Get started

Main API URL : 
https://www.howtopay.com/api/v2/

HowToPay API provides an interface for businesses to connect with our system and automated the payment services by calling from their websites

To use this API, you'll required an API key and API Secret Key which you can obtain from Dashboard API Page.

What is new in API v2

With API V2, we made major changes for requests, responses and notifications.

  • API requests made more secure with signature validations
  • Improved end point for payment requests
  • Improved end point for check transaction status
  • Improved callback notifications
  • New notification url parameter to receive transaction changes
  • New API end points
    • Customer payout end point
    • Refund end point.
    • Single Transaction history end point
  • New direct payment links and sends in response to merchant
  • QR code for payment requests for wallet payments

Request Headers

HEADER PARAMETERS

Field Value Description
Content-Type application/json Request must be sent in JSON format
htp-apiversion HTPAPIv2 API Version Name
htp-authorization HTPAPIv2Auth [YOUR PUBLIC KEY]:[REQUEST SIGNATURE] Request Authorization Header
htp-timestamp UNIX TIMESTAMP Local server time in UNIX format

Content-Type must be application/json

htp-apiversion must to be HTPAPIv2

htp-authorization Signature of data array in the request

htp-timestamp must to be UNIX TIMESTAMP of your server time


Request Parameters

# PHP example for generate base64 encoded request
json_encode(array(
    "api_mode" => "live | demo",
    "parameter1" => base64_encode("value 1"),
    "parameter2" => base64_encode("value 2"),
    ...
));

With every request api_mode parameter must be send and every other parameter in the reques should be base64 encoded.

The request parameters must be in JSON format

Request Signature

# PHP example for generate request signature
$json_string = json_encode(array(
    'api_mode' => 'demo',
    'parameter1' => base64_encode("value 1"),
    'parameter2' => base64_encode("value 2")
    ...
));

//signature
$StringToSign = md5($json_string);

$signature = hash_hmac('sha256', $StringToSign, $_YOUR_PRIVATE_KEY);

echo $signature;

With every request HowToPay expect to receive a signature for data that is being sent in the request in the header parameter htp-authorization

The value of htp-authorization should as follows
HTPAPIv2Auth [YOUR PUBLIC KEY]:[REQUEST SIGNATURE]

Steps to Generate Request Signature

  • Generate JSON String with base64 encoded parameters. "api_mode" shouldn't be base64 encoded
  • Generate md5 hash from that JSON String
  • Generate keyed hash value of md5 string, using the HMAC method and using your private key

Response Signature

For some results we sent back from end points such as "add payment requests", "transaction status/history check", etc we send a data signature back to business side so the business can validate the signature and make sure data are originated from HowToPay servers and untouched while it transmitted.

The signature HowToPay generates is always for the data parameter in the response

Steps to Validate Response Signature

  • Decode the JSON results we sent so you can access data parameter in the array
  • Encode the results in data parameter again with JSON encoding
  • Generate md5 hash from that JSON String
  • Generate keyed hash value of md5 string, using the HMAC method and using your private key
  • Compare the signature just generated with the signature we sent, if the both signatures matched then the data are correct and untouched

Add Payment Request

END PIONT: /create/payment_request

When a customer placed an order in business website, it should call this API end point to create a payment request ( #invoice ) at HowToPay side and send the payment options to customer

QUERY HEADERS

Field Value Description
Content-Type application/json Request must be sent in JSON format
htp-apiversion HTPAPIv2 API Version Name
htp-authorization HTPAPIv2Auth [YOUR PUBLIC KEY]:[REQUEST SIGNATURE] Request Authorization Header
htp-timestamp UNIX TIMESTAMP Local server time in UNIX format

QUERY PARAMETERS

Field Type Description Required
api_mode String demo/live Yes
order Object
amount String Must encode with base64 Yes
currency String 3 digit country code. (base64 encoded) Yes
merchant_reference_no String Order ID in merchant system. (base64 encoded) No
note String Order Note (Maximum 100 Characters) (base64 encoded) Yes
customer Object Yes
first_name String Customer First name (base64 encoded) Yes
last_name String Customer Last name (base64 encoded) Yes
middle_name String Customer Middle name (base64 encoded) No
email String Customer Email (base64 encoded) Yes
phone String International format with +Country code (base64 encoded) Yes
gender String (Optional) male/female (base64 encoded) No
lang String (Optional) 2 Digit Language code (base64 encoded) No
ip_address String (Optional) Customer IP Address (base64 encoded) No
customer_address Object Yes
address1 String Customer Address 1 (base64 encoded) No
address2 String Customer Address 2 (base64 encoded) No
city String Customer City (base64 encoded) No
state String Customer State (base64 encoded) No
postcode String Customer Zip/Postal code (base64 encoded) No
country String Customer country code - 3 Digit (base64 encoded) Yes
customer_shipping_address Object No
shipping_address1 String Customer Shpping address 1 (base64 encoded) No
shipping_address2 String Customer Shpping address 2 (base64 encoded) No
shipping_city String City (base64 encoded) No
shipping_state String State (base64 encoded) No
shipping_postcode String Zip/Postal code (base64 encoded) No
shipping_country String Country code - 3 Digit (base64 encoded) No
callback_url String URL to receive Paid notifications (base64 encoded) No
notification_url String URL to receive other notifications (base64 encoded) No

JSON RESPONSE PARAMETERS

Field Type Description
type String Returns request status (success/error)
signature String Returns the signature of "data" element in the request. Merchant should use this to validate request before insert to their database
api_version String HowToPay API version
message String Detailed message for success or error
data Object Details of the request (Data object)
invoice_no String HowToPay Payment ID of the request
type String (wallet/gateway) "wallet" returns for the requests that can be paid using wallet only. For other requests it returns "gateway"
type_note Array Payment options which user can used to pay this request
payment_link String Link to the payment page which has all options to fulfill the order
direct_links Array Direct links to the payment options ( if live methods included )

Get Eligible Gateways

END PIONT: /get/eligible_gateways

This end point can used check if HowToPay can issue a payment request to the order based on the customers country and order currency, and show/hide HowToPay payment option in the checkout page appropriately.

QUERY HEADERS

Field Value Description
Content-Type application/json Request must be sent in JSON format
htp-apiversion HTPAPIv2 API Version Name
htp-authorization HTPAPIv2Auth [YOUR PUBLIC KEY]:[REQUEST SIGNATURE] Request Authorization Header
htp-timestamp UNIX TIMESTAMP Local server time in UNIX format

QUERY PARAMETERS

Field Type Description Required
api_mode String demo/live Yes
currency String 3 digit currency code (base64 encoded) Yes
amount String Order amount (base64 encoded) Yes
country String 3 digit country code (base64 encoded) Yes
email String Customer email address (base64 encoded) - If sent would validate against customer email too No

JSON RESPONSE PARAMETERS

Field Type Description
type String Returns request status (success/error)
signature String Returns the signature of "data" element in the request. Merchant should use this to validate request before insert to their database
api_version String HowToPay API version
message String Detailed message for success or error
data Object Details of the request (Data object)
gateways Array Gateways that can be included for the request ( based on customer country, order currency and customer email if sent )

Get Transaction Status

END PIONT: /get/transaction_status

This end point returns the latest transaction details for a Payment Id or TRN number sent in the request. If a payment id received multiple transactions this end point returns the latest transaction only

QUERY HEADERS

Field Value Description
Content-Type application/json Request must be sent in JSON format
htp-apiversion HTPAPIv2 API Version Name
htp-authorization HTPAPIv2Auth [YOUR PUBLIC KEY]:[REQUEST SIGNATURE] Request Authorization Header
htp-timestamp UNIX TIMESTAMP Local server time in UNIX format

QUERY PARAMETERS

Field Type Description Required
api_mode String demo/live Yes
payment_id String Payment id which we sent in the response when created the payment request (base64 encoded) Yes
trn String TRN number in HowToPay system(base64 encoded) No

JSON RESPONSE PARAMETERS

Field Type Description
type String Returns request status (success/error)
signature String Returns the signature of "data" element in the request. Merchant should use this to validate request before insert to their database
api_version String HowToPay API version
message String Detailed message for success or error
data Object Details of the request (Data object)
payment_id String Payment Id of the request
crn String Order reference number for customer
trn String Unique transaction id in HowToPay system
status String Approved | Refund | Chargeback | Chargeback_NR ( Chargeback but not refunded to customer)
amount_requested String Original amount requested
currency_requested String Original currency requested
amount_paid String Customer paid amount
currency_paid String Customer paid currency
updated_at String Last status changed time of transaction
note String Transaction Notes

Get Transaction History

END PIONT: /get/transaction_history

This end point returns the all the transaction details for the Payment ID sent in the request. If the payment id received multiple transactions this end point returns all the transactions as sub arrays in data array

QUERY HEADERS

Field Value Description
Content-Type application/json Request must be sent in JSON format
htp-apiversion HTPAPIv2 API Version Name
htp-authorization HTPAPIv2Auth [YOUR PUBLIC KEY]:[REQUEST SIGNATURE] Request Authorization Header
htp-timestamp UNIX TIMESTAMP Local server time in UNIX format

QUERY PARAMETERS

Field Type Description Required
api_mode String demo/live Yes
payment_id String Payment id which we sent in the response when created the payment request (base64 encoded) Yes

JSON RESPONSE PARAMETERS

Field Type Description
type String Returns request status (success/error)
signature String Returns the signature of "data" element in the request. Merchant should use this to validate request before insert to their database
api_version String HowToPay API version
message String Detailed message for success or error
data Object Data object contain an array with all transactions received for the payment id
crn String Order reference number for customer
trn String Unique transaction id in HowToPay system
status String Approved | Refund | Chargeback | Chargeback_NR ( Chargeback but not refunded to customer)
amount_requested String Original amount requested
currency_requested String Original currency requested
amount_paid String Customer paid amount
currency_paid String Customer paid currency
updated_at String Last status changed time of transaction

Add Customer Payout

END PIONT: /create/payout

This end point enables businesses to directly pay their customer payouts requesting either pay to customer HowToPay wallet or to customer bank account as a wire transfer

The appropriate fees and the payout amount will be deducted from the merchant's account balance

QUERY HEADERS

Field Value Description
Content-Type application/json Request must be sent in JSON format
htp-apiversion HTPAPIv2 API Version Name
htp-authorization HTPAPIv2Auth [YOUR PUBLIC KEY]:[REQUEST SIGNATURE] Request Authorization Header
htp-timestamp UNIX TIMESTAMP Local server time in UNIX format

QUERY PARAMETERS

Field Type Description Required
api_mode String demo/live Yes
account_no String Merchant HowToPay Account Number to deduct payment (base64 encoded) Yes
reference_no String Merchant reference Number (base64 encoded) No
amount String Payout Amount (base64 encoded) Yes
currency String Payout Currency (base64 encoded) Yes
payout_to String (wallet/swift) To customer HowToPay wallet account or Bank Account (base64 encoded) Yes
customer Object Yes
email String Customer Email Address (base64 encoded) Yes
phone String Customer Phone Number (base64 encoded) Yes
account_no String Customer Account Number (If not provided and the payout type is "wallet", the payout will credit to customer main wallet account) (base64 encoded) No
bank Object (Not required if payout type is wallet) No
bank_name String Customer Bank Name (base64 encoded) No
bank_country String Customer Bank Country (base64 encoded) No
bank_acc_name String Customer Bank Account Name (base64 encoded) No
bank_iban String Customer IBAN Number ( if applicable ) (base64 encoded) No
bank_acc_number String Customer Bank Account Number (base64 encoded) No
bank_swift_bic String Customer Bank SWIFT Code (base64 encoded) No
bank_currency String Customer Bank Account currency (base64 encoded) No
remark String Payout notes (base64 encoded) No
notification_url String We will notify the business to this URL when payout is processed (base64 encoded) No

IMMEDIATE JSON RESPONSE PARAMETERS

Field Type Description
type String Returns request status (success/error)
message String Detailed message for success or error
signature String Returns the signature of "data" element in the request.
api_version String HowToPay API version

NOTIFICATION JSON RESPONSE PARAMETERS

Field Type Description
type String Returns notification type (payout)
signature String Returns the signature of "data" element in the request. Merchant should use this to validate request before insert to their database
api_version String HowToPay API version
message String Detailed message for success or error
data Object Data object contain an array with details of the payout
trn String Unique transaction id in HowToPay system
yrn String Merchant reference number sent in the request
status String Paid | Canceled | Rejected
amount_requested String Original amount requested to payout
currency_requested String Original currency requested to payout
amount_paid String Paid amount to customer
currency_paid String Paid currency to customer
updated_at String Last status changed time of transaction

Add Customer Refund

END PIONT: /create/refund

This end point enables businesses to directly pay their customer payouts requesting either pay to customer HowToPay wallet or to customer bank account as a wire transfer

The appropriate fees and the payout amount will be deducted from the merchant's account balance

QUERY HEADERS

Field Value Description
Content-Type application/json Request must be sent in JSON format
htp-apiversion HTPAPIv2 API Version Name
htp-authorization HTPAPIv2Auth [YOUR PUBLIC KEY]:[REQUEST SIGNATURE] Request Authorization Header
htp-timestamp UNIX TIMESTAMP Local server time in UNIX format

QUERY PARAMETERS

Field Type Description Required
api_mode String demo/live Yes
crn String CRN number that required to be refunded (base64 encoded) Yes
trn String Transaction ID in howtopay system to be refunded (base64 encoded) Yes
reference_no String Merchant Reference Number for refund (base64 encoded) No
refund_type String "full" or "partial" refund (base64 encoded) Yes
refund_amount String This is required if the return type is "partial" (base64 encoded) No
refund_to String (wallet/swift) Refund to customer HowToPay wallet account or Bank Account (base64 encoded) Yes
customer Object Yes
account_no String If refund type is "wallet" and account number defined, we will refund to this account number. Otherwise refunds will process to main wallet account (base64 encoded) No
bank Object (Not required if refund type is wallet) No
bank_name String Customer Bank Name (base64 encoded) No
bank_country String Customer Bank Country No
bank_acc_name String Customer Bank Account Name (base64 encoded) No
bank_iban String Customer IBAN Number ( if applicable ) (base64 encoded) No
bank_acc_number String Customer Bank Account Number (base64 encoded) No
bank_swift_bic String Customer Bank SWIFT Code (base64 encoded) No
bank_currency String Customer Bank Account currency (base64 encoded) No
remark String Refund notes (base64 encoded) No
notification_url String We will notify the business to this URL when refund is processed (base64 encoded) No

IMMEDIATE JSON RESPONSE PARAMETERS

Field Type Description
type String Returns request status (success/error)
message String Detailed message for success or error
signature String Returns the signature of "data" element in the request. Merchant should use this to validate the response before insert to their database
api_version String HowToPay API version

NOTIFICATION JSON RESPONSE PARAMETERS

Field Type Description
type String Returns request status (success/error)
signature String Returns the signature of "data" element in the request. Merchant should use this to validate request before insert to their database
api_version String HowToPay API version
message String Detailed message for success or error
data Object Data object contain an array with all transactions received for the payment id
crn String Order reference number for customer
trn String Unique transaction id in HowToPay system
status String Approved | Refund | Chargeback | Chargeback_NR ( Chargeback but not refunded to customer)
amount_requested String Original amount requested
currency_requested String Original currency requested
amount_paid String Customer paid amount
currency_paid String Customer paid currency
updated_at String Last status changed time of transaction

In our IPN and Other notifications we are sending Paid Amount and Paid Currency which should always use by the businesses to update their systems. Requested Amount and Requested Currency are original values from the payment request which should use for reference purpose only.

Transaction CRN / TRN

CRN (Customer Reference Number) in HowToPay system is the unique invoice number for each payment request we issued to customer. When customer paid for an order should use this CRN number to identify the order that they are paying. A CRN number can be paid multiple times (Even though we are not recommended) and can have multiple transactions for a single transaction due to this reason.

TRN (Transaction Reference Number) is unique transaction id in howtopay system and never duplicates and should use by business to uniquely identify a transaction in our system.

Over and Under Payments

As we aware payment requests doesn't always received the exact amount which is requested in original payment request. Due to this in HowToPay callbacks we have Paid Currency and Paid Amount parameters which merchant should use for update their systems as described in Paid Amount / Currency section.

We expect merchant system correctly identify the amount and currency that is paid and update their systems with correct amount and provide services / goods for the customers accordingly.

Handling IPN Notification

When a payment id is paid in our system we triggers an IPN notifications to business side, using the callback url defined in payment request. If the callback url is not sent in payment request we will use the default callback url in business API settings

JSON RESPONSE PARAMETERS

Field Type Description Required
api_mode String demo/live Yes
account_no String Merchant HowToPay Account Number to deduct payment (base64 encoded) Yes
reference_no String Merchant reference Number (base64 encoded) No
amount String Payout Amount (base64 encoded) Yes
currency String Payout Currency (base64 encoded) Yes
payout_to String (wallet/swift) To customer HowToPay wallet account or Bank Account (base64 encoded) Yes
customer Object Yes
email String Customer Email Address Yes
phone String Customer Phone Number Yes
account_no String Customer Account Number (If not provided and the payout type is "wallet", the payout will be credit to customer main wallet account) No
bank Object (Not required if payout type is wallet) No
bank_name String Customer Bank Name No
bank_country String Customer Bank Country No
bank_acc_name String Customer Bank Account Name No
bank_iban String Customer IBAN Number ( if applicable ) No
bank_acc_number String Customer Bank Account Number No
bank_swift_bic String Customer Bank SWIFT Code No
bank_currency String Customer Bank Account currency No
remark String Payout notes No
notification_url String We will notify the business to this URL when payout is processed No

IPN Signature Validation

With our IPN (callback) notification, we send data signature so business can validate the IPN notification is orignated from HowToPay servers and untouched while transmitted

Validation of IPN signature is same as validation of signature in any other request and should follow the same steps mentioned in Response Signature section

Duplicate Payment Identification

In HowToPay system a payment request can receive multiple transactions. So it is required by merchants to correctly identify duplicate transactions and update the merchant system accordingly.

To identify duplicate payments business need to use both the TRN and CRN in callback notifications. If business website receiving a second callback notification for a CRN number that is received a notification before, the second notification could be for a possible duplicate transaction.

Steps to identify multi payments for a Payment Id

  • Check the CRN number in merchant database and see if it received a transaction before
  • If CRN number has a payment, then compare the TRN number in the previous payment with the TRN in new Payment Notification
  • If the TRN numbers in the previous transaction and the notification are same business should ignore the notification
  • If the TRN numbers in the previous transaction and the notification are different business should treat the second transaction as a duplicate transaction for the same CRN

As in the example for callback notifications, for duplicate transactions the "crn" parameter is same for both callback notifications. However the transaction reference number ( TRN ) is unique for each transaction and is different in each callback.

Also callback notification paid amount can be same or different in each response.

Gateway supported currencies

As HowToPay provides multiple payment methods for merchants not all gateways support for all currencies. Thus you need to make sure to send the payment requests in gateway supported currencies that are activated in your profile.

Example:
iDeal only support for EURO currency. Thus if you need to include iDeal as an payment option for a customer the currency of payment request should be EUR currency.

Payment request currency conversion

If you send a different currency other than the payment methods local currency HowToPay will try to convert the original amount and send the request in gateway local currency using conversation rates at the time of payment request create.

Gateway supported Countries

Some payment methods we provide are local methods which are specific for each country. Thus we don't support customers outside from that country to use local payment options. Due to this you need to make sure to send the payment request's country parameter and must supported by the activated gateways in business profile in order to send local methods as an option for your customers..

Example:
iDeal is a payment method for Netherlands customer. If you need to send iDeal as an option for a customer, payment request's country parameter should be "NLD" (Netherlands)

Integration Testing and Go Live

Upon complete the integration HowToPay team would conduct series of tests to identify each following cases are implemented correctly and verify that merchant's system correctly acknowledge and update customer accounts according to notifications send by HowToPay.

Checklist:

  • Successfully acknowledgedthe callbacks sent from HowToPay and update merchant system
  • Acknowledged HowToPay notifications in real time( more than 5min delaynot acceptable )
  • Correctly identified and used the Paid amountand Paid currencyparameters
  • Correctly identified the duplicate paymentsand update merchant system accordingly
  • Correctly identified over paymentsand update the merchant system with correct amount
  • Correctly identified under paymentsand update the merchant system with correct amount

Wordpress / Woocommerce Plugin

HowToPay WordPress plugin required Woocommerce installed in the system and it works same as any Woocommerce payment plugin. The settings of HowToPay payment plugin can managed from Woocommerce > Settings > Payments Tab.
Download HowToPay WP Plugin - v3.0.7