Interface Description

This article is intended for: technical architects, R&D engineers, and system operation and maintenance engineers who use the Tarspay merchant self-service system. Through this document, merchants can understand the technology connected to Tarspay, the products and businesses connected, the access process, access specifications and other information, so that merchants can successfully complete the access work.

Access flow chart

privateKey (private key): The merchant keeps it by himself and does not disclose it. The merchant uses this private key to sign the order information when placing an order on behalf of the merchant.

publicKey (public key): The merchant needs to upload the key to our platform (merchant backend-account management-apiKey menu), and when you call our interface, you need to include the request header X-API-KEY carries your public key, and we use this public key to verify that the message is signed by your private key.

System publicKey: We will inform you to use the transaction status verification. When we send the callback transaction status notification, we will carry the signature information X-RESP-SIGNATURE in the request header. You can use it. The system publicKey verification message is sent by us.

common problem

The interface returns error description "You have not bound or opened the API Key. Please verify whether the publicKey is consistent with the calling environment, and whether X-API-KEY has passed in the correct public key."

The interface returns the error description "sign error". Please verify whether the public and private keys are a pair and whether there is any problem with the signature algorithm. Currently, the Java version signature verification tool class is provided at the bottom of the document.

The interface returns the error description "MERCHANT_FEE_CONFIG_NOT_INIT", please contact our operation configuration

Signature algorithm

Tarspay uses [ECDSA signature tool class](#signature tool class) signature for verification. After you open an account in Tarspay, you can generate a public and private key pair locally, or you can generate your public and private key through the Tarspay Web management interface. If you have any questions, you can also contact our staff to assist you. You can enter your public key through the Tarspay web management interface. Please keep your private key properly and do not disclose it to anyone to avoid asset loss! Tarspay strongly recommends that you bind your IP address to the whitelist.

Tarspay's API requests, except for public APIs, need to carry API key and signature

The data prepared before signing is as follows:

HTTP_METHOD + | + HTTP_REQUEST_PATH + | + TIMESTAMP + | + PARAMS

After the connection is completed, the data is ECDSA signed, and the signed bytes are Hex encoded.

HTTP_HOST

Prod: https://payment.tarspay.com

HTTP_METHOD

GET, POST need to be capitalized

HTTP_REQUEST_PATH

The PATH part of the request URL, for example: https://payment.tarspay.com/api/v1/test is /api/v1/test

NONCE

UNIX EPOCH timestamp (accurate to milliseconds) when accessing the API

PARAMS

First sort the keys alphabetically, and then parameterize the url, that is, password=password username=username. Because p is sorted before u in the alphabet, password must be placed before username, and then use & to connect, that is: password =password&username=username The request parameters are the same for POST and GET. All parameters need to be taken out. The signature rules are as follows: All requested keys are sorted in alphabetical order, and then spliced in the form of key=value (the value does not require urlencode), and Use & to connect.

Complete example

For the following requests:

Method	URL	Nonce
POST	https://payment.tarspay.com/api/v1/test	1537498830736

parameter

Parameter	value
amount	100
price	100

The preparation data before signing is as follows:

Assume that all data sent or received is a set M, and the parameters with non-empty parameter values in the set M are sorted from small to large according to the ASCII code of the parameter name (lexicographic order), using the format of URL key-value pairs (i.e. key1=value1&key2 =value2...) concatenated into a string:

Tip: content does not require URLEncode

Splice the concatenated string content and method request information MERTHOD, URL and NONCE into a new string separated by "|":

Use the private key you generated (PrivateKey) to perform ECDSA signature on the spliced data, and Hex encode the binary result to generate the final signature for verification to the API server.

Put the Api key, nonce and signature generated on the right into the Header according to the above name, and you can pass the signature verification.

The Tarspay signature verification public key can be obtained from the "Web Management Interface - Account Management - apikey" page

Return description

Return results

Name	Type	Description
code	integer	Response code 0 indicates success, otherwise failure
data	object	response data
msg	string	Response message

Return to example

{
    "code": 0,
    "data": {},
    "msg": "SUCCESS"
}

Collection

POST collection and unified order placement

POST HTTP_HOST/api/pay/unifiedOrder

Body request parameters

{
  "amount": "20",
  "currency": "PKR",
  "customerContact": "03001234567",
  "customerEmail": "caizhuch1199w@gmail.com",
  "customerName": "GDW",
  "mchNo": "M1677225721",
  "mchOrderNo": "BJST73520250300058",
  "notifyUrl": "http://47.241.33.220:8896/tarspay/notify",
  "returnUrl": "https://47.241.33.220:8896/notify/return",
  "wayCode": "easypaisa"
}

Request parameters

Name	Location	Type	Required	Description
X-API-KEY	header	string	Y	public key
X-API-NONCE	header	string	Y	request time (timestamp, accurate to milliseconds)
X-API-SIGNATURE	header	string	Y	signature (refer to signature algorithm)
mchNo	body	string	Y	merchant number
mchOrderNo	body	string	Y	merchant order number (customized by merchant, cannot be repeated)
wayCode	body	string	Y	Payment method (easypaisa、jazzcash)
amount	body	string	Y	Amount (two decimal places. It cannot be zero and must meet the amount standard.)
currency	body	string	Y	currency(PKR)
notifyUrl	body	string	Y	notification address

Return to example

{
    "code": 0,
    "data": {
        "amount": "20",
        "body": "Test",
        "countryCode": "pk",
        "currency": "PKR",
        "customerContact": "3001234567",
        "expiredTime": 1742282136,
        "mchOrderNo": "BJST648202503000207",
        "orderState": 1,
        "originalAccountNumber": "123456789",
        "payDataType": "payurl",
        "payOrderId": "P1901532855833436162",
        "payUrl": "https://checkout-s2.pk-bpay.com/pay-v2.php/630848dff40a0f72ce09e448084acdc954b441a3c04b2",
        "payWays": {
            "ewallet": [
                {
                    "countryCode": "pk",
                    "createdAt": 0,
                    "id": 114,
                    "payWay": "easypaisa",
                    "payWayLogo": "https://defipay.oss-ap-southeast-1.aliyuncs.com/easypaisa.png",
                    "payWayType": "ewallet",
                    "skipMode": 2,
                    "state": 1,
                    "updatedAt": 0
                }
            ]
        },
        "requestUrl": "https://www.tarspay.com/notify/return",
        "subject": "Buycar"
    },
    "msg": "SUCCESS",
    "sign": ""
}
"

Return results

Name	Type	Description
amount	string	bill amount
countryCode	string	country code
currency	string	currency number
customerContact	string	user contact information
mchOrderNo	string	merchant order number
orderState	integer	order status 0: order generated, 1: payment in progress, 2: payment successful, 3: payment failed, 6: timeout cancellation, 9: partial payment
payOrderId	string	payment order number
payUrl	string	Cashier address
payWays	array	payment methods

payment method:

Name	Type	Description
countryCode	string	country code
payWay	string	payment method code
payWayLogo	string	payment method logo
payWayType	string	payment method type

#Pay on behalf of

POST payment for unified order placement

POST HTTP_HOST/api/payOut/unifiedOrder

Body request parameters

{
  "amount": "50",
  "cnic": "00000000400000",
  "currency": "PKR",
  "customerAccountNumber": "03339605665",
  "customerContact": "03339605665",
  "customerEmail": "g762646676@126.com",
  "customerName": "ZEESHAN TAHIR",
  "mchNo": "M1677225721",
  "mchOrderNo": "BJST969202503000840",
  "notifyUrl": "http://47.241.33.220:8896/tarspay/notify",
  "wayCode": "jazzcash"
}

Request parameters

Name	Location	Type	Required	Description
X-API-KEY	header	string	Y	public key
X-API-NONCE	header	string	Y	request time (timestamp, accurate to milliseconds)
X-API-SIGNATURE	header	string	Y	signature (refer to signature algorithm)
mchNo	body	string	Y	merchant number
mchOrderNo	body	string	Y	merchant order number (customized by merchant, cannot be repeated)
wayCode	body	string	Y	Payment method (jazzcash、easypaisa)
amount	body	string	Y	amount (no decimals. It cannot be zero and must meet the amount standard.)
currency	body	string	Y	currency(PKR)
notifyUrl	body	string	Y	notification address
customerName	body	string	N	username
customerContact	body	string	Y	mobile phone number
customerAccountNumber	body	string	N	user bank card
customerEmail	body	string	N	User email
cnic	body	string	Y	ID number

{
  "code": 0,
  "data": {
    "mchOrderNo": "M1655535407",
    "payOrderId": "P1551409540398772225"
  },
  "msg": "SUCCESS",
  "sign": "3045022100c3998421fd646521777d0c736753704931f801331dec55f109258dd8a93083c402207c11e37d70477b30ad9e0c42072a3fb5af1a78809ca7f8023672451e62e8f69f"
}

Return results

Note: When the code return is not 0, the data returned is null.

Name	Type	Description
mchOrderNo	string	merchant order number (returned after successful request)
payOrderId	string	platform order number (returned after successful request)

Collection order inquiry

POST to obtain collection order information

POST HTTP_HOST/api/payInInfo

Body request parameters

{
  "mchNo": "M1655535407",
  "mchOrderNo": "A1547429458697129178"
}

Request parameters

Name	Location	Type	Required	Description
X-API-KEY	header	string	Y	public key
X-API-NONCE	header	string	Y	request time (timestamp, accurate to milliseconds)
X-API-SIGNATURE	header	string	Y	signature (refer to signature algorithm)
mchNo	body	string	Y	merchant number
payOrderId	body	string	N	platform order number (choose one of platform order number and merchant order number)
mchOrderNo	body	string	N	merchant order number (choose one of platform order number and merchant order number)

Return to example

{
  "code": 0,
  "data": {
    "currency": "PKR",
    "fee": "0",
    "mchNo": "M1655535407",
    "mchOrderNo": "A1547429458697129178",
    "orderAmount": "100",
    "payAmount": "100",
    "payOrderId": "P1547429458697129178",
    "state": 2
  },
  "msg": "SUCCESS"
}

Return results

Name	Type	Description
payOrderId	string	payment order number
mchNo	string	merchant number
mchOrderNo	string	merchant order number
orderAmount	string	original transaction amount of bill
payAmount	string	payment amount
currency	string	three-digit currency code
state	string	payment status: 0-Order generated, 1-Payment in progress, 2-Payment successful, 3-Payment failed, 4-Cancelled, 5-Refunded, 6-Order closed, 7-Queue, 8 -We reject, 9-Partial payment
fee	string	merchant fee

Payment order inquiry

POST Get payment order information

POST HTTP_HOST/api/payOutInfo

Body request parameters

{
  "mchNo": "M1655535407",
  "mchOrderNo": "A1547429458697129178"
}

Request parameters

Name	Location	Type	Required	Description
X-API-KEY	header	string	Y	public key
X-API-NONCE	header	string	Y	request time (timestamp, accurate to milliseconds)
X-API-SIGNATURE	header	string	Y	signature (refer to signature algorithm)
mchNo	body	string	Y	merchant number
payOrderId	body	string	N	platform order number (choose one of platform order number and merchant order number)
mchOrderNo	body	string	N	merchant order number (choose one of platform order number and merchant order number)

Return to example

{
  "code": 0,
  "data": {
    "currency": "PKR",
    "fee": "0",
    "mchNo": "M1655535407",
    "mchOrderNo": "A1547429458697129178",
    "orderAmount": "100",
    "payAmount": "100",
    "payOrderId": "P1547429458697138178",
    "state": 2
  },
  "msg": "SUCCESS"
}

Return results

Name	Type	Description
payOrderId	string	payment order number
mchNo	string	merchant number
mchOrderNo	string	merchant order number
orderAmount	string	original transaction amount of bill
payAmount	string	payment amount
currency	string	three-digit currency code
state	string	payment status: 0-order generated, 1-payment in progress, 2-payment successful, 3-payment failed, 8-rejected
fee	string	merchant fee

Return results

Name	Type	Description
status	int	Status, 0: Failure. 1: Success
message	string
status information
utr	string	utr
payOrderId	string	Platform order number
mchOrderNo	string	Merchant order number

Merchant balance information query

POST to obtain merchant balance information

POST HTTP_HOST/api/balanceInfo

Body request parameters

{
    "mchNo": "M1655535407"
}

Request parameters

Name	Location	Type	Required	Description
X-API-KEY	header	string	Y	public key
X-API-NONCE	header	string	Y	request time (timestamp, accurate to milliseconds)
X-API-SIGNATURE	header	string	Y	signature (refer to signature algorithm)
mchNo	body	string	Y	merchant number

Return to example

{
    "code": 0,
    "data": {
        "availableAmount": "294876",
        "frozenAmount": "1986",
        "mchNo": "M1658240182"
    },
    "msg": "SUCCESS",
    "sign": "3045022100e659480ea76d87c26e0054bda5a788737d41f26d4dec365fba936028248785140220540c9bb2b9fe6fc928dc2ae4c531ee00a82615bc37b77b02 ca41cffeeaddc627"
}

Return results

Name	Type	Description
availableAmount	string	available balance
frozenAmount	string	frozen balance
mchNo	string	merchant number

Callback notification

Submission method: POST

When receiving point-to-point communication from the server, the interface returns "OK" (without double quotes, OK is in capital letters), otherwise point-to-point notifications will be sent repeatedly (default 16 times).

OK

Content-Type

application/json

Verify signature

Use the Tarspay public key to verify the signature of [return data](#return description).

Request parameters

Name	Type	Required	Description
bizType	number	Y	business type: 1-Collection 2-Payment
payOrderId	string	Y	payment order number
mchNo	string	Y	merchant number
mchOrderNo	string	Y	merchant order number (customized by merchant, cannot be repeated)
orderAmount	string	Y	original transaction amount of bill
payAmount	string	Y	payment amount
currency	string	Y	three-digit currency code
state	number	Y	payment status: 2-payment successful, 3-payment failed, 9-partial payment (collection)
fee	string	Y	merchant fee
failReason	string	N	failure reason

Callback signature verification description: X-RESP-SIGNATURE request header carries signature

Signature rules: After JSONizing the request parameters, put the obtained signature in the header, and obtain the signature directly from the response header. To verify the signature, use verifyEcdsaSignature() in the ECSDAKit tool class below.

Example:

OrderNotifyDTO.class

Signature tool class

Maven dependencies

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.64</version>
    <scope>compile</scope>
</dependency>

ECSDAKit

Utils

java demo

php demo

Download link

Error coding table

Error code	Error description
-1	System error
5003001	Missing parameter
5003002	Merchant or APIKey does not exist
5003003	Merchant disabled
5003004	Merchant not certified
5003005	Merchant api key does not exist
5003005	Merchant or api key does not exist
5003006	api key expired
5003007	ip error
5003008	Signature error
5003009	Payment method not supported
5003010	Order status error
5003011	Merchant order number already exists
5003012	URL format error
5003013	Channel error
5003014	Merchant rate configuration is not initialized
5003015	Channel does not exist
5003017	Failed to create collection order
5003018	Failed to check collection order
5003010	Failed to create payment order
5003020	Failed to query payment
5004006	Insufficient merchant balance
500321	Amount format is incorrect
500322	URL not supported
500323	Remote client error
500324	Order expired
500326	Error in querying channel balance
500327	Wrong payment method

Pakistan🇵🇰

Interface Description#

Access flow chart#

common problem#

Signature algorithm#

HTTP_HOST#

HTTP_METHOD#

HTTP_REQUEST_PATH#

NONCE#

PARAMS#

Complete example#

Return description#

Collection#

POST collection and unified order placement#

Request parameters#

Return results#

POST payment for unified order placement#

Request parameters#

Return results#

Collection order inquiry#

POST to obtain collection order information#

Request parameters#

Return results#

Payment order inquiry#

POST Get payment order information#

Request parameters#

Return results#

Return results#

Merchant balance information query#

POST to obtain merchant balance information#

Request parameters#

Return results#

Callback notification#

Submission method: POST#

Content-Type#

Verify signature#

Request parameters#

Signature tool class#

Maven dependencies#

ECSDAKit#

Utils#

java demo#

php demo#

Error coding table#

Interface Description

Access flow chart

common problem

Signature algorithm

HTTP_HOST

HTTP_METHOD

HTTP_REQUEST_PATH

NONCE

PARAMS

Complete example

Return description

Collection

POST collection and unified order placement

Request parameters

Return results

POST payment for unified order placement

Request parameters

Return results

Collection order inquiry

POST to obtain collection order information

Request parameters

Return results

Payment order inquiry

POST Get payment order information

Request parameters

Return results

Return results

Merchant balance information query

POST to obtain merchant balance information

Request parameters

Return results

Callback notification

Submission method: POST

Content-Type

Verify signature

Request parameters

Signature tool class

Maven dependencies

ECSDAKit

Utils

java demo

php demo

Error coding table