.677Z",
"requestReferenceNo": "A1D099C2-2479-4AAC-9F87-B2A304450PAY",
"transactionReferenceNo": "02c8edb3-301a-4ce6-a8b2-cbcf37dbd5b5",
"requestType": "PAYMENT",
"transactionType": "EC",
"responseCode": "0000",
"authorizedAmount": {
"currency": "PHP",
"value": 10.5
},
"capturedAmount": {
"currency": "PHP",
"value": 10.5
},
"refundedAmount": {
"currency": "PHP",
"value": 10.5
},
"voidedAmount": {
"currency": "PHP",
"value": 10.5
},
"merchant": {
"id": "EFS100001149",
"metadata": {
"refNo": "ORDER-123954"
},
"paymentFacilitator": {
"subMerchants": [
{
"id": "SUBMER01",
"name": "Leslie's Record Bar",
"metadata": {
"refNo": "ORDER-123954"
}
}
]
},
"acquiringTerminal": {
"id": "PYMYPOS1",
"posEntryMode": {
"panEntry": "00",
"pinEntry": "0"
}
}
},
"receipt": {
"transactionId": "01234567ABCD",
"approvalCode": "000167",
"batchNo": "20170601",
"traceNo": "000001",
"receiptNo": "805322262599"
}
}
]
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"page": {
"type": "number",
"description": "Page number for this batch response"
},
"size": {
"type": "number",
"description": "Number of transactions contained in this batch response"
},
"results": {
"type": "array",
"items": {
"properties": {
"timestamp": {
"type": "string",
"description": "Timestamp when the transaction was performed."
},
"requestReferenceNo": {
"type": "string",
"description": "Reference number (from header `Request-Reference-No`) provided by the merchant for the transaction being looked-up."
},
"transactionReferenceNo": {
"type": "string",
"description": "Reference number provided by P3 for the transaction being looked up."
},
"requestType": {
"type": "string",
"enum": [
"PAYMENT",
"VOID",
"REFUND"
],
"description": "Type of request of the original transaction."
},
"transactionType": {
"type": "string",
"enum": [
"EC",
"CP",
"MT"
],
"description": "For purchase transactions, type of the transaction performed"
},
"originalTransactionReferenceNo": {
"type": "string",
"description": "Reference number provided by p3 for the original transaction tagged by the transaction (e.g. `VOID`, `REFUND`) being looked up."
},
"responseCode": {
"type": "string",
"description": "response code returned by P3"
},
"message": {
"type": "string",
"description": "In case of failed transactions, the error message returned by P3 in the decline response"
},
"authorizedAmount": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
},
"description": "The amount authorized for the transaction."
},
"capturedAmount": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
},
"description": "The amount captured for the transaction."
},
"refundedAmount": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
},
"description": "The amount refunded for the transaction."
},
"voidedAmount": {
"type": "object",
"properties": {
"currency": {
"type": "string"
},
"value": {
"type": "number"
}
},
"description": "The amount voided for the transaction."
},
"merchant": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Merchant ID"
},
"metadata": {
"type": "object",
"properties": {
"refNo": {
"type": "string",
"limit": "1..36",
"pattern": "*",
"description": "(OPTIONAL) Reference number of the merchant for the transaction."
}
},
"description": "(OPTIONAL) Transaction-specific metadata for the merchant involved"
},
"paymentFacilitator": {
"type": "object",
"properties": {
"subMerchants": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"limit": "1..15",
"pattern": "[-a-zA-Z_0-9]+"
},
"name": {
"type": "string",
"limit": "1..22",
"pattern": "[-' .,a-zA-Z_0-9]+"
},
"metadata": {
"type": "object",
"properties": {
"refNo": {
"type": "string",
"limit": "1..36",
"pattern": "*",
"description": "(OPTIONAL) Reference number of the merchant for the transaction."
}
},
"description": "(OPTIONAL) Transaction-specific metadata for the merchant involved"
}
}
}
}
}
},
"acquiringTerminal": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Terminal ID"
},
"posEntryMode": {
"type": "object",
"properties": {
"panEntry": {
"type": "string",
"enum": [
"00",
"01",
"02",
"05",
"07",
"79",
"80",
"90",
"91"
],
"description": "Indicates how the card's PAN was entered into the terminal at the time of the transaction"
},
"pinEntry": {
"type": "string",
"enum": [
"0",
"1",
"2",
"8"
],
"description": "Indicates the terminal's PIN input capability at the time of the transaction"
}
}
}
}
}
},
"description": "The merchant that performed the authorization."
},
"receipt": {
"type": "object",
"properties": {
"transactionId": {
"type": "string",
"description": "Unique identifier returned by the issuer for this transaction."
},
"approvalCode": {
"type": "string",
"description": "Approval Code / Authorization Identification Code generated by the issuer to indicate the approval of a transaction"
},
"batchNo": {
"type": "string",
"description": "(alphanum, 8) Value supplied by P3, or the value of `transaction.trace.batchNo` during the request (if supplied), which indicates the batch of transactions that the specific transaction has been grouped with. Merchants may keep track of this value for reconnaissance."
},
"traceNo": {
"type": "string",
"description": "(alphanum, 8) Value of `transaction.trace.traceNo` during the request (if supplied)"
},
"receiptNo": {
"type": "string",
"description": "(alphanum, 12) A receipt / reference number generated by the acquirer. Can be used by all parties (cardholder, merchant, payment gateway, acquirer, issuer) when looking up a specific transaction record for reconnaisance."
}
},
"description": "Additional transaction reference numbers generated by either the issuing bank or the acquiring host"
}
}
}
}
}
}Key Management ¶
Use these calls to manage keys used for various P3 transactions.
Operations involving specifying a master key requires a pre-loaded master key. Contact PayMaya on how to pre-load a master key for operational usage.
Transmitted DES key data that are encrypted under master keys are encrypted using the ANSI X9.17 standard.
Supported Key Types, Scopes and Encryption Algorithms
Key Types
| Key Type | Description |
|---|---|
| MASTER | Master key. Used to encrypt other keys when being sent over via the network. |
| PIN | PIN encryption key. Used to encrypt PIN blocks for transactions with Online PIN as the cardholder verification method. |
Key Scopes
| Key Scope | Description |
|---|---|
| GATEWAY | Keys for use by Payment Gateways. |
| TERMINAL | Keys for use by Payment Terminals. Directly loaded / injected onto POS terminals. |
Encryption Algorithms for Key Usages
| Key Scope | Supported Key Sizes | Description |
|---|---|---|
| DES | 128 (double length), 192 (triple length) |
Keys generated to be used for DES/3DES encryption algorithm. |
Create KeyPOST/keys
Use this call to create a working key with the given parameters.
Example URI
Create Gateway PIN KeyHeaders
Content-Type: application/json
Request-Reference-No: A1D099C2-2479-4AAC-9F87-B2A304450KEY
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==Body
{
"type": "PIN",
"scope": "GATEWAY",
"masterKeyId": "97C2747B-1C58-4CB1-8F59-A752092C3E89",
"parameters": {
"algorithm": "3DES",
"size": 192
},
"lifetime": 86400
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"type": {
"type": "string",
"description": "Type of the key to be created",
"enum": [
"PIN - PIN encryption key (default)"
]
},
"scope": {
"type": "string",
"description": "(OPTIONAL) Intended scope / usage of the key to be created (default value: same scope as the master key)",
"enum": [
"GATEWAY - Key to be used by gateways",
"TERMINAL - Key to be used directly by the terminal"
]
},
"masterKeyId": {
"type": "string",
"description": "Key ID assigned for the master key. Generated key will be encrypted using the derived value of this key."
},
"parameters": {
"type": "object",
"description": "(OPTIONAL) Specifies the parameters for the key creation request. Default: Based on agreed client configuration",
"properties": {
"algorithm": {
"type": "string",
"description": "(OPTIONAL) Encryption algorithm where the key will be used. Default: Based on agreed client configuration",
"enum": [
"3DES - DES key for DES/3DES encryption mode"
]
},
"size": {
"type": "number",
"description": "(OPTIONAL) Size (in bits) of the key to be created. Default: Based on agreed client configuration"
}
}
},
"lifetime": {
"type": "number",
"limit": "86400...2592000",
"description": "(OPTIONAL) Intended lifetime of the key, in seconds. Min: 86400 (1 day), Max: 2592000 (30 days). Default: 604800 (7 days)"
}
}
}200Headers
Content-Type: application/jsonBody
{
"id": "F33900F3-7115-4F1F-ADD2-B5D02E9721E9",
"key": "8B58323E4F00CDEE76956021FE7B9BC3",
"type": "PIN",
"scope": "GATEWAY",
"checkDigit": "9AC90D",
"masterKeyId": "97C2747B-1C58-4CB1-8F59-A752092C3E89",
"parameters": {
"algorithm": "3DES",
"size": 192
},
"validUntil": "2018-12-31T10:15:28.677+0000"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Reference ID of the key"
},
"key": {
"type": "string",
"description": "Actual key payload (in hex string format) encrypted under the master key specified by masterKeyId"
},
"checkDigit": {
"type": "string",
"description": "Key check value"
},
"type": {
"type": "enum",
"description": "Type of the key created",
"enum": [
"PIN - PIN encryption key (default)"
]
},
"scope": {
"type": "enum",
"description": "Scope / usage of the key created",
"enum": [
"GATEWAY - Key to be used by gateways",
"TERMINAL - Key to be used directly by the terminal"
]
},
"masterKeyId": {
"type": "string",
"description": "Reference ID of master key used to encrypt this key payload"
},
"parameters": {
"type": "object",
"description": "Specifies the key parameters / properties",
"parameters": {
"algorithm": {
"type": "enum",
"description": "Encrpyption algorithm where the key is intended to be used",
"enum": [
"DES - DES key for DES/3DES encryption mode"
]
},
"size": {
"type": "number",
"description": "Size (in bits) of the key"
}
}
},
"validUntil": {
"type": "string",
"description": "Date + Time (with Timezone) until when the key is valid to be used. In ISO-8601 format."
}
}
}Create Terminal PIN KeyHeaders
Content-Type: application/json
Request-Reference-No: A1D099C2-2479-4AAC-9F87-B2A304450KEY
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==Body
{
"type": "PIN",
"scope": "TERMINAL",
"masterKeyId": "97C2747B-1C58-4CB1-8F59-A752092C3E89",
"parameters": {
"algorithm": "3DES",
"size": 192
},
"lifetime": 86400
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"type": {
"type": "string",
"description": "Type of the key to be created",
"enum": [
"PIN - PIN encryption key (default)"
]
},
"scope": {
"type": "string",
"description": "(OPTIONAL) Intended scope / usage of the key to be created (default value: same scope as the master key)",
"enum": [
"GATEWAY - Key to be used by gateways",
"TERMINAL - Key to be used directly by the terminal"
]
},
"masterKeyId": {
"type": "string",
"description": "Key ID assigned for the master key. Generated key will be encrypted using the derived value of this key."
},
"parameters": {
"type": "object",
"description": "(OPTIONAL) Specifies the parameters for the key creation request. Default: Based on agreed client configuration",
"properties": {
"algorithm": {
"type": "string",
"description": "(OPTIONAL) Encryption algorithm where the key will be used. Default: Based on agreed client configuration",
"enum": [
"3DES - DES key for DES/3DES encryption mode"
]
},
"size": {
"type": "number",
"description": "(OPTIONAL) Size (in bits) of the key to be created. Default: Based on agreed client configuration"
}
}
},
"lifetime": {
"type": "number",
"limit": "86400...2592000",
"description": "(OPTIONAL) Intended lifetime of the key, in seconds. Min: 86400 (1 day), Max: 2592000 (30 days). Default: 604800 (7 days)"
}
}
}200Headers
Content-Type: application/jsonBody
{
"id": "E33900F3-7115-4F1F-ADD2-B5D02E9721E8",
"key": "8B58323E4F00CDEE76956021FE7B9BC3",
"type": "PIN",
"scope": "TERMINAL",
"checkDigit": "DF5058",
"masterKeyId": "97C2747B-1C58-4CB1-8F59-A752092C3E89",
"parameters": {
"algorithm": "3DES",
"size": 192
},
"validUntil": "2018-12-31T10:15:28.677+0000"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Reference ID of the key"
},
"key": {
"type": "string",
"description": "Actual key payload (in hex string format) encrypted under the master key specified by masterKeyId"
},
"checkDigit": {
"type": "string",
"description": "Key check value"
},
"type": {
"type": "enum",
"description": "Type of the key created",
"enum": [
"PIN - PIN encryption key (default)"
]
},
"scope": {
"type": "enum",
"description": "Scope / usage of the key created",
"enum": [
"GATEWAY - Key to be used by gateways",
"TERMINAL - Key to be used directly by the terminal"
]
},
"masterKeyId": {
"type": "string",
"description": "Reference ID of master key used to encrypt this key payload"
},
"parameters": {
"type": "object",
"description": "Specifies the key parameters / properties",
"parameters": {
"algorithm": {
"type": "enum",
"description": "Encrpyption algorithm where the key is intended to be used",
"enum": [
"DES - DES key for DES/3DES encryption mode"
]
},
"size": {
"type": "number",
"description": "Size (in bits) of the key"
}
}
},
"validUntil": {
"type": "string",
"description": "Date + Time (with Timezone) until when the key is valid to be used. In ISO-8601 format."
}
}
}Get Key InfoGET/keys/{keyId}{?showKeyData}
Use this call to get information about a key.
Showing Actual Key Data
The actual key data can be optionally retrieved by setting the showKeyData parameter to true. When this parameter is set, this API returns the key’s actual data (in hex string format) in the key parameter in the response, where the data is encrypted under the key’s reference master key specified in masterKeyId.
Note, however, that when the key referenced by keyId pertains to master key (type: MASTER), the key data is never returned, regardless of the value of this parameter.
Example URI
- keyId
string(required) Example: F33900F3-7115-4F1F-ADD2-B5D02E9721E9Key ID to get information from
- showKeyData
boolean(optional) Example: false(OPTIONAL) Set to
trueto return the actual key data (encrypted under the key’s master key) in thekeyattribute in the response. (default:false)
Headers
Request-Reference-No: A1D099C2-2479-4AAC-9F87-B2A304450KEY
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==200Headers
Content-Type: application/jsonBody
{
"id": "E33900F3-7115-4F1F-ADD2-B5D02E9721E8",
"type": "PIN",
"scope": "TERMINAL",
"masterKeyId": "97C2747B-1C58-4CB1-8F59-A752092C3E89",
"parameters": {
"algorithm": "DES",
"size": 192
},
"validUntil": "2018-12-31T10:15:28.677+0000"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Reference ID of the key"
},
"key": {
"type": "string",
"description": "Actual key payload (in hex string format) encrypted under the master key specified by masterKeyId"
},
"checkDigit": {
"type": "string",
"description": "Key check value"
},
"type": {
"type": "enum",
"description": "Type of the key created",
"enum": [
"PIN - PIN encryption key (default)"
]
},
"scope": {
"type": "enum",
"description": "Scope / usage of the key created",
"enum": [
"GATEWAY - Key to be used by gateways",
"TERMINAL - Key to be used directly by the terminal"
]
},
"masterKeyId": {
"type": "string",
"description": "Reference ID of master key used to encrypt this key payload"
},
"parameters": {
"type": "object",
"description": "Specifies the key parameters / properties",
"parameters": {
"algorithm": {
"type": "enum",
"description": "Encrpyption algorithm where the key is intended to be used",
"enum": [
"DES - DES key for DES/3DES encryption mode"
]
},
"size": {
"type": "number",
"description": "Size (in bits) of the key"
}
}
},
"validUntil": {
"type": "string",
"description": "Date + Time (with Timezone) until when the key is valid to be used. In ISO-8601 format."
}
}
}List KeysGET/keys{?page,size}
Use this call to get information on all keys associated to a client.
Example URI
- page
number(optional) Example: 1Page to start the key search (default:
1)- size
number(optional) Example: 10Number of keys to return per result page (default:
10)
Headers
Request-Reference-No: A1D099C2-2479-4AAC-9F87-B2A304450KEY
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==200Headers
Content-Type: application/jsonBody
{
"page": 1,
"size": 1,
"results": [
{
"id": "E33900F3-7115-4F1F-ADD2-B5D02E9721E8",
"type": "PIN",
"scope": "TERMINAL",
"masterKeyId": "97C2747B-1C58-4CB1-8F59-A752092C3E89",
"parameters": {
"algorithm": "DES",
"size": 192
},
"validUntil": "2018-12-31T10:15:28.677+0000"
}
]
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"page": {
"type": "number",
"description": "Page number for this keys search"
},
"size": {
"type": "number",
"description": "Number of keys returned for this search"
},
"results": {
"type": "array",
"description": "Keys returned for this page",
"items": {
"properties": {
"id": {
"type": "string",
"description": "Reference ID of the key"
},
"checkDigit": {
"type": "string",
"description": "Key check value"
},
"type": {
"type": "enum",
"description": "Type of the key created",
"enum": [
"PIN - PIN encryption key (default)"
]
},
"scope": {
"type": "enum",
"description": "Scope / usage of the key created",
"enum": [
"GATEWAY - Key to be used by gateways",
"TERMINAL - Key to be used directly by the terminal"
]
},
"masterKeyId": {
"type": "string",
"description": "Reference ID of master key used to encrypt this key payload"
},
"parameters": {
"type": "object",
"description": "Specifies the key parameters / properties",
"parameters": {
"algorithm": {
"type": "enum",
"description": "Encrpyption algorithm where the key is intended to be used",
"enum": [
"DES - DES key for DES/3DES encryption mode"
]
},
"size": {
"type": "number",
"description": "Size (in bits) of the key"
}
}
},
"validUntil": {
"type": "string",
"description": "Date + Time (with Timezone) until when the key is valid to be used. In ISO-8601 format."
}
}
}
}
}
}200Headers
Content-Type: application/jsonDelete / Revoke KeyDELETE/keys/{keyId}
Use this call to delete a key.
On Deleting Keys
When this API is successfully invoked, the key references in P3 are deleted. This makes succeeding uses to the same key ID fail due to a non-existent key. The client is advised to use this only if the key is no longer in use.
Note, however, that this operation cannot be applied to master keys (type: MASTER). If necessary, for deletion of master keys, please contact PayMaya.
Example URI
- keyId
string(required) Example: F33900F3-7115-4F1F-ADD2-B5D02E9721E9Key ID to delete
Headers
Request-Reference-No: A1D099C2-2479-4AAC-9F87-B2A304450KEY
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==204Headers
Content-Type: application/jsonGet Bins ¶
Use these calls to get the list of BINs supported by P3.
Note:
Calls to /config/cards/bins/{bin}, /config/cards/bins and /config/cards/bins/delta currently return only the list of known BancNet BINs supported by P3.
Note, however, that the API client may still attempt to authorize/process transactions with BINs not returned by these calls.
Get BinGET/config/cards/bins/{bin}
Use this call to get the bin details of a specific bin
Example URI
- bin
integer(required) Example: 545721BIN to check details.
Headers
Content-Type: application/json
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==200Headers
Content-Type: application/jsonBody
{
"bin": "483442",
"type": "CREDIT",
"scheme": "VISA",
"network": "BANCNET"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"binDetails:": {
"type": "array",
"properties": {
"bin": {
"type": "string",
"limit": "1..8",
"pattern": "[0-9]+",
"description": "Card Bank Identification Number (BIN)"
},
"type": {
"type": "string",
"enum": [
"CREDIT",
"DEBIT",
"DEBIT/CREDIT",
"UNKNOWN"
],
"description": "Card type supported by BIN"
},
"network": {
"type": "string",
"enum": [
"BANCNET",
"MASTERCARD",
"VISA",
"JCB"
],
"description": "Comma separated scheme networks for BIN, ordered by descending priority (Highest priority first)"
},
"scheme": {
"type": "string",
"enum": [
"BANCNET",
"MASTERCARD",
"VISA",
"JCB"
],
"description": "Card scheme associated with BIN"
}
}
}
}
}Get BinsGET/config/cards/bins{?type,network,scheme,page,size}
Use this call to get the bin details of all bins with fields matching the provided parameters
Example URI
- type
string(optional) Example: CREDITCard Type to query
- network
string(optional) Example: BANCNETNetwork to query
- scheme
string(optional) Example: VISAScheme to query
- page
integer(optional) Example: 1Page/Offset to start the query (default: 1)
- size
integer(optional) Example: 50Number of transactions to return per page (default: 5, max: 500)
Headers
Content-Type: application/json
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==200Headers
Content-Type: application/jsonBody
{
"page": 1,
"size": 1,
"binDetails": [
{
"bin": "483442",
"type": "CREDIT",
"network": "BANCNET",
"scheme": "VISA"
},
{
"bin": "583442",
"type": "CREDIT",
"network": "BANCNET",
"scheme": "MASTERCARD"
}
]
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"page": {
"type": "number",
"description": "Page number for this batch response"
},
"size": {
"type": "number",
"description": "Number of BIN records contained in this batch response"
},
"binDetails:": {
"type": "array",
"properties": {
"bin": {
"type": "string",
"limit": "1..8",
"pattern": "[0-9]+",
"description": "Card Bank Identification Number (BIN)"
},
"type": {
"type": "string",
"enum": [
"CREDIT",
"DEBIT",
"DEBIT/CREDIT",
"UNKNOWN"
],
"description": "Card type supported by BIN"
},
"network": {
"type": "string",
"enum": [
"BANCNET",
"MASTERCARD",
"VISA",
"JCB"
],
"description": "Comma separated scheme networks for BIN, ordered by descending priority (Highest priority first)"
},
"scheme": {
"type": "string",
"enum": [
"BANCNET",
"MASTERCARD",
"VISA",
"JCB"
],
"description": "Card scheme associated with BIN"
}
}
}
}
}Get Bin PatternsGET/config/cards/bins/patterns{?network,scheme,page,size}
Use this call to get the bin pattern details of all patterns with fields matching the provided parameters
Example URI
- network
string(optional) Example: BANCNETNetwork to query
- scheme
string(optional) Example: VISAScheme to query
- page
integer(optional) Example: 1Page/Offset to start the query (default: 1)
- size
integer(optional) Example: 50Number of transactions to return per page (default: 5, max: 500)
Headers
Content-Type: application/json
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==200Headers
Content-Type: application/jsonBody
{
"page": 1,
"size": 1,
"patterns": [
{
"pattern": "/^4.*$/",
"type": "CREDIT",
"network": "VISA",
"scheme": "VISA"
},
{
"pattern": "/^(5|2).*$/",
"type": "CREDIT",
"network": "MASTERCARD",
"scheme": "MASTERCARD"
}
]
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"page": {
"type": "number",
"description": "Page number for this batch response"
},
"size": {
"type": "number",
"description": "Number of BIN records contained in this batch response"
},
"patterns": {
"type": "array",
"properties": {
"pattern": {
"type": "string",
"limit": "1..50",
"description": "Supported pattern for Card Bank Identification Number (BIN)"
},
"type": {
"type": "string",
"enum": [
"CREDIT",
"DEBIT",
"DEBIT/CREDIT",
"UNKNOWN"
],
"description": "Card type supported by BIN pattern"
},
"network": {
"type": "string",
"enum": [
"BANCNET",
"MASTERCARD",
"VISA",
"JCB"
],
"description": "Highest priority scheme network for BIN pattern"
},
"scheme": {
"type": "string",
"enum": [
"BANCNET",
"MASTERCARD",
"VISA",
"JCB"
],
"description": "Card scheme associated with BIN pattern"
}
}
}
}
}Get DeltaGET/config/cards/bins/delta{?from,page,size}
Use this call to get the changes to the list of supported bins from the given date up to the current date
Example URI
- from
string(optional) Example: 2018-01-31T10:15:28.677ZISO 8601 representation of date/time to start the lookup from. Must be in accepted ISO 8601 format (default: no filter for date, will return all records, same result as /config/cards/bins)
- page
integer(optional) Example: 1Page/Offset to start the query (default: 1)
- size
integer(optional) Example: 50Number of transactions to return per page (default: 5, max: 500)
Headers
Content-Type: application/json
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==204Body
{
"page": 1,
"size": 1,
"delta": [
{
"status": "NEW",
"bin": "483442",
"type": "CREDIT",
"network": "BANCNET",
"scheme": "VISA"
},
{
"status": "DELETED",
"bin": "583442",
"type": "CREDIT",
"network": "BANCNET",
"scheme": "MASTERCARD"
},
{
"status": "UPDATED",
"bin": "583443",
"type": "CREDIT",
"network": "BANCNET",
"scheme": "MASTERCARD"
}
]
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"page": {
"type": "number",
"description": "Page number for this batch response"
},
"size": {
"type": "number",
"description": "Number of BIN records contained in this batch response"
},
"delta": {
"type": "array",
"properties": {
"status": {
"type": "string",
"enum": [
"NEW",
"DELETED",
"UPDATED"
],
"description": "Status of bin since last refresh"
},
"bin": {
"type": "string",
"limit": "1..8",
"pattern": "[0-9]+",
"description": "Card Bank Identification Number (BIN)"
},
"type": {
"type": "string",
"enum": [
"CREDIT",
"DEBIT",
"DEBIT/CREDIT",
"UNKNOWN"
],
"description": "Card type supported by BIN"
},
"network": {
"type": "string",
"enum": [
"BANCNET",
"MASTERCARD",
"VISA",
"JCB"
],
"description": "Comma separated scheme networks for BIN, ordered by descending priority (Highest priority first)"
},
"scheme": {
"type": "string",
"enum": [
"BANCNET",
"MASTERCARD",
"VISA",
"JCB"
],
"description": "Card scheme associated with BIN"
}
}
}
}
}Utility Functions ¶
Use these calls to perform miscellaneous utility functions within P3’s scope.
Service PingGET/util/ping
Perform an authenticated ping / health check via P3. Clients can use this to:
-
Determine status of connectivity with P3
-
Check status and correctness of API keys
Example URI
Headers
Authorization: Basic c2stYVhRZG9yT09GMHpHTWZ5VkF6VEg5Q2JBRnZxcTFPYzdQQVhjRGxyejV6eg==200Headers
Content-Type: application/jsonBody
{
"status": "UP"
}Schema
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"status": {
"type": "string",
"enum": [
"UP - P3 is up, client has been authenticated and access keys have been validated",
"UNKNOWN - P3 status is unknown. Contact PayMaya for support."
],
"default": "UP",
"description": "Indicates status of P3 API"
}
}
}Errors ¶
Error Representation
PayMaya uses standard HTTP status codes when returning errors. Additionally, details about the errors are provided in the body of the response using a derivative format of vnd.error.
See list of response codes below.
Example:
[
{
"logref": "906c2d36-48a1-40ed-84c0-71a37a35a233",
"code": "1996",
"message": "[1996] Some error",
"receiptNo": "806403672030",
"links": [
{
"rel": "self",
"href": "https://cdn.paymaya.com/sandbox/payments_api/paymayap3/paymayap3.html"
}
]
},
{
"logref": "906c2d36-48a1-40ed-84c0-71a37a35a234",
"code": "2593",
"message": "[2593] Another error",
"receiptNo": "806403672030",
"links": [
{
"rel": "self",
"href": "https://cdn.paymaya.com/sandbox/payments_api/paymayap3/paymayap3.html"
}
]
}
]HTTP Status Codes
| HTTP Status | Description |
|---|---|
200 |
Request OK |
400 |
Validation error OR transaction failed |
401 |
Unauthorized request |
404 |
Resource was not found |
50x |
PayMaya server error, or timeout occurred |
Response Codes
General and Request Validation Error Codes
| Code | Description |
|---|---|
| 1996 | General error |
| 1997 | API key is incorrect |
P3-Generated Error Codes
| Code | Description |
|---|---|
| 2501 | Merchant ID does not exist |
| 2522 | Merchant is not configured properly - contact PayMaya |
| 2545 | TRN does not exist |
| 2546 | Excessive refund |
| 2547 | Transaction already voided |
| 2548 | Transaction already refunded |
| 2549 | A final capture has already been done for this transaction |
| 2552 | Invalid RRN |
| 2562 | Card BIN is invalid and/or unknown |
| 2563 | Client ID, Merchant ID, and BIN combination does not exist |
| 2564 | Merchant Slug must be provided |
| 2565 | Merchant RefNo must be provided |
| 2566 | Merchant is not a PF, but Payment Facilitator Details were provided |
| 2567 | Merchant is a PF, but Payment Facilitator Details were not provided |
| 2569 | Transaction is no longer valid for void |
| 2570 | Transaction is not yet valid for refund |
| 2571 | Payment RRN, Merchant ID, and Amount does not exist |
| 2572 | Account number will not be honored |
| 2575 | Transaction is not allowed for contactless interface |
| 2576 | Manual PAN Entry not allowed |
| 2577 | POS Entry does not match specified Terminal Input Capability |
| 2578 | MagStripe or Key Entry only terminal is not allowed |
| 2581 | Invalid funding instrument |
| 2592 | Transaction cannot be routed |
| 2593 | Request contains one or more invalid fields |
| 2599 | Backend encountered timeout while processing the transaction |
| ACQ011 | Transaction is not valid for capture |
| ACQ012 | Excessive capture |
| ACQ013 | Captured authorization transaction cannot be voided |
| ACQ024 | Concurrent operations on a transaction is not allowed |
| ACQ025 | Merchant configuration is invalid |
| ACQ062 | Transaction cannot be routed / processed |
| ACQ065 | Key ID Does Not Exist |
| ACQ066 | Key ID is not valid for this transaction |
| ACQ067 | PIN translation failed |
| ACQ068 | PIN block is invalid |
| ACQ069 | Key operation failed |
| ACQ070 | Key is already expired |
| ACQ073 | BIN Does Not Exist/Not Supported |
| ACQ084 | Transaction was blocked by the Acquirer |
| ACQ089 | General Network Communication Error |
| ACQ090 | Acquirer Network Communication Error (type 1) |
| ACQ091 | Scheme Network Communication Error (type 1) |
| ACQ092 | Scheme Network Communication Error (type 2) |
| ACQ096 | General Error |
| ACQ105 | Scheme is not supported by merchant |
| ACQ700 | Acquirer host synchronization error |
| ACQ791 | Acquirer Network Communication Error (type 2) |
Error Codes generated by Acquiring Network and/or Issuer Network
| Code | Description |
|---|---|
| 2001 | Declined - Refer to issuer |
| 2003 | Invalid merchant |
| 2004 | Issuer requests to capture card |
| 2005 | Declined - Do not honor the transaction |
| 2006 | Issuer generic error |
| 2012 | Invalid transaction |
| 2013 | Invalid amount |
| 2014 | Invalid card number |
| 2015 | Invalid issuer |
| 2030 | Message format error |
| 2041 | Lost card |
| 2042 | Stolen card |
| 2051 | Insufficient funds |
| 2054 | Expired card |
| 2055 | Invalid PIN |
| 2057 | Transaction not permitted to issuer |
| 2058 | Transaction not permitted to acquirer |
| 2059 | Issuer suspected fraud |
| 2061 | Withdrawal/Transaction amount limit exceeded |
| 2062 | Restricted card |
| 2063 | Security violation |
| 2070 | Invalid transaction - contact issuer |
| 2071 | PIN not changed |
| 2074 | PIN encryption error |
| 2075 | PIN try limit exceeded |
| 2076 | Invalid “To” account specified |
| 2077 | Invalid “From” account specified |
| 2078 | Invalid account specified |
| 2080 | System currently not available |
| 2088 | PIN unacceptable. Retry PIN verification |
| 2089 | Card Security Code/Card Verification Value is incorrect |
| 2090 | Declined for 3DS verification failure |
| 2091 | Issuer system inoperative |
| 2092 | Scheme/Issuer routing error |
| 2093 | Declined - 3DS ECI downgraded by issuer |
| 2094 | Duplicate transmission detected |
| 2096 | Issuer system error |
| 2098 | Issuer encountered timeout |
| 2099 | Issuer declined with a non-generic error |
| 201A | Authentication is required |
| 20R0 | Cardholder requested a stop payment order for the subscription/vaulted payment |
| 20R1 | Cardholder requested a stop payment order for all subscription/vaulted payments for this merchant |
| 20R3 | Cardholder requested a stop payment order for all subscription/vaulted payments |
Enumerations ¶
POS Entry Mode
PAN Entry
Indicates how the Card Number / Primary Account Number (PAN) was read by the acquiring terminal.
| Enum | Description |
|---|---|
| 01 | Manual key entry |
| 02 | Auto-entry via Magnetic Stripe (incomplete read - may not contain CVV) |
| 05 | Auto-entry via Chip Card Reader (Contact EMV) |
| 07 | Auto-entry via Contactless Chip Card Reader (Contactless EMV) |
| 79 | Chip-read initiated, but defaulted to Manual Key Entry due to chip card reading issues |
| 80 | Chip-read initiated, but defaulted to Magnetic Stripe Read due to chip card reading issues |
| 90 | Auto-entry via Magnetic Stripe (full, unaltered read) |
| 91 | Auto-entry via Contactless Magnetic Stripe (full, unaltered read) |
PIN Entry
Indicates PIN entry support for the acquiring terminal used.
| Enum | Description |
|---|---|
| 0 | PIN entry capability is unknown |
| 1 | Terminal has PIN entry capability |
| 2 | Terminal does not have PIN entry capability |
| 8 | Terminal has PIN entry capability, but PIN pad is currently inoperative |
Void Reason Code
| Enum | Description |
|---|---|
| 00 | Void initiated by customer / cardholder |
| 01 | Merchant cannot complete the transaction with the cardholder, authorization/payment will be voided instead |
| 02 | An error occurred in the merchant’s system and/or the terminal used. For chip card transactions, may also be used if Issuer Authentication Data returned by the issuer was rejected by the card. |
| 03 | Void due to communication failure or system timeout |
| 04 | Card was pulled out from POS terminal before transaction completion |
ECI Values
| Enum | Description |
|---|---|
| 00 | (MasterCard) Unauthenticated transaction |
| 01 | (MasterCard) Merchant or Issuer attempted to authenticate the cardholder, but the authentication was not successful (e.g., card is not 3-DS enrolled) |
| 02 | (MasterCard) Issuer successfully authenticated the cardholder |
| 05 | (Visa, JCB) Issuer successfully authenticated the cardholder |
| 06 | (Visa, JCB) Merchant or Issuer attempted to authenticate the cardholder, but the authentication was not successful (e.g., card is not 3-DS enrolled) |
| 07 | (Visa, JCB) Unauthenticated transaction |