Skip to main content

Create Payment URL

Step 1: Get Access Token

Please refer to Access Token on how to get Access Token, and then place it into Request Headers' Authorization.

Step 2: Prepare Request Parameter

Generate, which will be placed into Request Headers and also be used to create Signature.

Parameter Type Required Description Example
nonceStr Number Yes Random String 7a70f55482a5566c
timestamp String Yes UNIX timestamp of request 1667061151361

Request Parameters

Parameter Type Required Description Example
order Object Yes Order information, with keys of [id, title, amount, currencyType, additionalData]
customer Object Yes Customer information, with keys of [name, phone, email]
method String No The payment method or bank code. Refer to Payment Method Codes . Providing a specific bank code allows for direct redirection to the payment portal (if Checkout Bypass is enabled for your account by SuperPay). If Checkout Bypass is disabled, the customer will still see the SuperPay selection page, but the method provided will be <strong>auto-selected</strong>. If omitted, the customer must select a method manually.
Checkout Bypass Feature

To use the Checkout Bypass feature, ensuring customers skip the SuperPay selection screen and land directly on the bank login:
1. Contact SuperPay Support Team to enable bypass for your account.
2. Provide a specific bank code (e.g., MBBEMYKL) in the method parameter.

Order [Object]

Parameter Type Required Description Example
title String Yes Order title, max: 32 "Deposit"
additionalData String No Order description
amount String Yes Amount of order in Dollar. 100 = RM 100.00 100
currencyType String Yes Currency notation (currently only support MYR) "MYR"
id String Yes ID of the Order

Customer [Object]

Parameter Type Required Description Example
name String Yes Customer Name "Long Wan"
email String Yes Customer Email ""
phone String Yes Customer Phone Number ""

Example Request

{
  "order": {
    "id": "A20221111",
    "title": "Payment",
    "amount": "88.50",
    "currencyType": "MYR",
    "additionalData": ""
  },
  "customer": {
    "name": "Long Wan",
    "phone": "0123456789",
    "email": "longwan@gmail.com"
  },
  "method": "CIMB_MY"
}

Sort the above JSON key alphabetically and make it compact

info

{"order":{"id":"10006","amount":"1","currencyType":"MYR"},"recipient":{"name":"Long Wan","phone":"0123456789","email":"longwan@gmail.com","methodType":"CIBBMYKL","methodValue":"8044591766","methodRef":""}}

Encode the data to Base64 format

info

eyJjdXN0b21lciI6eyJuYW1lIjoiTGVvbiBUYW4iLCJwaG9uZSI6IjAxMjM0NTY3ODkiLCJlbWFpbCI6Imxlb25AZ2dncGF5Lm9yZyJ9LCJtZXRob2QiOiJGUFgiLCJvcmRlciI6eyJpZCI6IkEyMDIyMTExMSIsInRpdGxlIjoiUGF5bWVudCIsImFtb3VudCI6Ijg4LjUwIiwiY3VycmVuY3lUeXBlIjoiTVlSIiwiYWRkaXRpb25hbERhdGEiOiIifX0=

Encode the base64 format data with CLIENT_SYMMETRIC_KEY

info

e4e9ac1120ed867a7af108af8b1ab9183319f8a334bcdbbea47232359ae0a5c9c4ad1e46450ef4b36775aeb624b14b722a6884abd9b1f7572f1fdb33ce7a8bfec3d69d3e2e1aa77487c55b181613bfbef1028c8da984f5b59c8d6241eefcaf70

Step 3: Generate Signature

Please refer to Signature Algorithm on how to get Signature Signature, and then place it into Request Headers' X-Signature.

Step 4: POST to /gateway/v1/createPayment endpoint

Method : POST

Endpoint: https://api.superpay.club/gateway/v1/createPayment

Request

Headers

Parameter Type Description
Authorization String Token get from Step 1
X-Nonce-Str String nonceStr from Step 2
X-Timestamp String timestamp generated in Step 2
X-Signature String Signature generated in Step 3

Body

Parameter Type Description Example
data String Encrypted Data using CLIENT_SYMMETRIC_KEY e4e9ac1127af1...b59c8d62af70

Example Request Header & Body

{
  "headers": {
    "Authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBJZCI6IjEwMDIOjE2NjczMTYwOTJ9.UnVBt6Opxd_ZOMns1gCT40Ihdj1nbndi2V43Xt3fIuE",
    "X-Nonce-Str": "7a70f55482a5566c",
    "X-Timestamp": "1667061151361",
    "X-Signature": "sha256 zOzjz8QoGTbesuAO5CCFbPCF3EMDtohKtkQPro8O61jbXhurgl+wIYzTv1BQPB6z1+bRn7gXx1YpsItk+Zed+Wd9PqmexoGdDrAAoUKjCcMks9g0/kiVui381jscVAyCUzdMtkW25P4QyTeq5+ES7D66j/Jwk+9JqYXhMnX5aAUdMjlrADp1RC1zrZUc1Mfqs+MA26J3X5uQ8xLhh9FaAhDdoyWctKQSTHZyMVuDtmFaGdzaGI3LCWm5w1gvtHC43mTMccc3WrlirYbDrZvN2c81cNMfRJjgJZNnjjY27OAMvGsJJgpo0b+EW4UO74QzZ2VI60fgf7uIajIOgQRzzA=="
  },
  "body": {
    "data": "e4e9ac1120ed867a7af108af8b1ab918cbec6db7b4d7c29908085a73e2b29e97547da6eae91928b3330241f1fb898eebd8c3355105fdd5c68b6ceea761f41dc3085ed888d3c0473beef128ebd208c4f60299df64a622d04d21d81513c02e2d47bfcce2a6c246eabcc1c823aaf3d9133004cf7c4c08236395a05dc19a98c33a301c8b73d4e7fd33cd911619de86dfdb45"
  }
}

Response

Body

Parameter Type Description Example
code Number The status code of this API 200
encryptedData String Encrypted Data that required be decrypted with CLIENT_SYMMETRIC_KEY a83cf72884cbbb....3ddf0744646e0cf0b482
message String PlainText of the information of this request Success

Example Response

{
  "code": 200,
  "encryptedData": "e4e9ac1120ed867a7af108af8b1ab918cbec6db7b4d7c29908085a73e2b29e97547da6eae91928b3330241f1fb898eebd8c3355105fdd5c68b6ceea761f41dc3085ed888d3c0473beef128ebd208c4f60299df64a622d04d21d81513c02e2d47bfcce2a6c246eabcc1c823aaf3d9133004cf7c4c08236395a05dc19a98c33a301c8b73d4e7fd33cd911619de86dfdb45",
  "message": "Success"
}

Step 5: Decrypt the encryptedData with CLIENT_SYMMETRIC_KEY

Symmetric decrypt the ncryptedData e4e9ac1120ed867a7af108af8b1ab918cbec6db7b4d7c29908085a73e2b29e97547da6eae91928b3330241f1fb898eebd8c3355105fdd5c68b6ceea761f41dc3085ed888d3c0473beef128ebd208c4f60299df64a622d04d21d81513c02e2d47bfcce2a6c246eabcc1c823aaf3d9133004cf7c4c08236395a05dc19a98c33a301c8b73d4e7fd33cd911619de86dfdb45
with CLIENT_SYMMETRIC_KEY, PCd1dlEmFnBXaVce06Pzp7Vike0oHnVJ

The result is in plaintext as

{
	"data": {
		"paymentUrl": "https://api.superpay.club/gateway/v1/createPayment/checkout/payment?orderId=1234567890/",
		"transactionId": "1234567890"
	}
}