Get started
API Endpoint
https://payment.vbankpay.business/api/v1/payout
Please refer to the integration guide for the integration testing and live hostname of PaymentGateway above for the actual URL.
To use this API, you need an API merchant keys. Please contact us at support@vbankpay.business to get your own API merchant keys.
Payout
To submit payout request you need to make a POST API call to the following url :
https://payment.vbankpay.business/api/v1/payout
# Here is a POST request example
{
"merchant_order":"12345",
"merchant_account":"900136",
"customer_name":"Juan Dela Cruz",
"bank_province_code": "018040010",
"bank_city_code":"018040010",
"bank_code": "SPP_GXCHPHM2",
"bank_branch_address": "Philippines",
"bank_account_number": "09123456789",
"amount": 10000,
"currency":"PHP",
"status_callback_url": "https://callback.sample.com/back/status.php",
"control": "792fef0e5c422b69cff20229d8ac5ca2f497ba44"
}
PAYOUT REQUEST PARAMETERS IN JSON BODY
| Field | Type | Description |
|---|---|---|
| merchant_account | String | Merchant account number, assigned by VbankPay, 12 bytes max. *[mandatory] |
| merchant_order | String | Unique order identifier, defined by Merchant, 12 bytes max. *[mandatory] |
| amount | Numeric | The order amount, in non floating format. (example: 100075 represents 1000.75 as amount. 10 bytes max. *[mandatory] |
| currency | String | Transaction currency, in ISO 4217 format, 3 bytes. *[mandatory] - supports PHP, INR, MYR, THB, IDR, VND, LAK and CNY currency. |
| customer_name | String | Customer name in local language, 30 character max. *[mandatory] |
| bank_code | String | Bank Code, Please refer to Appendix for details for PHP, INR, CNY, MYR, VND, THB, LAK, AND IDR. 10 bytes max. *[mandatory] - For INR payouts, provide IFSC Code of client bank account: (example: HDFC0003083) |
| bank_province_code | String | 14000 *[mandatory] |
| bank_city_code | String | 14300. *[mandatory] |
| bank_branch_address | String | Address of the account-opening branch, 50 character max.*[mandatory] |
| bank_account_number | String | Bank account number, 20 bytes max. *[mandatory] |
| memo | String | Message to customer about this transaction, might show on bank statement, 50 character max, [optional] |
| status_callback_url | String | The callback URL to post the transaction final results after payment processing completed from bank side. 40 bytes max. [optional] |
| control | String | The checksum. 40 bytes. *[mandatory] |
# Successful Response example :
{
"transaction_id": "1103795",
"merchant_account": "900136",
"merchant_order": "12345",
"amount": "10000",
"currency": "PHP",
"customer_name": "Juan Dela Cruz",
"bank_code": "SPP_GXCHPHM2",
"bank_account_number": "09123456789",
"bank_province_code": "018040010",
"bank_city_code": "018040010",
"bank_branch_address": "Philippines",
"control": "792fef0e5c422b69cff20229d8ac5ca2f497ba44",
"status": "A2"
"message": "Confirmed.The payment is confirmed and will be acquired.",
}
PAYOUT RESPONSE IN JSON FORMAT
| Field | Type | Description |
|---|---|---|
| transaction_id | String | Unique transaction identifier, defined by VbankPay, 10 bytes max. |
| merchant_account | String | Merchant account number, assigned by VbankPay, 12 bytes max. |
| merchant_order | String | Echo of merchant_order used in credit transaction request. |
| amount | Numeric | Echo of amount used in credit transaction request. |
| currency | String | Echo of currency used in credit transaction request. |
| customer_name | String | Echo of customer name used in credit transaction request. |
| bank_code | String | Echo of Bank Code used in credit transaction request. |
| bank_province_code | String | 14000 |
| bank_city_code | String | 14300 |
| bank_branch_address | String | Echo of address of the account-opening branch used in credit transaction request. |
| bank_account_number | String | Echo of bank account number used in credit transaction request. |
| control | String | Echo of control used in credit transaction request. |
| status | String | The status code of the order. Refer to Appendix for the possible values. |
| message | String | The status code of the order. Refer to Appendix for the possible values. |
Create Payout Request Control Checksum
NOTE: Never expose your partner_control provided by us to anyone. Doing so will compromise the security of future transaction.
SHA-1 checksum is used in ensuring data integrity and message authenticity in communication. This checksum is
calculated by concatenating the data in transaction request/response in the correct order and append the shared
secret (partner_control) to the end of concatenating string, feed it into SHA-1 function and supply the SHA-1
function result in control parameter of the request.
For more details of Secure Hash Algorithm 1 (SHA1), see clickhere
To create the checksum, concatenate the value of the following parameters into one string variable in the following order:
(merchant_account + merchant_order + amount + currency + Base64.encoded(customer_name) + bank_code + bank_account_number + partner_control)
Below example to verify checksum:
merchant_account 900136
merchant_order 12345
amount 10000
currency PHP
customer_name Juan Dela Cruz -> Base64.encode('Juan Dela Cruz') -> SnVhbiBEZWxhIENydXo=
bank_code SPP_GXCHPHM2
bank_account_number 09123456789
partner_control 792fef0e5c422b69cff20229d8ac5ca2f497ba44
The complete string for above example data becomes as follows:
9001361234510000PHPSnVhbiBEZWxhIENydXo=SPP_GXCHPHM209123456789
For this example partner_control key is: 73C76D7B2B090C7EEBBA3CFD26782AA0
Then hash the string using the SHA-1 hash function (Example below):
sha1(‘SHA1’, ‘9001361234510000PHPSnVhbiBEZWxhIENydXo=SPP_GXCHPHM20912345678973C76D7B2B090C7EEBBA3CFD26782AA0’)
Then supply this string and the partner control as the key to SHA-1 function. And supply the result to
control parameter, the last parameter you need to initiate the transaction. In our example, the control
parameter would become:
792fef0e5c422b69cff20229d8ac5ca2f497ba44
Payout Callback Response
Once the payout transaction is processed and fund are sent to customer bank account, final transaction result is return to the merchant if status_callback_url is supplied in the credit transaction request. Merchant shall record the information for future reference and reconciliation. The table below explains the parameters that are delivered by HTTP POST request in JSON format.
# Callback response example :
{
"transaction_id": 1103795,
"merchant_account": "900136",
"merchant_order": "12345",
"amount": 10000,
"currency": "PHP",
"customer_name": "Juan Dela Cruz",
"bank_code": "SPP_GXCHPHM2",
"bank_account_number": "09123456789",
"status": "A0",
"message": "Paid / Refunded / Successfully requested.",
"control": "9fa407db8267c024330421980eeb35dbfd911465"
}
CALLBACK RESPONSE PARAMETERS IN JSON BODY
| Field | Type | Description |
|---|---|---|
| transaction_id | String | Unique transaction identifier, defined by VbankPay system, 10 bytes max. |
| merchant_account | String | Merchant account number, assigned by VbankPay, 12 bytes max. |
| merchant_order | String | Echo of unique order identifier, defined by Merchant, 12 bytes max. |
| amount | Numeric | The order amount, in non floating format. (example: 100075 represents 1000.75 as amount. 10 bytes max. |
| currency | String | Echo of currency in credit transaction request, 3 bytes. |
| customer_name | String | Echo of customer name in transaction request. |
| bank_code | String | Indicate which bank was used in the payment process; Please refer to Appendix detail. 10 bytes max. |
| bank_account_number | String | Bank account number, 20 bytes max. |
| status | String | The status code of the order. Refer to Appendix for the possible values. 4 bytes max. |
| message | String | The status code of the order. Refer to Appendix for the possible values. 125 bytes max. |
| control | String | The checksum. 40 bytes. |
Validate your Payout Callback Response by matching Control Checksum
SHA-1 checksum is used in ensuring data integrity and message authenticity in communication. This checksum is calculated by concatenating the data in transaction request/response in the correct order and append the shared secret (partner_control) to the end of concatenating string, feed it into SHA-1 function and supply the SHA-1 function result in control parameter of the request.
To create the checksum from callback response, concatenate the value of the following parameters into one string variable in the following order:
(transaction_id + merchant_account + merchant_order + amount + currency + status)
Below example to verify checksum:
transaction_id 1103795
merchant_account 900136
merchant_order 12345
amount 10000
currency PHP
status A0
The complete string for above example data becomes as follows:
1103795123451000010000PHPA0
For this example partner_control key is: 73C76D7B2B090C7EEBBA3CFD26782AA0
Then hash the string using the SHA-1 hash function (Example below):
sha1(‘SHA1’, ‘1103795123451000010000PHPA073C76D7B2B090C7EEBBA3CFD26782AA0’)
Then use this string and the (partner_control) to SHA-1 function. And use the result of it to verify authenticity of communication response you got as callback.
In our example, the control parameter would become: