# Purchase using token ## OpenAPI Specification ```yaml openapi: 3.0.1 info: title: '' description: '' version: 1.0.0 paths: /api/payment-gateway/v1/payments/purchase: post: summary: Purchase using token deprecated: false description: This API supports both card tokens and account tokens. tags: - Credentials on File parameters: - name: Content-Type in: header description: '' required: true example: application/json schema: type: string requestBody: content: application/json: schema: type: object properties: merchant_id: type: string description: A unique merchant key provided by ABA Bank. maxLength: 20 tran_id: type: string description: A unique transaction ID for the payment. maxLength: 20 ctid: type: string maxLength: 255 description: Your consumer token nullable: true pwt: type: string maxLength: 255 description: PayWay-issued token. nullable: true firstname: type: string description: Buyer's first name. maxLength: 100 email: type: string maxLength: 50 description: Buyer's email. phone: type: string maxLength: 20 description: Buyer's phone. lastname: type: string description: Buyer's last name. maxLength: 100 type: type: string maxLength: 20 description: >- The type of transaction. The default value is 'purchase'. Supported values: - `pre-auth` : Pre-authorization (for pre-purchase). - `purchase` : Full purchase transaction. items: type: string maxLength: 500 description: >- A base64-encoded JSON array listing the items included in the transaction. **PHP Sample Code** ```php $item = base64_encode(json_encode([ ["name" => "product 1","quantity" => 1,"price" => 1.00], ["name" => "product 2","quantity" => 2, "price" => 4.00] ])); ``` **Note: This is for description purposes only. The price or quantity in this information will not be used for calculations or validation** return_url: type: string description: >- URL to receive callbacks upon payment completion, encrypted with Base64. custom_fields: type: string description: >- Additional information you want to attach to the transaction. - This information appears in transaction details, lists, and export reports. - Must be base64-encoded JSON. return_params: type: string description: >- Information to include when PayWay call your return URL after payment completed. payout: type: string description: |- Base64-encoded JSON string representing payout details **PHP Sample Code** ```php $payout = base64_encode(json_encode([ ["acc" => "000133879","amt"=> 1], ["acc" => "000133880","amt" => 1] ])); ``` hash: type: string description: >- Base64-encoded HMAC-SHA512 hash of concatenated values `req_time`, `merchant_id`, `tran_id`, `amount`, `items`, `shipping`, `ctid`, `pwt`, `firstname`, `lastname`, `email`, `phone`, `type`, `return_url`, `currency`, `custom_fields`, `return_params`, and `payout`, using `public_key`. **PHP Sample Code** ```php // public key provided by ABA Bank $api_key = "API KEY PROVIDED BY ABA BANK"; // Prepare the data to be hashed $b4hash = $req_time . $merchant_id . $tran_id . $amount . $items . $shipping . $ctid . $pwt . $firstname . $lastname . $email . $phone . $type . $return_url . $currency . $custom_fields . $return_params . $payout; // Generate the HMAC hash using SHA-512 and encode it in Base64 $hash = base64_encode(hash_hmac('sha512', $b4hash, $api_key, true)); ``` amount: type: number description: Total purchase amount (exclude shipping fee) shipping: type: number description: Shipping fee. req_time: type: string description: Request date and time in UTC format as YYYYMMDDHHmmss. x-apidog-orders: - req_time - merchant_id - tran_id - ctid - pwt - firstname - lastname - email - phone - type - items - shipping - amount - return_url - custom_fields - return_params - payout - hash required: - merchant_id - pwt - ctid - tran_id - hash - amount - req_time example: req_time: '20250312075529' merchant_id: xxxxx type: pre-auth items: Nlx1MTc5NFx1MTdiY...MDAwLjAwIn1d amount: 60000 tran_id: '17417661239' continue_success_url: demo-payway-uat.ababank.com return_url: aHR0cHM6Ly9kZW1vLXBheXdhe..NzY2MTIzOQ== return_param: OTg0OQ== hash: QRzyIlknvaVA..jXvkA== custom_fields: eyJteV9jdXN0bMSI6I..lfY3VzdG9tX2ZpZWDE3NjYxMjl9 firstname: QA lastname: Sakada phone: '017582717' email: sakadaqa@gmail.com responses: '200': description: '' content: application/json: schema: type: object properties: tran_id: type: string description: Your unique transaction id. payment_status: type: object properties: status: type: string description: '`0` represent success payment' code: type: string description: >- Code `CDA00` for success payment, other case pelase check response 403. description: type: string description: >- Please see the property reponse `code` for the details. pw_tran_id: type: string description: Your unique transaction id. x-apidog-orders: - status - code - description - pw_tran_id required: - status - code - pw_tran_id - description 01JME75FTM2NQXKK4G47FGPX4F: type: string x-apidog-orders: - tran_id - payment_status - 01JME75FTM2NQXKK4G47FGPX4F required: - tran_id - payment_status - 01JME75FTM2NQXKK4G47FGPX4F examples: '1': summary: Success value: tran_id: trx-20201019130949 payment_status: status: '0' code: CDA00 description: OK pw_tran_id: trx-20201019130949 '2': summary: Exception value: status: code: 26 message: Invalid Merchant Profile. '3': summary: Example 1 value: status: code: '26' message: Invalid Merchant Profile. headers: {} x-apidog-name: Success '403': description: '' content: application/json: schema: title: '' type: object properties: status: type: object properties: code: type: string description: >- - `1` : Wrong Hash - `2` : Invalid Transaction ID - `3` : Invalid Transaction Amount - `4` : Duplicated Transaction ID - `5` : Transaction not found - `6` : Requested Domain is not in whitelist - `7` : Wrong return param - `8` : Something went wrong while saving Data. Please try again later or contact merchant for help - `10` : Wrong shipping price - `11` : Something went wrong. Try again or contact the merchant for help - `12` : Payment currency is not allowed - `13` : Invalid items - `14` : Invalid Credit Multi Acc - `15` : Invalid or missing channel values from Smart merchant - `16` : Invalid First Name. It must not contain numbers or special characters or more than 100 characters - `17` : Invalid Last Name. It must not contain numbers or special characters or more than 100 characters - `18` : Invalid Phone Number - `19` : Invalid Email - `20` : Something went wrong. Please contact the merchant - `21` : End of API lifetime - `22` : Pre-Auth Transaction is not enabled - `23` : Selected Payment Option is not enabled for this Merchant Profile - `24` : Can not decrypt data - `25` : Allow maximum 10 payout per requests - `26` : Invalid Merchant Profile - `27` : Invalid ctid - `28` : Invalid pwt - `29` : Invalid pwt or ctid - `30` : Merchant is not enabled COF - `31` : Unsecure 3Ds page - `32` : Cannot identify cardOrigin - `33` : Exchange rate data is invalid - `34` : Payout Info is invalid - `35` : Payout account or amount is invalid - `36` : Payout accounts are not in whitelist - `37` : Payout contain invalid Transaction ID - `38` : Payout contain Duplicated Account - `39` : Payout contain Duplicated Transaction ID - `40` : Payout info contain mid not linked with any Merchant Profile - `41` : Payout info contain account invalid status - `42` : Merchant Profile’s MID is missing. Please try again or contact the merchant for help - `43` : Purchase amount has reached transaction limit - `44` : Purchase with zero amount is not allowed - `45` : Purchase amount for KHR currency could not contain decimal place - `46` : KHR Amount must be greater than 100 KHR - `47` : Something went wrong with requested parameters. Please try again or contact the merchant for help - `48` : Invalid Start Date - `49` : Invalid End Date - `50` : Invalid Date Range - `51` : Maximum date range is allowed only 3 days - `52` : Invalid Amount Range - `53` : Transaction is expired. Please try again or contact the merchant for help - `54` : We are unable to request QR from Wechat system. Please try again or contact the merchant for help - `55` : We are unable to validate your transaction with Wechat system. Please try again or contact the merchant for help - `56` : We are unable to validate your card source. Please try again or contact the merchant for help - `57` : Provide invalid card number - `58` : Payout info can not be fixed with MID and ABA Account - `59` : Something went wrong with QR String. Please try again or contact the merchant for help - `60` : Something went wrong. Please try again or contact the merchant for help - `61` : QR is already in use - `62` : Transaction is already exist in core banking. Please perform new transaction or contact the merchant for help - `63` : Payer’s account is same as Merchant Profile’s account. Please choose different account - `64` : Merchant Profile’s MID is not found in core banking. Please try again or contact the merchant for help - `65` : Something went wrong. Please try again or contact the merchant for help - `66` : QR on Invoice is currently not available for this Merchant Profile - `67` : Transaction is expired. Please re-initiate the transaction - `68` : Transaction Lifetime can not be less than 3 minutes - `69` : Total purchase amount has reached daily limit. Please use difference account - `70` : Purchase amount has reached transaction limit - `71` : The merchant profile cannot accept payment because its settlement account is closed - `72` : Invalid Transaction Status - `73` : Invalid tran_id or merchant_id - `74` : tran_id not found - `75` : Invalid Additional Parameters - `76` : Merchant transactions do not support transaction fees - `77` : Card payment transactions are not compatible with the discount program - `78` : Payment Token missing in Google Pay - `79` : Failed to decrypt the payment token provided by Google Pay - `80` : The return URL is not in the whitelist - `81` : The payout has exceeded the maximum allowable amount per transaction - `82` : Payment credential is disabled - `83` : Payment credential is expired - `84` : Purchase reach limit amount per transaction - `85` : Unsupported merchant purchase mode - `86` : Payment credential is removed - `200` : Payment was canceled - `201` : Payment was declined - `401` : Unauthorized access - `403` : Something went wrong. Try again or contact the merchant for help - `429` : Too many requests, please try again in 1 minute - `503` : System Under Maintenance message: type: string description: Please see more details on the property `code` above. x-apidog-orders: - code - message description: status required: - code - message x-apidog-orders: - status required: - status headers: {} x-apidog-name: Forbidden security: [] x-apidog-folder: Credentials on File x-apidog-status: released x-run-in-apidog: https://app.apidog.com/web/project/831852/apis/api-14530833-run components: schemas: {} securitySchemes: {} servers: - url: https://checkout-sandbox.payway.com.kh/ description: StillZeroBug security: [] ```