"For the best experience, we recommend using your desktop pc or laptop to access this document."

FasaPay SCI GUIDE
Shopping Cart Interface Guide version 3.16.4

Requirement

To understand this document, you have to at least know basic HTML and HTTP POST/GET request.
To integrate with SCI, please make sure you have created a store on member area: Login > Merchant Tools (SCI) > Store.
SCI Secure Mode are available for Store and Corporate Member

Flow Diagram

FasaPay SCI Secure Mode

1. (A0) Merchant Secure Link Requester send REQUEST FORM to (0) FasaPay SCI INDEX (https://sci.fasapay.com/)
2. FasaPay Response with a JSON data containing the SECURE LINK and validation hash
3. (A)Merchant Shopping Cart using SECURE LINK redirect user to (1) FasaPay SCI Login Page
(1) FasaPay FasaPay SCI Login, User input their login credential
(2) FasaPay SCI TRANSFER form, User input additional transfer information
(3) FasaPay SCI CONFIRM Transaction, User Confirm trnasfer information and authorize the transfer
1. On Successful transaction FasaPay send STATUS FORM to (D) Merchant STATUS page
2. (4) FasaPay SCI RESULT , Transaction success and the SUCCESS FORM to redirect user is available
SUCCESS FORM send to (C) Merchant Success Page if user click on "Back to Merchant" Button

If User Press any Cancel button in step 2-4 They will be send to (5) FasaPay SCI FAIL page and a FAIL FORM to redirect user is available

Request Form

Example

                                <form method="POST" action="https://sci.fasapay.com/"> 
                                <input type="hidden" name="fp_acc" value="FP0001">
                                <input type="hidden" name="fp_item" value="2 pieces of Clothes">
                                <input type="hidden" name="fp_amnt" value="2000">
                                <input type="hidden" name="fp_currency" value="IDR">
                                <input type="hidden" name="fp_comments" value="Purchase of 2 pieces of black clothes with white collar">
                                <input type="hidden" name="fp_merchant_ref" value="BL002883" /> 
                                <input type="hidden" name="fp_success_url" value="http://www.domain.com/merchant/result.php" />
                                <input type="hidden" name="fp_success_method" value="POST" />
                                <input type="hidden" name="fp_fail_url" value="http://www.domain.com/merchant/cancel.php" />
                                <input type="hidden" name="fp_fail_method" value="GET" />
                                <input type=”hidden” name=
                                <!-- additional fields -->
                                <input type="hidden" name="track_id" value="558421222">
                                <input type="hidden" name="order_id" value="BJ2993800-">
                                <input name="" type="submit">
                                </form>

Variable/Input	Description	Type Data (Accepted Value)	Example	Secure Mode
`fp_acc`	Merchant FasaPay Account. If specified it cannot be changed.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456	R
`fp_acc_from`	User/Buyer FasaPay Account. If specified it cannot be changed	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456	O
`fp_store`	The store’s name. if specified it will become the header of the SCI page. If Merchant has created SCI Store in their account.	STRING Max : 100 Character	My Store MyStore	R
`fp_item`	Name of the item or its amount. Will be appeared in the left side of transaction summary.	STRING Max: 255 Character	2 Piece of Apple	O
`fp_cart`	List of the items, quantity and price of each item.	Array	[ {“item”:”Apple”,”price”:100,”qty”:2}, {“item”:”Berry”,”price”:500,”qty”:5}, ]	O
`fp_cart[][item]`	Name of the Item.	STRING Max: 100 character		O
`fp_cart[][comment]`	Additional note of the item.	STRING Max: 100 character		O
`fp_cart[][price]`	Price of the Item.	FLOAT Use point (.) as decimal separator. Please remove Thousand Separator.		O
`fp_cart[][qty]`	Quantity of the Item.	Number		O
`fp_amnt`	Amount of transaction which should be transferred. The value here will be converted into float number with two decimals. If specified it cannot be changed Leave it blank if you want to make the user insert their own amount	FLOAT Use point (.) as decimal separator. Please remove Thousand Separator.	5000 12.5	R
`fp_fee_mode`	Type Fee used in the transaction `FiR` = Fee On Recipient, Fee will be charged to the recipient (Merchant) `FiS` = Fee On Sender, Fee will be charged to the sender (buyer) `FsC` = Fee On Sender Choice (Default), Buyer is free to choose the type of Fee. Not available in Secure Mode. If not defined it will use `FsC` as default. if using Secure Mode it will be overridden or automatically filled by store `fee_mode` of the merchant store setting.	STRING (FiR\|FiS\|FsC)	FiR	R
`fp_currency`	Currency used for transaction. If specified it cannot be changed Make sure the `fp_acc` has activated the currency	STRING (IDR\|USD)	IDR	R
`fp_comments`	Comment/Note for this transaction. Not changeable by user. However, user can add additional comment	STRING Max: 100 Character	Payment for 2 pieace of Apple	O
`fp_merchant_ref`	MERCHANT REFERENCE field. it can be used to hold identification number from the shopping cart or other use. merchant is free to use this field for their own needs.	STRING Max: 100 Character	OrderID5558689	O
`fp_success_url`	URL which used as SUCCESS FORM action and submitted by “Return to Merchant” button. Shown in Step 5 (FasaPay SCI RESULT Page) when transaction is completed successfully. if using Secure Mode it will be overridden or automatically filled by store `success_url` from the merchant store setting. if no URL specified, there will be no "Return to Merchant" button.	STRING Must be valid URL	http://www.merchant.com/success.html https://www.merchant.com/success.html	O
`fp_success_method`	Method used by SUCCESS FORM at the FasaPay SCI RESULT page.	STRING POST, GET	POST GET	O
`fp_fail_url`	URL which used as FAIL FORM action and submitted by “Return to Merchant” button. Shown in FAIL Page which is the Page when user push CANCEL button on: Step 2 - (1) FasaPay SCI Login, Step 3 - (2) FasaPay SCI TRANSFER form, Step 4 - (3) FasaPay SCI CONFIRM Transaction If using Secure Mode, it will be overridden or automatically filled by store fail_url from merchant store setting. If no URL specified. there will be no "Return to Merchant" button on (5) FasaPay SCI FAIL page.	STRING Must be valid URL	http://www.merchant.com/fail.html https://www.merchant.com/fail.html	O
`fp_fail_method`	Method used by FAIL FORMat the (5) FasaPay SCI FAIL page. Default to POST	STRING POST, GET	POST GET	O
`fp_status_url`	URL which used as STATUS_FORM action. (IPN Callback). If using Secure Mode, it will be overridden or automatically filled by store merchant setting. If no URL specified, No STATUS FORM will be send.	STRING URL	http://www.merchant.com/status.html https://www.merchant.com/callback.html	O
`fp_status_method`	Method used by STATUS FORM to send the Transaction Data. Default to POST	STRING POST, GET	POST GET	O
`fp_resend_callback`	How many times would the fp_status_url be called until it return HTTP 2xx	INTEGER 0-9	0 5	O
`fp_sci_link`	If present FasaPay will return SECURE MODE JSON data. Please only include this field to initiate Secure Modeand generate Secure LINK.	STRING TRUE	TRUE	R
`fp_sec_field`	Secure Field array, Merchant can use this field to hold sensitive data that should not be seen by user. Please only use this field to initiate Secure Mode. Any data defined in this field will be delete after successful transaction or secure link expired.	ARRAY	fp_sec_field[userid] = 12345 fp_sec_field[order][id] = 5555 fp_sec_field[order][crc] = d49283c1	O
`additional field`	Additional field or baggage field. Merchant can add their own field. this fields will be ignored by SCI but will be include in the STATUS FORM, SUCCESS FORM or FAIL FORM.	MIXED Max: 50 field, and 100 character / field.		O

Note:
O = Optional
R = Required

Fail Form

FAIL FORM is a form that exists in the FAIL page it shown as Back to Merchant button, it purposes is to send user back to merchant website. FAIL FORM is optional and only exists if fp_fail_url is defined.
in the fp_fail_url page merchant can create a page with alternative payment method or to continue/retry the payment.

SECURITY CONSIDERATION, while this form is intended to be used as failed transaction notification, the data are submitted by user’s browser therefore opening the possibility of data TAMPERING and can be used to send misinformation.

Variable/Input	Description	Type Data (Accepted Value)	Example
`fp_paidto`	Merchant’s FasaPay Account. If REQUEST FORM `fp_acc` not empty, `fp_paidto` will have the same value as `fp_acc`.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_amnt`	The amount that should have been transferred. If REQUEST FORM `fp_amnt` not empty, this will have the same value.	FLOAT	10.20 1000.00
`fp_currency`	The currency that should have been used in the transaction. If REQUEST FORM `fp_currency` not empty, this will have the same value.	STRING (IDR\|USD)	IDR USD
`fp_store`	The Store name that should have been used in the transaction. If REQUEST FORM `fp_store` not empty, this will have the same value.	STRING	MyStore MyStore
`fp_merchant_ref`	If REQUEST FORM `fp_merchant_ref` not empty, this will have the same value.	STRING	OrderID5558689
`Additional field`	Additional field that was defined in the REQUEST FORM

Success Form

SUCCESS FORM is a form that exists in the (4) FasaPay SCI RESULT page it shown as Return to Merchant button, it purposes is to send user back to merchant website. SUCCESS FORM is optional and created when a transaction is completed successfully and fp_success_url are defined.
In the fp_success_url page merchant can create a page with successful payment notification or post payment transaction*.

SECURITY CONSIDERATION, while this form is intended to be used as successful transaction notification, the data are submitted by user’s browser therefore opening the possibility of data TAMPERING and can be used to send misinformation or FRAUDULENT data. Please AVOID using this form to validate a complete transaction. If you need to automated process or validate transaction, please use the fp_status_url and STATUS FORM.

Variable/Input	Description	Type Data (Accepted Value)	Example
`fp_paidto`	Merchant’s FasaPay Account. If REQUEST FORM `fp_acc` not empty, `fp_paidto` will have the same value as `fp_acc`.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_paidby`	User’s (Buyer/Payer) FasaPay Account used to transfer fund to Merchant’s FasaPay Account. If REQUEST FORM `fp_acc_from` not empty, `fp_paidby` should be the same as `fp_acc_from`	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_amnt`	The amount that should have been transferred. If REQUEST FORM `fp_amnt` not empty, this will have the same value.	FLOAT	10.20 1000.00
`fp_fee_amnt`	The amount of fee that FasaPay cut or add from the transaction amount.	FLOAT	0.01 100
`fp_fee_mode`	Fee Mode used in the transaction's	STRING (FiR\|FiS)	FiR FiS
`fp_total`	The total Amount that `fp_paidto` or Merchant receive. If `fp_fee_mode` is FiR `fp_total` is `fp_amnt` negative `fp_fee_amnt` If `fp_fee_mode` is FiS `fp_total` is equal to `fp_amnt`	FLOAT	10.19 900.00
`fp_currency`	The currency that should have been used in the transaction. If REQUEST FORM `fp_currency` not empty, this will have the same value.	STRING (IDR\|USD)	IDR USD
`fp_batchnumber`	Unique FasaPay Transaction batch number (Identification Number)	STRING TR\d{13,15} TR#############	TR2016040112345 TR2016031565432
`fp_store`	The Store name that should have been used in the transaction. If REQUEST FORM `fp_store` not empty, this will have the same value.	STRING	MyStore MyStore
`fp_timestamp`	Date time when the transaction occurred. `fp_timestamp` is in GMT+7	DATETIME STRING (\d{4})-(\d{2})-(\d{2}) (\d{2}):(\d{2}):(\d{2}) YYYY-MM-DD HH:mm:ss	2016-04-01 11:30:45
`fp_merchant_ref`	If REQUEST FORM `fp_merchant_ref` not empty, this will have the same value.	STRING	OrderID5558689
`Additional field`	Additional field that was defined in the REQUEST FORM

Status Form

                                POST /status.html HTTP/1.1
                                Host: www.merchant.com
                                Content-Type: application/x-www-form-urlencoded
                                Content-Length: 759
                                Referer: https://www.fasapay.com/sci
                                Accept: */*
                                User-Agent: PHP (Linux) FasaPay FasaPay-IPN FasaPay-SCI

                                fp_paidto=FI12049&fp_paidby=FI12022&fp_amnt=1200&fp_fee_amnt=100&fp_fee_mode=FiR&fp_total=1100&fp_currency=IDR&fp_batchnumber=KR2017081229853&fp_store=FPID-Merchant&fp_timestamp=2017-08-12+00%3A34%3A46&fp_unix_time=1502472886&fp_merchant_ref=BL002883&fp_sec_field=&track_id=558421222&order_id=BJ2993800-&fp_hash=321bac928504608085458dd5bd5e7ab4b337a657a246b19a5a2f229cd6e8f9d0&fp_hash_2=ce6d86e3e11e4ac2b0ef69c1fa27b6b9b595e33f3cd35e1261116e813b8760e6&fp_hash_list=fp_amnt%3Afp_batchnumber%3Afp_currency%3Afp_fee_amnt%3Afp_fee_mode%3Afp_merchant_ref%3Afp_paidby%3Afp_paidto%3Afp_sec_field%3Afp_store%3Afp_timestamp%3Afp_total%3Afp_unix_time%3Aorder_id%3Atrack_id%3ASCI_SECURITY_WORD&fp_hash_all=954a0d24016b920f4d397b6ce0d7e868e0d15f57038e8476e04b4e44305ee7fc

STATUS FORM is form that contain the transaction detail and some security information. STATUS FORM purpose is to notify Merchant of successful transaction.

STATUS FORM will only be created if fp_store is defined and exists in the Merchant FasaPay Account Store Setting, and fp_status_url is defined either in REQUET FORM or in Store Setting.

STATUS FORM contains HASH value (fp_hash, fp_hash_2, fp_hash_all) that you should validate to ensure the validity and integrity of STATUS FORM data.

SECURITY CONSIDERATION, STATUS FORM will only be send from FasaPay Server. To add more layer to security of your application if possible please only use FasaPay STORE setting to define fp_status_url and leave fp_status_url and fp_status_method blank (or dont include them at all) in the REQUEST FORM. It is also advised that you use IP whitelist and only accept the data send from FasaPay Server’s IP.

For list of FasaPay Server's IP check here or Contact FasaPay Customer Support

Variable/Input	Description	Type Data (Accepted Value)	Example
`fp_paidto`	Merchant’s FasaPay Account. If REQUEST FORM `fp_acc` not empty, `fp_paidto` will have the same value as `fp_acc`.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_paidby`	User’s (Buyer/Payer) FasaPay Account used to transfer fund to Merchant’s FasaPay Account. If REQUEST FORM `fp_acc_from` not empty, `fp_paidby` should be the same as `fp_acc_from`	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_amnt`	The amount that should have been transferred. If REQUEST FORM `fp_amnt` not empty, this will have the same value.	FLOAT	10.20 1000.00
`fp_fee_amnt`	The amount of fee that FasaPay cut or add from the transaction amount.	FLOAT	0.01 100
`fp_fee_mode`	Fee Mode used in the transaction's	STRING (FiR\|FiS)	FiR FiS
`fp_total`	The total Amount that `fp_paidto` or Merchant receive. If `fp_fee_mode` is FiR `fp_total` is `fp_amnt` negative `fp_fee_amnt` If `fp_fee_mode` is FiS `fp_total` is equal to `fp_amnt`	FLOAT	10.19 900.00
`fp_currency`	The currency that should have been used in the transaction. If REQUEST FORM `fp_currency` not empty, this will have the same value.	STRING (IDR\|USD)	IDR USD
`fp_batchnumber`	Unique FasaPay Transaction batch number (Identification Number)	STRING TR\d{13,15} TR#############	TR2016040112345 TR2016031565432
`fp_store`	The Store name that should have been used in the transaction.	STRING	MyStore MyStore
`fp_timestamp`	Date time when the transaction occurred in Year-Month-Date Hour:Minute:Second GMT+7. `fp_timestamp` is in GMT+7	DATETIME STRING (\d{4})-(\d{2})-(\d{2}) (\d{2}):(\d{2}):(\d{2}) YYYY-MM-DD HH:mm:ss	2016-04-01 11:30:45
`fp_unix_time`	Time when the transaction occurred in Unix time stamp.	NUMBER	1459485045
`fp_merchant_ref`	If REQUEST FORM `fp_merchant_ref` not empty, this will have the same value.	STRING	OrderID5558689
`fp_sec_field`	If REQUEST FORM `fp_sec_field` is not empty, this will have the same value.	ARRAY	fp_sec_field[userid] = 12345 fp_sec_field[order][id] = 5555 fp_sec_field[order][crc] = d49283c1
`Additional field`	Additional field that was defined in the REQUEST FORM
`fp_hash`	FasaPay SCI v.1 sha256 hash based data verification. Because it is only verifying few most basic data, please use it with care or consider using the most complete form. Please Refer to : Generate FP_HASH for the detail.	STRING	8eb7c0e4854aa51c617408a2cfd385b1712e5c9dcd7941ffde31dff052487acc
`fp_hash_2`	FasaPay SCI v.2 sha256 hash based data verification. Because it is only verifying few most basic data, please use it with care or consider using the most complete form. Please refer to : Generate FP_HASH_2 for the detail.	STRING	36b72939f557ba56c2516e6970692bc2b011b3c69ad40d218fc487955a32eed1
`fp_hash_list`	Field order list used to create `fp_hash_all`	STRING	fp_amnt\|fp_batchnumber\|fp_currency\|fp_fee_amnt\|fp_fee_mode\|fp_merchant_ref\|fp_paidby\|fp_paidto\|fp_sec_field\|fp_store\|fp_timestamp\|fp_total\|fp_unix_time\|SCI_SECURITY_WORD
`fp_hash_all`	FasaPay SCI v.3 sha256 hash based data verification. Use this to validate all the data send on the STATUS FORM. the order of how to concate the data is defined in `fp_hash_list` Please refer to : Generate FP_HASH_ALL for the detail.	STRING	954a0d24016b920f4d397b6ce0d7e868e0d15f57038e8476e04b4e44305ee7fc
`fp_hmac`	Prefixes data with a keyed SHA-256 hash value using the `HMAC` method so that it can be detected if it is tampered. This is an alterative way to validate the data posted in the STATUS FORM. Please refer to : Generate FP_HMAC for the detail.	STRING	954a0d24016b920f4d397b6ce0d7e868e0d15f57038e8476e04b4e44305ee7fc

Secure Mode Data

Secure Mode is used if you need added security in your data and limiting user from most of the option in the transaction process. The data returned here is used to redirect user and to reconfirm your request data.

Variable/Input	Description	Type Data (Accepted Value)	Example
`fp_sec_field`	Secure Field array,	ARRAY	fp_sec_field[userid] = 12345 fp_sec_field[order][id] = 5555 fp_sec_field[order][crc] = d49283c1
`fp_sci_link`	The Redirect link to FasaPay SCI. use this to redirect your user to FasaPay	STRING [URL]	https://sci.fasapay.com/login?mid=4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7
`fp_sci_mid`	Unique SCI ID	STRING	4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7
`fp_sci_randkey`	Random Salt	STRING	c85bf964430bca83d92519ae773a7994
`fp_sci_hash`	Prefixes data with a keyed `SHA-256` hash value using the `HMAC`. Please refer to Generate FP_SCI_HASH	STRING	cc61cd904f08ffb42724e892cef88d6aab8eec7d4b76651dd280958f3a4c269aFI12049::BJ2993800-:558421222:2000:Purchase of 2 pieces of black clothes with white collar:IDR:POST:https://mc.dv.aevsa.org/fpid/fail.php:FiR:2 pieces of Clothes:https://mc.dv.aevsa.org/fpid/logo.png:BL002883:9:https://fpid.dv.aevsa.org/sci/login?mid=4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7:4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7:c85bf964430bca83d92519ae773a7994:VAL558421222:VAL558421222:POST:https://mc.dv.aevsa.org/fpid/status.php:FPID-Merchant:POST:https://mc.dv.aevsa.org/fpid/success.php
Reflection of REQUEST FORM. Please refer to REQUEST FORM
`fp_acc`	Merchant FasaPay Account.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_acc_from`	User/Buyer FasaPay Account.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_store`	The store’s name.	STRING Max : 100 Character	My Store MyStore
`fp_item`	Name of the item or its amount.	STRING Max: 255 Character	2 Piece of Apple
`fp_cart`	List of the items, quantity and price of each item.	Array	[ {“item”:”Apple”,”price”:100,”qty”:2}, {“item”:”Berry”,”price”:500,”qty”:5}, ]
`fp_cart[][item]`	Name of the Item.	STRING Max: 100 character
`fp_cart[][comment]`	Additional note of the item.	STRING Max: 100 character
`fp_cart[][price]`	Price of the Item.	FLOAT Use point (.) as decimal separator. Please remove Thousand Separator.
`fp_cart[][qty]`	Quantity of the Item.	Number
`fp_amnt`	Amount of transaction which should be transferred.	FLOAT Use point (.) as decimal separator. Please remove Thousand Separator.	5000 12.5
`fp_fee_mode`	Type Fee used in the transaction	STRING (FiR\|FiS\|FsC)	FiR
`fp_currency`	Currency used for transaction.	STRING (IDR\|USD)	IDR
`fp_comments`	Comment/Note for this transaction.	STRING Max: 100 Character	Payment for 2 pieace of Apple
`fp_merchant_ref`	MERCHANT REFERENCE field. it can be used to hold identification number from the shopping cart or other use.	STRING Max: 100 Character	OrderID5558689
`fp_success_url`	URL which used as SUCCESS FORM action and submitted by “Return to Merchant” button.	STRING Must be valid URL	http://www.merchant.com/success.html https://www.merchant.com/success.html
`fp_success_method`	Method used by SUCCESS FORM at the FasaPay SCI RESULT page.	STRING POST, GET	POST GET
`fp_fail_url`	URL which used as FAIL FORM action and submitted by “Return to Merchant” button.	STRING Must be valid URL	http://www.merchant.com/fail.html https://www.merchant.com/fail.html
`fp_fail_method`	Method used by FAIL FORM at the (5) FasaPay SCI FAIL page.	STRING POST, GET	POST GET
`fp_status_url`	URL which used as STATUS_FORM action. (IPN Callback).	STRING URL	http://www.merchant.com/status.html https://www.merchant.com/callback.html
`fp_status_method`	Method used by STATUS FORM to send the Transaction Data.	STRING POST, GET	POST GET
`fp_resend_callback`	How many times would the fp_status_url be called until it return HTTP 2xx	INTEGER 0-9	0 5

Generate FP_SCI_HASH

prefixed data with keyed SHA-256 hash value using HMAC method.
fp_sci_hash = HMAC-SHA256(Key, StringToHash)+StringToHash
Key = SHA256(SECURITY_WORD+fp_sci_randkey) the StringToHash is pipe-separated list derived from the response data and with order governed by its name,

						
                                StringToHash = fp_acc+"|"+fp_acc_from+"|"+fp_aditional_field[order_id]+"|"+...+"|"+n

Try to Hash

On This Page

FasaPay SCI GUIDE Shopping Cart Interface Guide version 3.16.4