Notification - API Payloan
 provides push s via dbProcessUrl . The needs to reassure there is no Blacklist IP and should Whitelist IP to get push only from 's server.
Request Method | POST |
---|---|
Merchant Token | SHA256 ( iMid+ tXid + amt+ merchantKey) |
IP | 103.20.51.0/24 103.117.8.0/24 |
User-Agent | User-Agent: Jakarta Commons-HttpClient/3.1 |

When your dbProcessUrl received a , strongly recommend to verify using Status Inquiry - API Payloan.
Parameter | Type | Size | Description | Example / Notes |
---|---|---|---|---|
tXid | N | 30 | Transaction ID | PAYLOANTES06202212141610281704 |
merchantToken | AN | 255 |  Token | 0716e8cbb7bac584efa98df5021543e11fab1a520415f1382572eadcca81107f |
referenceNo | ANS | 40 |  Order Number | ord20221214161263 |
payMethod | N | 2 | Payment Method Code | 06 |
amt | N | 12 |  Amount | 25145 |
goodsNm | AN | 100 | Goods Name | Testing |
matchCl | N | 1 |  Flag: Notification Match Amount Indicator | Null |
status | A | 1 | 0 | |
mitraCd | A | 4 | Mitra Code | KDVI |
transTm | N | 6 | Transaction Time (HH24MISS) | 155852 |
clientUserKey Mandatory if tokenize | AN | 100 | User key, must be unique for each | 1134431 |
billingNm | A | 100 | Buyer Name | John-Doe |
transDt | N | 8 | Transaction date | 20221214 |
currency | A | 3 | Currency | IDR |
tokenizeUser | N | 1 | Transaction Tokenize Type | 1 |
userToken | ANS |  | User Token | 12345eea9-6234-6789-12r3-123re3456tt5 |

Parameter | Type | Size | Description |
---|---|---|---|
mitraCd | A | 4 | Mitra Code |
payNo | N | 12 |  Number |
payValidDt | N | 8 | Expiry Date (YYYYMMDD) |
payValidTm | N | 6 | Expiry Time (HH24MISS) |
receiptCode | ANS | 20 | Authorization Number |
mRefNo | AN | 18 | Reference Number |
depositDt | N | 8 | Deposit Date (YYYYMMDD) |
depositTm | N | 6 | Deposit Time (HH24MISS) |
The Token received by Notification Endpoint must compare internally to prevent fake/invalid s.
💡Example Case:
For example, you have a merchantKey that is used to generate a token, which is 1234. When merchantToken generated by is known, it is abcd, while merchantToken obtained in is abdd. Then is considered fake/invalid.