Payment solution ID 2

Overview

• Creating payments
• Creating payouts

Certificate Setup

To generate API certificate for payment, visit: https://merchant.alikassa.com/cabinet/form/setting-api-certs

Save the archive and unpack to get:

• password.txt
• private.pem
• public.pem

We keep only public.pem for signature verification.

Signature Generation

$data = json_encode($data);

$privateKey = openssl_pkey_get_private(
    file_get_contents('private.pem'),
    file_get_contents('password.txt')
);

if ($privateKey === false) {
    throw new \Exception('Error cert.');
}

openssl_sign($data, $sign, $privateKey);
$sign = base64_encode($sign);

import { readFileSync } from 'fs';
import { createSign } from 'crypto';

const dataStr = JSON.stringify(data);
const key = readFileSync('private.pem', 'utf8');
const passphrase = readFileSync('password.txt', 'utf8').trim();
const signer = createSign('SHA256');
signer.update(dataStr);
signer.end();
const sign = signer.sign({ key, passphrase }, 'base64');

import json, base64
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding

data_bytes = json.dumps(data).encode()
with open('password.txt','rb') as f:
    password = f.read().strip()
with open('private.pem','rb') as f:
    private_key = serialization.load_pem_private_key(f.read(), password=password)
signature = private_key.sign(data_bytes, padding.PKCS1v15(), hashes.SHA256())
sign = base64.b64encode(signature).decode()

import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Signature;
import java.util.Base64;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;

byte[] dataBytes = new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsBytes(data);
char[] pass = Files.readString(Paths.get("password.txt")).toCharArray();
PEMParser parser = new PEMParser(Files.newBufferedReader(Paths.get("private.pem")));
PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) parser.readObject();
var privateKey = new JcaPEMKeyConverter()
    .getKeyPair(ckp.decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(pass)))
    .getPrivate();
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initSign(privateKey);
sig.update(dataBytes);
String sign = Base64.getEncoder().encodeToString(sig.sign());

import (
    "crypto"
    "crypto/rand"
    "crypto/rsa"
    "crypto/sha256"
    "crypto/x509"
    "encoding/base64"
    "encoding/json"
    "encoding/pem"
    "io/ioutil"
)

dataBytes, _ := json.Marshal(data)
pemBytes, _ := ioutil.ReadFile("private.pem")
passBytes, _ := ioutil.ReadFile("password.txt")
block, _ := pem.Decode(pemBytes)
der, _ := x509.DecryptPEMBlock(block, passBytes)
priv, _ := x509.ParsePKCS1PrivateKey(der)
hash := sha256.Sum256(dataBytes)
sigBytes, _ := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA256, hash[:])
sign := base64.StdEncoding.EncodeToString(sigBytes)

Pass the received $sign in the Sign header.

Creating payments

Endpoint

POSThttps://api-merchant.alikassa.com/v1/payment📋

Headers

Header	Value
Content-Type	application/json
Account	Your account uuid, you can find in Accounts
Sign	Request signature

Parameters

* - Required fields

Name	Type	Description
amount*	decimal (11.2)	Amount
order_id*	string (128)	Your id must be unique
service*	string (100)	online_banking_idr_hpp qr_code_idr_hpp virtual_account_idr_hpp local_bank_transfer_idr_hpp
customer_ip*	ip	Payer's IP address
customer_code*	string (100)	Deposit Bank Code
customer_first_name*	string	Payer's first name
customer_last_name*	string	Payer's last name
success_redirect_id	int	Id of redirect upon successful payment
fail_redirect_id	int	Id of redirect in case of unsuccessful payment
notification_endpoint_id	int	Notification id
success_redirect_url	string|max:255	Link to redirect after successful payment
fail_redirect_url	string|max:255	Link to redirect after unsuccessful payment
notification_endpoint_url	string|max:255	Link to send a callback after the statuses are finalized

Response

Name	Description
url	Link to payment
payment_status	Payment status wait — in the process of payment
id	AliKassa payment id
uuid	AliKassa payment uuid
success_redirect_url	Link to your page for client redirect after successful payment

Important

When creating, always wait, check the payment status via the API or wait for a notification!

Success Response Example (HTTP CODE 200)

{
  "url": "https://pay-merchant.alikassa.com/bd291fe1-5c19-4113-ae62-a2d3c4d01d20",
  "payment_status": "wait",
  "id": 108465371,
  "uuid": "bd291fe1-5c19-4113-ae62-a2d3c4d01d20",
  "success_redirect_url": null
}

Error Response Example (HTTP CODE 400)

{
  "message": "The given data was invalid.",
  "errors": {
    // ...
  }
}

After receiving the url, redirect the client to the link.

Important

If you passed notification_endpoint_id or notification_endpoint_url, you will receive a notification about the payment status change

Deposit Bank Codes

online_banking_idr_hpp

customer_code	Bank Name
BCA	Bank Central Asia
BNI	Bank Negara Indonesia
BRI	Bank Rakyat Indonesia
CIMBN	CIMB Niaga
MDR	Mandiri Bank
PMTB	Permata Bank
PANIN	Panin Bank

qr_code_idr_hpp

customer_code	Bank Name
QRIS	QRIS
DANAQRIS	DANA QRIS
GOPAYQRIS	GO PAY QRIS
LINKAJAQRIS	LINK AJA QRIS
OVOQRIS	OVO QRIS
SHOPEEQRIS	Shopee Pay QRIS

virtual_account_idr_hpp

customer_code	Bank Name
BCAVA	BCA Virtual Account
BNIVA	BNI Virtual Account
BRIVA	BRI Virtual Account
CIMBNVA	CIMBN Virtual Account
MBBIVA	MBBI Virtual Account
MDRVA	MDR Virtual Account
PMTBVA	PMTB Virtual Account
PANINVA	PANIN Virtual Account
BDIVA	BDI Virtual Account

local_bank_transfer_idr_hpp

customer_code	Bank Name
BCALBT	BCA Bank Local Bank Transfer
BNILBT	BNI Bank (Local Bank Transfer)
BRILBT	BRI Bank (Local Bank Transfer)
MDRLBT	Mandiri Bank (Local Bank Transfer)

Creating payouts

Endpoint

POSThttps://api-merchant.alikassa.com/v1/payout📋

Headers

Header	Value
Content-Type	application/json
Account	Your account uuid, you can find in Accounts
Sign	Request signature

Parameters

* - Required fields

Name	Type	Description
amount*	decimal (11.2)	Amount
order_id*	string (128)	Your id must be unique (example: "1234")
service*	string (100)	payment_card_idr
number*	string (100)	Recipient account number
customer_code*	string (100)	Payout Bank Code
customer_first_name*	string (100)	Payer's first name
customer_last_name*	string (100)	Payer's last name
notification_endpoint_id	int	Notification id
notification_endpoint_url	string|max:255	Link to send a callback after the statuses are finalized

Response

Name	Description
id	AliKassa payment id
payment_status	Payment status wait — in the process of payment

Payout Bank Codes

payment_card_idr

customer_code	Bank Name
PMTB	Permata Bank
BCASB	BCA Syariah Bank (enterprise)
BMI	Bank Mega Indonesia
BRISB	BRI Syariah Bank (enterprise)
BSM	Bank Sinarmas
BTN	Bank Tabungan Negara
BTPN	Bank Tabungan Pensiunan Nasional
OCBCN	Bank OCBC NISP
MDRSB	Mandiri Syariah Bank
PNBN	PT. Bank Pan Indonesia
UOBI	UOB Indonesia
BSI	Bank Syariah Indonesia (under maintenance)
PTBC	PT. Bank Commonwealth
HSBCI	HSBC Indonesia
PANIN	Panin Bank
DBSI	BANK DBS
HANAI	Hanabank Indonesia
MNC	Bank MNC Internasional
BKAL	Bank Kalteng
ALLOB	ALLO BANK
SEABANK	SeaBank
SUMUT	Bank Sumut
BMLI	Bank Muamalat
BCAD	BCA Digital
BJB	Bank Jabar (BJB)

Important Notes

• Possible values of payment_status, see the documentation "Payment status"
• You can find a sample code at the end of the document