# E-Wallet

# Payment channel

channel	Description	Currency
truewallet	Truemoney Wallet	THB
truewallet_deeplink	Truemoney Wallet	THB
linepay	LINE Pay	THB
mpay	MPay	THB

# Limits

Min - 10 THB
Max - 20,000 THB

# Payment flow

Customer who choose to pay via E-Wallet (eg. Truewallet) go through a "redirect" payment flow.
Customer input their mobile number to receive one-time password
Customer prompts to authorize and confirm the payment using a one-time password that sent to their mobile number.
Once payment completion, customer is redirected to partner website.

# Implementation

To create a payment request for an E-Wallet, make the request by the following steps.

Redirect customer to API with payment request parameter.
Receiving the payment result notification.
After received the payment result, inquiry the payment to verify its status (optional, but recommended).

# Payment request parameter

Important Security Update: Transitioning from MD5 to HMAC-SHA256

We are committed to maintaining the highest standards of security and ensuring the integrity and confidentiality of your data. As part of our ongoing security enhancements, we will be upgrading our cryptographic hash for the "sig" parameter from MD5 to HMAC-SHA256.

What This Means for You:

Enhanced Security: HMAC-SHA256 provides stronger security features and is less susceptible to vulnerabilities, ensuring your data remains secure.
Action Required: If you are currently using the MD5 to generate a signature in your request payload OR Payment result notification, you will need to update your request payload to use HMAC-SHA256.
Timeline: The transition will take place on December 31, 2024. Please ensure your request payload are updated before this date to avoid any service disruptions.

Method	URL
GET	`/ewallet/pay`

Parameters	Description	Optional	Example
for	virtual goods, virtual credit name or game name	No	`game-item`
sid	Service ID provided by Razer	No	`9999`
channel	Payment channel	No	`truewallet`
price	Price Point with currency without tax	No	`10THB`
orderid	Partner Order ID char(32)	No	`e4a571bc24324415a4089d75506a887b`
uid	ID of customer or userID. Can be text, number or email char(50)	No	`steve.id888`
sig	Signature generated by Partner - How to	No	`17d6cfa852918d09de078758f2e0175d`
hashType	Hash type of "sig" parameter. Value must be "hmac-sha256" for SHA256 signature, Otherwise the signature will be validated in MD5 as a default	Yes	`hmac-sha256`

HTTP 301 Redirects /ewallet/pay?for=game-item&channel=truewallet&price=10THB&sid=9999
&orderid=e4a571bc24324415a4089d75506a887b&uid=steve.id888&sig=17d6cfa852918d09de078758f2e0175d

# Payment result notification

Important Security Update: Transitioning from MD5 to HMAC-SHA256

What This Means for You:

Enhanced Security: HMAC-SHA256 provides stronger security features and is less susceptible to vulnerabilities, ensuring your data remains secure.
Action Required: If you are currently using the MD5 to generate a signature in your request payload OR Payment result notification, you will need to update your request payload to use HMAC-SHA256.
Timeline: The transition will take place on December 31, 2024. Please ensure your request payload are updated before this date to avoid any service disruptions.

Method	NOTIFY URL
GET	`https://partner-domain-or-ip/path/payment-notification-handler`

Parameter	Description	Example
txid	Transaction ID generated by API. char(32)	`979ca107f2dfcf36b3c326da6f8758d0`
orderid	Partner Order ID char(32)	`e4a571bc24324415a4089d75506a887b`
status	Payment status	`200`
detail	Detail of status	`Success`
channel	Payment channel - Check the list name	`truewallet`
amount	Payment amount	`10`
currency	Payment currency	`THB`
sig	Signature generated by API - How to	`97fa2ec45f239d5e322c89f114e5xxxx`
hashType	Hash type of "sig" parameter. Value must be "hmac-sha256" for SHA256 signature, Otherwise the signature will be validated in MD5 as a default	`hmac-sha256`

curl NOTIFY_URL -d txid=979ca107f2dfcf36b3c326da6f8758d0&orderid=e4a571bc24324415a4089d75506a887b
&status=200&detail=Success&channel=truewallet&amount=10&currency=THB&sig=0efe782a4a77609eed57e10c06165a09

# Partner notify response

Parameter	Description	Example
txid	Transaction ID generated by API. char(32)	`979ca107f2dfcf36b3c326da6f8758d0`
status	Status

{
  "txid": "979ca107f2dfcf36b3c326da6f8758d0",
  "status": "200"
}

# Redirect to partner website

API will redirect customer back to partner website through REDIRECT_URL with the same parameter as payment result notification

HTTP 301 Redirects REDIRECT_URL?txid=979ca107f2dfcf36b3c326da6f8758d0&orderid=e4a571bc24324415a4089d75506a887b
&status=200&detail=Success&channel=truewallet&amount=10&currency=THB&sig=0efe782a4a77609eed57e10c06165a09

# Payment inquiry

Important Security Update: Transitioning from MD5 to HMAC-SHA256

What This Means for You:

Enhanced Security: HMAC-SHA256 provides stronger security features and is less susceptible to vulnerabilities, ensuring your data remains secure.
Action Required: If you are currently using the MD5 to generate a signature in your request payload OR Payment result notification, you will need to update your request payload to use HMAC-SHA256.
Timeline: The transition will take place on December 31, 2024. Please ensure your request payload are updated before this date to avoid any service disruptions.

Method	URL
GET	`/ewallet/pay/inquiry`

Parameter	Description	Optional	Example
orderid	Partner Order ID char(32)	No	`e4a571bc24324415a4089d75506a887b`
sid	Service ID	No	`9999`
sig	Signature generated by Partner - How to	No	`2c22eed47e6a0ae2a3e1c1da7526bee5`
hashType	Hash type of "sig" parameter. Value must be "hmac-sha256" for SHA256 signature, Otherwise the signature will be validated in MD5 as a default	Yes	`hmac-sha256`

curl /ewallet/pay/inquiry -d orderid=e4a571bc24324415a4089d75506a887b&sid=9999&sig=2c22eed47e6a0ae2a3e1c1da7526bee5

The response of payment inquiry is same parameter as Payment result notification

# Status code

Code	Detail
200	Success
609	Provider return failed

← Server API Internet Banking →