# Ecommerce Checkout
## 1. Introduction
With PayWay eCommerce Checkout, you can easily **accept payments on your website or mobile app**. This solution lets your customers pay quickly and securely using **Credit/Debit Cards**, **ABA Pay & KHQR** (via ABA Mobile or other KHQR-supported banking apps), **WeChat Pay** or **Alipay** — to give them a seamless and secure checkout experience.
**Common Use Cases**
- **Online shopping** – Accept payments for products and services.
- **Wallet top-ups & digital services** – Let users add funds or pay for digital services.
- **Subscriptions & bills** – As a checkout to process recurring payments and utility bills.
- **On-demand services** – Handle payments for food delivery, ride-hailing, and more.
- **Event bookings** – Enable seamless ticket and reservation payments
## 2. How it works
1. The **customer selects a product or service** and clicks **"Pay"**.
2. They **choose a payment method**, and a **checkout modal appears**.
3. The **customer completes payment** with their chosen method (credit/debit cards, ABA Pay, KHQR, WeChat Pay, Alipay, or Google Pay).
4. Once the payment is processed, **your system receives a pushback notification** with the payment status.
5. Your system **verifies the payment** and confirms the order.
:::info[]
Selling on an eCommerce platform? See our [eCommerce Checkout Plugins](https://developer.payway.com.kh/checkout-plugins-3186291f0.md) instead!
:::
## 3. Set up your payment selection UI
To ensure a smooth payment experience, your platform **must** include UI to accommodate the online payment acceptance. This includes:
- A section where **customers can choose a payment options** they want to pay with.
- A **"We Accept..."** area that shows the payment options you offer.
:::caution[]
You **must** follows PayWay eCommerce checkout guidelines to ensure seamless customer payments.
To accept payments on your website
To accept payments on your app or web app
:::
## 4. Integration Steps
:::tip[]
Before you start, make sure you have the following:
- PayWay Sandbox Account – **[Register here](https://sandbox.payway.com.kh/register-sandbox/)** to test transactions.
- Sandbox Merchant ID & API Key—You’ll receive these via email after registering for the sandbox.
:::
To integrate online payments on your website or mobile app, follow these steps:
When the customer selects "Pay" and **chooses a payment method**, call the **[Create Transaction API](https://developer.payway.com.kh/purchase-14530820e0.md)** to generate a transaction and display it on your platform.
**Sample Request**
```
```
PayWay will respond with a **HTML response** that contains the checkout interface, which you must render on your website/platform for the customer to complete the payment.
**Sample Response (Varies Based on Payment Method):**
```html
| Payment Options |Checkout UI |
| --- | --- |
| `cards` | 
|
| `abapay` | 
|
| `bakong` | 
|
| `alipay` | 
|
| `wechat` | 
|
For a better user experience on mobile apps or webview, ensure you use the following parameters when you call **[Create Transaction API](https://developer.payway.com.kh/purchase-14530820e0.md)** :
- `view_type=hosted` → To respond the hosted checkout page on mobile.
- `return_deeplink` → Handles redirection for native iOS and hybrid apps, so your customers can return to your platform after making a payment in ABA Mobile.
**Sample Response (Varies Based on Payment Method):**
```html
| Payment Options |Checkout UI |
| --- | --- |
| `cards` | 
|
| `abapay` | |
| `bakong` | |
| `alipay` | |
| `wechat` | |
| `google_pay` | |
Use the Check Transaction API to confirm whether a payment was successful.
After you create a payment, call the API with the transaction ID to check its status. Please respect the rate limit of 600 requests per second and stop checking once a result is returned.
For response details and error explanations, see the API guide here:
**[Check transaction API](https://developer.payway.com.kh/check-transaction-14530826e0.md)**
Once the customer completes the payment, PayWay will send the transaction details and other important information to the `return_url`.
- If return_url is not provided in the request, PayWay will use the default return_url configured in the API Settings.
- If you provide a custom return_url, make sure the domain is whitelisted in your merchant profile.
Your return_url endpoint must:
- Accept the HTTP POST method
- Accept Content-Type: application/json
:::highlight red 💡
We highly recommend securing this URL to ensure that only PayWay has access to it.
:::
**Sample Pushback Data**
```
{
"tran_id": "17425401324",
"apv": "619195",
"status": "0",
"return_params": "xxxxxxxxxx"
}
```
---
**tran_id** `string`
Transaction ID sent during the initial payment process.
---
**apv** `string`
Transaction approval code.
---
**status** `string`
Payment status
---
**return_params** `string`
Extra information sent to the payment gateway during the payment initiation request.
---
**Verify Callback Signature**
For security purposes, PayWay includes a hash signature in the request header.
You should verify this signature to confirm that the callback was sent by PayWay and that the data has not been modified.
Below is an example in PHP demonstrating how to:
1. Read the callback data
2. Generate the signature
3. Compare it with the signature received in the header
PHP Example
```
// Read request body
$response = json_decode(file_get_contents('php://input'), true);
$secretKey = "YOUR_SECRET_KEY";
// 1. Sort fields by key (ascending)
ksort($response);
// 2. Concatenate all values
$b4hash = '';
foreach ($response as $value) {
if (is_array($value)) {
$value = json_encode($value);
}
$b4hash .= $value;
}
// 3. Generate HMAC-SHA512 signature
$signature = base64_encode(
hash_hmac('sha512', $b4hash, $secretKey, true)
);
// 4. Get signature from request header
$receivedSignature = $_SERVER['HTTP_X_PAYWAY_HMAC_SHA512'] ?? '';
// 5. Compare signatures
if (hash_equals($signature, $receivedSignature)) {
// Valid request – process the notification
} else {
// Invalid request
http_response_code(401);
exit('Invalid signature');
}
```