Payment solution RM 1

Overview

• Creating payments
• Creating payouts

Certificate Setup

To generate API certificate for payment, visit: https://merchant.alikassa.com/cabinet/form/setting-api-certs

Save the archive and unpack to get:

• password.txt
• private.pem
• public.pem

We keep only public.pem for signature verification.

Signature Generation

$data = json_encode($data);

$privateKey = openssl_pkey_get_private(
    file_get_contents('private.pem'),
    file_get_contents('password.txt')
);

if ($privateKey === false) {
    throw new \Exception('Error cert.');
}

openssl_sign($data, $sign, $privateKey);
$sign = base64_encode($sign);

import { readFileSync } from 'fs';
import { createSign } from 'crypto';

const dataStr = JSON.stringify(data);
const key = readFileSync('private.pem', 'utf8');
const passphrase = readFileSync('password.txt', 'utf8').trim();
const signer = createSign('SHA256');
signer.update(dataStr);
signer.end();
const sign = signer.sign({ key, passphrase }, 'base64');

import json, base64
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding

data_bytes = json.dumps(data).encode()
with open('password.txt','rb') as f:
    password = f.read().strip()
with open('private.pem','rb') as f:
    private_key = serialization.load_pem_private_key(f.read(), password=password)
signature = private_key.sign(data_bytes, padding.PKCS1v15(), hashes.SHA256())
sign = base64.b64encode(signature).decode()

import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Signature;
import java.util.Base64;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;

byte[] dataBytes = new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsBytes(data);
char[] pass = Files.readString(Paths.get("password.txt")).toCharArray();
PEMParser parser = new PEMParser(Files.newBufferedReader(Paths.get("private.pem")));
PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) parser.readObject();
var privateKey = new JcaPEMKeyConverter()
    .getKeyPair(ckp.decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(pass)))
    .getPrivate();
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initSign(privateKey);
sig.update(dataBytes);
String sign = Base64.getEncoder().encodeToString(sig.sign());

import (
    "crypto"
    "crypto/rand"
    "crypto/rsa"
    "crypto/sha256"
    "crypto/x509"
    "encoding/base64"
    "encoding/json"
    "encoding/pem"
    "io/ioutil"
)

dataBytes, _ := json.Marshal(data)
pemBytes, _ := ioutil.ReadFile("private.pem")
passBytes, _ := ioutil.ReadFile("password.txt")
block, _ := pem.Decode(pemBytes)
der, _ := x509.DecryptPEMBlock(block, passBytes)
priv, _ := x509.ParsePKCS1PrivateKey(der)
hash := sha256.Sum256(dataBytes)
sigBytes, _ := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA256, hash[:])
sign := base64.StdEncoding.EncodeToString(sigBytes)

Pass the received $sign in the Sign header.

Creating payments

Endpoint

POSThttps://api-merchant.alikassa.com/v1/payment📋

Headers

Header	Value
Content-Type	application/json
Account	Your account uuid, you can find in Accounts
Sign	Request signature

Parameters

* - Required fields

Name	Type	Description
amount*	decimal (11.2)	Amount
order_id*	string (128)	Your id must be unique
service*	string (100)	online_banking_myr_hpp qr_code_myr_hpp e_wallet_myr_hpp
customer_ip*	ip	Payer's IP address
customer_code*	string (100)	Deposit Bank Code
customer_first_name*	string	Payer's first name
customer_last_name*	string	Payer's last name
success_redirect_id	int	Id of redirect upon successful payment
fail_redirect_id	int	Id of redirect in case of unsuccessful payment
notification_endpoint_id	int	Notification id
success_redirect_url	string|max:255	Link to redirect after successful payment
fail_redirect_url	string|max:255	Link to redirect after unsuccessful payment
notification_endpoint_url	string|max:255	Link to send a callback after the statuses are finalized

Response

Name	Description
url	Link to payment
payment_status	Payment status wait — in the process of payment
id	AliKassa payment id
uuid	AliKassa payment uuid
success_redirect_url	Link to your page for client redirect after successful payment

Important

When creating, always wait, check the payment status via the API or wait for a notification!

Success Response Example (HTTP CODE 200)

{
  "url": "https://pay-merchant.alikassa.com/bd291fe1-5c19-4113-ae62-a2d3c4d01d20",
  "payment_status": "wait",
  "id": 108465371,
  "uuid": "bd291fe1-5c19-4113-ae62-a2d3c4d01d20",
  "success_redirect_url": null
}

Error Response Example (HTTP CODE 400)

{
  "message": "The given data was invalid.",
  "errors": {
    // ...
  }
}

After receiving the url, redirect the client to the link.

Important

If you passed notification_endpoint_id or notification_endpoint_url, you will receive a notification about the payment status change

Deposit Bank Codes

online_banking_myr_hpp

customer_code	Bank Name
AFF	Affin Bank
ALB	Alliance Bank Malaysia Berhad
AMB	AmBank Group
BIMB	Bank Islam Malaysia Berhad
BSN	Bank Simpanan Nasional
CIMB	CIMB Bank Berhad
HLB	Hong Leong Bank Berhad
HSBC	HSBC Bank (Malaysia) Berhad
MBB	Maybank Berhad
OCBC	OCBC Bank (Malaysia) Berhad
PBB	Public Bank Berhad
RHB	RHB Banking Group
UOB	United Overseas Bank (Malaysia) Bhd
FPX	FPX Bank Selection Page
AFFFPX	Affin Bank (FPX)
AGROBFPX	Agrobank (FPX)
ALBFPX	Alliance Bank (FPX)
AMBFPX	AmBank (FPX)
BIMBFPX	Bank Islam (FPX)
BKRFPX	Bank Rakyat (FPX)
BMMBFPX	Bank Muamalat (FPX)
BOCMFPX	Bank of China (FPX)
BSNFPX	BSN Bank (FPX)
CIMBFPX	CIMB Bank (FPX)
HLBFPX	Hong Leong Bank (FPX)
HSBCFPX	HSBC (FPX)
KFHFPX	Kuwait Finance House (FPX)
MBBFPX	Maybank (FPX)
OCBCFPX	OCBC (FPX)
PBBFPX	Public Bank (FPX)
RHBFPX	RHB Bank (FPX)
SCTBFPX	Standard Chartered Bank (FPX)
UOBFPX	UOB (FPX)

qr_code_myr_hpp

customer_code	Bank Name
DUITNOW	Duitnow

e_wallet_myr_hpp

customer_code	Bank Name
TNGODUITNOW	Touch N Go
GRABDUITNOW	GrabPay
MAEDUITNOW	MAE
BOOSTDUITNOW	BOOST

Creating payouts

Endpoint

POSThttps://api-merchant.alikassa.com/v1/payout📋

Headers

Header	Value
Content-Type	application/json
Account	Your account uuid, you can find in Accounts
Sign	Request signature

Parameters

* - Required fields

Name	Type	Description
amount*	decimal (11.2)	Amount
order_id*	string (128)	Your id must be unique (example: "1234")
service*	string (100)	payment_card_myr
number*	string (100)	Recipient account number
customer_code*	string (100)	Payout Bank Code
customer_first_name*	string (100)	Payer's first name
customer_last_name*	string (100)	Payer's last name
notification_endpoint_id	int	Notification id
notification_endpoint_url	string|max:255	Link to send a callback after the statuses are finalized

Response

Name	Description
id	AliKassa payment id
payment_status	Payment status wait — in the process of payment

Payout Bank Codes

payment_card_myr

customer_code	Bank Name
BIMB	Bank Islam Malaysia Berhad
AGROB	Agro Bank (Bank Pertanian Malaysia Berhad)
ARBM	Al-Rajhi Bank Malaysia
BKR	Bank Kerjasama Rakyat Malaysia Berhad
BMMB	Bank Muamalat Malaysia Berhad
BNPP	BNP Paribas Malaysia
BOFAM	Bank of America Malaysia Berhad
BOCM	Bank of China Malaysia
DBB	Deutsche Bank Malaysia Berhad
ICBCM	Industrial and Commercial Bank of China (Malaysia)
JPMC	J.P. Morgan Chase Bank Berhad
MCBMB	Mizuho Corporate Bank Malaysia Berhad
SMBC	Sumitomo Mitsui Banking Corporation Malaysia BHD
MBSB	MBSB Bank
GXB	GXBank
TNGO	Touch N Go e-wallet

Important Notes

• Possible values of payment_status, see the documentation "Payment status"
• You can find a sample code at the end of the document