API integration
      Back to home
      1. Support Guide
      2. Developer Tools
      3. API integration

      Tokenisation API

      Information regarding senangPay's Tokenisation API.

      A. What is Tokenisation API?

      Tokenisation allows merchant to charge customer’s credit card without the need to enter the credit card details (name, card number, expiry date and CVV). To get this feature in your dashboard, you can notify us by sending a ticket from the dashboard. This application shall be subjected to senangPay's approval which we will review at our own discretion. Merchants must provide us the Terms of Contract between merchant and other party users.

       

      B. How does it work?

      Merchant’s customers will enter their credit card details one time only. During this one time process, senangPay will validate the card to make sure the card is valid by charging an amount of RM1 to the card. Not to worry that this amount will be voided later. Meaning that the transaction will never appeared on the customer’s credit card statement.

      If senangPay failed to charge the card, meaning that the card is not valid. Once validated, the card’s info will be stored in senangPay’s server (PCI-DSS certified).

       

      C. API List

      1. Get token

      We have developed a new secure way of generating token for our tokenization payment. In this new feature, card holder is required to pass the OTP (3D secure) check before able to get the payment token. Also, there are few extra layers been added to ensure no non authorised card being used for this tokenization payment feature.

       

      2. Pay credit card using token

      Item Detail
      URL endpoint (POST) https://app.senangpay.my/apiv1/pay_cc
      Sandbox URL endpoint (POST) https://app.senangpay.my/apiv1/pay_cc

       

      2.1 Authorisation Header (Basic Auth)

      Type Basic
      Username < your-merchant-id >
      As listed in the profile settings page.
      Password None, leave empty.

       

      2.2 Request Parameter (All Mandatory)

      Parameter Name Parameter value/description
      name Your customer name. Maximum length is 100.
      Eg. Abu Bin Ali
      email Your customer email.
      Eg. ahmad@google.com
      detail Your order detail. Maximum length is 100. Eg. Order for product id #4
      phone Your customer phone number.
      Eg. 0109876543
      order_id Your order id. Can be number or string. Other character is invalid. Eg. 123
      amount Your order amount in integer format. Convert from decimals as necessary.
      Eg. if the amount is RM 2.00, you need to send 200.
      token Generated token from Get Token API
      hash A string hashed with your secret key (from your profile setting page) in HMAC hashing algorithm with SHA256 in the following format:
      < your merchant id >< name >< email >< phone >< detail >< order_id >< amount >
      *without the < > character

       

      2.3 Response Parameter

      Parameter Name Parameter value / description
      status Your transaction status. 1 if successful. 0 if failed.
      transaction_id Your transaction ID number.
      order_id Your original order ID.
      amount_paid Amount transacted from the credit card in integer format.
      E.g., if the amount transacted is RM 2.00, it will output 200.
      msg Transaction status message. If it was successful you will receive ‘Payment was successful’. If the transaction failed, you will receive the error message in this parameter for further checking.
      hash

      A string hashed with your secret key (from your profile setting page) in HMAC hashing algorithm with SHA256 in the following format:

      < your merchant id >< status_id >< order_id >< transaction_id >< amount_paid >< msg >

      *without the <  > character

      2.4 Sample Response

      {
         "status":1,
         "transaction_id":"14951544812820",
         "order_id":"1234",
         "amount_paid":1000,
         "msg":"Payment was successful",
         "hash":"99b6e99bb0aa663101b1e4f6f8d69c2efb41ef81a5a7aa030bf76a098a03d233"
      }

       

      3. Enable/disable credit card

      Item Detail
      URL endpoint (POST) https://app.senangpay.my/apiv1/update_token_status

       

      3.1 Authorisation header (Basic Auth)

      Type Basic
      Username < your-merchant-id >
      As listed in the profile settings page.
      Password None, leave empty.

       

      3.2 Request Parameter (All Mandatory)

      Parameter Name Parameter value / description
      token Generated token from Get Token API

       

      3.3 Response Parameter

      Parameter Name Parameter value/description
      msg Message for the token is successfully disabled or enabled.
      token Generated token from Get Token API that has been disabled or enabled.

       

      4. Validate payment token

      Item Detail
      URL endpoint (POST) https://app.senangpay.my/apiv1/validate_token

       

      4.1 Authorisation header (Basic Auth)

      Type Basic
      Username < your-merchant-id >
      As listed in the profile settings page.
      Password None, leave empty.

       

      4.2 Request Parameter (All Mandatory)

      Parameter Name Parameter value / description
      token Generated token from Get Token API

       

      4.3 Response Parameter

      Parameter Name Parameter value/description
      status Token validation status. 1 if success. 0 if failed.
      msg Token validation status message. If it was successful you will receive ‘Card has been successfully verified.’. If the validation failed, you will receive the error message in this parameter for further checking.
      token Generated token from Get Token API that has been disabled or enabled. The token will still be the same, nothing changed. We just return the same token here.