Notification - API QRIS
 provides push s via dbProcessUrl . The needs to reassure there is no Blacklist IP and should Whitelist IP to get push only from 's server.
Request Method | POST |
---|---|
Merchant Token | SHA256 ( iMid+ tXid + amt+ merchantKey) |
IP | 103.20.51.0/24 103.117.8.0/24 |
User-Agent | User-Agent: Jakarta Commons-HttpClient/3.1 |

When your dbProcessUrl received a , strongly recommend to verify using Status Inquiry - API QRIS.
Parameter | Type | Size | Description | Example / Notes |
---|---|---|---|---|
tXidxample | N | 30 | Transaction ID | IONPAYTEST08202212141041407785 |
merchantToken | AN | 255 |  Token | 69ba08191f47af25dd3ea089a99f89a6cb05295f9e641a78e8e44f5f75891cc7 |
referenceNo | ANS | 40 |  Order Number | ORD54321 |
payMethod | N | 2 | Payment Method Code | 08 |
paymentTrxSn | AN | 32 |  Transaction Number | 112160983971452364 |
userId | AN | 128 |  User ID Hash | 8bf254cdb4dfff447233a67e796556db7653c40234edb979614f007dfa8eb7c1 |
amt | N | 12 |  Amount | 5 |
mitraCd | N | 4 | Mitra Code | QSHP |
transDt | N | 8 | Transaction Date | 20221214 |
transTm | N | 6 | Transaction Time | 104140 |
currency | A | 3 | Currency | IDR |
goodsNm | AN | 100 | Goods n=Name | Test+Transaction+ |
billingNm | A | 100 | Billing Name | Andi+Pamungkas |
matchCl | N | 1 |  Flag: | 1 |
status | A | 1 | 0 | |
shopId Required for QRIS | AN | 32 | Shop ID |  |

Parameter | Type | Size | Description |
---|---|---|---|
paymentTrxSn | AN | 32 |  Transaction Number |
userId | AN | 128 |  User ID Hash |
shopId | AN | 32 | Shop ID |
The Token received by Notification Endpoint must compare internally to prevent fake/invalid s.
💡Example Case:
For example, you have a merchantKey that is used to generate a token, which is 1234. When merchantToken generated by is known, it is abcd, while merchantToken obtained in is abdd. Then is considered fake/invalid.