# Payment ## OpenAPI Specification ```yaml openapi: 3.0.1 info: title: '' description: '' version: 1.0.0 paths: /api/payment-gateway/v3/purchase/payment-credential: post: summary: Payment deprecated: false description: >+ This Payment API allows you to initiate transactions using a token. It supports the following token types: `CITI_FLEX`, `CITO_FLEX`, and `CITR_FIX`. ![Unscheduled payment with 3DS challenge Flow (1).png](https://api.apidog.com/api/v1/projects/831852/resources/374675/image-preview) ![Scheduled payment.png](https://api.apidog.com/api/v1/projects/831852/resources/374089/image-preview) tags: - Credentials on File parameters: - name: Content-Type in: header description: '' required: true example: application/json schema: type: string requestBody: content: application/json: schema: type: object properties: request_time: type: string description: Request date and time in UTC format as YYYYMMDDHHmmss. x-apidog-mock: '{{$date.timestamp}}' merchant_id: type: string description: A unique merchant key which provided by ABA Bank. maxLength: 20 x-apidog-mock: '{{merchant_id}}' ctid: type: string description: Your consumer identification number. x-apidog-mock: '{{$string.uuid}}' maxLength: 24 first_name: type: string description: Buyer's first name. x-apidog-mock: '{{$person.firstName}}' maxLength: 20 nullable: true last_name: type: string description: Buyer's last name. x-apidog-mock: '{{$person.lastName}}' maxLength: 20 nullable: true email: type: string description: Buyer's email address. x-apidog-mock: '{{$internet.email}}' maxLength: 50 nullable: true phone: maxLength: 20 type: string description: 'Buyer''s phone #.' x-apidog-mock: '{{$phone.number}}' nullable: true amount: type: number description: >- Total purchase amount (excluding shipping fee). For KHR, the amount must be at least 100. For USD, the amount must be at least 0.01. x-apidog-mock: '{{$finance.amount}}' format: double currency: type: string description: >- The transaction currency for the payment. Supported values are `KHR` or `USD`. Please ensure that your merchant profile has these currencies enabled. x-apidog-mock: USD token_flag: type: string description: >- Supported value `CITU_FLEX`, `MITU_FLEX` and `MITR_FIX`. Make sure your merchant profile enable to support your business cases. x-apidog-mock: CITU_FLEX purchase_type: type: string description: >- The type of transaction. The default value is `purchase`. Supported values: - pre-auth : Pre-authorization (for pre-purchase). - purchase : Full purchase transaction. x-apidog-mock: purchase nullable: true items: maxLength: 500 type: string description: >- A base64-encoded JSON array listing the items included in the transaction. **PHP Sample Code** ```js $item = base64_encode(json_encode([ ["name" => "product 1","quantity" => 1,"price" => 1.00], ["name" => "product 2","quantity" => 2, "price" => 4.00] ])); ``` nullable: true return_params: maxLength: 500 type: string description: >- If you want to include extra data to associate with the transaction and receive it back after payment, you can use the field parameter. Once the payment is completed, this data will be returned in the response. nullable: true payout: maxLength: 500 type: string description: | Base64-encoded JSON string representing payout details **PHP Sample Code** ```js $payout = base64_encode(json_encode([ ["acc" => "000133879","amt"=> 1], ["acc" => "000133880","amt" => 1] ])); ``` nullable: true custom_fields: maxLength: 500 type: string description: >- Additional information you want to attach to the transaction. This information appears in transaction details, lists, and export reports. Must be base64-encoded JSON. nullable: true hash: type: string description: >- **PHP Sample Code** ```js // public key provided by ABA Bank $api_key = "API KEY PROVIDED BY ABA BANK"; // Prepare the data to be hashed $b4hash = $request_time . $merchant_id . $tran_id . $amount . $currency . $items . $ctid . $pwt . $first_name . $last_name . $email . $phone . $purchase_type . $callback_url . $custom_fields . $return_params . $payout . $token_flag . $shipping_fee; // Generate the HMAC hash using SHA-512 and encode it in Base64 $hash = base64_encode(hash_hmac('sha512', $b4hash, $api_key, true)); ``` pwt: type: string title: '' description: >- PWT (PayWay Token) is a unique token automatically generated by the PayWay system and is used to complete the purchase. tran_id: type: string description: A unique transaction identifier for the payment. x-apidog-mock: '{{$string.uuid}}' maxLength: 20 shipping_fee: type: number format: double x-apidog-mock: '{{$finance.amount}}' description: Shipping fee. Can be any amount. callback_url: type: string description: >- URL to receive callbacks upon payment completion, encrypted with Base64. required: - amount - ctid - currency - hash - merchant_id - pwt - request_time - token_flag - tran_id x-apidog-orders: - request_time - merchant_id - tran_id - ctid - pwt - first_name - last_name - email - phone - amount - shipping_fee - currency - token_flag - purchase_type - callback_url - items - return_params - payout - custom_fields - hash example: purchase_type: purchase amount: 0.02 shipping_fee: 0.02 ctid: SIDARA return_params: eyJBdXRvbWF0aW9uX3JldHVybnBhcmFtIjoiU0lEQVJBIEtIUVIifQ== custom_fields: eyJpZF9jYXJ0IjoyMzkxNzMzOSwiQ09NUEFOWSI6IkFVVE9NQVRFUiJ9 return_deeplink: >- IHsiYW5kcm9pZF9zY2hlbWUiOiJ0aWt0b2s6Ly8iLCJpb3Nfc2NoZW1lIjoidGlrdG9rOi8vIn0= payout: '' last_name: Bora tran_id: '5399119569' merchant_id: automate_online pwt: >- 6451397B0BC9B09CADBDA8DA17EC11BB87B46185F657272245F8727CC5EA8936C94E807 request_time: '20250725103323' token_flag: CITU_FLEX phone: '010417430' currency: USD items: >- W3sibmFtZSI6IkFuZ2tvciBQdXJvIiwicXVhbnRpdHkiOjMsInByaWNlIjoxMDAuMDF9XQ== first_name: Thol hash: >- 2QSqdjva5Q+kzPpsKKp2bNCpWeVmUebpLnBjFlYEFoi5gs9vdPUs79FWe9/MnmWNdNQvjrT6aaoUhSJzmikmzQ== email: Thol.unreal@ababank.com responses: '200': description: '' content: application/json: schema: type: object properties: status: type: object properties: code: type: string title: '' description: '`00` - Success' message: type: string title: '' description: >- Please see the property reponse `code` for the details. trace_id: type: string title: '' description: >- A log ID is generated by the PayWay system for debugging purposes. x-apidog-orders: - code - message - trace_id required: - code - message - trace_id x-apidog-orders: - status examples: '1': summary: Example 1 value: status: code: '00' message: Success. trace_id: d79f472376737a997f6ea66d0d8eb045 '2': summary: Example 1 value: status: code: '04' message: The given data was invalid. trace_id: 30a1b46c37.....6aad589ffaff8 errors: amount: - Amount is required - Message 2 currency: - Currency is required - Message 2 '3': summary: Example 1 value: status: code: '98' message: Merchant id not found trace_id: a07481d6e19.....ca201f8200a headers: {} x-apidog-name: OK '400': description: '' content: application/json: schema: type: object properties: status: type: object properties: code: type: string description: '`04` - The given data was invalid' message: type: string description: >- Please see the property reponse `errors` for the details. trace_id: type: string description: >- A log ID is generated by the PayWay system for debugging purposes. errors: type: object properties: {} x-apidog-orders: [] additionalProperties: type: array items: type: string description: |- Error details: **Sample** ```js "errors": { "property1": [ "string" ], "property2": [ "string" ] } ``` x-apidog-orders: - code - message - trace_id - errors required: - code - message - trace_id - errors x-apidog-orders: - status required: - status headers: {} x-apidog-name: Bad Request '403': description: '' content: application/json: schema: title: '' type: object properties: status: type: object properties: code: type: string description: |- - `01` - Wrong Hash. - `98` - Merchant id not found message: type: string description: >- Please see the property reponse `code` for the details. trace_id: type: string x-apidog-mock: '{{$string.uuid}}' description: >- A log ID is generated by the PayWay system for debugging purposes. x-apidog-orders: - code - message - trace_id required: - code - message - trace_id x-apidog-orders: - status required: - status headers: {} x-apidog-name: Forbidden security: [] x-apidog-folder: Credentials on File x-apidog-status: released x-run-in-apidog: https://app.apidog.com/web/project/831852/apis/api-19336821-run components: schemas: {} securitySchemes: {} servers: - url: https://checkout-sandbox.payway.com.kh/ description: StillZeroBug security: [] ```