# QR API ## OpenAPI Specification ```yaml openapi: 3.0.1 info: title: '' description: '' version: 1.0.0 paths: /api/payment-gateway/v1/payments/generate-qr: post: summary: QR API deprecated: false description: |- - Support both online/instore merchant - Supported payment options - Transaction currency KHR: ABA PAY, KHQR - Transaction curency USD: ABA PAY, KHQR, WeChat and Alipay tags: - ABA QR API parameters: - name: Content-Type in: header description: '' required: true example: application/json schema: type: string requestBody: content: application/json: schema: type: object properties: req_time: type: string description: Request date and time in UTC format as YYYYMMDDHHmmss. merchant_id: type: string description: A unique merchant key which provided by ABA Bank. maxLength: 30 x-apidog-mock: keng.dara.online tran_id: type: string description: >- This is the unique transaction ID that identifies the transaction. maxLength: 20 first_name: type: string description: Payer's first name. maxLength: 20 last_name: type: string description: Payer's last name. maxLength: 20 email: type: string description: Payer's email address. maxLength: 50 phone: type: string description: Payer's phone number. maxLength: 20 amount: type: number description: >- The total transaction amount must be at least **100 KHR** or **0.01 USD** and cannot be null. x-apidog-mock: '0.01' currency: type: string description: >- Supported transaction currencies: `KHR` and `USD`. Not case-sensitive. maxLength: 3 purchase_type: type: string maxLength: 20 description: >- Supported values: `pre-auth` and `purchase`. If the merchant does not provide a value, the default will be `purchase`. Note: Alipay & WeChat do not support pre-auth. payment_option: type: string maxLength: 20 description: > Supported payment options: - `abapay_khqr` : Payway will response ABA KHQR. - `wechat` : PayWay will respond with a WeChat QR (only for USD transactions). - `alipay` : PayWay will respond with an Alipay QR (only for USD transactions). x-apidog-mock: abapay_khqr items: type: string maxLength: 500 description: >- Item list description in Base64-encoded JSON format. Maximum of 10 items. **PHP Sample Code** ```php $items = base64_encode('[ {"name":"Item 1","quantity":1,"price":1.00}, {"name":"Item 2","quantity":1,"price":4.00} ]'); ``` x-apidog-mock: >- W3sibmFtZSI6IicgVU5JT04gU0VMRUNUIG51bGwsIHZlcnNpb24oKSwgbnVsbCAtLSIsInF1YW50aXR5IjozLCJwcmljZSI6MTAwLjAxfV0= callback_url: type: string maxLength: 255 description: >- URL to receive callbacks upon payment completion, encrypted with Base64. **PHP Sample Code** ```php $callback_url = base64_encode('YOUR CALL BACK URL'); ``` return_deeplink: type: string maxLength: 255 description: >- **PHP Sample Code** ```php $return_deeplink = base64_encode('{"android_scheme": "{YOUR ANDROID SCHEME}", "ios_scheme":"{YOUR IOS SCHEME}"}'); ``` x-apidog-mock: >- IHsiYW5kcm9pZF9zY2hlbWUiOiJ0aWt0b2s6Ly8iLCJpb3Nfc2NoZW1lIjoidGlrdG9rOi8vIn0= custom_fields: type: string maxLength: 255 description: >- Additional custom fields to attach to the QR, encrypted with Base64. **PHP Sample Code** ```php $custom_fields = base64_encode('{"Province":"ABC", "Province": "Male" }'); ``` x-apidog-mock: eyJpZF9jYXJ0IjoyMzkxNzMzOX0= return_params: type: string description: >- Additional information to include in the pushback once the payment is completed. **PHP Sample Code** ```php $return_params = '{"key_1": "Value 1","key_2": "Value 2"}'; ``` x-apidog-mock: eyJBdXRvbWF0aW9uX3JldHVybnBhcmFtIjoiU0lEQVJBIEtIUVIifQ== payout: type: string maxLength: 255 description: | Payout instructions in a Base64-encoded JSON string. **PHP Sample Code** ```php $payout = base64_encode('[ {"account":"201030101","amount":1.72}, {"account":"012538302","amount":1.72} ]'); ``` lifetime: type: integer description: |- Transaction lifetime in minutes. Default: 30 days. - Minimum: 3 mins - Maximum: 120 days qr_image_template: type: string description: >- The QR image comes with various options to suit your needs. Please refer to the link below for details **[templates](https://developer.payway.com.kh/aba-qr-api-3158158f0.md#3-integration-steps)**. maxLength: 20 x-apidog-mock: template3_color hash: type: string description: >- Base64 encode of hash hmac sha512 encryption of concatenated values `req_time`,`merchant_id`,`tran_id`,`amount`,`items`,`first_name`,`last_name`,`email`,`phone`,`purchase_type`,`payment_option`,`callback_url`,`return_deeplink`,`currency`,`custom_fields`,`return_params`,`payout`,`lifetime`, and `qr_image_template` **PHP Sample Code** ```php // public key provided by ABA Bank $api_key = 'API KEY PROVIDED BY ABA BANK'; // Prepare the data to be hashed $b4hash = $req_time . $merchant_id . $tran_id . $amount . $items . $first_name . $last_name+ email . $phone . $purchase_type . $payment_option . $callback_url . $return_deeplink . $currency . $custom_fields . $return_params . $payout . $lifetime . $qr_image_template; // Generate the HMAC hash using SHA-512 and encode it in Base64 $hash = base64_encode(hash_hmac('sha512', $b4hash, $api_key, true)); ``` x-apidog-orders: - req_time - merchant_id - tran_id - first_name - last_name - email - phone - amount - currency - purchase_type - payment_option - items - callback_url - return_deeplink - custom_fields - return_params - payout - lifetime - qr_image_template - hash required: - req_time - merchant_id - tran_id - payment_option - amount - lifetime - qr_image_template - hash - currency example: req_time: '20250312095439' merchant_id: keng.dara.online tran_id: '20250311033231' first_name: ABA last_name: Bank email: aba.bank@gmail.com phone: '012345678' amount: 0.01 purchase_type: purchase payment_option: abapay_khqr items: >- W3sibmFtZSI6IicgVU5JT04gU0VMRUNUIG51bGwsIHZlcnNpb24oKSwgbnVsbCAtLSIsInF1YW50aXR5IjozLCJwcmljZSI6MTAwLjAxfV0= currency: USD callback_url: aHR0cHM6Ly9hcGkuY2FsbGJhY2suY29tL25vdGlmeQ== return_deeplink: null custom_fields: null return_params: null payout: null lifetime: 6 qr_image_template: template3_color hash: ZyDmMe/kznbY2e...ZB6tMnqv57V06T13du8807dcbPTg== responses: '200': description: '' content: application/json: schema: type: object properties: status: type: object properties: code: type: string description: > Possible response codes: - `0` : Success. - `1` : Wrong Hash. - `6` : Requested Domain is not in whitelist. - `8` : Something went wrong. Please reach out to our digital support team for assistance - `12` : Payment currency is not allowed. - `16` : Invalid First Name. It must not contain numbers or special characters or not more than 100 characters. - `17` : Invalid Last Name. It must not contain numbers or special characters or not more than 100 characters. - `18` : Invalid Phone Number. - `19` : Invalid Email. - `21` : End of API lifetime. - `23` : Selected Payment Option is not enabled for this Merchant Profile. - `32` : Service is not enable. - `35` : Payout Info is invalid. - `44` : Purchase amount has reached transaction limit. - `47` : KHR Amount must be greater than 100 KHR. - `48` : Something went wrong with requested parameters. Please try again or contact the merchant for help. - `96` : Invalid merchant data - `102` : The URL is not in the whitelist. - `403` : Duplicated Transaction ID - `429` : You've reached the maximum attempt limit. Please try again in (min) message: type: string description: >- Please see the property reponse `code` for the details. trace_id: type: string description: >- A unique identifier assigned to a request to help track its journey through a system x-apidog-orders: - code - message - trace_id required: - code - message - trace_id amount: type: number description: Transaction amount. abapay_deeplink: type: string description: >- ABA Mobile Deeplink. You can use this deeplink to automatically open ABA Mobile so that customer can confim payment. app_store: type: string description: >- If you try to open `abapay_deeplink` and the payer does not have ABA Mobile installed, you can redirect the user to the app store to download ABA Mobile. play_store: type: string description: >- If you try to open `abapay_deeplink` and the payer does not have ABA Mobile installed, you can redirect the user to the play store to download ABA Mobile. currency: type: string description: Transaction currency. qrString: type: string description: QR conent as string qrImage: type: string description: QR as base64 image. x-apidog-orders: - qrString - qrImage - abapay_deeplink - app_store - play_store - amount - currency - status required: - status - amount - qrString - qrImage - abapay_deeplink - app_store - play_store - currency example: qrString: >- 00020101021230510016abaakhppxxx@abaa01151250212145328460208ABA Bank52048249530384054040.015802KH5925OLD ME 25 CHAR WINNER IP qrImage: >- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAKAAAACgCAYAAACLz2ctAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAOC0lEQVR4nO2deahV1RfHl6ZlaaZ abapay_deeplink: >- abamobilebank://ababank.com?type=payway&qrcode=00020101021230510016abaakhppxxx%40abaa01151250212145328460208ABA+Bank5 app_store: >- https://itunes.apple.com/al/app/aba-mobile-bank/id968860649?mt=8 play_store: >- https://play.google.com/store/apps/details?id=com.paygo24.ibank amount: 0.01 currency: USD status: code: '0' message: Success. trace_id: b9f93f45b49f08e26dfcfb8c2da396c6 headers: {} x-apidog-name: Success security: [] x-apidog-folder: ABA QR API x-apidog-status: released x-run-in-apidog: https://app.apidog.com/web/project/831852/apis/api-14530840-run components: schemas: {} securitySchemes: {} servers: - url: https://checkout-sandbox.payway.com.kh/ description: StillZeroBug security: [] ```