OPay Bank Installment API
In this page, you will learn how to use bank installment. Installment payment is an agreement where the payer authorizes the payment for a single purchase to be split into a number of payments processed at agreed intervals. For example, pay for a purchase in six monthly installments.
- Get Bank Installment Plans
- Collect your client's payment Information
- Make Bank Installment Payment
- Present Payment Result
It works as follows:
- Merchant send request to get the installment plans first, and OPay respond the installment plans
- Merchant collect your client's payment Information
- Merchant make Bank Installment Payment
- Merchant query order status through OPay Query Payment Status API or waiting for the callback notification
1.Get Bank Installment Plans
This API can be used to get your installments plans. In case you are still in development phase, you need to request using the POST method in our sandbox environment.
-Here is the request URL:
https://sandboxapi.opaycheckout.com/api/v1/international/payment/getBankInstallment
-Once you have a fully tested payment flow and you are ready for production, use the following production API endpoint URL instead
https://api.opaycheckout.com/api/v1/international/payment/getBankInstallment
-Request Parameters:
- Header: Authorization(API Calls Signature), MerchantId
- Json object containing the transaction information:
Authorization : Bearer {signature}
MerchantId : 256612345678901
{
"country":"EG",
"currency":"EGP"
}
HTTP POST parameters
-Here is a detailed description for the parameters you need to complete the POST request:
-An example of Get Bank Installment Plans is as follows :
class GetBankInstallmentController
{
private $secretkey;
private $merchantId;
private $url;
public function __construct() {
$this->merchantId = '281822021180001';
$this->secretkey = 'OPAYPRV1644547******513012905';
$this->url = 'https://sandboxapi.opaycheckout.com/api/v1/international/payment/getBankInstallment';
}
public function test(){
$data = [
"country" => "EG",
"currency" => "EGP"
];
$data2 = (string) json_encode($data,JSON_UNESCAPED_SLASHES);
$auth = $this->auth($data2);
$header = ['Content-Type:application/json', 'Authorization:Bearer '. $auth, 'MerchantId:'.$this->merchantId];
$response = $this->http_post($this->url, $header, json_encode($data));
$result = $response?$response:null;
return $result;
}
private function http_post ($url, $header, $data) {
if (!function_exists('curl_init')) {
throw new Exception('php not found curl', 500);
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$response = curl_exec($ch);
$httpStatusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error=curl_error($ch);
curl_close($ch);
if (200 != $httpStatusCode) {
print_r("invalid httpstatus:{$httpStatusCode} ,response:$response,detail_error:" . $error, $httpStatusCode);
}
return $response;
}
public function auth ( $data ) {
$secretKey = $this->secretkey;
$auth = hash_hmac('sha512', $data, $secretKey);
return $auth;
}
}
const request = require('request');
var sha512 = require('js-sha512');
const formData = {
"country":"EG",
"currency":"EGP"
};
var privateKey = "OPAYPRV1644547******513012905"
var hash = sha512.hmac.create(privateKey);
hash.update(JSON.stringify(formData));
hmacsignature = hash.hex();
console.log(hmacsignature)
request({
url: 'https://sandboxapi.opaycheckout.com/api/v1/international/payment/getBankInstallment',
method: 'POST',
headers: {
'MerchantId': '281822021180001',
'Authorization': 'Bearer '+hmacsignature
},
json: true,
body: formData
}, function (error, response, body) {
console.log('body: ')
console.log(body)
}
)
curl --location --request POST 'https://sandboxapi.opaycheckout.com/api/v1/international/payment/getBankInstallment' \
--header 'MerchantId: 281822021180001' \
--header 'Authorization: Bearer d9cbe9407522335ec052a7a9fa84bd9de2dabdf293bf41abda46fe36ae6b3c427e60823faedd276dd20c45b65c738a7aa2c3e1fd350a3813b5ec7d7445e62913' \
--header 'Content-Type: application/json' \
--data-raw '{
"country": "EG",
"currency": "EGP"
}'
import com.google.gson.Gson;
import org.apache.commons.codec.binary.Hex;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.TreeMap;
public class GetBankInstallment {
private static final String privateKey = "OPAYPRV1644547******513012905";
private static final String endpoint = "https://sandboxapi.opaycheckout.com";
private static final String merchantId = "281822021180001";
public static void main(String[] args) throws Exception {
String addr = endpoint + "/api/v1/international/payment/getBankInstallment";
Gson gson = new Gson();
TreeMap order = new TreeMap<>();
order.put("country","EG");
order.put("currency","EGP");
String requestBody = gson.toJson(order);
System.out.println("--request:");
System.out.println(requestBody);
String oPaySignature = hmacSHA512(requestBody, privateKey);
System.out.println("--signature:");
System.out.println(oPaySignature);
URL url = new URL(addr);
HttpURLConnection con = (HttpURLConnection)url.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json; utf-8");
con.setRequestProperty("Authorization", "Bearer "+oPaySignature);
con.setRequestProperty("MerchantId", merchantId);
con.setDoOutput(true);
OutputStream os = con.getOutputStream();
byte[] input = requestBody.getBytes(StandardCharsets.UTF_8);
os.write(input, 0, input.length);
BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream(), StandardCharsets.UTF_8));
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println("--response:");
System.out.println(response.toString());
//close your stream and connection
}
public static String hmacSHA512(final String data, final String secureKey) throws Exception{
byte[] bytesKey = secureKey.getBytes();
final SecretKeySpec secretKey = new SecretKeySpec(bytesKey, "HmacSHA512");
Mac mac = Mac.getInstance("HmacSHA512");
mac.init(secretKey);
final byte[] macData = mac.doFinal(data.getBytes());
byte[] hex = new Hex().encode(macData);
return new String(hex, StandardCharsets.UTF_8);
}
}
Bank Installment Plan Response
-Response Parameters:
the parameters contained in the response received whenever you call the Get Bank Installment Plan API as a JSON Object.
{
"code": "00000",
"message": "SUCCESSFUL",
"data": {
"bankList": [{
"bankName": "NBE",
"bankCode": "NBEGEGCX",
"bankLogo": "https://opaycheckout.com/icon_bank.png",
"bins": [
"422777",
"470599",
"507803"
],
"installmentPlans": [{
"noOfMonths": 6,
"installmentPlanId": "NBE0006",
"installmentPlanName": "NBE BANK INSTALLMENT 6 MONTHS.",
"currency": "EGP",
"rate": 0.02,
"minAmount": 5000,
"maxAmount": 600000
}, {
"noOfMonths": 12,
"installmentPlanId": "NBE0012",
"installmentPlanName": "NBE BANK INSTALLMENT 12 MONTHS.",
"currency": "EGP",
"rate": 0.02,
"minAmount": 10000,
"maxAmount": 1200000
}],
}]
}
-Here is a detailed description for the parameters received in the response:
| Parameter | type | Description | example | ||
|---|---|---|---|---|---|
| bankList Json Array |
|||||
| bankName | String |
Bank name | NBE | ||
| bankCode | String |
Bank code | NBEGEGCX | ||
| bankLogo | String |
Bank logo | https://opaycheckout.com/icon_bank.png | ||
| bins | List |
Card bin list, if card number match with one of them, then the customer can select this installment plan | ["422777","470599","507803"] | ||
| bankInfo | |||||
| noOfMonths | String |
The month number of installment plan | 12 | ||
| installmentPlanId | String |
Installment Plan ID | NBE0012 | ||
| installmentPlanName | String |
Installment Plan Name | NBE BANK INSTALLMENT 12 MONTHS. | ||
| currency | String |
Transaction currency.See full list here | e.g. EGP | ||
| rate | Decimal |
The customer rate, it will be added to the original order amount | 0.02 | ||
| minAmount | Long |
The minimum amount of this installment plan | 10000 (cent unit). | ||
| maxAmount | Long |
The maximum amount of this installment plan | 1200000 (cent unit). | ||
2.Make Bank Installment Payment
This API can be used to make bank installment payment. In case you are still in development phase, you need to request using the POST method in our sandbox environment.
-Here is the request URL:
https://sandboxapi.opaycheckout.com/api/v1/international/payment/create
-Once you have a fully tested payment flow and you are ready for production, use the following production API endpoint URL instead
https://api.opaycheckout.com/api/v1/international/payment/create
-Request Parameters:
- Header: Authorization(API Calls Signature), MerchantId
- Json object containing the transaction information:
Authorization : Bearer {signature}
MerchantId : 256612345678901
{
"amount":{
"currency":"EGP",
"total":400000
},
"bankcard":{
"cardHolderName":"DAVID",
"cardNumber":"5393990000000006",
"cvv":"100",
"enable3DS":true,
"expiryMonth":"05",
"expiryYear":"25"
},
"callbackUrl":"https://your-call-back-url.com",
"country":"EG",
"installmentPlanId":"NBE0006",
"payMethod":"BankInstallment",
"product":{"name":"name"},
"reference":"04123398",
"returnUrl":"https://your-return-url.com",
"userInfo":{
"userEmail":"customer@email.com",
"userId":"userid001",
"userMobile":"201088889999",
"userName":"DAVID"
}
}
HTTP POST parameters
-Here is a detailed description for the parameters you need to complete the POST request:
-An example of Get Bank Installment Plans is as follows :
class CreateBankInstallmentController
{
private $secretkey;
private $merchantId;
private $url;
public function __construct() {
$this->merchantId = '281822021180001';
$this->secretkey = 'OPAYPRV1644547******513012905';
$this->url = 'https://sandboxapi.opaycheckout.com/api/v1/international/payment/create';
}
public function test(){
$data = [
"amount" => [
"currency" => "EGP",
"total" => 400000
],
"bankcard" => [
"cardHolderName" => "DAVID",
"cardNumber" => "5393990000000006",
"cvv" => "100",
"enable3DS" => true,
"expiryMonth" => "05",
"expiryYear" => "25"
],
"callbackUrl" => "https://your-call-back-url.com",
"country" => "EG",
"installmentPlanId" => "NBE0006",
"payMethod" => "BankInstallment",
"product" => ["name" => "name"],
"reference" => "04123390",
"returnUrl" => "https://your-return-url.com",
"userInfo" => [
"userEmail" => "customer@email.com",
"userId" => "userid001",
"userMobile" => "201088889999",
"userName" => "DAVID"
]
];
$data2 = (string) json_encode($data,JSON_UNESCAPED_SLASHES);
$auth = $this->auth($data2);
$header = ['Content-Type:application/json', 'Authorization:Bearer '. $auth, 'MerchantId:'.$this->merchantId];
$response = $this->http_post($this->url, $header, json_encode($data));
$result = $response?$response:null;
return $result;
}
private function http_post ($url, $header, $data) {
if (!function_exists('curl_init')) {
throw new Exception('php not found curl', 500);
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$response = curl_exec($ch);
$httpStatusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error=curl_error($ch);
curl_close($ch);
if (200 != $httpStatusCode) {
print_r("invalid httpstatus:{$httpStatusCode} ,response:$response,detail_error:" . $error, $httpStatusCode);
}
return $response;
}
public function auth ( $data ) {
$secretKey = $this->secretkey;
$auth = hash_hmac('sha512', $data, $secretKey);
return $auth;
}
}
const request = require('request');
var sha512 = require('js-sha512');
const formData = {
"amount":{
"currency":"EGP",
"total":400000
},
"bankcard":{
"cardHolderName":"DAVID",
"cardNumber":"5393990000000006",
"cvv":"100",
"enable3DS":true,
"expiryMonth":"05",
"expiryYear":"25"
},
"callbackUrl":"https://your-call-back-url.com",
"country":"EG",
"installmentPlanId":"NBE0006",
"payMethod":"BankInstallment",
"product":{"name":"name"},
"reference":"04123392",
"returnUrl":"https://your-return-url.com",
"userInfo":{
"userEmail":"customer@email.com",
"userId":"userid001",
"userMobile":"201088889999",
"userName":"DAVID"
}
};
var privateKey = "OPAYPRV1644547******513012905"
var hash = sha512.hmac.create(privateKey);
hash.update(JSON.stringify(formData));
hmacsignature = hash.hex();
console.log(hmacsignature)
request({
url: 'https://sandboxapi.opaycheckout.com/api/v1/international/payment/create',
method: 'POST',
headers: {
'MerchantId': '281822021180001',
'Authorization': 'Bearer '+hmacsignature
},
json: true,
body: formData
}, function (error, response, body) {
console.log('body: ')
console.log(body)
}
)
curl --location --request POST 'https://sandboxapi.opaycheckout.com/api/v1/international/payment/create' \
--header 'MerchantId: 281822021180001' \
--header 'Authorization: Bearer d9cbe9407522335ec052a7a9fa84bd9de2dabdf293bf41abda46fe36ae6b3c427e60823faedd276dd20c45b65c738a7aa2c3e1fd350a3813b5ec7d7445e62913' \
--header 'Content-Type: application/json' \
--data-raw '{
"amount": {
"currency": "EGP",
"total": 400000
},
"bankcard": {
"cardHolderName": "DAVID",
"cardNumber": "4508750015741019",
"cvv": "100",
"enable3DS": true,
"expiryMonth": "02",
"expiryYear": "26"
},
"callbackUrl": "https://your-call-back-url.com",
"country": "EG",
"installmentPlanId": "NBE0006",
"payMethod": "BankInstallment",
"product": {
"name": "name"
},
"reference": "04123398",
"returnUrl": "https://your-return-url.com",
"userInfo": {
"userEmail": "customer@email.com",
"userId": "userid001",
"userMobile": "201088889999",
"userName": "DAVID"
}
}'
import com.google.gson.Gson;
import org.apache.commons.codec.binary.Hex;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.TreeMap;
public class CreateBankInstallment {
private static final String privateKey = "OPAYPRV1644547******513012905";
private static final String endpoint = "https://sandboxapi.opaycheckout.com";
private static final String merchantId = "281822021180001";
public static void main(String[] args) throws Exception {
String addr = endpoint + "/api/v1/international/payment/create";
Gson gson = new Gson();
TreeMap order = new TreeMap<>();
TreeMap amount = new TreeMap<>();
amount.put("currency","EGP");
amount.put("total",400000);
order.put("amount",amount);
TreeMap bankcard = new TreeMap<>();
bankcard.put("cardHolderName","DAVID");
bankcard.put("cardNumber","5393990000000006");
bankcard.put("cvv","100");
bankcard.put("enable3DS",true);
bankcard.put("expiryMonth","05");
bankcard.put("expiryYear","25");
order.put("bankcard",bankcard);
order.put("callbackUrl","https://your-callback-url.com");
order.put("country","EG");
order.put("installmentPlanId","NBE0006");
order.put("payMethod","BankInstallment");
TreeMap product = new TreeMap<>();
product.put("name","name");
order.put("product",product);
order.put("reference","04123393");
order.put("returnUrl","https://your-return-url.com");
TreeMap userInfo = new TreeMap<>();
userInfo.put("userEmail","customer@email.com");
userInfo.put("userId","userid001");
userInfo.put("userMobile","201088889999");
userInfo.put("userName","DAVID");
order.put("userInfo",userInfo);
String requestBody = gson.toJson(order);
System.out.println("--request:");
System.out.println(requestBody);
String oPaySignature = hmacSHA512(requestBody, privateKey);
System.out.println("--signature:");
System.out.println(oPaySignature);
URL url = new URL(addr);
HttpURLConnection con = (HttpURLConnection)url.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json; utf-8");
con.setRequestProperty("Authorization", "Bearer "+oPaySignature);
con.setRequestProperty("MerchantId", merchantId);
con.setDoOutput(true);
OutputStream os = con.getOutputStream();
byte[] input = requestBody.getBytes(StandardCharsets.UTF_8);
os.write(input, 0, input.length);
BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream(), StandardCharsets.UTF_8));
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println("--response:");
System.out.println(response.toString());
//close your stream and connection
}
public static String hmacSHA512(final String data, final String secureKey) throws Exception{
byte[] bytesKey = secureKey.getBytes();
final SecretKeySpec secretKey = new SecretKeySpec(bytesKey, "HmacSHA512");
Mac mac = Mac.getInstance("HmacSHA512");
mac.init(secretKey);
final byte[] macData = mac.doFinal(data.getBytes());
byte[] hex = new Hex().encode(macData);
return new String(hex, StandardCharsets.UTF_8);
}
}
Bank Installment Payment Response
-Response Parameters:
the parameters contained in the response received whenever you call the 3DS payment API as a JSON Object.
{
"code":"00000",
"message":"SUCCESSFUL",
"data":{
"reference":"104123398",
"orderNo":"211004140885521681",
"nextAction":{
"actionType":"REDIRECT_3DS",
"redirectUrl":"https://sandboxapi.opaycheckout.com/api/v1/international/transaction/3ds/e9f25ec9bd4139329aaa9ab784775220aed5ca97f9021578df2ab4287e0f8175"
},
"status":"PENDING",
"amount":{
"total":1000,
"currency":"EGP"
},
"vat":{
"total":0,
"currency":"EGP"
},
"installmentPlanId": "NBE0012",
"serviceFee": "1000"
}
}
-Here is a detailed description for the parameters received in the response:
| Parameter | type | Description | example | |
|---|---|---|---|---|
| reference | String |
The unique merchant payment order number | 104123398 | |
| orderNo | String |
The unique Opay payment order number. | 211004140885521681 | |
| nextActionJSON Object | ||||
| actionType | String |
Next action type, enum[REDIRECT_3DS] | REDIRECT_3DS | |
| redirectUrl | String |
3ds redirect url | https://sandboxapi.opaycheckout.com/api/v1/international/transaction/3ds/e9f25ec9bd4139329aaa9ab784775220aed5ca97f9021578df2ab4287e0f8175 | |
| status | String |
Order status | PENDING | |
| amount JSON Object | ||||
| total | Long |
Transaction amount | 1000(cent unit) | |
| currency | String |
currency type | EGP | |
| vat JSON Object | ||||
| total | Long |
Value Added Tax Amount | 0 | |
| currency | String |
currency type | EGP | |
| installmentPlanId | String |
Installment plan ID | NBE0012 | |
| serviceFee | Long |
The customer service fee, it will be added to the original order amount | 1000 | |
| failureCode | String |
fail error code | payment fail error code, not blank when status [FAIL/CLOSE] | |
| failureReason | String |
fail error message | payment fail error message, not blank when status [FAIL/CLOSE] | |
3.Present Payment Result
After the client completes the payment and no further actions are required on the front end or client app, merchant will receive the callback notification or query order status, then present success or fail result to the client.
Error Handling
After submitting an API call to OPay, you receive a response back to inform you that
your request was received and processed. A successful OPay API should return a status code 00,
meanwhile, in a situation where any payment processing error occurred, you will receive an error code with a
message to describe the reason of the error. A sample error response can be found below.
{
"code": "02004",
"message": "the payment reference already exists."
}
Depending on the HTTP status code of the response, you should build some logic to handle any errors that a request or the system may return. A list of possible potential error codes that you may receive can be found below. A full list of all possible error codes can be found in the Error Codes section.
| Error Code | Error Message |
|---|---|
| 02000 | authentication failed. |
| 02001 | request parameters not valid. |
| 02002 | merchant not configured with this function. |
| 02003 | payMethod not support. |
| 02004 | the payment reference already exists. |
What's Next?
Learn how to pull Payment Status.
Learn how to set up Payment Notifications Callback.
