Api Specification For Molpay Integration: (Version 13.0)
Uploaded by
poksterApi Specification For Molpay Integration: (Version 13.0)
Uploaded by
poksterAPI SPECIFICATION FOR MOLPAY INTEGRATION
(Version 13.0)
Last updated on 24 Oct 2016
MOLPay Sdn Bhd (948015-X)
B-13-3A, Jalan Multimedia 7/AH,
CityPark, i-City, 40000 Shah Alam,
Selangor Darul Ehsan, Malaysia.
+(603) - 5521 8438
+(603) - 5521 8437
[email protected]
www.molpay.com
Social Networks
https://www.facebook.com/MOLPay
https://twitter.com/molpay
https://plus.google.com/+Molpay/
https://www.instagram.com/molpay_com/
https://www.youtube.com/user/MOLPaySB
https://www.linkedin.com/company/molpay-sdn-bhd
Developer Platforms
https://github.com/MOLPay
Mobile SDK, seamless and inpage checkout, and many shopping carts
payment plugin/module/addon/extension are available
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
1
Table of Contents
INTRODUCTION
PAYMENT FLOW OVERVIEW
SECURITY & DATA INTEGRITY
Verify Key (Public Key)
Secret Key (Private Key)
vcode (in payment request)
skey (in payment response)
SIMULATION
PAYMENT APIs
Initiating Payment
Channel Lists
Cross-Border Multi-Currency Card Processing (Non-3DS)
Multi-Currency Alternative Payment
Malaysia
Singapore
China
Philippines
Indonesia
Vietnam
Australia
Thailand
Payment Page Integration
Getting Payment Result
Payment Status Notification
IPN (Instant Payment Notification)
MOLPay Notification
MOLPay Callback with IPN
Escrow & Mass Payment APIs
Introduction
Escrow Service API
Mass Payment APIs
Payee Profile API
Payee Status API
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
2
Payee Standing Instruction API
Direct Standing Instruction or Payout API
Requery for Payout Standing Instruction
MERCHANT REQUEST APIs
Direct Status Requery
Indirect Status Requery
Daily Transaction Report (Reconciliation)
Settlement Report (Reconciliation)
Capture Request (For pre-auth or authorized transaction)
Reversal Request
Partial Refund
Partial Refund Status Inquiry by TxnID
ERROR CODES
RESOURCES
Logos of all brand name
Mobile SDK/XDK
Supported Shopping Cart
ISO References
Handling JSON/PLAIN TEXT using .NET
Predefined Bank Lists (Updated on 06th Jan 2015)
Settlement/FTT Country & Currency Lists (Updated on 11th Sep 2014)
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
3
INTRODUCTION
Dealing with banks and 3rd party payment gateway suppliers are time-consuming and it might
cost you a lot of money. We also understand that it’s a hassle for those non-technical people to
integrate even one kind of online payment method into their existing website. Thus MOLPay
Sdn Bhd proudly presents MOLPay Secure Online Transaction service to cater your
requirement.
MOLPay is a service to help merchant to sell online and expand rapidly to South-East Asia
market. The service includes:
● Front-end
○ RWD or responsive web design payment page for online buyer to checkout
○ Secure 1-click payment using credit card tokenization technology, to ease the
payment flow for returning purchase
○ Bcard redemption and rewarding loyalty program for buyers
○ Seamless integration to popup bank login page immediately
○ In-page checkout similar to Stripe and airbnb checkout flow that can seamlessly
integrated with merchant system
○ Mobile SDK allows app developers to implement in-app payments
○ Channel switching is available for same currency channels
○ MOLPay CASH payment request which supports offline payment
○ Common shopping carts payment module, plugin, addon, or extension supported
● Back-end
○ Server-to-server Notification to ensure no missing status update
○ Callback to update merchant system on deferred status change
○ Merchant can login to control panel to track payment status
○ Scheduled report on daily/weekly/monthly basis to update merchant via email
○ Real-time visualized reports
General information about this service could be found here:-
● http://www.molpay.com
● https://www.facebook.com/MOLPay/info
● https://github.com/MOLPay
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
4
PAYMENT FLOW OVERVIEW
MOLPay provides hosted payment page service, so that merchant does not require costly and
tech-savvy PCI-DSS compliance at merchant website or system. The integration is as simple as
passing parameters via HTTPS POST or GET method from merchant to MOLPay payment
page. Buyer will proceed their transaction on internet banking or any payment channel. Once
completed, MOLPay will redirect buyer’s front-end back to merchant system, using POST
method.
IPN (instant payment notification) or ACK from merchant could be implemented to confirm the
receiving of payment status update.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
5
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
6
How to identify and report tech-related issue to MOLPay?
Merchant needs to prepare 3 simple and similar payment endpoint scripts to handle the
payment notification from MOLPay:
1. return URL: front-end or browser redirection notification, which are normally not a 100%
reliable and robust channel due to unexpected network connectivity issue or client-side
behavior, such as browser application crashes;
2. notification URL: a server-to-server back-end webhook which is more robust and
crucial, especially for mobile application;
3. callback URL: a special handler webhook to get notified on non-realtime payment
status, such as “deferred status update”, change of payment status, or MOLPay CASH,
which is not a realtime payment naturally.
After the normal payment flow, merchant can always send payment status query request, which
is defined in ReQuery APIs (a.k.a PSQ, Payment Status Query).
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
7
.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
8
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
9
SECURITY & DATA INTEGRITY
MOLPay system uses “merchant ID”, “Verify Key”(public key, a.k.a verification key) and
“Secret Key”(private key) to generate encrypted hash string to ensure data integrity in the
payment process.
Verify Key (Public Key)
MOLPay Verify Key is unique shared secret for MOLPay merchants to generate request to
MOLPay. It is a key or seed for generating one-time hash data, which are known as “vcode”
(merchant’s payment request to MOLPay) or some of the “skey” (APIs’ request from merchant
to MOLPay).
How to get the verify key?
1. Logon to MOLPay Merchant Admin site
2. Go to Merchant Profile tab.
3. Scroll down until you see the word “Verify Key”
4. Get the value and use it on any functions that require it.
xxxxxxxxxxxxxx is Merchant’s Verify Key provided by MOLPay. Please make sure it is at least
32 characters. Merchant may request to change the key when necessary.
Secret Key (Private Key)
MOLPay Secret Key is unique shared secret for MOLPay to generate response to merchant. It
is a key or seed for generating one-time hash data, which are known as “skey” (in MOLPay
payment response) or some of the “VrfKey” (APIs’ response from MOLPay). Merchant or
developer is advised not to disclose this secret key to the public. Once the key is compromised,
please contact MOLPay immediately to reset the key.
Merchants who are using MOLPay mobile xdk MUST use different strings for “Verify Key”(public
key) and “Secret Key”(private key), respectively. Contact MOLPay support team to reset your
keys whenever needed.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
10
vcode (in payment request)
MOLPay vcode is to ensure the data integrity passed from merchant-end (either website or
mobile APP) to MOLPay payment page to avoid man-in-the-middle (MITM) attack. It uses
“Verify Key”(public key) for hashing purpose.
It becomes mandatory for each transaction if “Enable Verify Payment” is activated in merchant
profile as shown:-
vcode was encrypted using MD5 encryption hash function and consists of the following
information (must be set in the following orders) :
1. Transaction amount
2. MOLPay Merchant ID
3. Order ID
4. MOLPay Verify Key
Formula to generate vcode
vcode = md5( amount & merchantID & orderID & verify_key )
Example to generate vcode for PHP developer
<?php
$amount = “27.60”;
$merchantID = “ACME”;
$orderid = “OD8842”;
$verifykey = “xxxxxxxxxxxxxxxxxx”;
// Replace xxxxxxxxxxxxxxxxxx with your MOLPay Verify Key
// vcode formula
$vcode = md5( $amount.$merchantID.$orderid.$verifykey );
// output of the vcode based on above information equals to :
$vcode = “ec7f2c6e85769728a5e9b75893ee6bc1”;
?>
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
11
Verification tool for vcode
To verify whether the vcode generated is correct, merchant may check on this URL:-
https://www.onlinepayment.com.my/MOLPay/query/vcode.php
What happen if merchant passes in an incorrect v code?
An error will be displayed on the payment page as shown:-
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
12
skey (in payment response)
MOLPay skey is a MOLPay generated returning hash string to ensure the payment result data
integrity that passed to merchant system. Merchant MUST verify this hash string properly and
also compare the order ID, currency, amount, and the payment date/time if possible, to protect
self interest from being cheated by hacker/buyer. It uses “Secret Key”(private key) for hashing
process.
erchant Request APIs’
Please note that there are other “skey”s with different formula in M
parameter. Try not to confuse yourself with this payment response “skey”.
skey was encrypted twice using MD5 encryption hash function and consists of the following
information (must be set in the following orders) :
First hash string
1. Transaction ID
2. Order ID
3. Status
4. MOLPay Merchant ID (domain)
5. Amount
6. Currency
Final hash string
1. Payment Date/Time
2. MOLPay Merchant ID (domain)
3. First hash string
4. Approval Code
5. MOLPay Secret Key
6. extraP* (if applicable)
Formula to generate skey
pre_skey = md5( txnID & orderID & status & merchantID & amount & currency)
skey = md5( paydate & merchantID & pre_skey & appcode & secret_key [& extraP] )
Example to generate skey for PHP developer
<?php
$vkey ="xxxxxxxxxx"; //Replace xxxxxxxxxx with your MOLPay Secret_Key
/********************************
*Don't change below parameters
********************************/
$tranID = $_POST['tranID'];
$orderid = $_POST['orderid'];
$status = $_POST['status'];
$merchant = $_POST['domain'];
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
13
$amount = $_POST['amount'];
$currency = $_POST['currency'];
$appcode = $_POST['appcode'];
$paydate = $_POST['paydate'];
$skey = $_POST['skey']; //Security key return by MOLPay
/***********************************************************
* To verify the data integrity sending by MOLPay
************************************************************/
$key0 = md5( $tranID.$orderid.$status.$merchant.$amount.$currency );
$key1 = md5( $paydate.$domain.$key0.$appcode.$vkey );
//key1 : Security key generated on Merchant system
if( $skey === $key1 ){
// If matched, perform another extra checking before approved order
} elseif( $skey != $key1 ){
// If unmatched, reject the order or merchant might send query to
// MOLPay using Merchant requery to double check payment status
// for that particular order.
} else {
// error or exception case
}
?>
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
14
SIMULATION
Merchant should be provided a trial/test/sandbox account or developer account from MOLPay
sales or support, in order to simulate the payment flow for transaction successful and failure
cases.
IT purpose and only faked credit card channel is
Please note that “test_” account is for S
available. “_Dev” account has full range of production feature for advanced integration and UAT
purpose.
A “Dev” or developer account is always ended in “_Dev” while a test account is with prefix
“test_”.
Sandbox or Trial Account
● MOLPay sandbox or trial account provides only simple simulation on credit card
payment for merchant to test successful and failure cases
● Many advanced features are not available in the sandbox environment
● MOLPay does not provide buyer testing account. Merchant needs to use own internet
banking account to do the testing for these payment methods
● For credit card payment testing, it verifies credit card number algorithm (Luhn-10) and no
actual transaction occurs between bank or payment gateway
● Sample for Visa and Mastercard card number for testing:
Pattern MasterCard Visa
Positive Test 5105105105105100 4111111111111111
5555555555554444 4012888888881881
Negative Test 5555555555554440 4111111111111110
Developer Account
For full feature integration and UAT, such as mobile XDK or seamless integration, please
request “Developer” account or “Dev” account from MOLPay support team.
These accounts are all set with a short period of lifespan for integration and testing purpose
only. No settlement are allowed in these accounts.
For real transaction conducted in “Dev” account, please void or cancel the transaction on the
same day. For Malaysian internet banking, only Maybank and CIMB Clicks are allowed to
request cancel. You may request to turn on the channel if it is not enabled in your “Dev”
account.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
15
PAYMENT APIs
Initiating Payment
Passing parameters to MOLPay payment page using POST/GET method via HTTPS or SSL
connection will initiate a payment request from merchant system.
REQUEST URL
https://www.onlinepayment.com.my/MOLPay/pay/MerchantID/Payment_Method
MerchantID: mandatory value to identify MOLPay merchant;
Payment_Method: optional value to identify payment channel; Payment channel can be identified by using
channel filename, or pass the channel parameter to index.php using GET/POST method.
The URL is an API to accept POST/GET parameters from merchant site as well as the payment
page for buyer.
Channel Lists
Cross-Border Multi-Currency Card Processing (Non-3DS)
Default currency: USD
Channel Name filename channel Payable Amount Range Extra Information
Multi-currency card indexH.php credit3 > 1.00 Non-3DS
processing
Multi-Currency Alternative Payment
Default currency: n/a
Channel Name filename channel Payable Amount Range Extra Information
BitX BitX.php BitX > 2.00 Current supported
currencies: MYR
Future supported
currencies: SGD, IDR,
NGN, ZAR
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
16
Malaysia
Default currency: MYR
Channel Name channel channel Payable Amount Extra Information
filename parameter Range / Downtime*
Visa / MasterCard index.php credit > 1.00 credit/debit/prepaid card
JomPay jompay.php jompay > 1.00 direct Internet banking
MyClear FPX fpx.php fpx > 1.00 / 12am - 1am indirect internet banking
Maybank2u maybank2u.php maybank2u > 1.00 / 12:15am - 1am direct internet banking
CIMB Clicks cimb.php cimb > 1.00 / 11:45pm - direct internet banking /
12:45am CIMB credit card
Bank Islam BIMB.php BIMB > 1.00 / 12:15am - 1am direct internet banking
RHB Now rhb.php rhb > 1.00 / 12am - 1am direct internet banking /
RHB credit card
Am Online amb.php amb > 1.00 / 12am - 6am direct internet banking
Alliance Online - - insecure
Hong Leong Connect hlb.php hlb > 1.00 / 11pm - 7am direct internet banking /
HLB credit card
Affin Bank affin-epg.php affin-epg > 2.00 direct internet banking
MOLPoints MOLPoints.php MOLPoints > 1.00 e-wallet
Bcard points Point-BCard.php Point-BCard > 1.00 e-wallet (BCard Loyalty
Redemption)
Gift Card giftcard.php Point-Giftcard > 1.00 e-wallet (MOL Co-brand
Gift Card)
MOLWallet MOLWallet.php MOLWallet > 0.00 e-wallet
Webcash webcash.php webcash > 1.00 e-wallet
Mobile Money mobilemoney.php mobilemoney > 1.00 e-wallet (obsoleted)
Celcom Aircash > 1.00 e-wallet
7-eleven cash.php cash > 1.00 cash
epay at Petronas epay.php epay > 1.00 cash
Senheng/SenQ senheng.php senheng > 1.00 cash (obsoleted)
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
17
Maybank CDM Cash-MBBCDM.php Cash-MBBCDM > 10.00 cash (denominations:
RM10, 20, 50, 100)
PayQuik / Paylink paylink.php paylink > 1.00 cash (denominations:
RM1, 5, 10, 50, 100)
Esapay esapay.php esapay > 1.00 cash
PayPal GPayPal.php GPayPal > 1.00 PayPal
PEx+ by HLBB PEXPLUS.php PEXPLUS > 1.00 direct internet banking
TNG E-WALLET TNG-EWALLET.php TNG-EWALLET > 1.00 e-wallet
MBB-eBPG-(PD or PW) MBB-EzyPay.php MBB-EzyPay Non-installment > 1.00 credit card / Installment
EzyPay Installment: for MBB issued card
3 mon: 200 - 1000
6 mon: 500 - 15,000
12 mon: 500 - 15,000
24 mon: 2,500 - 15,000
PBB-ZIIP installmentPBB-ZIIP PBB-ZIIP non-installment > 1.00 credit card / Installment
.php installment > 500.00 for PBB issued card
* Downtime is for reference only
Remarks
1. Secure 1-click or credit card tokenization function can be enabled in merchant profile to ease next purchase on the same
merchant system.
2. Bcard loyalty reward points for successful transaction can be activated in merchant profile.
3. For certain MOLPay CASH channels, such as 7-eleven and epay, round to the nearest 0 or 5 cents and convenience
store fee applied. Buyer will see the “Payable Amount”, but MOLPay still return the amount passed from merchant system.
Singapore
Default currency: SGD
Channel Name filename channel Payable Amount Range Extra Information
eNETS Debit enetsD.php enetsD > 5.00 indirect internet banking
SAM by SingPost singpost.php singpost > 5.00 cash / bank card / ATM
China
Default currency: USD (for merchant), RMB/CNY (for buyer)
Channel Name filename channel Payable Amount Range Extra Information
(Processing Currency)
Alipay 支付宝 alipay.php alipay > MYR1.00 (USD) e-wallet
Tenpay 财付通 tenpay.php tenpay > MYR1.00 (USD) e-wallet
UnionPay 银联 UPOP.php UPOP > MYR1.00 (CNY/USD/MYR) bank card
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
18
Remarks
1. Due to China National Bank regulations, these channel will accept USD as default processing currency, and buyer
account will be deducted an equivalent amount in RMB. If merchant passes MYR as the currency, MOLPay will convert it
to equivalent amount of USD based on Yahoo! daily FX rate.
Philippines
Default currency: PHP
Channel Name filename channel Payable Amount Range Extra Information
Dragonpay dragonpay.php dragonpay > 50.00 indirect internet banking /
cash
Indonesia
Default currency: IDR
Channel Name filename channel Payable Amount Range Extra Information
Visa / MasterCard credit/debit/prepaid
ATM Network Transfer ATMVA.php ATMVA > 10,000.00 cardless ATM
Virtual Account (VA)
Mandiri direct internet banking
CIMB Niaga direct internet banking
Vietnam
Default currency: VND
Channel Name filename channel Payable Amount Range Extra Information
NganLuong nganluong.php nganluong > 2,000.00 e-wallet
VTC Pay vtcpay.php vtcpay > 1,000.00 e-wallet
Australia
Default currency: AUD
Channel Name filename channel Payable Amount Range Extra Information
POLi payments polipayment.php polipayment >= 1.00 indirect internet banking
Thailand
Default currency: THB
Channel Name filename channel Payable Amount Range Extra Information
PaysBuy paysbuy.php paysbuy > 60
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
19
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
20
Payment Page Integration
This is the traditional integration method which will send the buyer information to MOLPay
hosted payment page. You may want to explore in-page(card only), seamless integration, Direct
Server API, mobile xdk or supported shopping cart payment modules for better user experience
beside this hosted payment page integration on MOLPay github repositories.
Request Parameters
These parameters can be passed using either POST or GET method, or mixed of these
methods. Please use UTF-8 encoding for all values.
Variable / Type Format / Max Length Description / Example
Parameter
merchant_id optional, alphanumeric Merchant ID provided by MOLPay
amount mandatory, integer or up to 2 decimal points The total amount to be paid in one purchase order.
numeric value Configurable to lock this field (Read-only). E.g. 500,
168.99
orderid mandatory, alphanumeric up to 32 characters Invoice or order number from merchant system. Can
set to Read-only field. E.g. BH2018-09rev
bill_name mandatory, alphanumeric, 128 chars Buyer’s full name.
bill_email mandatory, email, 128 chars Buyer’s email address.
bill_mobile mandatory, alphanumeric, 32 chars Buyer’s mobile number or contact number.
bill_desc mandatory, alphanumeric, 64kB Purchase itemized list or order description. Try to
avoid special character so that the payment request is
not blocked by web application firewall.
country mandatory, 2 chars of ISO-3166 country code Buyer’s country
(Alpha-2) E.g. MY for Malaysia.
vcode Conditional if accept open amount or order This is the data integrity protection hash string. Refer
payment, such as virtual terminal is optional vcode section for details.
otherwise is mandatory. 32 chars hexadecimal
string
cur / currency optional, 3 chars ISO-4217 currency code Default payment currency from merchant site. E.g.
MYR, USD, EUR, AUD, SGD, CNY, IDR
channel optional, predefined string. Refer to c hannel Default payment page will be displayed without
column in the Channel Lists. channel specified.
langcode n
optional, predefined string. Currently only e Default language, i.e. English, will be displayed
for English & cn for Simplified Chinese. without langcode specified.
returnurl optional, URL For selected merchant only. Used for multiple return
URL. All URLs must be registered beforehand with
MOLPay.
callbackurl optional, URL Used for multiple callbackurl. All URLs must be
registered beforehand with MOLPay
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
21
cancelurl optional, URL orderid will be sent back to this URL via GET method
if buyer click “Cancel” button to abandon payment
before proceeding. No transaction will be created.
state optional, mandatory for specific channel Buyer’s state
zipcode optional, mandatory for specific channel Buyer’s zipcode or postcode
addr optional, mandatory for specific channel Buyer’s address
s_country optional, mandatory for specific channel Delivery destination country
s_state optional, mandatory for specific channel Delivery destination state
s_zipcode optional, mandatory for specific channel Delivery destination zipcode
s_addr optional, mandatory for specific channel Delivery destination address
is_escrow optional, for escrow payment Set the value to 1 to indicate this is an escrow
payment. Escrow transaction also can be set after the
transaction has been created using escrow API.
tcctype optional, for Credit Card transaction type. Available value is:
SALS = Capture Transaction (Default)
AUTH = Authorize Transaction
installmonth Optional, mandatory for Installment Total month of installment.
E.g: 0, 3, 6, 12, 24
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
22
Examples
Using PHP to generate a GET payment request
<?PHP
echo “<a href= https://www.onlinepayment.com.my/MOLPay/pay/merchantID/?”;
echo “ amount=”.$amount.”&”;
echo “ orderid=”.urlencod e($oid).”&”;
echo “ bill_name=”.urlenc ode($name).”&”;
echo “ bill_email=”.urlencode($email).”&”;
echo “ bill_mobile=”.urle ncode($mobile).”&”;
echo “ bill_desc=”.urlenc ode($description).”&”;
echo “ country=”.$country .”&”;
echo “ vcode=”.$vcode.”> Pay via MOLPay </a>”;
?>
Using PHP to generate a POST form payment request
<?PHP
echo “<form action=’ https://www.onlinepayment.com.my/MOLPay/pay/merchantID/’ method= POST >”;
echo “<input type=hidden name=amount value=’$amount’>”;
echo “<input type=hidden name=orderid value=’$oid’>”;
echo “<input type=hidden name=bill_name value=’$name’>”;
echo “<input type=hidden name=bill_email value=’$email’>”;
echo “<input type=hidden name=bill_mobile value=’$mobile’>;
echo “<input type=hidden name=bill_desc value=’$description’>”;
echo “<input type=hidden name=country value=’$country’>”;
echo “<input type=hidden name=vcode value=’$vcode’>”;
echo “<input type=submit value=’ PAY NOW ’>”;
echo “</form>”;
?>
Using ASP to generate a GET payment request
<%
dim amount, orderid, name, email, mobile, desc, country, vcode
amount = ”18.99”
orderid= ”DG873MH370”
name = ”Mr Albert Anderson”
email = ”[email protected]”
mobile = ”016-2341234”
desc = ”DIGI Reload Coupon RM20 with discount”
country= ”MY”
vcode = md5(amount & merchantID & orderid & xxxxxxxxxxxx )
// REPLACE xxxxxxxxxxxx with MOLPay Verify Key
response.write("<a href= https://www.onlinepayment.com.my/MOLPay/pay/merchantID/?")
response.write(" amount=” & amount)
response.write("& orderid=” & orderid)
response.write("& bill_name=” & name)
response.write("& bill_email=” & email)
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
23
response.write("& bill_mobile=” & mobile)
response.write("& bill_desc=” & desc)
response.write("& country=” & country)
response.write("& vcode=” & vcode)
response.write("’> Pay via MOLPay </a>”)
%>
Using ASP to generate a POST form payment request
<%
dim amount, orderid, name, email, mobile, desc, country, vcode
amount = ”28.99”
orderid= ”DG873MH37o”
name = ”Mr Samuel Lim”
email = ”[email protected]”
mobile = ”86-232389872”
desc = ”Facebook Prepaid Reload Coupon RM30 with discount”
country= ”CN”
vcode = md5(amount & merchantID & orderid & xxxxxxxxxxxx )
// REPLACE xxxxxxxxxxxx with MOLPay Verify Key
response.write(“<form action=’ https://www.onlinepayment.com.my/MOLPay/pay/merchantID/’
method= POST >)
response.write(“<input type=hidden name= amount value=”&amount&”>)
response.write(“<input type=hidden name= orderid value=”&orderid& ”>)
response.write(“<input type=hidden name= bill_name value=”&name& ”>)
response.write(“<input type=hidden name= bill_email value=”&email&”>)
response.write(“<input type=hidden name= bill_mobile value=”&mobile&”>)
response.write(“<input type=hidden name= bill_desc value=”&desc&”>)
response.write(“<input type=hidden name= country value=”&country&”>)
response.write(“<input type=hidden name= vcode value=”&vcode&”>)
response.write(“<input type=submit value=’ PAY NOW ’ ”>)
response.write(“</form>”)
%>
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
24
Getting Payment Result
Payment result will be returned to merchant system once payment is done or user abandons the
payment process. HTTP POST is the only method that MOLPay returns all parameters to
merchant’s return URL for real-time status update, which merchant can configure it in merchant
admin. Merchant system should block all other methods or parameters from untrusted source.
Response Parameters
Variable / Type Format / Max Length Description / Example
Parameter
amount 2 decimal points numeric value The total amount paid or to be paid for CASH payment
request.
orderid alphanumeric, 32 characters Invoice or order number from merchant system.
tranID integer, 10 digits Unique transaction ID for tracking purpose.
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
status 2-digit numeric value 00 for Successful payment, 11 for failure, 22 if
pending.
appcode alphanumeric, 16 chars Bank approval code. Mandatory for Credit Card.
Certain channel returns empty value.
error_code alphanumeric Refer to the Error Codes section.
error_desc text Error message or description.
skey 32 chars hexadecimal string This is the data integrity protection hash string. Refer
skey section for details.
currency 2 or 3 chars (ISO-4217) currency code Default currency is RM (indicating MYR) for Malaysia
channels.
channel predefined string in MOLPay system Channel references for merchant system. Refer to the
below table.
paydate Date/Time( YYYY-MM-DD HH:mm:ss) Date/Time of the transaction.
extraP* optional (on request) JSON encoded string or array
token: 16-digit token for merchant to store;
fraudscreen: 1-digit integer, i.e. 1, 2, 3, 4, 5 (Unknown,
Passed, Alert, Suspicious, Fraud)
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
25
“channel” in response parameter
Card / Wallet Direct / Indirect Internet Banking Kiosk / Over-the-Counter / Cash
Malaysia & International Malaysia Malaysia
credit maybank2u / MB2u cash / Cash-711
paypal cimb / CIMB-Clicks epay
MOLWallet hlb / HLB-ONL Cash-MBBCDM
Point-BCard rhb / RHB-ONL Cash-POS
giftcard amb / AMB-W2W esapay *
MOLPoints affin-epg / Affin-EPG senheng *
webcash alb
BitX fpx / FPX-TPA Singapore
PEXPLUS bankislam / FPX_BIMB singpost
publicbank / FPX_PBB
China jompay Indonesia
alipay ATMVA
Singapore
Thailand enetsD / eNets-D Philippines
paysbuy dragonpay
Thailand
Vietnam TH_SCBPN Thailand
VTCPay TH_KTBPN TH123
nganluong TH_BBLPN TH_CASH
TH_BAYPN
China
unionpay
Australia
polipayment
* obsoleted
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
26
Merchant is recommended to implement IPN(instant payment notification) in order to
acknowledge(ACK) on the receiving of payment status from MOLPay. There are 2 ways to
implement IPN. Please refer to IPN section for details.
Examples of Payment Endpoint
You may use the sample for all 3 endpoints, i.e. return URL, notification URL, and callback URL by making
little modification based on your own requirements.
Sample return URL script for PHP
<?php
$vkey =" xxxxxxxxxxxx"; //Replace xxxxxxxxxxxx with your MOLPay Secret_Key
/********************************
*Don't change below parameters
********************************/
$tranID = $_POST['tranID'];
$orderid = $_POST['orderid'];
$status = $_POST['status'];
$domain = $_POST['domain'];
$amount = $_POST['amount'];
$currency = $_POST['currency'];
$appcode = $_POST['appcode'];
$paydate = $_POST['paydate'];
$skey = $_POST['skey'];
/***********************************************************
* To verify the data integrity sending by MOLPay
************************************************************/
$key0 = md5( $tranID.$orderid.$status.$domain.$amount.$currency );
$key1 = md5( $paydate.$domain.$key0.$appcode.$vkey );
if( $skey != $key1 ) $status= -1; // Invalid transaction.
// Merchant might issue a requery to MOLPay to double check payment status with MOLPay.
if ( $status == "00" ) {
if ( check_cart_amt($orderid, $amount) ) {
/*** NOTE : this is a user-defined function which should be prepared by merchant ***/
// action to change cart status or to accept order
// you can also do further checking on the paydate as well
// write your script here .....
}
} else {
// failure action. Write your script here .....
// Merchant might send query to MOLPay using Merchant requery
// to double check payment status for that particular order.
}
// Merchant is recommended to implement IPN once received the payment status
// regardless the status to acknowledge MOLPay system
?>
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
27
Sample return URL script for ASP/ASP.NET
<!--#include file="md5.asp"--> ’For ASP Developer
<!--#include file="md5.aspx"--> ’For ASP.NET Developer
<%
’ md5.asp/md5.aspx is a 3rd party developed md5 solution for ASP/ASP.NET user
’ You could get the md5.asp/md5.aspx from [email protected]
’ Some variables below are coming from POST method
dim key0, key1, tranID, orderid, status, merchantID, amount, currency, paydate, appcode,
skey
tranID = Request.Form(“tranID”)
orderid = Request.Form(“orderid”)
status = Request.Form(“status”)
merchantID = Request.Form(“domain”)
amount = Request.Form(“amount”)
currency = Request.Form(“currency”)
paydate = Request.Form(“paydate”)
appcode = Request.Form(“appcode”)
skey = Request.Form(“skey”)
key0 = md5( tranID & orderid & status & domain & amount & currency )
key1 = md5( paydate & merchantID & key0 & appcode & ” xxxxxxxxxxxx” )
’Replace xxxxxxxxxxxx with your MOLPay Secret_Key
’ invalid transaction if the key is different. Merchant might issue a requery to MOLPay to
double check payment status with MOLPay.
If skey <> key1 then
status= -1
End if
If status = "00" then
’ checking the validity of cart amount & orderid.
’ if the verification test passed then can update the order status to paid.
’ you can also do further checking on the paydate as well
Else
’ failure action
’ Merchant might send q uery to MOLPay using merchant requery
’ to double check payme nt status for that particular order.
End if
’ Merchant is to implement IPN to ack on receiving of payment status
’ regardless the payment status
%>
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
28
Payment Status Notification
WARNING: Please note that multiple payment notifications (either from return URL, notification
URL or callback URL) for single transaction is possible but this does not mean that the buyer
has paid twice or multiple times.
IPN (Instant Payment Notification)
For normal payment flow, buyer browser is being redirected to MOLPay payment page, financial
institution or channel page(if any), and then return to merchant website or system. User might
close the browser any time throughout the payment process, even the payment is completed,
successfully or failed. Other possible reason that rarely happens is the network connectivity
issue. As a result, MOLPay is unable to update merchant system on the payment status.
Therefore, merchant is recommended to implement IPN to acknowledge(ACK) upon the
receiving of payment status from MOLPay. Otherwise MOLPay will resend the payment status
within a time interval.
Implementation:
Step 1: Logon to merchant admin, choose “Yes” to “Enable Return URL with IPN”, as shown:-
Step 2: There are 2 approaches to ack on MOLPay payment status.
1. Simple front-end snippet: copy the Javascript (JS) code from merchant admin and paste
it on merchant receipt page (which shows payment success/failed), preferable in the
HTML header, before </head> tag.
2. Advanced back-end scripting: merchant is to echo back all the POST variables with one
additional variable, i.e. “treq” with value 1. PHP sample code is provided below.
URL: https://www.onlinepayment.com.my/MOLPay/API/chkstat/returnipn.php
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
29
Step 3: Merchant to prepare a callback URL script, which is similar to return URL script, in order
to receive consequent payment notification in case merchant system misses the first notification
attempt from MOLPay.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
30
Example of back-end IPN script for PHP (combined in return URL script)
<?php
$vkey =" xxxxxxxxxx"; //Replace xxxxxxxxxx with your MOLPay Secret_Key
$_POST[treq]= 1; // Additional parameter for IPN
// Value always 1. Do not change this value.
$tranID = $_POST['tranID'];
$orderid = $_POST['orderid'];
$status = $_POST['status'];
$domain = $_POST['domain'];
$amount = $_POST['amount'];
$currency = $_POST['currency'];
$appcode = $_POST['appcode'];
$paydate = $_POST['paydate'];
$skey = $_POST['skey'];
/***********************************************************
* Snippet code in purple color is the enhancement required
* by merchant to add into their return script in order to
* implement backend acknowledge method for IPN
************************************************************/
while ( list($k,$v) = each($_POST) ) {
$postData[]= $k."=".$v;
}
$postdata = implode("&",$postData);
$url = "https://www.onlinepayment.com.my/MOLPay/API/chkstat/returnipn.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_POST , 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS , $postdata );
curl_setopt($ch, CURLOPT_URL , $url );
curl_setopt($ch, CURLOPT_HEADER , 1 );
curl_setopt($ch, CURLINFO_HEADER_OUT , TRUE );
curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1 );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , FALSE);
$result = curl_exec( $ch );
curl_close( $ch );
/***********************************************************
* To verify the data integrity sending by MOLPay
************************************************************/
$key0 = md5( $tranID.$orderid.$status.$domain.$amount.$currency );
$key1 = md5( $paydate.$domain.$key0.$appcode.$vkey );
if( $skey != $key1 ) $status= -1; // Invalid transaction
if ( $status == "00" ) {
if ( check_cart_amt($orderid, $amount) ) {
// write your script here .....
}
} else {
// failure action
}
?>
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
31
MOLPay Notification
MOLPay notification is back-end instant status update mechanism that send the payment status
notification from MOLPay server to merchant server or system, without relying on any user
agent such as web browser or mobile application.
Notification URL script is similar to return URL script but no output is required for front-end user
interface. This is also known as background URL.
Implementation:
Step 1: Logon to merchant admin and go to merchant profile, fill in the Notification URL.
Notification URL with IPN can be activated for better merchant-payment system communication.
Choose “Yes” to “Enable Notification URL with IPN”, as shown:-
Step 2: Merchant to prepare a notification URL script, which is similar to return URL script.
Step 3: If IPN is disable please ignore this step. Merchant have to echo back all the POST
variables with one additional variable, i.e. “treq” with value 1. PHP sample code is provided
below.
URL: https://www.onlinepayment.com.my/MOLPay/API/chkstat/returnipn.php
MOLPay Notification Parameters (via POST method)
Variable / Parameter Type Format / Max Length Description / Example
nbcb 1 digit numeric Always equal to 2, which indicates this is a
notification from MOLPay.
amount 2 decimal points numeric value The total amount paid or to be paid for CASH
payment request.
orderid alphanumeric, 32 characters Invoice or order number from merchant system.
tranID integer, 10 digits Unique transaction ID for tracking purpose.
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
status 2-digit numeric value 00 for Successful payment;
11 for failure;
22 for pending.
appcode alphanumeric, 16 chars Bank approval code. Mandatory for Credit Card.
Certain channel returns empty value.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
32
error_code alphanumeric Refer to the Error Codes section.
error_desc text Error message or description.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
Refer s key section for details.
currency 2 or 3 chars (ISO-4217) currency code Default currency is RM (indicating MYR) for
Malaysia channels.
channel predefined string in MOLPay system Channel references for merchant system.
paydate Date/Time( YYYY-MM-DD HH:mm:ss) Date/Time of the transaction.
extraP* optional (on request) JSON encoded string or array
token: 16-digit token for merchant to store;
fraudscreen: 1-digit integer, i.e. 1, 2, 3, 4, 5
(Unknown, Passed, Alert, Suspicious, Fraud)
Example of Notification URL with IPN script for PHP
<?php
$vkey =" xxxxxxxxxx"; //Replace xxxxxxxxxx with your MOLPay Secret_Key
$_POST[treq]= 1; // Additional parameter for IPN. Value always set to 1.
/********************************
*Don't change below parameters
********************************/
$nbcb = $_POST['nbcb'];
$tranID = $_POST['tranID'];
$orderid = $_POST['orderid'];
$status = $_POST['status'];
$domain = $_POST['domain'];
$amount = $_POST['amount'];
$currency = $_POST['currency'];
$appcode = $_POST['appcode'];
$paydate = $_POST['paydate'];
$skey = $_POST['skey'];
/***********************************************************
* Snippet code in purple color is the enhancement required
* by merchant to add into their notification script in order to
* implement backend acknowledge method for IPN
************************************************************/
while ( list($k,$v) = each($_POST) ) {
$postData[]= $k."=".$v;
}
$postdata = implode("&",$postData);
$url = "https://www.onlinepayment.com.my/MOLPay/API/chkstat/returnipn.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_POST , 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS , $postdata );
curl_setopt($ch, CURLOPT_URL , $url );
curl_setopt($ch, CURLOPT_HEADER , 1 );
curl_setopt($ch, CURLINFO_HEADER_OUT , TRUE );
curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1 );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , FALSE );
$result = curl_exec( $ch );
curl_close( $ch );
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
33
/***********************************************************
* To verify the data integrity sending by MOLPay
************************************************************/
$key0 = md5( $tranID.$orderid.$status.$domain.$amount.$currency );
$key1 = md5( $paydate.$domain.$key0.$appcode.$vkey );
if( $skey != $key1 ) $status= -1; // Invalid transaction
if ( $status == "00" ) {
if ( check_cart_amt($orderid, $amount) ) {
// write your script here .....
}
} else {
// failure action
}
?>
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
34
MOLPay Callback with IPN
MOLPay Callback is a back-end activity that initiated by MOLPay to notify merchant system
anytime once there are changes on payment status.
Callback URL script is similar to return URL script. Both handling the payment status result;
Unlike the return URL script, callback URL script is to handle defer status update or all other
non-realtime payment status update, such as MOLPay CASH payment.
Merchant must fill the Callback URL in merchant admin in order to get those non-realtime status
update from MOLPay. Callback URL IPN can be activated for better merchant-payment system
communication. Instead of returning all parameters from MOLPay, merchant’s callback script
just need to echo “CBTOKEN:MPSTATOK”, in plaintext, without double quotes or any HTML
tags.
Merchant can actually use the same script for both callback URL & return URL, because it is
only one extra parameter in callback request, in addition to return URL parameters, which is
“nbcb”. Besides, an additional status code, 22 has been introduced for “pending” transaction
status.
Once there is status changed event, MOLPay will POST the following parameters to mechant
callback URL. If MOLPay could not get the actual ACK message from merchant, MOLPay will
retry for maximum 3 times, of 1 hour interval for each attempt.
MOLPay Callback Parameters (via POST method)
Variable / Parameter Type Format / Max Length Description / Example
nbcb 1 digit numeric Always equal to 1, which indicates this is a callback
notification from MOLPay.
amount 2 decimal points numeric value The total amount paid or to be paid for CASH
payment request.
orderid alphanumeric, 32 characters Invoice or order number from merchant system.
tranID integer, 10 digits Unique transaction ID for tracking purpose.
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
status 2-digit numeric value 00 for Successful payment;
11 for failure;
22 for pending.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
35
appcode alphanumeric, 16 chars Bank approval code. Mandatory for Credit Card.
Certain channel returns empty value.
error_code alphanumeric Refer to the Error Codes section.
error_desc text Error message or description.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
Refer s key section for details.
currency 2 or 3 chars (ISO-4217) currency code Default currency is RM (indicating MYR) for
Malaysia channels.
channel predefined string in MOLPay system Channel references for merchant system.
paydate Date/Time( YYYY-MM-DD HH:mm:ss) Date/Time of the transaction.
extraP* optional (on request) JSON encoded string or array
token: 16-digit token for merchant to store;
fraudscreen: 1-digit integer, i.e. 1, 2, 3, 4, 5
(Unknown, Passed, Alert, Suspicious, Fraud)
Example of callback URL script for PHP
<?php
$vkey =" xxxxxxxxxx"; //Replace xxxxxxxxxx with your MOLPay Secret_Key
$nbcb = $_POST['nbcb'];
$tranID = $_POST['tranID'];
$orderid = $_POST['orderid'];
$status = $_POST['status'];
$domain = $_POST['domain'];
$amount = $_POST['amount'];
$currency = $_POST['currency'];
$appcode = $_POST['appcode'];
$paydate = $_POST['paydate'];
$skey = $_POST['skey'];
/***********************************************************
* To verify the data integrity sending by MOLPay
************************************************************/
$key0 = md5( $tranID.$orderid.$status.$domain.$amount.$currency );
$key1 = md5( $paydate.$domain.$key0.$appcode.$vkey );
if( $skey != $key1 ) $status= -1; // Invalid transaction
if ( $status == "00" ) {
if ( check_cart_amt($orderid, $amount) ) {
// write your script here .....
}
} else {
// failure action
// write your script here .....
}
if ( $nbcb==1 ) {
//callback IPN feedback to notified MOLPay
echo “ CBTOKEN:MPSTATOK”; exit;
}else{
//normal IPN and redirection
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
36
}
?>
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
37
Escrow & Mass Payment APIs
Introduction
MOLPay provides escrow payment service for marketplace platform operator and any C2C
business model that requires a reputable brand or business entity as the middleman to protect
the interests of both seller and buyer, and of course, the operator itself, who is also MOLPay
merchant.
Platform operator can activate escrow indicator for all the transactions under one MOLPay
merchant account, or pass the parameter “is_escrow=1” to the normal payment link. If merchant
implements pre-registration for seller or payee, then merchant can pass the payee ID using
parameter “payee_id” with the appropriate value.
Escrow flag can be used by merchant to control the settlement and hold the funds in MOLPay
account for future disbursement or payout purpose.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
38
Mass payment, a.k.a bulk payment, or cash management service, would able to help merchant
or system provider to transfer funds to their agent/reseller/partner from the available balance.
The same service will be used to help marketplace platform operator to distribute the available
balance to the sellers, and to proceed refund to buyer, in case the dispute is unable to resolved.
Mass payment can either be set in merchant admin or passing standing instruction via API.
Merchant can either issue payment to pre-register payees (which normally are the sellers) or
send direct standing instructions without payees registration.
There are a few approaches for merchant or platform operator scenarios
Level of Integration What MOLPay will do? What MOLPay will not do? (Or in
other sense, merchant should do)
1. Escrow Service API ● Judgement on fulfillment ● Commission calculation
● Release fund only for all OKs transactions ● Standing instruction issuing
● Settlement to merchant ● Disbursement of seller funds
● Buyer payment refund on
dispute
1. Escrow Service API ● Judgement on fulfillment ● Commission calculation
2. Direct SI API ● Release fund only for all OKs transactions ● Standing instruction issuing
● Disbursement of seller funds
● Settlement to merchant
● Buyer payment refund on dispute
1. Escrow Service API ● Judgement on fulfillment ● Commission calculation
2. Payee Profile API ● Release fund only for all OKs transactions ● Standing instruction issuing
3. Payee SI API
● Disbursement of seller funds
● Settlement to merchant
● Buyer payment refund on dispute
1. Escrow Service API ● Everything from buyer payment to seller
2. Payee Profile API funds disbursement, settlement & refund,
with charging model including commission calculation
Mass payment can be used to transfer funds to active MOLWallet account, if the payee’s mobile
number and email are matched in MOLWallet user database.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
39
Escrow Service API
MOLPay provides a tri-party confirmation or opposition mechanism for platform operator to set
an initial/default status on all “captured” transaction, the buyer, seller, or operator can later
toggle the payment as OK/KO, in order to “hold” or to release the funds for the following
settlement.
Merchant can send this request to make a specific “captured” transaction become escrow
transaction.
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/escrow/index.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
txnID integer, 10 digits Unique transaction ID for tracking purpose.
merchantID alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
party predefined character S=seller
O=operator
B=buyer
A=all
tag 2-digit characters OK = for confirmation
KO = for opposition
mesg text, 80 chars dispute reason, explanation, or resolution
Response
Variable / Parameter Type Format / Max Length Description / Example
txnID integer, 10 digits Echo of transaction ID
skey 32 chars hexadecimal string Echo of skey
merchantID alphanumeric, 32 chars Merchant ID in MOLPay system.
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
Formula of skey & VrfKey
skey =md5( txnID & merchantID& party & tag & mesg & SHA1(Verify_Key) )
VrfKey=md5( SHA1(Secret_Key) & txnID & skey & merchantID & StatCode )
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
40
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
41
Mass Payment APIs
Payee Profile API
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/MassPayment/payee_profile.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
operator alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
func predefined function new=to add new payee
modify=to replace existing payee information
disable=to freeze a payee
profile JSON encoded string ● payeeID (empty for new registration)
● Type: Individual / Business *
“Bank_” related parameters are not ● Full_Name
required if deposit to MOLWallet (given ● NRIC_Passport
that Email and Mobile number must be ● Company_Name
matched in a valid MOLWallet account) ● ROB_ROC
● Country
Note*: Kindly refer table Predefined ● Bank_Name *
Bank Lists below for B ank_Code value. ● Bank_Code *
● Bank_AccName *
● Bank_AccNumber *
● Email *
● Mobile *
● charging model
● extension verification service
profile_hash Any encoding string used by operator This is operator or merchant internal encryption
method to ensure the data integrity of payee profile,
MOLPay will echo back without manipulating this
hash key
Response
Variable / Parameter Type Format / Max Length Description / Example
payeeID integer, 10 digits Registered payee ID (seller or buyer)
skey 32 chars hexadecimal string Echo of skey
profile_hash Any encoding string used by operator Echo of profile_hash
operator alphanumeric, 32 chars Merchant ID in MOLPay system.
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
42
Formula of skey & VrfKey
skey =md5( func & operator & profile & profile_hash & SHA1(Verify_Key) )
VrfKey=md5( SHA1(Secret_Key) & payeeID & skey & profile_hash & operator & StatCode )
Payee Status API
URL: https://www.onlinepayment.com.my/MOLPay/API/MassPayment/payee_status.php
Method: POST or GET
(Currently not available. This API is to provide the status and verification result of a payee for
both buyer and seller. Buyer payee is only required when there is any dispute cannot be
resolved and a refund request to be proceeded.)
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
43
Payee Standing Instruction API
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/MassPayment/SI_by_payee.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
operator alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
payeeID integer, 10 digits Registered payee ID (seller or buyer)
amount integer or up to 2 decimal points The total amount of mass payment could not
numeric value exceed the settlement funds
currency optional, 3 chars ISO-4217 currency MYR
code
Response
Variable / Parameter Type Format / Max Length Description / Example
payeeID integer, 10 digits Registered payee ID (seller or buyer)
skey 32 chars hexadecimal string Echo of skey
operator alphanumeric, 32 chars Merchant ID in MOLPay system.
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
Formula of skey & VrfKey
skey =md5( operator & payeeID & amount & currency & SHA1(Verify_Key) )
VrfKey=md5( SHA1(Secret_Key) & payeeID & skey & operator & StatCode )
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
44
Direct Standing Instruction or Payout API
This is one-time payout in MOLPay but merchant can use this to schedule periodical payout
instruction to implement recurring payment.
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/MassPayment/direct_SI.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
operator alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
amount integer or up to 2 decimal points The total amount of mass payment could not
numeric value exceed the settlement funds
currency 3 chars (ISO-4217) currency code MYR
payee JSON encoded string. ● Country
All fields are mandatory for bank ● Bank_Name *
account deposit. “Bank_” related ● Bank_Code *
parameters are not required if deposit to ● Bank_AccName *
MOLWallet (given that Email and Mobile ● Bank_AccNumber *
number must be matched in a valid ● Email *
MOLWallet account) ● Mobile *
Note*: Kindly refer table Predefined
Bank Lists below for B ank_Code value.
reference_id alphanumeric, 255 chars Merchant unique reference ID.
notify_url URL This is the URL for merchant to receive payout final
status.
Response
Variable / Parameter Type Format / Max Length Description / Example
skey 32 chars hexadecimal string Echo of skey
operator alphanumeric, 32 chars Merchant ID in MOLPay system.
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
mass_id Integer MOLPay unique mass payment ID
reference_id alphanumeric, 255 chars Merchant unique reference ID.
Formula of skey & VrfKey
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
45
skey =md5( operator & amount & currency & payee & reference_id & notify_url &
SHA1(Verify_Key) )
VrfKey=md5( SHA1(Secret_Key) & skey & operator & StatCode & mass_id & reference_id )
Requery for Payout Standing Instruction
This is for merchant to requery status of payout request.
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/MassPayment/requery_SI.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
operator alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
amount integer or up to 2 decimal points The total amount of mass payment could not
numeric value exceed the settlement funds
currency 3 chars (ISO-4217) currency code MYR
reference_id* alphanumeric, 255 chars Merchant unique reference ID.
mass_id* Integer MOLPay unique mass payment ID.
Note: * Your may send in either one of this value or both. For both, those values must match with MOLPay record.
Response
Variable / Parameter Type Format / Max Length Description / Example
skey 32 chars hexadecimal string Echo of skey
operator alphanumeric, 32 chars Merchant ID in MOLPay system.
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Paid
11 = Failure
22 = Pending
33 = Processing
mass_id Integer MOLPay unique mass payment ID
reference_id alphanumeric, 255 chars Merchant unique reference ID.
Formula of skey & VrfKey
skey =md5( operator & amount & currency & reference_id & mass_id & SHA1(Verify_Key) )
VrfKey=md5( SHA1(Secret_Key) & skey & operator & StatCode & mass_id & reference_id )
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
46
MERCHANT REQUEST APIs
MOLPay has prepared plenty of merchant tools for merchant to initiate status requery and
cancellation/void of transaction. However, merchant is not allowed send in these request too
frequent (maximum 1 query every 5 minutes). Massive incoming query will lead to IP blocking.
The back-end services available are:-
1. Direct Status Requery - merchant send status query to processing bank directly
2. Indirect Status Requery - merchant send status query to MOLPay system
3. Daily Transaction Report - list all transactions of a specific date
4. Reversal Request - merchant to cancel or void a transaction or refund of payment
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
47
Direct Status Requery
This will trigger a query to the payment channel or bank status server and there are cases that bank status
server is not in-sync with its payment server that might give different result, that leads to a defer update and
will trigger a callback from MOLPay server, once the status is synced and changed.
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/gate-query/index.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
amount 2 decimal points numeric value The payment amount
txID integer, 10 digits Unique transaction ID for tracking purpose.
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
url optional, URL for POST response The URL to receive POST response from MOLPay
type optional, 1-digit integer 0 = plain text result (default)
1 = result via POST method
Response
Variable / Parameter Type Format / Max Length Description / Example
Amount 2 decimal points numeric value The payment amount
TranID integer, 10 digits Unique transaction ID for tracking purpose.
Domain alphanumeric, 32 chars Merchant ID in MOLPay system.
Channel alphanumeric, 100 chars Payment via Channel
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
22 = Pending
StatName Word Success: captured, settled, authorized
Failure: failed, cancelled, chargeback, release,
reject/hold, blocked, ReqCancel, ReqChargeback
Pending: Pending, Unknown
Formula of skey & VrfKey
skey =md5( txID & domain & Verify_Key & amount )
VrfKey=md5( Amount & Secret_Key & Domain & TranID & StatCode )
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
48
Example of Direct Status Requery for PHP
<?php
$skey = md5($txID . $domain. “ x xxxxxxxxx” . $amount);
//Replace xxxxxxxxxx with your MOLPay Verify Key
echo “<a
href='https://www.onlinepayment.com.my/MOLPay/API/gate-query/index.php?amount=3899&txID=6523
4&domain=shopA&skey=e1c4c60c99116fffc3ce77bd5fd0f7b1'>
Check payment status for tran ID 65234 </a> ”;
?>
Example of response
type=0 (default output, plain text with linebreaks) type=1 (POST result sent to URL)
StatCode: 00 $_POST [StatCode] = “00”;
StatName: captured $_POST [StatName] = “captured”;
TranID: 65234 $_POST [TranID] = “65234”;
Amount: 3899.00 $_POST [Amount] = “3899.00”;
Domain: shopA $_POST [Domain] = “shopA”;
VrfKey: 456cf69e5bddfe8ed47371096 $_POST[VrfKey:]= “456cf69e5bddfe8ed47371096”;
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
49
Indirect Status Requery
There are several types of status requery on MOLPay system:-
1. Query by unique transaction ID (recommended)
2. Query by order ID & get latest matched result (single output)
3. Query by order ID & get all matched results (batch output)
4. Query by multiple order ID
5. Query by multiple transaction ID
1. Query by unique transaction ID
Request
URL: https://www.onlinepayment.com.my/MOLPay/q_by_tid.php
* Request & Response are same as Direct Status Requery.
2. Query by order ID (single output)
Request
URL: https://www.onlinepayment.com.my/MOLPay/query/q_by_oid.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
amount 2 decimal points numeric value The payment amount
oID alphanumeric, 32 chars Merchant order ID, which might be duplicated.
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
url optional, URL for POST response The URL to receive POST response from MOLPay
type optional, 1-digit integer 0 = plain text result (default)
1 = result via POST method
Response
Variable / Parameter Type Format / Max Length Description / Example
TranID integer, 10 digits Unique transaction ID for tracking purpose.
Amount 2 decimal points numeric value The payment amount
OrderID alphanumeric, 32 chars Unique transaction ID for tracking purpose.
Domain alphanumeric, 32 chars Merchant ID in MOLPay system.
BillingDate date (YYYY-MM-DD HH:mm:ss)
BillingName alphanumeric, 128 chars Buyer full name
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
50
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
22 = Pending
StatName Word Success: captured, settled, authorized
Failure: failed, cancelled, chargeback, release,
reject/hold, blocked, ReqCancel, ReqChargeback
Pending: Pending, Unknown
Formula of skey & VrfKey
skey =md5( oID & domain & Verify_Key & amount )
VrfKey=md5( Amount & Secret_Key & Domain & OrderID & StatCode )
3. Query by order ID (batch output)
Request
URL: https://www.onlinepayment.com.my/MOLPay/query/q_oid_batch.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
oID alphanumeric, 32 chars Merchant order ID, which might be duplicated.
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
url optional, URL for POST response The URL to receive POST response from MOLPay
type optional, 1-digit integer 0 = plain text result (default)
1 = result via POST method
format optional, 1-digit integer, apply for type=1 0 = result string with delimiter ( | )
only 1 = result in array
Response
Variable / Parameter Type Format / Max Length Description / Example
TranID integer, 10 digits Unique transaction ID for tracking purpose.
Amount 2 decimal points numeric value The payment amount
OrderID alphanumeric, 32 chars Unique transaction ID for tracking purpose.
Domain alphanumeric, 32 chars Merchant ID in MOLPay system.
BillingDate date (YYYY-MM-DD HH:mm:ss) Transaction date
BillingName alphanumeric, 128 chars Buyer full name
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
51
StatCode 2-digit numeric 00 = Success
11 = Failure
22 = Pending
StatName Word Success: captured, settled, authorized
Failure: failed, cancelled, chargeback, release,
reject/hold, blocked, ReqCancel, ReqChargeback
Pending: Pending, Unknown
Formula of skey
skey =md5( oID & domain & Verify_Key )
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
52
Example of response
type=0, TranID BillingDate StatCode StatName Amount BillingName
plain text output, 418607 2009-11-26 22 pending 25.00 Lenka
newline with TAB 418603 2009-11-26 00 captured 125.10 Mika
character 418583 2009-11-26 00 captured 71.10 Ciara
type=1, format=0, $_POST[TranID] = “418607|418603|418583”;
POST variables $_POST[BillingDate] = “2009-11-26|2009-11-26|2009-11-26”;
with delimiter “|” $_POST[StatCode] = “22|00|00”;
$_POST[StatName] = “pending|captured|captured”;
$_POST[Amount] = “25.00|125.10|71.10”;
$_POST[BillingName] = “Lenka|Mika|Ciara”;
type=1, format=1, $_POST[0][TranID] = “418607”;
POST variables in $_POST[0][BillingDate] = “2009-11-26”;
array $_POST[0][StatCode] = “22”;
$_POST[0][StatName] = “pending”;
$_POST[0] [Amount] = “25.00”;
$_POST[0] [BillingName] = “Lenka”;
$_POST[1] [TranID] = “418603”;
$_POST[1] [BillingDate] = “2009-11-26”;
$_POST[1] [StatCode] = “00”;
$_POST[1] [StatName] = “captured”;
$_POST[1] [Amount] = “125.10”;
$_POST[1] [BillingName] = “Mika”;
$_POST[2] [TranID] = “418583”;
$_POST[2] [BillingDate] = “2009-11-26”;
$_POST[2] [StatCode] = “00”;
$_POST[2] [StatName] = “captured”;
$_POST[2] [Amount] = “71.10”;
$_POST[2] [BillingName] = “Ciara”;
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
53
4. Query by multiple order ID (batch output)
Request
URL: https://www.onlinepayment.com.my/MOLPay/query/q_by_oids.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
oIDs alphanumeric, up to 100 orders Merchant order ID, must be URLencoded.
delimiter single character, default is “|” Avoid using any symbol that might exist in order ID,
and also any of these: “,%, *, <, >, ? , \, $, &, =
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
url optional, URL for POST response The URL to receive POST response from MOLPay
type optional, 1-digit integer 0 = plain text result (default)
1 = result via POST method
format optional, 1-digit integer, apply for type=1 0 = result string with delimiter ( | )
only 1 = result in array
Response
Variable / Parameter Type Format / Max Length Description / Example
TranID integer, 10 digits Unique transaction ID for tracking purpose.
Amount 2 decimal points numeric value The payment amount
OrderID alphanumeric, 32 chars Unique transaction ID for tracking purpose.
Domain alphanumeric, 32 chars Merchant ID in MOLPay system.
BillingDate date (YYYY-MM-DD HH:mm:ss) Transaction date
BillingName alphanumeric, 128 chars Buyer full name
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
22 = Pending
StatName Word Success: captured, settled, authorized
Failure: failed, cancelled, chargeback, release,
reject/hold, blocked, ReqCancel, ReqChargeback
Pending: Pending, Unknown
Formula of skey and VrfKey
skey =md5( domain & oIDS & Verify_Key )
VrfKey=md5( Amount & Secret_Key & Domain & OrderID & StatCode
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
54
5. Query by multiple transaction ID (batch output)
Request
URL: https://www.onlinepayment.com.my/MOLPay/query/q_by_tids.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
tIDs concatenated transaction ID with “|” up A group of transaction ID, must be URLencoded.
to 100 items
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
url optional, URL for POST response The URL to receive POST response from MOLPay
type optional, 1-digit integer 0 = plain text result (default)
1 = result via POST method
format optional, 1-digit integer, apply for type=1 0 = result string with delimiter ( | )
only 1 = result in array
Response
Variable / Parameter Type Format / Max Length Description / Example
TranID integer, 10 digits Unique transaction ID for tracking purpose.
Amount 2 decimal points numeric value The payment amount
BillingDate date (YYYY-MM-DD HH:mm:ss) Transaction date
BillingName alphanumeric, 128 chars Buyer full name
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
22 = Pending
StatName Word Success: captured, settled, authorized
Failure: failed, cancelled, chargeback, release,
reject/hold, blocked, ReqCancel, ReqChargeback
Pending: Pending, Unknown
Formula of skey and VrfKey
skey =md5( domain & tIDS & Verify_Key )
VrfKey=md5( Amount & Secret_Key & Domain & TranID & StatCode
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
55
Daily Transaction Report (Reconciliation)
MOLPay Daily Transaction Report provides merchant end-of-day (EoD) reconciliation or to
verify all transactions for a specific date.
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/PSQ/psq-daily.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
merchantID alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
rdate date (YYYY-MM-DD) The date of transactions to query
Formula of skey
skey =md5( rdate & merchantID & Verify_Key )
Response
(plain text with newline & TAB characters)
Variable / Parameter Type Format / Max Length Description / Example
BillingDate Date/Time (YYYY-MM-DD HH:mm:ss) Transaction date/time
OrderID alphanumeric, 32 chars Unique transaction ID for tracking purpose.
TranID integer, 10 digits Unique transaction ID for tracking purpose.
Channel Predefined string in MOLPay system Channel references for merchant system.
Amount 2 decimal points numeric value The payment amount
StatCode 2-digit numeric 00 = Success
11 = Failure
22 = Pending
StatName Word Success: captured, settled, authorized
Failure: failed, cancelled, chargeback, release,
reject/hold, blocked, ReqCancel, ReqChargeback
Pending: Pending, Unknown
BillingName alphanumeric, 128 chars Buyer full name
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
56
Settlement Report (Reconciliation)
MOLPay Settlement Report provides merchant the fund transfer or balance clearance and
settlement reconciliation for a specific date.
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/settlement/report.php
Method: GET
Variable / Parameter Type Format / Max Length Description / Example
version Integer, Default value is 1.0. Indicate version of the API. Current version is 2.0. If
not specify, version 1.0 will be use.
merchant_id alphanumeric, 32 chars Merchant ID in MOLPay system
token 32 chars hexadecimal string This is the data integrity protection hash string
date date (YYYY-MM-DD) The date of settlement to query
format json, xml, csv
download optional, set to “y” if Download option is only available for CSV format
Formula of token
token =md5( merchantID & Verify_Key & date )
Response
Field with * only available in 2.0
Value Type Format / Max Length Description / Example
H 1 character Header
Settlement currency 3 chars ISO-4217 currency code Default is MYR
total settlement amount numeric without decimal and comma 5331674 is equal to 53,316.74 in that currency
total settlement fees numeric without decimal and comma Sum of the transfer fees and 3rd party costs
total transaction number numeric Total number of settled transactions
total transaction amount* numeric without decimal and comma Sum of settled transactions amount
Total transaction GST* numeric without decimal and comma Sum of settled transactions GST amount
batch reference number alpha-numeric Reference number of this settlement
date YYYYMMDD The settlement date
bank account alpha-numeric Bank swift code and bank account number
total refund amount* numeric without decimal and comma Sum of the refund and chargeback amount
Total refund GST* numeric without decimal and comma Sum of the refund and chargeback GST amount
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
57
Variable / Parameter Type Format / Max Length Description / Example
D 1 character Data or the content
merchant ID alpha-numeric Merchant ID in MOLPay system
Order ID alpha-numeric Order references for merchant system
Channel / transaction ID alpha-numeric / numeric MOLPay channel / MOLPay transaction ID
Transaction amount numeric Original transaction amount
Transaction fee numeric The MDR or transaction fee or commission
Forex Rate* numeric without 8 digit decimal and Forex rate for multi currency transaction. Eg:
comma 1.00000000 = 100000000
Settlement currency* 3 chars ISO-4217 currency code Default is MYR
Settlement amount numeric This should equal the original transaction amount
minus the fee or commission (calculate first, then
round to two digits after the decimal point).
Transaction date YYMMDD The date of transaction
Transaction currency 3 chars ISO-4217 currency code Default is MYR
Transaction status alpha-numeric The transaction status. Usually SETTLED.
Variable / Parameter Type Format / Max Length Description / Example
R* 1 character Refund / Chargeback Data
merchant ID* alpha-numeric Merchant ID in MOLPay system
Order ID* alpha-numeric Order references for merchant system
Channel / transaction ID* alpha-numeric / numeric MOLPay channel / MOLPay transaction ID
Settlement currency* 3 chars ISO-4217 currency code Default is MYR
Settlement amount* numeric This should equal the original transaction amount
minus the fee or commission (calculate first, then
round to two digits after the decimal point).
Settlement date* YYMMDD The date of settlement
Refund / Chargeback numeric The amount of refund/chargeback requested
Amount*
Error (always in JSON format)
Variable / Parameter Description / Example
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
58
success false
token invalid token
date invalid date format, eg. yyyy-mm-dd
Capture Request (For pre-auth or authorized transaction)
Merchant who uses preauth or authorize payment mode may capture the transaction at later
stage by using this API
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/capstxn/index.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
tranID integer, 10 digits Unique MOLPay transaction ID.
amount 2 decimal points numeric value The total amount paid or to be paid.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
Response (JSON Format)
Variable / Parameter Type Format / Max Length Description / Example
TranID integer, 10 digits Unique transaction ID for tracking purpose.
Domain alphanumeric, 32 chars Merchant ID in MOLPay system.
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
12 = Invalid or unmatched security hash string
13 = Not a credit card transaction
15 = Requested day is on settlement day
16 = Forbidden transaction
17 = Transaction not found
18 = Missing required parameter
19 = Domain not found
StatDate date (YYYY-MM-DD) Response date & time
Formula of skey & VrfKey
skey =md5( txnID & amount & domain & Verify_Key )
VrfKey=md5( Secret_Key & Domain & TranID & StatCode )
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
59
Reversal Request
Merchant can request a reversal of transaction for a “captured” credit card and POS Terminal
payment. For card payment, the transaction can be “void” immediately on the same day before
the bank settlement. Otherwise this API will accept refund request for transaction that happens
within 3 days and the refund or cancellation process will take about 7-14 days after the request
sent. Please note that this API is to send refund request, but not getting the status of refund
process.
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/refundAPI/refund.php
Method: POST or GET
Variable / Parameter Type Format / Max Length Description / Example
txnID integer, 10 digits Unique transaction ID for tracking purpose.
domain alphanumeric, 32 chars Merchant ID in MOLPay system.
skey 32 chars hexadecimal string This is the data integrity protection hash string.
url optional, URL for POST response The URL to receive POST response from MOLPay
type optional, 1-digit integer 0 = plain text result (default)
1 = result via POST method
Response
Variable / Parameter Type Format / Max Length Description / Example
TranID integer, 10 digits Unique transaction ID for tracking purpose.
Domain alphanumeric, 32 chars Merchant ID in MOLPay system.
VrfKey 32 chars hexadecimal string This is the data integrity protection hash string.
StatCode 2-digit numeric 00 = Success
11 = Failure
12 = Invalid or unmatched security hash string
13 = Not a credit card transaction
14 = Transaction date more than 3 days
15 = Requested day is on settlement day
16 = Forbidden transaction
17 = Transaction not found
StatDate date (YYYY-MM-DD) Response date & time
Formula of skey & VrfKey
skey =md5( txnID & domain & Verify_Key )
VrfKey=md5( Secret_Key & Domain & TranID & StatCode )
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
60
The following partial refund related features are only available for limited merchants and
channels only.
Partial Refund
Merchant can request partial refund for a “captured” or “settled” transaction. The refund process
will take about 7-14 days after the request sent.
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/refundAPI/index.php
Method: POST or GET
No Field Name Data Type(Size) M/O Description
1 RefundType a{1} M P - Partial Refund
2 MerchantID a{1..32} M Merchant ID provided by MOLPay
3 RefID n{1..32} M Unique tracking/references ID from merchant
4 TxnID a{1..10} M MOLPay Transaction ID
5 Amount n{10,2} M eg. ‘5.00’ Amount to be refund.
6 BankCode a{8} C Applicable for Online Banking and Physical Payment transaction
only. (Refer to predefined bank lists)
7 BeneficiaryName as{1..100} C Applicable for Online Banking and Physical Payment transaction
only.
8 BeneficiaryAccNo as{1..100} C Applicable for Online Banking and Physical Payment transaction
only.
9 Signature a{32} M This is data integrity protection hash string.
10 mdr_flag n{1} O This is to include or exclude MDR refund to buyer if the amount
is same as bill amount.
Available value is as below:
0 - Include MDR/Full Refund (Default)
1 - Exclude/Reserved MDR
11 notify_url as O This is the URL for merchant to receive refund status
Signature = md5( $RefundType. $MerchantID . $RefID . $TxnID . $Amount . $verify_key );
Response
MOLPay responds JSON format to merchant upon a successful request (positive result)
No Field Name Data Type(Size) M/O Description
1 RefundType a{1} M Content follow merchant request.
2 MerchantID a{1..32} M Content follow merchant request.
3 RefID as{1..100} M Content follow merchant request.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
61
4 RefundID n{1..100} M Refund ID provided by MOLPay
5 TxnID n{10} M Content follow merchant request.
6 Amount n{10,2} M Content follow merchant request.
7 Status n{2} M ‘Pending’ , ‘Rejected’ or ‘Success’
8 Signature a{32} M This is data integrity protection hash string.
Signature = md5( $RefundType . $MerchantID . $RefID . $RefundID . $TxnID . $Amount . $Status . $secret_key );
MOLPay will respond the following in JSON format once error occurs (negative result)
(insert table here)
No Field Name Data Type(Size) Description
1 error_code an{5} Refer to Appendix C
2 error_desc ans{1..255} Refer to Appendix C
Partial Refund Status Inquiry by TxnID
Merchant is able to do status inquiry for refund transaction.
Request
URL: https://www.onlinepayment.com.my/MOLPay/API/refundAPI/q_by_txn.php
Method: POST or GET
No Field Name Data Type(Size) M/O Description
1 TxnID n{10} M MOLPay Transaction ID
2 MerchantID a{1..32} M Merchant ID provided by MOLPay
3 Signature n{1..32} M This is data integrity protection hash string.
Signature = md5( $TxnID . $MerchantID . $verify_key );
Response
MOLPay responds JSON format to merchant upon a successful request (positive result)
No Field Name Data Type(Size) M/O Description
1 TxnID n{10} M Content follow merchant request.
2 RefID as{1..100} M Unique tracking/references ID from merchant
3 RefundID n{1..100} M Refund ID provided by MOLPay
4 Status a{8} M ‘pending’ , rejected’, ‘success’
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
62
5 LastUpdate ans{1..255} M Last update timestamp.
Appendix A : Data Type Details
No Code Description
1 a Letters, A-Za-z
2 n Numbers, 0-9
3 s Symbols, .:|?*,!&_-
4 {x} Fixed length x
5 {y..x} Length range: y – x
6 {y,x} Number range: 0-9. 0-9
Appendix B : M/O Details
No Code Description
1 M Mandatory field.
2 O Optional field.
3 C Conditional field.
Appendix C : Error Code & Description in JSON
No error_code error_desc
1 PR001 Refund Type not found.
2 PR002 MerchantID field is mandatory.
3 PR003 RefID field is mandatory.
4 PR004 TxnID field is mandatory
5 PR005 Amount field is mandatory.
6 PR006 Signature field is mandatory
7 PR007 Merchant ID not found.
8 PR008 Invalid Signature.
9 PR009 Txn ID not found.
10 PR010 Transaction is not settled yet.
11 PR011 Exceed refund amount for this transaction.
12 PR012 Bank information is not applicable for credit channel transaction.
13 PR013 BankCode not found in our database, please contact support.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
63
14 PR014 Bank information is mandatory for non-credit channel transaction.
15 PR015 Server is busy, try again later.
16 PR016 Duplicate RefID found, please provide a unique RefID.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
64
ERROR CODES
Payment Page
Error Code Description
P01 Timeout
P02 Your transaction has been denied due to merchant account issue.
Payment channel is not available for merchant.
P03 Your payment info format not correct !
Incorrect security hash string, check “vcode”.
P04 not allow to process
Incomplete buyer information, check bill_name, bill_mobile, bill_email, orderid, faked mobile such as
0123456789 will be blocked as well
P05 Payment gateway not found
Invalid payment gateway file or channel code.
P06 System is busy now, temporary out of services. Please try again later.
P07 Access Denied. Requestor not authorize.
Merchant URL is not allowed to process payment or not yet registered with MOLPay.
P08 Invalid referral
P09 Duplicate payment is not allowed for this merchant.
Payment with same order ID and amount is not allowed to capture twice.
Cash payment is not allowed to request twice.
P10 Sorry, Your Credit Card Number or CVV or expiration date is not valid
P11 Amount return from bank not match with MOLPay system.
P12 Signature from bank not match.
P21 Massive errors detected from the same IP address
P22 Massive errors detected from the same IP address
P33 System is busy
P403 Invalid payment URL
P404 Invalid merchant ID
P990 Sorry, we're not able to process your request now. You may close this window.
P991 System temporary not available due to security issue
P1813 URL is not allowed
R01 Error in payment process due to empty key
T01 Tokenization error
999 Transaction is blocked
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
65
Due to one of the reason: country restriction, blacklist, exceeds transaction limit
3DS Error
Error Code Description
P3011 This merchant only allows 3DS card
P3089 Invalid 3DS request
P3099 Card not authorized or invalid BIN
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
66
Payment Status Query (PSQ) Error
Error Code Description
Q99 Service blocked due to massive connection. Please send only 1 request every
5 minutes.
Q101 / Q201 Correct skey with invalid data
Q102 / Q202 / Q302 / Q402 / Q502 Incorrect skey
Q203 / Q303 Transaction record not found
Q401 Delimiter error
Error in Merchant Admin
Error Code Description
M0001 Inactive merchant account
M0002 Frozen merchant account
M0003 Merchant account has been purged
M0098 Invalid merchant ID
M0099 Unable to process the request
M1007 Invalid bank account number
M1008 Invalid email
M1009 Invalid bank account number & email
Error in Escrow
Error Code Description
1001 Missing Parameter.
1002 Operator not exist.
1003 Operator info incorrect.
1004 Transaction ID not found.
1005 Invalid parameter value.
Error in Mass Payment
Error Code Description
1001 Missing Parameter.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
67
1002 Operator not exist.
1003 Operator info incorrect.
1004 Profile Type Invalid.
1005 Profile not exist.
1006 Profile inactive.
1007 Value for parameter payee not in valid JSON format.
1008 Insufficient balance.
1009 Record not found.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
68
Error Codes in Channel
MOLPay will add a the following prefix to all credit card and certain internet banking error codes
Credit Card (Paymex, MIGS, etc) CC_
MyClear FPX Internet Banking FPX_
Hong Leong Connect HLB_
Error Code | Description
Credit Card via Paymex
1XX | Invalid input to 3D Secure MPI
2XX | Error related to 3D authentication
3XX | Error related to authorization
4XX | System error or timeout
Error Description Action / Remarks
Code
000 Transaction is successful Merchant to display the confirmation page to cardholder
101 Invalid field passed to 3D Merchant needs to check error description to find out what is
Secure MPI wrong with the field. Authorization/Authentication not carried out.
201 Invalid ACS response Retry the transaction. If error persists, contact issuing bank.
format. Transaction is
aborted.
202 Cardholder failed the 3D Merchant to display error page to cardholder
authentication, password
entered by cardholder is
incorrect and transaction is
aborted
203 3D PaRes has invalid Retry the transaction. If error persists, contact issuing bank.
signature. Transaction is
aborted
300 Transaction not approved Transaction has failed authorization, e.g. due to insufficient credit,
invalid card number, etc.
The actual response code provided by acquiring host can be
found via the View Transaction History web page available to
merchants.
301 Record not found ● Merchant/User has submitted a transaction with invalid
purchase ID
● Merchant/User tried to reverse a previously declined
transaction
302 Transaction not allowed ● Purchase ID not unique due to mismatched card
number and/or transaction amount
● System unable to process reversal due to transaction
has been settled
● System unable to process reversal due to transaction
type is CAPS
● System unable to process previously voided transaction
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
69
303 Invalid Merchant ID Not a valid merchant account
304 Transaction blocked by error Merchant to report error to acquiring bank
901
305 Merchant password is not The error code will be returned if merchant password is not
available available during the VISA 3D authentication,
306 Merchant exceeded count The error code will be returned if the merchant daily transaction
limit count exceeded the predefined daily transaction count limit.
307 Merchant exceeded amount The error code will be returned if the merchant daily transaction
limit amount exceeded the predefined daily transaction amount limit.
308 Merchant exceeded group The error code will be returned if the merchant transaction
count limit exceeded the predefined merchant organization transaction count
limit.
309 Merchant exceeded group The error code will be returned if the merchant transaction
amount limit exceeded the predefined merchant organization transaction
amount limit.
310 Request signature is not The PX_SIG is not append on the PxReq message or PX_SIG is
available blank
311 Request signature The signature of the PxReq is not match with the PxReq message
verification failed
900 3D Transaction timeout Timeout of 3D transaction due to late response from Issuer ACS,
after the predefined 3D timeout set in the application.
901 System Error System unable to complete transaction. Merchant to report error
to acquiring bank.
902 Time out Issuing/acquiring host timeout, transaction is not approved
903 Pxtems no response Transaction has failed to get response from MPI links. The
service not available due to:
● Database connection error
● Network connection error
Host Error
00 | Successful approval/completion or that V.I.P. PIN verification is valid
01 | Refer to card issuer
02 | Refer to card issuer, special condition
03 | Invalid merchant or service provider
04 | Pickup card
05 | Do not honor / Incorrect CVV or 3D password
06 | Error
07 | Pickup card, special condition (other than lost/stolen card)
10 | Partial Approval-Private label
11 | V.I.P. approval
12 | Invalid transaction
13 | Invalid amount (currency conversion field overflow. Visa Cash-invalid
load mount)
14 | Invalid account number (no such number)
15 | No such issuer
19 | Re-enter transaction
21 | No action taken (unable to back out prior transaction)
25 | Unable to locate record in file, or account number is missing from the
inquiry
28 | File is temporarily unavailable
41 | Pickup card (lost card)
43 | Pickup card (stolen card)
51 | Insufficient funds
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
70
52 | No checking account
53 | No savings account
54 | Expired card
55 | Incorrect PIN (Visa Cash-invalid or missing S1 signature)
57 | Transaction not permitted to cardholder (Visa Cash-incorrect routing,
not a load request)
58 | Transaction not allowed at terminal
59 | Suspected fraud"; break;
61 | Activity amount limit exceeded
62 | Restricted card (for example, in Country Exclusion table)
63 | Security violation
65 | Activity count limit exceeded
75 | Allowable number of PIN-entry tries exceeded
76 | Unable to locate previous message (no match on Retrieval Reference
number)
77 | Previous message located for a repeat or reversal, but repeat or
reversal data are in consistent with original message
80 | Invalid date (For use in private label card transactions and check
acceptance transactions)
81 | PIN cryptographic error found (error found by VIC security module
during PIN decryption)
82 | Incorrect CVV/iCVV
83 | Unable to verify PIN
85 | No reason to decline a request for account number verification or
address verification
91 | Issuer unavailable or switch inoperative (STIP not applicable or
available for this transaction)
92 | Destination cannot be found for routing
93 | Transaction cannot be completed; violation of law
96 | System malfunction System malfunction or certain field error conditions
N0 | Force STIP
N3 | Cash service not available
N4 | Cash request exceeds issuer limit
N7 | Decline for CVV2 failure
P2 | Invalid biller information
P5 | PIN Change/Unblock request declined
P6 | Unsafe PIN
Credit Card via MIGS
0 | Transaction Successful
? | Transaction status is unknown
1 | Unknown Error
2 | Bank Declined Transaction
3 | No Reply from Bank
4 | Expired Card
5 | Insufficient funds
6 | Error Communicating with Bank
7 | Payment Server System Error
8 | Transaction Type Not Supported
9 | Bank declined transaction (Do not contact Bank)
A | Transaction Aborted
C | Transaction Cancelled
D | Deferred transaction has been received and is awaiting processing
F | 3D Secure Authentication failed
I | Card Security Code verification failed
L | Shopping Transaction Locked (Please try the transaction again later)
N | Cardholder is not enrolled in Authentication scheme
P | Transaction has been received by the Payment Adaptor and is being
processed
R | Transaction was not processed - Reached limit of retry attempts allowed
S | Duplicate SessionID (OrderInfo)
T | Address Verification Failed
U | Card Security Code Failed
V | Address Verification and Card Security Code Failed
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
71
Y | The cardholder was successfully authenticated.
E | The cardholder is not enrolled.
N | The cardholder was not verified.
U | The cardholder's Issuer was unable to authenticate due to some system
error at the Issuer.
F | There was an error in the format of the request from the merchant.
A | Authentication of your Merchant ID and Password to the ACS Directory
Failed.
D | Error communicating with the Directory Server.
C | The card type is not supported for authentication.
S | The signature on the response received from the Issuer could not be
validated.
P | Error parsing input from Issuer.
I | Internal Payment Server system error.
05 | Fully Authenticated
06 | Not authenticated (cardholder not participating), liability shift
07 | Not authenticated due to a system problem
MyClear FPX Internet Banking
00 | Approved
03 | Invalid Merchant
05 | Seller Account Closed
12 | Invalid Transaction
13 | Invalid Amount
14 | Invalid Buyer Account
20 | Invalid Response
30 | Transaction Not Supported For Model Or Format Error
31 | Invalid Bank
39 | No Credit Bank
45 | Duplicate Seller Order Number
46 | Invalid Seller Exchange Or Seller
47 | Invalid Currency
48 | Transaction Limit Exceeded
51 | Insufficient Funds
53 | No Saving Account
57 | Transaction Not Permitted
61 | Withdrawal Limit Exceeded
65 | Withdrawal Frequency Exceeded
70 | Invalid Serial Number
72 | Duplicate Exchange Order Number
76 | Transaction Not Found
77 | Invalid Buyer Name Or Buyer Id
78 | Decryption Failed
79 | Host Decline When Down
80 | Buyer Cancel Transaction
83 | Invalid Transaction Model
84 | Invalid Transaction Type
85 | Internal Error At Bank System
87 | Debit Failed Exception Handling
88 | Credit Failed Exception Handling
89 | Transaction Not Received Exception Handling
93 | Transaction Cannot Be Completed
96 | System Malfunction
98 | MAC Error
99 | Pending for Authorization (Applies to B2B model)
FE | Internal Error
BC | Transaction Cancelled By Customer
OE | Transaction Rejected As Not In FPX Operating Hours (7 AM To 11 PM)
OF | Transaction Timeout
OA | Session Timeout at FPX Entry Page
SB | Invalid Seller Bank Code
XA | Invalid Source IP Address For B2B Model 2 Transactions
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
72
XE | Invalid Message
XM | Invalid FPX Transaction Model
XN | Transaction Rejected Due To Duplicate Seller Exchange Order Number
XO | Duplicate Exchange Order Number
XS | Seller Does Not Belong To Exchange
XC | Seller Exchange Encryption Error
XI | Invalid Seller Exchange
XB | Invalid Seller Exchange IP
XF | Invalid Number Of Orders
XT | Invalid Transaction Type
XW | Seller Exchange Date Difference Exceeded
1A | Buyer Session Timeout at IB Login Page
1B | Buyer failed to provide the necessary info to login to IB Login page
1C | Buyer choose cancel at Login Page
1D | Buyer session timeout at Account Selection Page
1E | Buyer failed to provide the necessary info at Account Selection Page
1F | Buyer choose cancel at Account Selection Page
1G | Buyer session timeout at TAC Request Page
1H | Buyer failed to provide the necessary info at TAC Request Page
1I | Buyer choose cancel at TAC Request Page
1J | Buyer session timeout at Confirmation Page
1K | Buyer failed to provide the necessary info at Confirmation Page
1L | Buyer choose cancel at Confirmation Page
2A | Transaction Amount Is Lower Than Minimum Limit
Alipay
Error Code Description
ILLEGAL_SIGN Illegal signature
ILLEGAL_ARGUMENT Illegal parameters
HASH_NO_PRIVILEGE No sufficient rights to complete the query
ILLEGAL_SERVICE Service Parameter is incorrect
ILLEGAL_PARTNER Incorrect Partner ID
ILLEGAL_SIGN_TYPE sign_type parameter is incorrect
FOREX_MERCHANT_NOT_SUPPORT_THIS Cannot support this kind of currency
_CURRENCY
ILLEGAL_SECURITY_PROFILE Cannot support this kind of encryption
REPEAT_OUT_TRADE_NO out_trade_no parameter is repeated
ILLEGAL_CURRENCY Currency parameter is incorrect
ILLEGAL_PARTNER_EXTERFACE Service is not activated for this account
SYSTEM_EXCEPTION Contact Alipay technical support for help
ILLEGAL_TIMEOUT_RULE Timeout_rule parameter is incorrect
ILLEGAL_CHARSET Illegal charset
BCard
00 Transaction done without error
01 Invalid Card/invalid owner of card
02 Invalid Merchant
03 Invalid PIN
04 Insufficient Point
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
73
05 PIN Changed Fail
06 Card Is Blocked
07 Card Is Expired
08 Principal Is Currently A Supplementary
09 Supplementary Is Currently A Principal
10 Supplementary Is Already A Supplementary
11 Merge Own Card
12 Transaction Record Does Not Exists/ Invalid Transaction ID
13 Transaction Already Voided
14 Transaction Already Reversed
15 Transaction record more than one or not found
16 Invalid point/amount/bill no
18 Invalid category
19 Card not registered
20 Duplicate Data
21 Web Service Key already setup
22 Invalid Web Service Key
23 Invalid IC
24 Invalid Name
25 Invalid Operation/adjustment
26 Invalid STAN No/ Offline ID
27 Invalid Staff
29 Invalid Date
98 Unexpected Erro r
99 Server Exception
CIMB-Clicks
00 APPROVED OR COMPLETED
01 REFER TO CARD ISSUER
03 INVALID MERCHANT
04 CAPTURE CARD
05 DO NOT HONOR
12 INVALID TRANSACTION
13 INVALID AMOUNT
14 INVALID CARD NUMBER
15 INVALID ISSUER
30 FORMAT ERROR
41 LOST CARD
43 STOLEN CARD
51 INSUFFICIENT FUNDS
52 NO CURRENT ACCOUNT
53 NO SAVING ACCOUNT
54 EXPIRED CARD
55 INVALID PIN
57 TRANSACTION NOT PERMITTED ISS
58 TRANSACTION NOT PERMITTED ACQ
59 SUSPECTED FRAUD
61 EXCEEDS WITHDRAWAL LIMITS
62 RESTRICTED CARD
63 SECURITY VIOLATION
65 EXCEEDS WITHDRAWAL COUNT LIMIT
68 LATE RESPONSE
75 ALLOWABLE PIN TRIES EXCEEDED
80 FORCE PIN CHANGE
81 FORCE PRE-REGISTERED PIN CHANGE
91 SWITCH OR ISSUER INOPERATIVE
92 UNABLE TO ROUTE TRANSACTION
94 DUPLICATE TRANSACTION DETECTED
96 SYSTEM ERROR/ MALFUNCTION/VALIDATION ERROR
Dragonpay
000 Success
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
74
101 Invalid payment gateway id
102 Incorrect secret key
103 Invalid reference number
104 Unauthorized access
105 Invalid token
106 Currency not supported
107 Transaction cancelled
108 Insufficient funds
109 Transaction limit exceeded
110 Error in operation
111 Invalid parameters
201 Invalid Merchant Id
202 Invalid Merchant Password
eNets Debit
“For the online transaction status query feature, the response returned to the
merchant is in the format of <stage>_<responsecode>.”
Stage Code Stage Description
000001 Payment Request from eNETS II to Bank Host
000002 Notification from Bank Host to eNETS II
000003 Acknowledgement from eNETS II to Bank Host
000004 Txn End from Bank Host to eNETS II
000005 Payment Request from Merchant to eNETS II
000006 Notification from eNETS II to Merchant
000007 Acknowledgement from Merchant to eNETS II
000008 Txn End from eNETS II to Merchant
Error Code Description Action / Remarks
00000 Transaction Merchant to proceed with fulfillment of
Successful order.
Note: Full response code should be
000008_000000
20001 Internal System Error Internal processing errors such as Database
unavailability and network problem, etc.
If Gateway returns this status for
Notification Acknowledgement Message, the
Bank will have to initiate a reversal of
the transaction.
20002 Data Validation Error Invalid data sent from either party
The bank will not proceed with the
transaction and will initiate a reversal.
It will inform customer the transaction is
unsuccessful.
20003 XML Related Error Either XML parsing error or invalid/missing
DTD etc.
If Gateway returns this status for
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
75
Notification Acknowledgement Message, DBS
will have to initiate a reversal of the
transaction.
20004 Transaction Failed Transaction is not successful, due to
reasons such as customer has entered
invalid PIN or insufficient funds, etc.
Customer will be notified of the status and
be redirected back to the Merchant page.
20005 Communication Errors Open connection type of errors, broken pipe
errors or timeout errors. For notification
message, the Bank will retry a configurable
number of times.
20006 Digital Certificate Either party’s certificate is either
Errors expired or invalid.
The Bank/Gateway will not accept the
message and if the notification message has
already been sent, the Bank will initiate a
reversal.
20007 Invalid digital Verification of either party’s signature
Signature failed.
The Bank/Gateway will not accept the
message and if the notification message has
already been sent, the Bank will initiate a
reversal.
20008 Session Errors Time out due to customer inactivity.
Customer will not be allowed to proceed and
will be informed that his/her session has
expired. They will then be redirected back
to the Merchant site.
20009 Bank API Inform Banks to reconfigure API.
configuration error
20010 Failed to receive Check Gateway.
acknowledgement from
Gateway
20011 No match for Gateway Double check Gateway public certificates.
public certificate.
30001 Merchant not found in No merchant record in the merchant_profile
Merchant_Profile table.
table Check Gateway database.
30002 Merchant Failure_URL Check Gateway database.
not found in
Merchant_Notify_URL
table.
30003 Unable to retrieve Check Gateway database.
Merchant’s Public key
from Merchant_Cert
table.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
76
30004 Signature Error Unable to verify Merchant signature due to
different keys used.
Merchant to check that the public key sent
to the
Gateway is correct.
30005 Duplicate Transaction The payment request consists of a Merchant
reference code that was used before.
Merchant to advise customer to wait before
trying again.
30006 Merchant Ref Code Merchant to advise customer to wait before
generated is not trying again.
unique.
30007 Unable to insert Check gateway database.
transaction to
MerchantArchive
table.
30008 Unable to save Check gateway database.
transaction to
ASPArchive table.
30009 Unable to insert Check gateway database.
transaction into
Merchant_Txn_Info and
Merchant_DD_Txn_Info
tables.
30010 Unable to insert ASP Check gateway database.
Txn Time into
ASP_Txn_Info table.
30011 Unable to generate Merchant should check the public key of
gateway signature Gateway.
30012 Bank ID not found. Transaction cancelled by user at Gateway’s
Bank selection page.
Merchant can show the same payment page
again.
30013 Bank ID not enabled Fill in the problem log and escalate to
eNETS.
30014 Client-side HTTP Check Gateway HTTP.
error when notifying
Merchant.
30015 Server-side HTTP Check Gateway HTTP.
error when notifying
Merchant.
30016 Merchant Notification Merchant’s notification acknowledgement
Acknowledgement received later than expected turnaround
Timeout time.
30017 Exchange Rate does Required for currency conversion Contact
not exist (Forex RBS and/or verify Rate Retrieval from
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
77
Debit) FXmicropay
30018 Invalid Exchange Rate Required for currency conversion Contact
(Forex Debit) RBS and/or verify Rate Retrieval from
FXmicropay
30019 System does not allow Transaction rejected by switch during
transaction to be initial stage.
processed Possible causes:
- profile is not active
- amount not in range,
- invalid merchant
- invalid currency
- invalid payment mode
- invalid bank id
40001 Unable to retrieve Check Gateway database.
Bank’ URL from
Bank_Profile table.
40002 Merchant Ref code Check that BankMgr is running.
gotten from Bank is
null.
40003 Unable to retrieve Check Gateway database.
Bank’s Public key
from Database
40004 Unable to verify Bank The Gateway will not accept the message.
Signature. Check with the respective bank.
40005 Unable to save Txn Check Gateway database.
End html to
BankArchive table.
40006 Unable to save Txn Check Gateway database.
End html to
ASPArchive table.
40007 Unable to insert Check Gateway database.
transaction into
Log_Merchant_Trans_En
d table.
40008 Unable to update Check Gateway database.
status in
Merchant_Txn_Info
table.
40009 Unable to retrieve Check Gateway database.
Merchant_URL in
Merchant_Notify_URL
table.
40010 Duplicate Txn End The payment request consists of a bank
reference code that was used before.
Bank to advise customer to wait before
trying again.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
78
40011 Transaction timeout The Gateway has no response in specified
time.
Check Gateway itself and link between
Gateway and bank.
40012 Gateway private key has been revoked
40013 Bank private key has been revoked
40014 Merchant private key has been revoked.
40096 System Error
40097 Transaction Not Found
40098 Transaction is not in Stage response code does not align with the
a valid state for transaction status.
this action. Check gateway database
40099 Transaction Transaction cancelled by user at Gateway’s
Unsuccessful Bank selection page.
Merchant can show the same payment page
again.
50001 Registry Access Error Fill in the problem log and escalate to
eNETS
50002 Database Access Error Fill in the problem log and escalate to
eNETS
50003 Page forward Error Fill in the problem log and escalate to
eNETS
60001 Unable to get the CRL Fill in the problem log and escalate to
eNETS.
60002 Unable to send email Fill in the problem log and escalate to
to Administrator eNETS.
60003 Unable to validate Fill in the problem log and escalate to
the merchant eNETS.
Certificate
60004 Unable to update Check the database.
revoked flag in
database for
Merchants
60005 Unable to validate Fill in the problem log and escalate to
the Gateway eNETS.
Certificates
60006 Unable to update Check the database.
revoked flag in
database for Gateway
60007 Unable to validate Fill in the problem log and escalate to
the Bank Certificates eNETS.
60008 Unable to update Check the database.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
79
revoked flag in
database for Banks
60009 No certificate Fill in the problem log and escalate to
Authority ID eNETS.
specified
70001 Unable to connect to Double check password.
the Password Server
70002 Invalid database Key into the correct password.
password
70003 Failed to check Fill in the problem log and escalate to
connection to the eNETS.
database
80001 Error loading data Fill in the problem log and escalate to
into context eNETS.
90001 Invalid URL for Fill in the problem log and escalate to
reloading data into eNETS.
context
1001 Wrong merchant or SS should check whether this merchant’s
customer records are in the database or not.
identification.
1002 Wrong bank PIN keyed- User should key in again.
in by user.
1003 Internet Banking SS should check with the Bank.
transaction failed.
Please check with the
Bank concerned.
1004 Session timeout. Transaction has taken too long or user is
inactive for too long.
Customers will not be allowed to proceed
and will be informed that their session has
expired. They will then be redirected back
to the Merchant site.
1005 Database access Check Gateway database.
error.
1006 Error in re-direction Check Gateway connection with Banks or
of web page. Merchants.
1007 Invalid digital Verification of Gateway signature failed
signature. The Gateway will not accept the message.
1008 Network error. Check Gateway network.
1009 Unable to connect to Call respective bank to check his bank.
bank server.
1010 Error due to user PC shutdown unexpectedly.
1011 User cancelled transaction before completion.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
80
1035 Invalid UMID
Gift Card
Error Code Description
0 Success
1 Failure
2 Invalid ESN
3 Vendor Application Error
4 System Error
5 Card Already Active
6 Card Already Inactive
7 Invalid Request
8 Card Redeemed
9 Invalid Card
10 Card Deactivated
11 Card Suspended
12 Card Activated
13 Invalid Account
14 No Previous Action
15 Card is Active
16 Card is Deactivated
17 Card is Redeemed
18 Card is Not Found
19 Card Locked
20 Delayed Redemption
21 Maximum Transactions Exceeded
22 Invalid XML
23 Network Error
24 Invalid PIN
25 Declined
26 PIN Not Sold
27 PIN Already Sold
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
81
28 Card Expired
29 Card Stolen
30 Card Lost
31 Card Damaged
32 Card Pending
33 PIN Redeemed
34 Invalid/Inactive PIN
35 Card In Use
36 Already Reversed
37 Not Reversible
38 Incorrect Card Status
39 Card Not Active
40 Pin Locked
41 Suspected Fraud
42 Format Error
43 Action Not Supported
44 Card Action Suspended
45 Card is Pending
46 Card is Suspended
47 Card is Expired
48 Card is Stolen
49 Card is Lost
50 Card is Damaged
Multi Currency Credit Card
Error Code Description
GeneralFailure An unspecified error has occurred.
RateOfferNotFound The RateOfferId did not identify a known,
non-expired GoInterpay rate offer.
One common reason for this result is that the
rate offer has expired.
CurrencyNotFound The CustomerCurrency did not correspond to a
supported GoInterpay currency.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
82
CurrencyMismatch The CustomerCurrency specified in the request
did not match the Currency associated with the
specified GoInterpay rate offer.
EmailAddressInvalid The consumer Email was not supplied or was
supplied but was syntactically invalid.
PaymentMethodUnsupported The PaymentMethod did not specify a supported
type, or the merchant does not have access to
the specified type for this payment.
CardNameInvalid The Name in the card details was not valid.
CardNumberInvalid The Number in the card details was not valid
for the specified payment method.
CardYearInvalid The Year in the card details was not valid.
CardMonthInvalid The Month in the card details was not valid.
CardExpired The specified payment card has expired.
CardVerificationCodeInvalid The VerificationCode in the card details was
not valid.
PostalCodeInvalid The consumer PostalCode was not supplied and
is required for the merchant’s GoInterpay
payment processing option, or was supplied but
was syntactically invalid.
CountryInvalid The consumer Country was not supplied and is
required for the merchant’s GoInterpay payment
processing option, or was supplied but was
syntactically invalid.
AmountInvalid A ConsumerPrice or MerchantPrice did not meet
the requirements documented for the request.
AmountLimitExceeded The request contains an amount that exceeds
the amount that GoInterpay is willing to
transact in a single transaction for the
merchant.
PaymentAuthorizationFailed The payment details were syntactically
correct, but the payment processing provider
(or an intermediary) refused to authorize a
payment against the payment details for the
specified amount. This includes the case of
failure to pass payment processor fraud
checks. This also includes the failure of the
payment processing provider to validate
authentication performed by a payment
authentication mechanism (via the Merchant).
Blacklisted The consumer is on the GoInterpay blacklist
and GoInterpay has refused to process the
order.
FraudSuspected Based on the parameters of the order,
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
83
GoInterpay suspects that the order is
fraudulent and/or represents too high a risk
to proceed with processing.
ContractNotFound The specified ContractId is not associated
with the requesting Merchant.
ContractClosed The specified ContractId is closed and cannot
be used to begin new transactions.
ViaAgentInvalid The ViaAgent flag was specified for a payment
method that does not support it.
InstalmentsInvalid A Number was specified for Instalments which
is not between 2 and 12 (inclusive) or
instalments are not available for this order.
BirthDateInvalid The consumer BirthDate was not valid, or is
missing but is required for this order.
NationalIdentifierInvalid The consumer NationalIdentifier was not valid,
or is missing but is required for this order.
PhoneInvalid The consumer Phone was not valid, or is
missing but is required for this order.
RegionInvalid The consumer Region was not valid, or is
missing but is required for this order.
Hong Leong Online
Error Code Description
025999 Insufficient fund in buyer account
014999 Payment not allowed on buyer account or seller account because of
closed, freeze, inactive, dormant or checker declined
040999 Payment not found
059999 Double discard attempt detected
043999 Double debit attempt detected
032999 General error
051999 Debit Failed (Exception Handling)
042999 Unknown error
073999 FPX Switch timeout
056999 Message authentication is failed
052999 Mandatory field is not found
026999 Invalid message request
031999 Bank host down for maintenance
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
84
054999 Double attempt
044999 General error
033999 General error, any other error
0008 Invalid Seller ID
0009 Invalid Seller Account
013999 EXCEED TAC ATTEMPTS
8022 Invalid Transaction
888883 TRANSACTION AMOUNT EXCEEDS ACCOUNT LIMIT
888884 MERCHANT TRANSACTION LIMIT UNAVAILABLE
9905 No response from FPXSwitch
9907 CIB SERVER IS NOT RESPONDING
9908 ERROR GETTING FPXSwitch CONNECTION
9998 INVALID PARAMETER EXCEPTION
9999 SERVER INTERNAL ERROR
999995 Your transaction is still processing
999998 Exceeded transaction limit
031999 System down for maintenance
000007 Invalid mobile number
000008 TAC Request Failed
000009 Your session is invalidated. Login is required.
00001A Buyer session timeout at IB Login Page
00001B Buyer failed to provide the necessary info to login to IB Login
Page
00001C Buyer choose cancel at Login Page
00001D Buyer session timeout at Account Selection Page
00001E Buyer failed to provide the necessary info at Account Selection
Page
00001F Buyer choose cancel at Account Selection Page
00001G Buyer session timeout at TAC Request Page
00001H Buyer failed to provide the necessary info at TAC Request Page
00001I Buyer choose cancel at TAC Request Page
00001J Buyer session timeout at Confirmation Page
00001K Buyer failed to provide the necessary info at Confirmation Page
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
85
00001L Buyer choose cancel at Confirmation Page
Cash Permata Bank
000 Success
100 Invalid merchant ID
101 Empty merchant ID
102 Empty amount
103 Invalid amount (not approved string,dot and comma )
104 Empty orderid
105 Empty bill_name
106 bill_email
107 Empty bill_mobile
108 Empty bill_desc
109 Empty vcode
110 Invalid Authentication Key
111 Empty due_time
113 Invalid
MOLPoints
Error Code Error Description
40001 Required parameter is required. / Parameter format is invalid.
40002 Invalid API Version.
40003 Invalid Currency Code or not supported.
40004 Duplicate Reference Id.
The transaction was refused as a result of a duplicate Reference
Id supplied. Currency Code is not match with previous
transaction.
The transaction was refused as a result of a duplicate Reference
Id supplied. Pin is not match with previous transaction.
40005 Invalid Channel Id.
40006 Invalid Amount.
40007 Invalid PIN.
40008 Invalid Client IP Address.
40009 The transaction was declined by MOL because of possible
fraudulent activity.
40013 Payment Amount Exceed channel maximum accepted amount.
40014 Payment Amount less than channel minimum accepted amount.
40101 Invalid Application Code.
40102 Unauthorized Server IP Address.
40103 Invalid Signature.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
86
40104 Channel Id not permitted.
40400 Payment not found.
PEx Plus
Error Code Description
00000 Successful.
00149 User has not logged in or session expired.
00341 Your session has timed out due to inactivity. Please
login again.
00344 Not a privileged user.
10000 No data found.
44444 Service is not available.
00121 Payment in progress.
00201 QR sales has expired.
00300 QR code has been paired.
30002 Invalid currency.
00102 Invalid amount.
12001 Exceeded daily transaction limit.
00301 Cancellation failed.
00302 Cancellation successful.
01201 Merchant is not valid.
01202 Organisation is not valid.
00903 Batch No. is not valid.
10007 Sorry, we are unable to process your request now.
Please try again later.
10008 Merchant has been deactivated.
10010 Merchant has not subscribed to PEx+ services.
10011 This transaction has been reversed.
10013 Sorry, you are not allowed to perform this action.
10014 Sorry, this transaction cannot be reversed due to
return policy.
PEx+.ERR_PAYMENT.10102 The Payment Transaction is invalid. Please try again.
[10102]
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
87
PEx+.ERR_PAYMENT.10105 The Payment Transaction is invalid. Please try again.
[10105]
PEx+.1000000 No Record Found.
PEx+SD.00412 The transaction amount has exceeded the daily PEx+
transaction limit. [PEX+.0100010]
PEx+SD.00403 Sorry, your transaction has been cancelled. Please
perform another PEx+ payment.
PEx+SD.00404 Sorry, your transaction has expired. Please perform
another PEx+ payment.
PEx+SD.30002 Currency Code is invalid. Please try again.
PEx+SD.01301 Invalid QR scanning. Please perform another PEx+
payment.
PEx+SD.30001 Record Not Found. Please try again later.
PEx+.0100000 Sorry, we are unable to process your request now.
Please try again later. [PEX+.0100000]
PEx+.0100011 Your account balance is insufficient for the
transaction. [PEX+.0100011]
PEx+_rbs.5 Sorry, we are unable to process your request at this
time. Please try again later.
N/A Invalid QR code. Please try again.
Poli Payment
Error Code Description Action / Remarks
1001 Invalid Token The token specified in the request
corresponds to a POLi ID that does not
exist in the database.
There may be an error in the
implementation of POLi™. Check your web
services.
1002 Illegal Token The token specified in the request
corresponds to a POLi ID that does not
belong to the specified merchant.
There may be an error in the
implementation of POLi™. Check your web
services.
1003 Invalid Merchant Code The merchant code specified in the request
does not exist in the database.
There may be an error in the
implementation of POLi™. Check your web
services.
1004 Inactive Merchant The merchant code specified in the request
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
88
corresponds to a merchant that is
inactive.
There may be an error in the
implementation of POLi™. Check your web
services.
1005 Merchant Not The merchant authentication code supplied
Authenticated is not correct or the authentication type
has not been specified in the POLi™
system.
There may be an error in the
implementation of POLi™. Check your web
services.
1006 Deleted Merchant The merchant code specified in the request
corresponds to a merchant that has been
deleted.
There may be an error in the
implementation of POLi™. Check your web
services.
1007 Invalid Currency Code The specified currency code does not exist
in the database.
There may be an error in the
implementation of POLi™. Check your web
services.
1008 Invalid Merchant The specified currency code does not
Currency correspond to an active currency for the
specified merchant.
There may be an error in the
implementation of POLi™. Check your web
services.
1009 Currency System Limit The payment amount in the specified
Exceeded currency has exceeded the system limit for
that currency.
Inform the customer that POLi™ applies
transaction limits for security reasons
and to try another payment limit. Do not
specify the limit.
1010 Currency VAR Limit The payment amount in the specified
Exceeded currency has exceeded the VAR limit for
that currency.
Inform the customer that POLi™ applies
transaction limits for security reasons
and to try another payment limit. Do not
specify the limit.
1011 Currency Merchant The payment amount in the specified
Single Transaction currency has exceeded the merchant’s
Limit Exceeded single transaction limit for that
currency.
Inform the customer that POLi™ applies
transaction limits for security reasons
and to try another payment limit. Do not
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
89
specify the limit.
1012 Currency Merchant The payment amount in the specified
Daily Cumulative currency has exceeded the merchant’s daily
Limit Exceeded cumulative limit for that currency.
Inform the customer that POLi™ applies
transaction limits for security reasons
and to try another payment limit. Do not
specify the limit.
1013 Invalid Merchant The difference between the specified
Established Date Time merchant established time and the system
time is more than 24 hours.
Check your date and time settings.
1014 Invalid URL Format The format of the specified URL is
invalid.
There may be an error in the
implementation of POLi™. Check your web
services.
1015 Invalid timeout value The specified timeout value is less than
the system minimum timeout value.
may be an error in the implementation of
POLi™. Check your web services.
1016 The transaction has The transaction being enquired upon has
expired lapsed past the 15min enquiry window.
Use the Merchant Console to attain the
outcome of this transaction.
1017 Blocked User IP The IP address of the user is blocked,
address restricted or otherwise from a list of
known suspect IP addresses.
Do not try to initiate a transaction
again.
NOTE: Strongly recommend that the user not
be allowed to complete the transaction
using another payment option at the
Merchant’s discretion.
1018 Invalid IP address The IP address is in an invalid format.
format Try again passing in the correct data.
1019 Invalid IP address The IP address is invalid.
Try again passing in the correct data.
1020 No merchant primary The merchant has not set up a primary
account account to be used.
Set up a primary account for the merchant
through the console and try initiating the
transaction again after the change has
been approved.
1021 Invalid Field The specified field contains invalid
Characters characters.
There may be an error in the
implementation of POLi™. Check your web
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
90
services.
1022 Mandatory Field No value is supplied for a mandatory
field.
There may be an error in the
implementation of POLi™. Check your web
services.
1023 Invalid Field Length The specified field has an invalid length.
There may be an error in the
implementation of POLi™. Check your web
services.
1024 Invalid Currency The specified field contains invalid
Amount In Field currency amount.
There may be an error in the
implementation of POLi™. Check your web
services.
1025 Invalid Field Range The value in the field is out of the
allowable range.
There may be an error in the
implementation of POLi™. Check your web
services.
1026 Invalid Transaction The transaction has not followed the
Status anticipated transaction status path.
NOTE: This error should never be returned
to a Merchant. If it does then please
inform Centricom.
1027 Invalid Merchant The Financial Institution Code passed in
Financial Institution is not allowed for this merchant.
There may be an error in the
implementation of POLi™. Check your web
services.
1028 Invalid Financial The Financial Institution Code passed in
Institution Code is not valid.
There may be an error in the
implementation of POLi™. Check your web
services.
1029 Inactive Financial The Financial Institution Code passed in
Institution is not currently active.
There may be an error in the
implementation of POLi™. Check your web
services.
1030 Deleted Financial The Financial Institution Code passed in
Institution has been deleted.
There may be an error in the
implementation of POLi™. Check your web
services.
1031 Invalid Financial The vector for the passed in Financial
Institution Vector Institution Code is not available or
non-existent.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
91
NOTE: This error should never be returned
to a Merchant. If it does then please
inform Centricom
1032 Invalid Transaction The Transaction Status Code passed in is
Status Code not valid.
There may be an error in the
implementation of POLi™. Check your web
services.
2021 Invalid Payment The amount being paid is not equal to the
Amount transaction amount.
The user’s locale can affect the way that
currency amounts are displayed on the
screen. For example, a German locale may
display the amount with a comma rather
than a decimal point. This affects the way
that POLi™ interprets the amount and may
result in a failure. Setting the locale to
En-AU, En-US, or En-GB will rectify this
issue.
8001 Operational Error An operational error occurs but there is
Without Trace no trace information available.
Information Perform the web service again.
8002 Operational Error An operational error occurs and trace
With Trace information is available.
Information Perform the web service again.
8003 Invalid Field The specified field contains invalid
Characters characters.
There may be an error in the
implementation of POLi™. Check your web
services.
8004 Mandatory Field No value is supplied for a mandatory
field.
There may be an error in the
implementation of POLi™. Check your web
services.
8005 Invalid Field Length The specified field has an invalid length.
There may be an error in the
implementation of POLi™. Check your web
services.
8006 Invalid Currency The specified field contains invalid
Amount In Field currency amount.
There may be an error in the
implementation of POLi™. Check your web
services.
8007 Invalid Field Range The value in the field is out of the
allowable range.
There may be an error in the
implementation of POLi™. Check your web
services.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
92
11002 Unable to Send Nudge A nudge sent to the merchant has failed.
The Nudge Notification URL may be publicly
inaccessible or the destination is down or
it takes too long to respond.
12001 Merchant Code Merchant code is empty.
Required Provide a non-empty merchant code.
12002 Merchant Code Length Merchant code length exceeds maximum
number of characters allowed.
Provide a Merchant Code with valid length.
12003 or Invalid Merchant Code Merchant Code doesn’t exist or inactive.
1003 Provide a valid Merchant Code.
12004 Authentication Code Authentication Code is empty.
Required Provide a non-empty Authentication Code.
12005 Authentication Code Authentication Code length exceeds maximum
Length number of characters allowed.
Provide an Authentication Code with valid
length.
12006 or Invalid Provide a valid Authentication Code.
1005 Authentication Code
12010 Request Type is Request Type is empty.
Required Provide a non-empty Request Type.
12011 Request Type Length Request Type length exceeds maximum number
of characters allowed.
Provide a Request Type with a valid
length.
12012 Invalid Request Type Request Type is not valid. It must be
either Manual or Email.
Provide a Request Type set to either
Manual or Email.
12013 Invalid Payment Payment Amount is empty. Either it is
Amount. empty or not a decimal number or decimal
precision exceeds 2 or not in the range of
1.00 and 10000.00
Provide a valid Payment Amount.
12014 Payment Reference is Payment reference is empty.
required Provide a non-empty Payment Reference.
12015 Invalid Payment Payment reference is not valid.
Reference Provide a Payment Reference with a valid
length.
12016 Invalid Confirmation Confirmation Email is either empty or not
Email. one of the values Yes, No.
Provide Confirmation Email with a valid
value.
12017 Invalid Customer Customer Reference is either empty or not
Reference. one of the values Yes, No.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
93
Provide Customer Reference with a valid
value.
12018 Recipient Name is Recipient Name is empty.
required. Provide a non-empty Recipient Name.
12019 Recipient Name Length Recipient Name length exceeds maximum
number of characters allowed.
Provide a Recipient Name with a valid
length.
12020 Invalid Recipient Recipient Name is not valid.
Name. Check invalid characters in the Recipient
Name.
12021 Recipient Email is Recipient Email is empty.
required. Provide a non-empty recipient email.
12022 Recipient Email Recipient Email length exceeds maximum
Length number of characters allowed.
Provide a Recipient Email with a valid
length.
12023 Invalid Recipient Recipient Email is not valid.
Email. Check Recipient Email follows email
address rules.
12024 Email Delivery Email Delivery to Payer failed.
Failed. Check payer email address is valid and
active.
UnionPay
00 Payment is successful.
01 Refer to card issuer.
03 Invalid merchant.
05 Merchant or seller account closed.
06 Issuer card is expired.
09 Request in progress.
12 Invalid transaction.
13 Invalid amount.
14 Invalid buyer account or card information.
17 Buyer cancel transaction.
22 Suspected malfunction.
25 Failure to search an original transaction.
30 Format error or MAC error.
31 Invalid bank.
39 No credit account.
51 Insufficient fund.
53 No saving account.
57 Transaction not permitted.
61 Withdrawal limit exceeded.
65 Withdrawal frequency exceeded.
76 Transaction not found.
77 Invalid buyer name or buyer Id.
79 Host decline when down.
85 Internal error at bank’s system.
87 Debit failed (exception handling).
88 Credit failed (exception handling).
89 Transaction not received (exception handling).
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
94
92 Financial institution or intermediate network facility cannot be found for
routing.
93 Transaction cannot be completed.
FE Internal error.
OE Transaction rejected as not in operating hours.
OF Transaction timeout.
OA Session timeout.
1A Buyer session timeout at bank login page.
1B Buyer failed to provide the necessary info to login to bank login page.
1C Buyer choose cancel at login page.
1D Buyer session timeout at account selection page.
1E Buyer failed to provide the necessary info at account selection page.
1F Buyer choose cancel at account selection page.
1G Buyer session timeout at TAC request page.
1H Buyer failed to provide the necessary info at TAC request page.
1I Buyer choose cancel at TAC request page.
1J Buyer session timeout at confirmation page.
1K Buyer failed to provide the necessary info at confirmation page.
1L Buyer choose cancel at confirmation page.
2A Transaction amount is lower than minimum limit.
Paysbuy
Error Code Description Action / Remark
90 No data is sent inv is null
91 secureCode is incorrect secureCode is incorrect
92 PSBID, email address, or PSBID or email not found
password is incorrect
93 PSBID or email address format PSBID or Username is incorrect
is incorrect, or password is
not entered
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
95
RESOURCES
Logos of all brand name
Merchant may download the logos from http://www.molpay.com/doc/molpaylogos.zip
Mobile SDK/XDK
MOLPay is now ready to be integrated into your mobile apps. We have released Mobile SDK
and XDK library on GitHub and BitBucket. To apply this, kindly contact [email protected]
and provide your MOLPay Merchant ID or Company name, Platform (iOS/Android), Apps Name
in order to register and authorize 3rd party app in MOLPay system.
Supported Shopping Cart
MOLPay have been integrated with many popular shopping carts, globally. Merchant may refer
the complete list on http://www.molpay.com/v3/cart
Some MOLPay payment plugin/add-on/module can be downloaded from GitHub and BitBucket.
ISO References
http://www.iso.org/iso/country_codes.htm
http://en.wikipedia.org/wiki/ISO_3166-1
http://www.iso.org/iso/currency_codes
http://en.wikipedia.org/wiki/ISO_4217
Handling JSON/PLAIN TEXT using .NET
http://stackoverflow.com/questions/36216464/wcf-webinvoke-which-can-accept-content-type-text-plain
Please use the above custom WebContentTypeMapper if you are using .NET, especially when
you encounter this exception message:
The incoming message has an unexpected message format 'Raw’. The expected message
formats for the operation are 'Xml'; 'Json'. This can be because a WebContentTypeMapper
has not been configured on the binding. See the documentation of WebContentTypeMapper
for more details.
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
96
Predefined Bank Lists (Updated on 06th Jan 2015)
Bank Code Bank Name CA/SA & Credit Card Loan H/P
ABNAMYKL THE ROYAL BANK OF SCOTLAND BHD Personal 7,9, Corp. CA 7,9,10
AFBQMYKL ASIAN FINANCE BANK BHD
AGOB9999 BANK PERTANIAN MALAYSIA BHD SPI
AGOBMYK1 BANK PERTANIAN MALAYSIA BHD (AGROBANK) SA 16 17
AIBBMYKL AFFIN ISLAMIC BANK BHD 12, Y 12 12
AISLMYKL AMISLAMIC BANK BHD 13 14 14
ALSRMYK1 ALLIANCE ISLAMIC BANK BHD 15 15 15
AMMB9999 AMINVESTMENT BANK BHD SPI
AMMBMYKL AMINVESTMENT BANK BHD
ARBKMYKL AMBANK BHD 13, Y 14 14
AVSSMYK1 ECM LIBRA INVESTMENT BANK BHD
BIMBMYKL BANK ISLAM BHD 14, Y 14 14
BKCHMYKL BANK OF CHINA (MALAYSIA) BHD 15
BKKBMYKL BANGKOK BANK BHD
BKRMMYK1 BANK KERJASAMA RAKYAT SA 12, Y 12
BMMBMYKL BANK MUAMALAT (M) BHD 14 14, 17 14, 17
BNMAMYKL BANK NEGARA MALAYSIA
BNPA9999 BNP PARIBAS MALAYSIA BHD SPI
BNPAMYKL BNP PARIBAS MALAYSIA BHD CA 16 16
BOFAMY2X BANK OF AMERICA BHD 5-17
BOTKMYKX BANK OF TOKYO-MITSUBISHI BHD 6 6
BSNA9999 BANK SIMPANAN NASIONAL SPI
BSNAMYK1 BANK SIMPANAN NASIONAL SA 16, Y 15 15
CAGA9999 CAGAMAS BHD SPI
CAGAMYK1 CAGAMAS BHD
CHASMYKX J.P. MORGAN CHASE BANK BHD 10 10
CIBBMYKL CIMB BANK BHD 10/14, Y 10, 17 10, 17
CITI9999 CITIBANK BHD SPI
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
97
CITIMYKL CITIBANK BHD Personal 10, Corp. CA 9-16, Y 10-14
COIM9999 CIMB INVESTMENT BANK BHD SPI
COIMMYK1 CIMB INVESTMENT BANK BHD
CTBBMYKL CIMB ISLAMIC BANK BHD 10 10, 17 10, 17
DEUT9999 DEUTSCHE BANK (M) BHD SPI
DEUTMYKL DEUTSCHE BANK (M) BHD 10-14 10-14
EXMB9999 EXPORT IMPORT BANK BHD SPI
EXMBMYKL EXPORT IMPORT BANK BHD
HBMBMYKL HONGKONG BANK MALAYSIA BHD
HDSBMY2P HWANGDBS INVESTMENT BANK BHD
HLBBMYKL HONG LEONG BANK BHD 11/13, Y 11 11
HLIBMYKL HONG LEONG ISLAMIC BANK BHD 11 11 11
HBMBMYKL HSBC BANK MALAYSIA BHD 12, Y 12
HMABMYKL HSBC AMANAH MALAYSIA BHD 12 12-14
ICBKMYKL INDUSTRIAL & COMM. BANK OF CHINA (M) BHD 17/19 17/19
IIMBMYKL INDIA INTERNATIONAL BANK (M) BHD
ISCA9999 ABRAR DISCOUNTS BHD SPI
ISCAMYK1 ABRAR DISCOUNTS BHD
KAFD9999 KAF INVESTMENT BANK BHD SPI
KAFDMYK1 KAF INVESTMENT BANK BHD
KFHOMYKL KUWAIT FINANCE HOUSE 12
KKENMYK1 KENANGA INVESTMENT BANK BHD
KWAPMYK1 KUMPULAN WANG PERSARAAN
KWSPMYK1 KUMPULAN WANG SIMPANAN PEKERJA
MBAM9999 ALLIANCE INVESTMENT BANK BHD SPI
MBAMMYK1 ALLIANCE INVESTMENT BANK BHD
MBBEMYKL MALAYAN BANKING BHD 12 12 12
MBEA9999 MAYBANK INVESTMENT BANK BHD SPI
MBEAMYK1 MAYBANK INVESTMENT BANK BHD
MBISMYKL MAYBANK ISLAMIC BHD 12 12 12
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
98
MFBBMYKL ALLIANCE BANK MALAYSIA BHD 15, Y 15 15
MHCBMYKA MIZUHO CORPORATE BANK (M) BHD CA 10, Y
MIMBMYKL MIMB INVESTMENT BANK BHD
MSME9999 SME BANK MALAYSIA BHD SPI
MSMEMYKL SME BANK MALAYSIA BHD
NBADMYKL NATIONAL BANK OF ABU DHABI MALAYSIA BHD
NOSCMYKL THE BANK OF NOVA SCOTIA BHD
OABBMYKL OCBC AL-AMIN BANK BHD 10 15
OCBCMYKL OCBC BANK (M) BHD 10, Y 15
OSKI9999 OSK INVESTMENT BANK BHD SPI
OSKIMYKL OSK INVESTMENT BANK BHD
PAMBMYK1 AFFIN INVESTMENT BANK BHD
PBBEMYKL PUBLIC BANK BHD 10, Y 15 15
PEMB9999 BANK PEMBANGUNAN MALAYSIA BHD SPI
PEMBMYKL BANK PEMBANGUNAN MALAYSIA BHD
PERDMYK1 HONG LEONG INVESTMENT BANK BHD
PHBMMYKL AFFIN BANK BHD 12, Y 12 12
PIBEMYK1 PUBLIC ISLAMIC BANK BHD 10 15 15
RHBAMYKL RHB ISLAMIC BANK BERHAD 14 14 12
RHBBMYKL RHB BANK BHD 14, Y 14 12
RHBMMYK1 RHB INVESTMENT BANK BHD
RJHIMYKL AL-RAJHI BANK (M) BHD 15, Y 15 15
SCBLMYKX STANDARD CHARTERED BANK BHD Personal 12, Corp. CA 5-17, Y 8
SCSRMYK1 STANDARD CHARTERED SAADIQ BHD
SMBBMYK1 PUBLIC INVESTMENT BANK BHD
SMBCMYKL SUMITOMO MITSUI BANK BHD CA 8
UMBB9999 MIDF AMANAH INVESTMENT BANK BHD SPI
UMBBMYK1 MIDF AMANAH INVESTMENT BANK BHD
UOVBMYKL UNITED OVERSEAS BANK (M) BHD SA 11, CA 10,11, Y 10, 15
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
99
Settlement/FTT Country & Currency Lists (Updated on 11th Sep 2014)
United States USD
United Kingdom GBP, USD
Europe EUR, USD
Japan JPY, USD
New Zealand NZD, USD
Australia AUD, USD
Singapore SGD, USD
Hong Kong HKD, USD
Canada CAD, USD
Brunei BND, USD
Thailand THB, USD
Denmark DKK
Switzerland CHF
China USD, EUR
Korea, Indonesia, India, Taiwan USD ONLY
© 2005 - 2016 MOLPay Sdn Bhd.
All rights reserved. All trademarks are the property of their respective owners.
100
You might also like
- Monetico Paiement Technical Documentation v2.0No ratings yetMonetico Paiement Technical Documentation v2.0114 pages
- Hands-on MuleSoft Anypoint Platform Volume 3: Implement various connectors including Database, File, SOAP, Email, VM, JMS, AMQP, Scripting, SFTP, LDAP, Java and ObjectStoreFrom EverandHands-on MuleSoft Anypoint Platform Volume 3: Implement various connectors including Database, File, SOAP, Email, VM, JMS, AMQP, Scripting, SFTP, LDAP, Java and ObjectStoreNo ratings yet
- Hands-on MuleSoft Anypoint platform Volume 2: MuleSoft Anypoint Studio Payload, Components, Flow Controls, Scopes and Error Handling (English Edition)From EverandHands-on MuleSoft Anypoint platform Volume 2: MuleSoft Anypoint Studio Payload, Components, Flow Controls, Scopes and Error Handling (English Edition)No ratings yet
- Api Specification For Molpay Integration: (Version 13.5)No ratings yetApi Specification For Molpay Integration: (Version 13.5)107 pages
- WeChat Payment API (OverseasCommonModeV1.3)No ratings yetWeChat Payment API (OverseasCommonModeV1.3)108 pages
- OpenID Connect - End-user Identity for Apps and APIs: API-University Series, #6From EverandOpenID Connect - End-user Identity for Apps and APIs: API-University Series, #6No ratings yet
- (Master) ShopeePay Acquiring Service API (Internal Only. Please Export PDF For Partner)No ratings yet(Master) ShopeePay Acquiring Service API (Internal Only. Please Export PDF For Partner)145 pages
- Stripe Payment Integration for Beginners: A Practical Guide to Accepting Payments OnlineFrom EverandStripe Payment Integration for Beginners: A Practical Guide to Accepting Payments OnlineNo ratings yet
- Mobile Ecommerce: How to transform your website into a mobile friendly ecommerce platform!From EverandMobile Ecommerce: How to transform your website into a mobile friendly ecommerce platform!No ratings yet
- Hands-on MuleSoft Anypoint platform Volume 1: Designing and Implementing RAML APIs with MuleSoft Anypoint Platform (English Edition)From EverandHands-on MuleSoft Anypoint platform Volume 1: Designing and Implementing RAML APIs with MuleSoft Anypoint Platform (English Edition)5/5 (1)
- Jolo Cloud API: Domestic Money Transfer: Table of ContentNo ratings yetJolo Cloud API: Domestic Money Transfer: Table of Content16 pages
- MVolaApi-Documentation-API Merchant Pay v1.0No ratings yetMVolaApi-Documentation-API Merchant Pay v1.09 pages
- Blockchain Technology for Paperless Trade Facilitation in MaldivesFrom EverandBlockchain Technology for Paperless Trade Facilitation in MaldivesNo ratings yet
- Quick Installation Guide For PayGate OpenPayAPI PDFNo ratings yetQuick Installation Guide For PayGate OpenPayAPI PDF13 pages
- How to Build an Online Store - eCommerce Project Management: Beginners GuideFrom EverandHow to Build an Online Store - eCommerce Project Management: Beginners GuideNo ratings yet
- StarPay Settlement MPM&Online - v1.5.4 API SpecificationsNo ratings yetStarPay Settlement MPM&Online - v1.5.4 API Specifications38 pages
- Ultimate Snowflake Architecture for Cloud Data WarehousingFrom EverandUltimate Snowflake Architecture for Cloud Data WarehousingNo ratings yet
- Architecture Theory Course Notes Univ of Auckland PDF67% (3)Architecture Theory Course Notes Univ of Auckland PDF230 pages
- Parative Stylistics of French and English: A Methodology For Translation. Amsterdam/PhilaNo ratings yetParative Stylistics of French and English: A Methodology For Translation. Amsterdam/Phila2 pages
- Senior Bal Vigyan 2024- 2025 Social Science FinalNo ratings yetSenior Bal Vigyan 2024- 2025 Social Science Final10 pages
- Unit 6 Algorithms. Programming Languages: Start-Up 1. Answer The QuestionsNo ratings yetUnit 6 Algorithms. Programming Languages: Start-Up 1. Answer The Questions11 pages
- Urdu As A First Language - The Impact of Script On Reading in TheNo ratings yetUrdu As A First Language - The Impact of Script On Reading in The127 pages
- How to Pass the CCAT Grade 3 Test in 2022No ratings yetHow to Pass the CCAT Grade 3 Test in 202217 pages
- Large N Partition Functions of 3D Holographic SCFTS: Nikolay Bobev, Junho Hong, and Valentin ReysNo ratings yetLarge N Partition Functions of 3D Holographic SCFTS: Nikolay Bobev, Junho Hong, and Valentin Reys58 pages
- Irregular Verb Wordsearch: Proff's English WorldNo ratings yetIrregular Verb Wordsearch: Proff's English World1 page
- The Essential Tagore 1st Edition Rabindranath Tagore download pdf100% (5)The Essential Tagore 1st Edition Rabindranath Tagore download pdf81 pages
- Design Thinking: Needfinding and Empathy: Dr. Mohamed K. WatfaNo ratings yetDesign Thinking: Needfinding and Empathy: Dr. Mohamed K. Watfa48 pages
- Lecture6,7-Logic Design - Transistors To Gates-FinalNo ratings yetLecture6,7-Logic Design - Transistors To Gates-Final46 pages
- Sanskrit Manuscripts in The Turfan Collection100% (1)Sanskrit Manuscripts in The Turfan Collection14 pages
- Summative Assessment 2 Midterm Examination (Tiongco)No ratings yetSummative Assessment 2 Midterm Examination (Tiongco)4 pages
