Notification - API Convenience Store
NICEPAY provides push notifications via dbProcessUrl Merchant. The Merchant needs to reassure there is no Blacklist NICEPAY IP and should Whitelist NICEPAY IP to get the push notification only from NICEPAY's server.
Request Method | POST |
Merchant Token | SHA256 ( iMid+ tXid + amt+ merchantKey) |
IP | 103.20.51.0/24 103.117.8.0/24 |
User-Agent | User-Agent: Jakarta Commons-HttpClient/3.1 |
When your dbProcessUrl received a notification, NICEPAY strongly recommend Merchant to verify the notification using the Status Inquiry - API Convenience Store.
Parameter | Type | Size | Description | Example / Notes |
tXid | N | 30 | Transaction ID | TNICECV03103202212141459041632 |
merchantToken | AN | 255 | Merchant Token | 8b5565e793731a1a1c8817c9e42bcbbdc3f5fb6a2785a6e0b19a2d5e3a41a51b |
referenceNo | ANS | 40 | Merchant Order No | ord0123456 |
mitraCd | A | 4 | ALMA | |
payMethod | N | 2 | 04 | |
payNo | N | 20 | Payment Number | 504100002539 |
payValidTm | N | 6 | CVS expiry time (HH24MISS) | null |
payValidDt | N | 8 | CVS Expiry Date (YYYYMMDD) (CVS) | null |
amt | N | 12 | Payment amount | 5000 |
clientUserKey Mandatory if tokenize | AN | 100 | User key, must be unique for each customer | 1134431 |
userToken | ANS | | User Token | 12345eea9-6234-6789-12r3-123re3456tt5 |
tokenizeUser | N | 1 | Transaction tokenize type | 1 |
transDt | N | 8 | Transaction date | 20221214 |
transTm | N | 6 | Transaction time | 150229 |
currency | A | 3 | Currency | IDR |
goodsNm | AN | 100 | Goods name | Testing |
billingNm | A | 100 | Billing name | John-Doe |
matchCl | N | 1 | Payment Flag: Notification Match Amount Indicator | 1 |
status | A | 1 | 0 | |
instmntType | N | 2 | 1 | |
instmntMon | N | 2 | Installment Month | 1 |
The Merchant Token received by the Notification Endpoint must compare internally to prevent fake/invalid notifications.
💡Example Case:
For example, you have a merchantKey that is used to generate a token, which is 1234. When the merchantToken generated by the merchant is known, it is abcd, while the merchantToken obtained in the notification is abdd. Then the notification is considered fake/invalid.