Notification - API Payloan
NICEPAY provides push notifications via dbProcessUrl Merchant. The Merchant needs to reassure there is no Blacklist NICEPAY IP and should Whitelist NICEPAY IP to get the push notification only from NICEPAY's server.
Request Method | POST |
Merchant Token | SHA256 ( iMid+ tXid + amt+ merchantKey) |
IP | 103.20.51.0/24 103.117.8.0/24 |
User-Agent | User-Agent: Jakarta Commons-HttpClient/3.1 |

When your dbProcessUrl received a notification, NICEPAY strongly recommend Merchant to verify the notification using the Status Inquiry - API Payloan.
Parameter | Type | Size | Description | Example / Notes |
tXid | N | 30 | Transaction ID | PAYLOANTES06202212141610281704 |
merchantToken | AN | 255 | Merchant Token | 0716e8cbb7bac584efa98df5021543e11fab1a520415f1382572eadcca81107f |
referenceNo | ANS | 40 | Merchant Order No | ord20221214161263 |
payMethod | N | 2 | Payment Method Code | 06 |
amt | N | 12 | Payment amount | 25145 |
goodsNm | AN | 100 | Goods name | Testing |
matchCl | N | 1 | Payment Flag: Notification Match Amount Indicator | Null |
status | A | 1 | 0 | |
mitraCd | A | 4 | Mitra Code | KDVI |
transTm | N | 6 | Transaction Time (HH24MISS) | 155852 |
clientUserKey Mandatory if tokenize | AN | 100 | User key, must be unique for each customer | 1134431 |
billingNm | A | 100 | Buyer Name | John-Doe |
transDt | N | 8 | Transaction date | 20221214 |
currency | A | 3 | Currency | IDR |
tokenizeUser | N | 1 | Transaction tokenize type | 1 |
userToken | ANS |  | User Token | 12345eea9-6234-6789-12r3-123re3456tt5 |

Parameter | Type | Size | Description |
mitraCd | A | 4 | Mitra Code |
payNo | N | 12 | Payment Number |
payValidDt | N | 8 | Expiry Date (YYYYMMDD) |
payValidTm | N | 6 | Expiry Time (HH24MISS) |
receiptCode | ANS | 20 | Authorization number |
mRefNo | AN | 18 | Reference No. |
depositDt | N | 8 | Deposit Date (YYYYMMDD) |
depositTm | N | 6 | Deposit Time (HH24MISS) |
The Merchant Token received by the Notification Endpoint must compare internally to prevent fake/invalid notifications.
💡Example Case:
For example, you have a merchantKey that is used to generate a token, which is 1234. When the merchantToken generated by the merchant is known, it is abcd, while the merchantToken obtained in the notification is abdd. Then the notification is considered fake/invalid.