The sandbox environment is perfect for prototyping and integration testing. The APIs on sandbox respond accordingly to your requests but without connecting to the live Multipay backend. The sandbox APIs perfectly match those in production, so you can write code against the sandbox environment and eventually just switch to the production endpoints.

When using the Mutlipay Payments API on the sandbox environment, please avoid using real payment method details (such as real card numbers). Even though your payment method will not be charged on the sandbox environment, it is a best practice to use fake details instead.

Please note below the specific hosts you should use when accessing the APIs on sandbox and production environments.

Sandbox : https://dev-payment-gateway.mdd.co.id

Production : https://api-multipay.multidaya.id

To ensure secure client server communication, every API call must be authorized. Of the various Authorization methods available, Multipay uses the Bearer Token. Bearer tokens allow requests to authenticate using an access key, such as a JSON Web Token (JWT). The token expiry time is 1 day and must be renewed at the end of day. The token is a text string, included in the request header. To get tokens you can go to the register page on the multipay dashboard at https://dash-multipay.multidaya.id/register.

On Production Environment, you can use api_key as email and secret_key as password to avoid Multipay Password Policy which applied in every 90 days, since the email and password can be used for Multipay dashboard panel (https://dash-multipay.multidaya.id) . This new credential can be requested by email to marketing@multidaya.id once you have passed and complied the SIT/UAT process.

Merchant can create Payment Link using the API. Payment Link is a web-based link (URL) which can be shared to Customer to receive payments from them like an invoice. The link will redirect them to Multipay hosted payment web page.

Please make sure you have set the callback url.

Desktop :

Mobile :

When using the Payment Link, Merchant can also override the selected payment channel for user seamless purpose. This will disable the payment channel option for the user, so user just can continue to proceed the payment.

Below example how to override the payment channel using query string selected_provider on the url, while provider can refer the same provider table list (ex : ovo, gopay, card-not-present, linkaja-qris, etc).

https://payment-link.multidaya.id/pay-v2/?ses=173270e64d00b240&selected_provider=ovo

Desktop :

Mobile :

Payment API is intended for performing transactions and deduct funds from the customer, depending on the payment method selected.

Please make sure you have set the callback url.

Merchant can opt to edit or add custom notification URLs on every transaction. It can be achieved by attaching optional custom_callback parameter on this request.

To get the status of a transaction, you can send a request to Multipay API. It will then send back the transaction status. This method requires the transaction reff_no (or trx_id) as an identifier.

Please make sure you have set the callback url.

The void API is used to void a paid order before the payment is captured or the order confirmed by a merchant or payer and then return money to the payer.

For void payments, here is a list of available acquirers :

1. OVO
2. GoPay

What you should know :

1. Transaction time must be on the same day
2. The transaction must have been paid for

The fee API provides a way to retrieve a list of fees associated with a specific service, product, or transaction. Fees are charges imposed by a business or organization for various purposes, such as processing payments, providing services, or covering administrative costs. This API is particularly useful for businesses, financial institutions, and e-commerce platforms to provide transparency to their customers regarding the fees associated with their services

This section introduces the events that may occur subsequent to payment creation. Each of the events lists the additional fields in a typical notification payload.

This notification is responsible for sending a notification to a specified API endpoint, and performs retries in case of failures. It then computes an idempotency key using the SHA-256 algorithm and applies it to the notification. The notification waits for a certain amount of time before retrying the notification to the specified URL.

This key parameter should be added in your request header, it must be composed from SHA-256 your epoch time + your encoded payload in base64 format.

Epoch : String unix epoch, must be same with X-Api-Timestamp

Payload : String encoded body payload, without this parameter, the service will not able to be accessed

Sample in PHP :

$signature = base64_encode(hash_hmac('sha256', <Your X-Api-Timestamp> . <Your Encoded Body Payload>, <Your Secret Key>, true));

Sample in JS (Obsolete) :

var signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(<Your X-Api-Timestamp> + <Your Encoded Body Payload>, <Your Secret Key>, true));

Sample in JS (New) :

var signature = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(CryptoJS.HmacSHA256(<Your X-Api-Timestamp> + <Your Encoded Body Payload>, <Your Secret Key>).toString(CryptoJS.enc.Hex)));

Success means that Multipay accepts the payment.

{
    "trx_id": "...",
    "mid": "...",
    "tid": "...",
    "reff_no": "...",
    "trx_date": "...",
    "fee": "...",
    "init_amount": "...",
    "amount": "...",
    "method": "...",
    "provider": "...",
    "status": "SUCCESS",
    "paid_at": "..."
}

The transaction was rejected by the payment provider.

{
    "trx_id": "...",
    "mid": "...",
    "tid": "...",
    "reff_no": "...",
    "trx_date": "...",
    "fee": "...",
    "init_amount": "...",
    "amount": "...",
    "method": "...",
    "provider": "...",
    "status": "FAILED",
    "expired_at": "..."
}

Transaction is not available for processing, because the payment was delayed.

{
    "trx_id": "...",
    "mid": "...",
    "tid": "...",
    "reff_no": "...",
    "trx_date": "...",
    "fee": "...",
    "init_amount": "...",
    "amount": "...",
    "method": "...",
    "provider": "...",
    "status": "EXPIRED",
    "expired_at": "..."
}

The transaction is canceled. It can be triggered by merchant.

{
    "trx_id": "...",
    "mid": "...",
    "tid": "...",
    "reff_no": "...",
    "trx_date": "...",
    "fee": "...",
    "init_amount": "...",
    "amount": "...",
    "method": "...",
    "provider": "...",
    "status": "CANCEL",
    "canceled_at": "..."
}

Multipay will perform below action based on client host http_header status code as follow :

1. 200/201. No retries, it is considered successful.
2. 400/404/500/501/503. Conditional retry max four times.
3. 301/302/303. No retries. Update notification endpoint in SETTINGS menu, instead of replying to these status codes.
4. 307/308. Follow the new URL with POST method and the same notification body. Maximum number of redirect is four times.

Body response is no longer required. But we will log any response value for audit purpose if given.The amount of time to wait before retrying is equal to 5 * incrementing minutes.

• If first attempt fails, the notification will retry 5 minutes later.
• If the second attempt fails, the notification will retry 10 minutes later.
• If the third attempt fails, the notification will retry 15 minutes later.
• If the fourth attempt fails, the notification will stop retrying and user has to manually call the status endpoint to check the status of the order.

QRIS is a QR payment standard in Indonesia, developed by Bank Indonesia (BI). Users can scan and pay the QR from any payment providers registered.

For QRIS, we are currently integrated with the acquirers given below.

1. Mandiri (provider = mandiri-qris)
2. MotionPay (provider = spin-qris)
3. BNI (provider = bni-qris)
4. BCA (provider = bca-qris)
5. Shopee Pay (provider = shopeepay-qris)
6. GoPay (provider = gopay-qris)
7. LinkAja (provider = linkaja-qris)
8. JakOne (provider = jakone-qris)
9. Nobu (provider = nobu-qris)
10. Duwit (provider = duwit-qris)

The steps to integrate with QRIS are given below.

1. Send the Payment API request to Multipay with the selected acquirer.
2. Show the rendered QR string to the users.
3. Handle notifications.

Send a Payment API request with the details of the transaction such as tid, reff_no, method, provider and amount. Successful request returns a QR code image URL.

The attributes to be sent to Payment API QRIS are given below.

{
    "tid": "...",
    "reff_no": "...",
    "method": "e-wallet",
    "provider": "{provider}",
    "amount": "..."
}

{
    "response": {
        "code": 200,
        "message": "Success create order",
        "ip": "10.20.30.229",
        "host_timestamp": "2022-07-19 11:51:58",
        "latency": 2.454998016357422
    },
    "data": {
        "trx_id": "...",
        "reff_no": "...",
        "mid": "...",
        "tid": "...",
        "items": [
            {
                "name": "...",
                "unit_price": "...",
                "qty": "..."
            }
        ],
        "init_amount": 0,
        "fee": 0,
        "amount": 0,
        "status": "...",
        "trx_date": "...",
        "expired_at": "...",
        "payment_link": "...",
        "method": "e-wallet",
        "provider": "{provider}",
        "how_to_pay": [
            {
                "channel": "...",
                "language": "...",
                "step": [
                    "...",
                    "...",
                    "...",
                    "..."
                ]
            }
        ]
    }
}

Virtual accounts are unique account numbers assigned within traditional, physical bank accounts, which are also known as settlement accounts. They can be used to send and receive money on behalf of the settlement account, where the funds are ultimately held.

For Virtual Account, we are currently integrated with the acquirers given below.

1. Permata (provider = permata)
2. Mandiri (provider = mandiri)
3. BRI (provider = bri)
4. BNI (provider = bni)
5. CIMB Niaga (provider = cimb)
6. BCA (provider = bca)
7. BSI (provider = bsi)
8. BJB (provider = bjb)
9. Sahabat Sampoerna (provider = sahabat_sampoerna)
10. NOBU (provider = nobu)
11. DOKU (provider = doku)

The steps to integrate with Virtual Account are given below.

1. Send the Payment API request to Multipay with the selected acquirer.
2. Show the virtual account number.
3. Handle notifications.

Send a Payment API request with the details of the transaction such as tid, reff_no, method, provider and amount. Successful request returns a VA number.

The attributes to be sent to Payment API Virtual Account are given below.

{
    "tid": "...",
    "reff_no": "...",
    "method": "virtual-account",
    "provider": "{provider}",
    "amount": "..."
}

{
    "response": {
        "code": 200,
        "message": "Success create order",
        "ip": "10.20.30.229",
        "host_timestamp": "2022-07-19 11:51:58",
        "latency": 2.454998016357422
    },
    "data": {
        "trx_id": "...",
        "reff_no": "...",
        "mid": "...",
        "tid": "...",
        "items": [
            {
                "name": "...",
                "unit_price": "...",
                "qty": "..."
            }
        ],
        "init_amount": 0,
        "fee": 0,
        "amount": 0,
        "status": "...",
        "trx_date": "...",
        "expired_at": "...",
        "payment_link": "...",
        "method": "virtual-account",
        "provider": "{provider}",
        "display_name": "...",
        "account_number": "...",
        "how_to_pay": [
            {
                "channel": "...",
                "language": "...",
                "step": [
                    "...",
                    "...",
                    "...",
                    "..."
                ]
            }
        ]
    }
}

E-Wallet is a secure money management app or online platform that allows you to make purchases with retailers on-site, transfer or send money and track rewards programs. You can link the e-wallet to your bank account or pay as you go with a prepay option.

For E-Wallet, we are currently integrated with the acquirers given below.

1. Gopay (provider = gopay)
2. Shopee Pay (provider = shopeepay)
3. OVO (provider = ovo)
4. LinkAja (provider = linkaja)
5. LinkAja Token (provider = linkaja-token)

The steps to integrate with E-Wallet are given below.

1. Send the Payment API request to Multipay with the selected acquirer.
2. Show redirect link to acquirer app.
3. Handle notifications.

Send a Payment API request with the details of the transaction such as tid, reff_no, method, provider and amount. For ovo and linkaja-token providers must add msisdn. Successful request returns a redirect link to acquirer app.

The attributes to be sent to Payment API E-Wallet are given below.

{
    "tid": "...",
    "reff_no": "...",
    "method": "e-wallet",
    "provider": "{provider}",
    "amount": "...",
    "msisdn": "..."
}

{
    "response": {
        "code": 200,
        "message": "Success create order",
        "ip": "10.20.30.229",
        "host_timestamp": "2022-07-19 11:51:58",
        "latency": 2.454998016357422
    },
    "data": {
        "trx_id": "...",
        "reff_no": "...",
        "mid": "...",
        "tid": "...",
        "items": [
            {
                "name": "...",
                "unit_price": "...",
                "qty": "..."
            }
        ],
        "init_amount": 0,
        "fee": 0,
        "amount": 0,
        "status": "...",
        "trx_date": "...",
        "expired_at": "...",
        "payment_link": "...",
        "method": "virtual-account",
        "provider": "{provider}",
        "link": "...",
        "how_to_pay": [
            {
                "channel": "...",
                "language": "...",
                "step": [
                    "...",
                    "...",
                    "...",
                    "..."
                ]
            }
        ]
    }
}

Retail is the sale of goods and services to consumers, in contrast to wholesaling, which is sale to business or institutional customer.

For Retail, we are currently integrated with the acquirers given below.

1. Alfamart (provider = alfamart)
2. Indomaret (provider = indomaret)

The steps to integrate with Retail are given below.

1. Send the Payment API request to Multipay with the selected acquirer.
2. Show the payment code.
3. Handle notifications.

Send a Payment API request with the details of the transaction such as tid, reff_no, method, provider and amount. Successful request returns a payment code.

The attributes to be sent to Payment API Retail are given below.

{
    "tid": "...",
    "reff_no": "...",
    "method": "retail-outlet",
    "provider": "{provider}",
    "amount": "..."
}

{
    "response": {
        "code": 200,
        "message": "Success create order",
        "ip": "10.20.30.229",
        "host_timestamp": "2022-07-19 11:51:58",
        "latency": 2.454998016357422
    },
    "data": {
        "trx_id": "...",
        "reff_no": "...",
        "mid": "...",
        "tid": "...",
        "items": [
            {
                "name": "...",
                "unit_price": "...",
                "qty": "..."
            }
        ],
        "init_amount": 0,
        "fee": 0,
        "amount": 0,
        "status": "...",
        "trx_date": "...",
        "expired_at": "...",
        "payment_link": "...",
        "method": "virtual-account",
        "provider": "{provider}",
        "display_name": "...",
        "account_number": "...",
        "how_to_pay": [
            {
                "channel": "...",
                "language": "...",
                "step": [
                    "...",
                    "...",
                    "...",
                    "..."
                ]
            }
        ]
    }
}

By using the Card payment method, customers can make payments using any credit card or debit card that can transact online within the Visa, MasterCard and JCB. Multipay sends real-time notifications when a customer completes a payment.

For Card Payment, we are currently integrated with the acquirers given below.

1. Kartu Kredit/Debit (provider = card-not-present)
2. Artajasa-GPN (provider = debit-gpn)
3. Mandiri Installment (provider = card-installment)

The steps to integrate with Card Payment are given below.

1. Send the Payment API request to Multipay with the selected acquirer.
2. Show the authentication page url.
3. Handle notifications.

Send a Payment API request with the details of the transaction such as tid, reff_no, method, provider and amount. Successful request returns a authentication page url.

The attributes to be sent to Payment API Card Payment are given below.

{
    "tid": "...",
    "reff_no": "...",
    "method": "debit-credit",
    "provider": "{provider}",
    "amount": "..."
}

{
    "response": {
        "code": 200,
        "message": "Success create order",
        "ip": "10.20.30.229",
        "host_timestamp": "2022-07-19 11:51:58",
        "latency": 2.454998016357422
    },
    "data": {
        "trx_id": "...",
        "reff_no": "...",
        "mid": "...",
        "tid": "...",
        "items": [
            {
                "name": "...",
                "unit_price": "...",
                "qty": "..."
            }
        ],
        "init_amount": 0,
        "fee": 0,
        "amount": 0,
        "status": "...",
        "trx_date": "...",
        "expired_at": "...",
        "payment_link": "...",
        "method": "debit-credit",
        "provider": "{provider}",
        "link": "...",
        "how_to_pay": [
            {
                "channel": "...",
                "language": "...",
                "step": [
                    "...",
                    "...",
                    "...",
                    "..."
                ]
            }
        ]
    }
}