FasaPay SCI GUIDE
Shopping Cart Interface Guide version 3.16.4
Requirement
- To understand this document, you have to at least know basic HTML and HTTP POST/GET request.
- SCI Simple Mode are available for Active Member
- SCI Advance Mode are available for Store and Corporate Member
- SCI Secure Mode are available for Store and Corporate Member
Feature Comparison
| Feature | Simple Mode | Advance Mode | Secure Mode |
|---|---|---|---|
| Streamlined Payment | |||
| Back to Merchant on Success | |||
| Back to Merchant on Failure | |||
| Merchant Reference | |||
| Need SCI Store | |||
| Store Banner / Logo | |||
| Hash Verification | |||
| Immediate Payment Notification Callback (IPN) | |||
| Secure Link | |||
| Secure Field |
Feature Description
- Streamlined Payment
- Payment are streamlined and consist of 4 steps. Login, Transfer Information, Confirm Transaction, and Result.
- Back to Merchant on Success
- Merchant can provide SUCCESS URL (a link) and SUCCESS METHOD (POST/GET) that will be used as action link for SUCCESS FORM. This Form will be shown as a “Back to Merchant” Button on the Last Step (Result) of the Transaction.
- Back to Merchant on Failure
- Merchant can provide FAIL URL (a link) and FAIL METHOD (POST/GET) that will be used as action link for FAIL FORM. This Form will be shown as a “Back to Merchant” after the user pressed the CANCEL button.
- Store Banner/Logo
- Merchant can provide link to an image file that will be used
as Banner or Logo on the SCI. The maximum dimension is
600x100pixels. - Hash Verification
- Hash verification are used to verify the integrity and authenticity of STATUS FORM
- Immediate Payment Notification Callback (IPN)
- Immediate Payment Notification is a notification (callback) system that will send STATUS FORM to STATUS URL on successfull transaction.
- Secure Link
- Secure link is a redirect link to FasaPay SCI without exposing the REQUEST FORM to user. The REQUEST FORM is send by Merchant Server directly to FasaPay Server with additional parameter and then Fasapay will return the Secure Link. (see Secure Mode)
- Secure Field
- Secure Field are baggage field that was send using the SECURE
MODE inside
fp_sec_fieldand will only be returned to Merchant in STATUS FORM. Those make it hidden from user and prevent it from being tampered.
Flow Diagram
FasaPay SCI Simple Mode
-
Steps :
- (A)Merchant Shopping Cart using REQUEST FORM redirect user to (1) FasaPay SCI Login Page (https://sci.fasapay.com/)
- (1) FasaPay FasaPay SCI Login, User input their login credential
- (2) FasaPay SCI TRANSFER form, User input additional transfer information
- (3) FasaPay SCI CONFIRM Transaction, User Confirm transfer information and authorize the transfer
- (4) FasaPay SCI RESULT , Transaction success and the SUCCESS FORM to redirect user is available
- SUCCESS FORM send to (C) Merchant Success Page if user click on "Back to Merchant" Button
- If User Press any Cancel button in step 2-4 They will be send to (5) FasaPay SCI FAIL page and a FAIL FORM to redirect user is available
FasaPay SCI Advance Mode
-
Steps:
- (A)Merchant Shopping Cart using REQUEST FORM redirect user to (1) FasaPay SCI Login Page (https://sci.fasapay.com/)
- (1) FasaPay FasaPay SCI Login, User input their login credential
- (2) FasaPay SCI TRANSFER form, User input additional transfer information
- (3) FasaPay SCI CONFIRM Transaction, User Confirm transfer information and authorize the transfer
-
- On Successful transaction FasaPay send STATUS FORM to (D) Merchant STATUS page
- (4) FasaPay SCI RESULT , Transaction success and the SUCCESS FORM to redirect user is available
- SUCCESS FORM send to (C) Merchant Success Page if user click on "Back to Merchant" Button
- If User Press any Cancel button in step 2-4 They will be send to (5) FasaPay SCI FAIL page and a FAIL FORM to redirect user is available
FasaPay SCI Secure Mode
-
Steps:
-
- (A0) Merchant Secure Link Requester send REQUEST FORM to (0) FasaPay SCI INDEX (https://sci.fasapay.com/)
- FasaPay Response with a JSON data containing the SECURE LINK and validation hash
- (A)Merchant Shopping Cart using SECURE LINK redirect user to (1) FasaPay SCI Login Page
- (1) FasaPay FasaPay SCI Login, User input their login credential
- (2) FasaPay SCI TRANSFER form, User input additional transfer information
- (3) FasaPay SCI CONFIRM Transaction, User Confirm trnasfer information and authorize the transfer
-
- On Successful transaction FasaPay send STATUS FORM to (D) Merchant STATUS page
- (4) FasaPay SCI RESULT , Transaction success and the SUCCESS FORM to redirect user is available
- SUCCESS FORM send to (C) Merchant Success Page if user click on "Back to Merchant" Button
- If User Press any Cancel button in step 2-4 They will be send to (5) FasaPay SCI FAIL page and a FAIL FORM to redirect user is available
Request Form
Example
<form method="POST" action="https://sci.fasapay.com/">
<input type="hidden" name="fp_acc" value="FP0001">
<input type="hidden" name="fp_item" value="2 pieces of Clothes">
<input type="hidden" name="fp_amnt" value="2000">
<input type="hidden" name="fp_currency" value="IDR">
<input type="hidden" name="fp_comments" value="Purchase of 2 pieces of black clothes with white collar">
<input type="hidden" name="fp_merchant_ref" value="BL002883" />
<input type="hidden" name="fp_success_url" value="http://www.domain.com/merchant/result.php" />
<input type="hidden" name="fp_success_method" value="POST" />
<input type="hidden" name="fp_fail_url" value="http://www.domain.com/merchant/cancel.php" />
<input type="hidden" name="fp_fail_method" value="GET" />
<input type=”hidden” name=
<!-- additional fields -->
<input type="hidden" name="track_id" value="558421222">
<input type="hidden" name="order_id" value="BJ2993800-">
<input name="" type="submit">
</form>
| Variable/Input | Description | Type Data (Accepted Value) | Example | Simple Mode | Advance Mode | Secure Mode |
|---|---|---|---|---|---|---|
fp_acc |
Merchant FasaPay Account. If specified it cannot be changed. | STRING FP\d{5,6} FP##### FP###### |
FP12345 FP123456 |
O | R | R |
fp_acc_from |
User/Buyer FasaPay Account. If specified it cannot be changed | STRING FP\d{5,6} FP##### FP###### |
FP12345 FP123456 |
O | O | O |
fp_store |
The store’s name. if specified it will become the header of the SCI page. If Merchant has created SCI Store in their account. it will be used as store name identifier for Advance Mode. | STRING Max : 100 Character |
My Store MyStore |
O | R | R |
fp_item |
Name of the item or its amount. Will be appeared in the left side of transaction summary. | STRING Max: 255 Character |
2 Piece of Apple | O | O | O |
fp_cart |
List of the items, quantity and price of each item. | Array | [ {“item”:”Apple”,”price”:100,”qty”:2}, {“item”:”Berry”,”price”:500,”qty”:5}, ] |
O | O | O |
fp_cart[][item] |
Name of the Item. | STRING Max: 100 character |
O | O | O | |
fp_cart[][comment] |
Additional note of the item. | STRING Max: 100 character |
O | O | O | |
fp_cart[][price] |
Price of the Item. | FLOAT Use point (.) as decimal separator. Please remove Thousand Separator. |
O | O | O | |
fp_cart[][qty] |
Quantity of the Item. | Number | O | O | O | |
fp_amnt |
Amount of transaction which should be transferred. The value here will be converted into float number with two decimals. If specified it cannot be changed Leave it blank if you want to make the user insert their own amount |
FLOAT Use point (.) as decimal separator. Please remove Thousand Separator. |
5000 12.5 |
O | O | R |
fp_fee_mode |
Type Fee used in the transaction
FsC as default. if using
Advance Mode or Secure Mode it will be overridden
or automatically filled by store fee_mode of the merchant
store setting. |
STRING (FiR|FiS|FsC) |
FiR | O | O | R |
fp_currency |
Currency used for transaction. If specified it cannot be changed Make sure the fp_acc has activated the currency |
STRING (IDR|USD) |
IDR | O | O | R |
fp_comments |
Comment/Note for this transaction. Not changeable by user. However, user can add additional comment |
STRING Max: 100 Character |
Payment for 2 pieace of Apple | O | O | O |
fp_merchant_ref |
MERCHANT REFERENCE field. it can be used to hold identification
number from the shopping cart or other use. merchant is free to use this field for their own needs. |
STRING Max: 100 Character |
OrderID5558689 | O | O | O |
fp_success_url |
URL which used as SUCCESS FORM action
and submitted by “Return to Merchant” button. Shown in Step 5 (FasaPay SCI RESULT Page) when transaction is completed successfully. if using Advance Mode or Secure Mode it will be overridden or automatically filled by store success_url
from the merchant store setting. if no URL specified, there will be no "Return to Merchant" button. |
STRING Must be valid URL |
http://www.merchant.com/success.html https://www.merchant.com/success.html |
O | O | O |
fp_success_method |
Method used by SUCCESS FORM at the
FasaPay SCI RESULT page. If using Advance Mode, it will be overridden or automatically filled by store merchant setting. Default to POST |
STRING POST, GET |
POST GET |
O | O | O |
fp_fail_url |
URL which used as FAIL FORM action
and submitted by “Return to Merchant” button. Shown in FAIL Page which is the Page when user push CANCEL button on: Step 2 - (1) FasaPay SCI Login, Step 3 - (2) FasaPay SCI TRANSFER form, Step 4 - (3) FasaPay SCI CONFIRM Transaction If using Advance Mode or Secure Mode, it will be overridden or automatically filled by store fail_url from merchant store setting. If no URL specified. there will be no "Return to Merchant" button on (5) FasaPay SCI FAIL page. |
STRING Must be valid URL |
http://www.merchant.com/fail.html https://www.merchant.com/fail.html |
O | O | O |
fp_fail_method |
Method used by FAIL FORMat the (5)
FasaPay SCI FAIL page. if using Advance Mode, it will be overridden or automatically filled by store merchant setting. Default to POST |
STRING POST, GET |
POST GET |
O | O | O |
fp_status_url |
URL which used as STATUS_FORM action. (IPN Callback). If using Advance Mode or Secure Mode, it will be overridden or automatically filled by store merchant setting. If no URL specified, No STATUS FORM will be send. |
STRING URL |
http://www.merchant.com/status.html https://www.merchant.com/callback.html |
O | O | O |
fp_status_method |
Method used by STATUS FORM to send
the Transaction Data. if using Advance Mode, it will be overridden or automatically filled by store merchant setting. Default to POST |
STRING POST, GET |
POST GET |
O | O | O |
fp_resend_callback |
How many times would the fp_status_url be called until it return HTTP 2xx | INTEGER 0-9 |
0 5 |
O | O | O |
fp_sci_link |
If present FasaPay will return SECURE MODE
JSON data. Please only include this field to initiate Secure Modeand generate Secure LINK. |
STRING TRUE |
TRUE | O | O | R |
fp_sec_field |
Secure Field array, Merchant can use this field to hold sensitive data that should not be seen by user. Please only use this field to initiate Secure Mode. Any data defined in this field will be delete after successful transaction or secure link expired. |
ARRAY | fp_sec_field[userid] = 12345 fp_sec_field[order][id] = 5555 fp_sec_field[order][crc] = d49283c1 |
O | O | O |
additional field |
Additional field or baggage field. Merchant can add their own field. this fields will be ignored by SCI but will be include in the STATUS FORM, SUCCESS FORM or FAIL FORM. |
MIXED Max: 50 field, and 100 character / field. |
O | O | O |
Note:
O = Optional
R = Required
O = Optional
R = Required
SECURITY CONSIDERATION, in
Simple Mode and Advance Mode The
REQUEST FORM and
(2) FasaPay SCI TRANSFER form are rendered
on user’s browser therefore opening the possibility of data tampering
and sometimes used to create fraudulent transaction, please always
check the integrity of STATUS FORM and/or check the transaction
using FasaPay API Detail Operation
or manually check it on your FasaPay Transaction History.
Fail Form
FAIL FORM is a form that exists in the FAIL page it shown as Back to
Merchant button, it purposes is to send user back to merchant website.
FAIL FORM is optional and only exists if
in the
fp_fail_url is
defined.in the
fp_fail_url page merchant can create a page with
alternative payment method or to continue/retry the payment.
SECURITY CONSIDERATION, while
this form is intended to be used as failed transaction notification,
the data are submitted by user’s browser therefore opening the possibility
of data TAMPERING and can be used to
send misinformation.
| Variable/Input | Description | Type Data (Accepted Value) | Example |
|---|---|---|---|
fp_paidto |
Merchant’s FasaPay Account. If REQUEST FORM fp_acc not empty, fp_paidto
will have the same value as fp_acc. |
STRING FP\d{5,6} FP##### FP###### |
FP12345 FP123456 |
fp_amnt |
The amount that should have been transferred. If REQUEST FORM fp_amnt not empty, this will have the
same value. |
FLOAT | 10.20 1000.00 |
fp_currency |
The currency that should have been used in the transaction.
If REQUEST FORM fp_currency not empty, this will have
the same value. |
STRING (IDR|USD) |
IDR USD |
fp_store |
The Store name that should have been used in the transaction.
If REQUEST FORM fp_store not empty, this will have
the same value. |
STRING | MyStore MyStore |
fp_merchant_ref |
If REQUEST FORM fp_merchant_ref not empty, this
will have the same value. |
STRING | OrderID5558689 |
Additional field |
Additional field that was defined in the REQUEST FORM |
Success Form
SUCCESS FORM is a form that exists in the (4) FasaPay SCI RESULT page
it shown as Return to Merchant button, it purposes is to send user back
to merchant website. SUCCESS FORM is optional and created when a transaction
is completed successfully and fp_success_url are defined.
In the fp_success_url page merchant can create a page with successful payment notification or post payment transaction*.
In the fp_success_url page merchant can create a page with successful payment notification or post payment transaction*.
SECURITY CONSIDERATION, while
this form is intended to be used as successful transaction notification,
the data are submitted by user’s browser therefore opening the possibility
of data TAMPERING and can be used to
send misinformation or FRAUDULENT data.
Please AVOID using this form to validate
a complete transaction. If you need to automated process or validate
transaction, please use the
fp_status_url and
STATUS FORM. 
| Variable/Input | Description | Type Data (Accepted Value) | Example |
|---|---|---|---|
fp_paidto |
Merchant’s FasaPay Account. If REQUEST FORM fp_acc not empty, fp_paidto
will have the same value as fp_acc. |
STRING FP\d{5,6} FP##### FP###### |
FP12345 FP123456 |
fp_paidby |
User’s (Buyer/Payer) FasaPay Account used to transfer fund to
Merchant’s FasaPay Account. If REQUEST FORM fp_acc_from not empty, fp_paidby
should be the same as fp_acc_from |
STRING FP\d{5,6} FP##### FP###### |
FP12345 FP123456 |
fp_amnt |
The amount that should have been transferred. If REQUEST FORM fp_amnt not empty, this will have the
same value. |
FLOAT | 10.20 1000.00 |
fp_fee_amnt |
The amount of fee that FasaPay cut or add from the transaction amount. | FLOAT | 0.01 100 |
fp_fee_mode |
Fee Mode used in the transaction's | STRING (FiR|FiS) |
FiR FiS |
fp_total |
The total Amount that fp_paidto or Merchant receive.
If fp_fee_mode is FiR fp_total
is fp_amnt negative fp_fee_amnt If fp_fee_mode is FiS fp_total
is equal to fp_amnt |
FLOAT | 10.19 900.00 |
fp_currency |
The currency that should have been used in the transaction. If REQUEST FORM fp_currency not empty, this will have
the same value. |
STRING (IDR|USD) |
IDR USD |
fp_batchnumber |
Unique FasaPay Transaction batch number (Identification Number) | STRING TR\d{13,15} TR############# |
TR2016040112345 TR2016031565432 |
fp_store |
The Store name that should have been used in the transaction. If REQUEST FORM fp_store not empty, this will have
the same value. |
STRING | MyStore MyStore |
fp_timestamp |
Date time when the transaction occurred. fp_timestamp is in GMT+7 |
DATETIME STRING (\d{4})-(\d{2})-(\d{2}) (\d{2}):(\d{2}):(\d{2}) YYYY-MM-DD HH:mm:ss |
2016-04-01 11:30:45 |
fp_merchant_ref |
If REQUEST FORM fp_merchant_ref not empty, this
will have the same value. |
STRING | OrderID5558689 |
Additional field |
Additional field that was defined in the REQUEST FORM |
Status Form
POST /status.html HTTP/1.1
Host: www.merchant.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 759
Referer: https://www.fasapay.com/sci
Accept: */*
User-Agent: PHP (Linux) FasaPay FasaPay-IPN FasaPay-SCI
fp_paidto=FI12049&fp_paidby=FI12022&fp_amnt=1200&fp_fee_amnt=100&fp_fee_mode=FiR&fp_total=1100&fp_currency=IDR&fp_batchnumber=KR2017081229853&fp_store=FPID-Merchant&fp_timestamp=2017-08-12+00%3A34%3A46&fp_unix_time=1502472886&fp_merchant_ref=BL002883&fp_sec_field=&track_id=558421222&order_id=BJ2993800-&fp_hash=321bac928504608085458dd5bd5e7ab4b337a657a246b19a5a2f229cd6e8f9d0&fp_hash_2=ce6d86e3e11e4ac2b0ef69c1fa27b6b9b595e33f3cd35e1261116e813b8760e6&fp_hash_list=fp_amnt%3Afp_batchnumber%3Afp_currency%3Afp_fee_amnt%3Afp_fee_mode%3Afp_merchant_ref%3Afp_paidby%3Afp_paidto%3Afp_sec_field%3Afp_store%3Afp_timestamp%3Afp_total%3Afp_unix_time%3Aorder_id%3Atrack_id%3ASCI_SECURITY_WORD&fp_hash_all=954a0d24016b920f4d397b6ce0d7e868e0d15f57038e8476e04b4e44305ee7fc
STATUS FORM is form that contain the transaction detail and some security information. STATUS FORM purpose is to notify Merchant of successful transaction.
STATUS FORM will only be created if fp_store is defined
and exists in the Merchant FasaPay Account Store Setting, and fp_status_url
is defined either in REQUET FORM or in Store Setting.
STATUS FORM contains HASH value (fp_hash, fp_hash_2,
fp_hash_all) that you should validate to ensure the validity
and integrity of STATUS FORM data.
SECURITY CONSIDERATION, STATUS FORM will
only be send from FasaPay Server. To add more layer to security of your
application if possible please only use FasaPay STORE setting to define
fp_status_url and leave fp_status_url and
fp_status_method blank (or dont include them at all) in
the REQUEST FORM. It is also advised that you use IP whitelist and only
accept the data send from FasaPay Server’s IP.For list of FasaPay Server's IP please Contact FasaPay Customer Support
| Variable/Input | Description | Type Data (Accepted Value) | Example |
|---|---|---|---|
fp_paidto |
Merchant’s FasaPay Account. If REQUEST FORM fp_acc not empty, fp_paidto
will have the same value as fp_acc. |
STRING FP\d{5,6} FP##### FP###### |
FP12345 FP123456 |
fp_paidby |
User’s (Buyer/Payer) FasaPay Account used to transfer fund to
Merchant’s FasaPay Account. If REQUEST FORM fp_acc_from not empty, fp_paidby
should be the same as fp_acc_from |
STRING FP\d{5,6} FP##### FP###### |
FP12345 FP123456 |
fp_amnt |
The amount that should have been transferred. If REQUEST FORM fp_amnt not empty, this will have the
same value. |
FLOAT | 10.20 1000.00 |
fp_fee_amnt |
The amount of fee that FasaPay cut or add from the transaction amount. | FLOAT | 0.01 100 |
fp_fee_mode |
Fee Mode used in the transaction's | STRING (FiR|FiS) |
FiR FiS |
fp_total |
The total Amount that fp_paidto or Merchant receive.If fp_fee_mode is FiR fp_total is
fp_amnt negative fp_fee_amntIf fp_fee_mode is FiS fp_total is equal
to fp_amnt |
FLOAT | 10.19 900.00 |
fp_currency |
The currency that should have been used in the transaction. If REQUEST FORM fp_currency not empty, this will have
the same value. |
STRING (IDR|USD) |
IDR USD |
fp_batchnumber |
Unique FasaPay Transaction batch number (Identification Number) | STRING TR\d{13,15} TR############# |
TR2016040112345 TR2016031565432 |
fp_store |
The Store name that should have been used in the transaction. |
STRING | MyStore MyStore |
fp_timestamp |
Date time when the transaction occurred in Year-Month-Date Hour:Minute:Second GMT+7. fp_timestamp is in GMT+7 |
DATETIME STRING (\d{4})-(\d{2})-(\d{2}) (\d{2}):(\d{2}):(\d{2}) YYYY-MM-DD HH:mm:ss |
2016-04-01 11:30:45 |
fp_unix_time |
Time when the transaction occurred in Unix time stamp. | NUMBER | 1459485045 |
fp_merchant_ref |
If REQUEST FORM fp_merchant_ref not empty, this
will have the same value. |
STRING | OrderID5558689 |
fp_sec_field |
If REQUEST FORM fp_sec_field is not empty, this
will have the same value. |
ARRAY | fp_sec_field[userid] = 12345 fp_sec_field[order][id] = 5555 fp_sec_field[order][crc] = d49283c1 |
Additional field |
Additional field that was defined in the REQUEST FORM | ||
fp_hash |
FasaPay SCI v.1 sha256 hash based data verification. Because it is only verifying few most basic data, please use it with care or consider using the most complete form. Please Refer to : Generate FP_HASH for the detail. |
STRING | 8eb7c0e4854aa51c617408a2cfd385b1712e5c9dcd7941ffde31dff052487acc |
fp_hash_2 |
FasaPay SCI v.2 sha256 hash based data verification. Because it is only verifying few most basic data, please use it with care or consider using the most complete form. Please refer to : Generate FP_HASH_2 for the detail. |
STRING | 36b72939f557ba56c2516e6970692bc2b011b3c69ad40d218fc487955a32eed1 |
fp_hash_list |
Field order list used to create fp_hash_all |
STRING | fp_amnt|fp_batchnumber|fp_currency|fp_fee_amnt|fp_fee_mode|fp_merchant_ref|fp_paidby|fp_paidto|fp_sec_field|fp_store|fp_timestamp|fp_total|fp_unix_time|SCI_SECURITY_WORD |
fp_hash_all |
FasaPay SCI v.3 sha256 hash based data verification. Use this to validate all the data send on the STATUS FORM. the order of how to concate the data is defined in fp_hash_list
Please refer to : Generate FP_HASH_ALL
for the detail. |
STRING | 954a0d24016b920f4d397b6ce0d7e868e0d15f57038e8476e04b4e44305ee7fc |
fp_hmac |
Prefixes data with a keyed SHA-256 hash value using the HMAC
method so that it can be detected if it is tampered.This is an alterative way to validate the data posted in the STATUS FORM. Please refer to : Generate FP_HMAC for the detail. |
STRING | 954a0d24016b920f4d397b6ce0d7e868e0d15f57038e8476e04b4e44305ee7fc |
Generate FP_HASH
This is for documentation purpose only. please use fp_hash_2 or fp_hash_all or fp_hmac for more detailed data validation.
SHA-256 HASH is used to generate the value of fp_hash.
fp_hash = SHA-256(StringToHash)
the
StringToHash is colon-separated list derived from the response data and the SECURITY WORD,
StringToHash = fp_paidto+":"+fp_paidby+":"+fp_store+":"+fp_amnt+":"+fp_batchnumber+":"+fp_currency+":"+SECURITY_WORD
Generate FP_HASH_2
SHA-256 HASH is used to generate the value of fp_hash_2.
fp_hash_2 = SHA-256(StringToHash)
the
StringToHash is colon-separated list derived from the response data and the SECURITY WORD,
StringToHash = fp_paidto+":"+fp_paidby+":"+fp_store+":"+fp_amnt+":"+fp_fee_amnt+":"+fp_fee_mode+":"+fp_total+":"+fp_batchnumber+":"+fp_currency+":"+SECURITY_WORD
Generate FP_HASH_ALL
SHA-256 HASH is used to generate the value of fp_hash_all.
fp_hash_all = SHA-256(StringToHash)
the
StringToHash is pipe-separated list derived from the response data and the SECURITY WORD with order governed by fp_hash_list ,
StringToHash = fp_acc+"|"+fp_acc_from+"|"+...+"|"+n
Generate FP_HMAC
prefixed data with keyedSHA-256 hash value using HMAC method.
fp_hmac = HMAC-SHA256(SECURITY_WORD, StringToHash)+StringToHash
the
StringToHash is pipe-separated list derived from the response data and with order governed by fp_hash_list but without the SECURITY_WORD,
StringToHash = fp_acc+"|"+fp_acc_from+"|"+...+"|"+n
Secure Mode Data
Secure Mode is used if you need added security in your data and limiting user from most of the option in the transaction process. The data returned here is used to redirect user and to reconfirm your request data.
| Variable/Input | Description | Type Data (Accepted Value) | Example |
|---|---|---|---|
fp_sec_field |
Secure Field array, |
ARRAY | fp_sec_field[userid] = 12345 fp_sec_field[order][id] = 5555 fp_sec_field[order][crc] = d49283c1 |
fp_sci_link |
The Redirect link to FasaPay SCI. use this to redirect your user to FasaPay | STRING [URL] |
https://sci.fasapay.com/login?mid=4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7 |
fp_sci_mid |
Unique SCI ID | STRING |
4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7 |
fp_sci_randkey |
Random Salt | STRING |
c85bf964430bca83d92519ae773a7994 |
fp_sci_hash |
Prefixes data with a keyed SHA-256 hash value using the HMAC. Please refer to Generate FP_SCI_HASH |
STRING |
cc61cd904f08ffb42724e892cef88d6aab8eec7d4b76651dd280958f3a4c269aFI12049::BJ2993800-:558421222:2000:Purchase of 2 pieces of black clothes with white collar:IDR:POST:https://mc.dv.aevsa.org/fpid/fail.php:FiR:2 pieces of Clothes:https://mc.dv.aevsa.org/fpid/logo.png:BL002883:9:https://fpid.dv.aevsa.org/sci/login?mid=4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7:4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7:c85bf964430bca83d92519ae773a7994:VAL558421222:VAL558421222:POST:https://mc.dv.aevsa.org/fpid/status.php:FPID-Merchant:POST:https://mc.dv.aevsa.org/fpid/success.php |
| Reflection of REQUEST FORM. Please refer to REQUEST FORM |
|||
fp_acc |
Merchant FasaPay Account. | STRING FP\d{5,6} FP##### FP###### |
FP12345 FP123456 |
fp_acc_from |
User/Buyer FasaPay Account. | STRING FP\d{5,6} FP##### FP###### |
FP12345 FP123456 |
fp_store |
The store’s name. | STRING Max : 100 Character |
My Store MyStore |
fp_item |
Name of the item or its amount. | STRING Max: 255 Character |
2 Piece of Apple |
fp_cart |
List of the items, quantity and price of each item. | Array | [ {“item”:”Apple”,”price”:100,”qty”:2}, {“item”:”Berry”,”price”:500,”qty”:5}, ] |
fp_cart[][item] |
Name of the Item. | STRING Max: 100 character |
|
fp_cart[][comment] |
Additional note of the item. | STRING Max: 100 character |
|
fp_cart[][price] |
Price of the Item. | FLOAT Use point (.) as decimal separator. Please remove Thousand Separator. |
|
fp_cart[][qty] |
Quantity of the Item. | Number | |
fp_amnt |
Amount of transaction which should be transferred. | FLOAT Use point (.) as decimal separator. Please remove Thousand Separator. |
5000 12.5 |
fp_fee_mode |
Type Fee used in the transaction | STRING (FiR|FiS|FsC) |
FiR |
fp_currency |
Currency used for transaction. | STRING (IDR|USD) |
IDR |
fp_comments |
Comment/Note for this transaction. | STRING Max: 100 Character |
Payment for 2 pieace of Apple |
fp_merchant_ref |
MERCHANT REFERENCE field. it can be used to hold identification
number from the shopping cart or other use. |
STRING Max: 100 Character |
OrderID5558689 |
fp_success_url |
URL which used as SUCCESS FORM action and submitted by “Return to Merchant” button. | STRING Must be valid URL |
http://www.merchant.com/success.html https://www.merchant.com/success.html |
fp_success_method |
Method used by SUCCESS FORM at the FasaPay SCI RESULT page. | STRING POST, GET |
POST GET |
fp_fail_url |
URL which used as FAIL FORM action
and submitted by “Return to Merchant” button. |
STRING Must be valid URL |
http://www.merchant.com/fail.html https://www.merchant.com/fail.html |
fp_fail_method |
Method used by FAIL FORMat the (5)
FasaPay SCI FAIL page. |
STRING POST, GET |
POST GET |
fp_status_url |
URL which used as STATUS_FORM action. (IPN Callback). | STRING URL |
http://www.merchant.com/status.html https://www.merchant.com/callback.html |
fp_status_method |
Method used by STATUS FORM to send
the Transaction Data. |
STRING POST, GET |
POST GET |
fp_resend_callback |
How many times would the fp_status_url be called until it return HTTP 2xx | INTEGER 0-9 |
0 5 |
Generate FP_SCI_HASH
prefixed data with keyedSHA-256 hash value using HMAC method.
fp_sci_hash = HMAC-SHA256(Key, StringToHash)+StringToHash
Key = SHA256(SECURITY_WORD+fp_sci_randkey)
the StringToHash is pipe-separated list derived from the response data and with order governed by its name,
StringToHash = fp_acc+"|"+fp_acc_from+"|"+fp_aditional_field[order_id]+"|"+...+"|"+n