OPay Bank Debit API

In this page, you will learn how to create Bank Debit.

Create Bank Debit payment with agreement ID only

To test your Bank Debit Payment, you need to request using the POST method in our sandbox environment.
-Here is the request URL:

                
                https://sandboxapi.opaycheckout.com/api/v1/international/payment/create
            
                    

-Once you have a fully tested payment flow and you are ready for production, use the following production API endpoint URL instead

                
                https://api.opaycheckout.com/api/v1/international/payment/create
            
                    

-Request Parameters:

  1. Header: Authorization(API Calls Signature), MerchantId
  2.                         
                                Authorization    : Bearer {signature}
                                MerchantId       : 256612345678901
                            
                        
  3. Json object containing the transaction information:
  4.                     
                            {
                                "amount": {
                                    "currency": "EGP",
                                    "total": 1000
                                },
                                "bankDebit": {
                                    "agreementId": "220321148180647368855"
                                },
                                "callbackUrl": "https://your-call-back-url.com",
                                "country": "EG",
                                "expireAt": "30",
                                "payMethod": "CardDebit",
                                "product": {
                                    "description": "description",
                                    "name": "name"
                                },
                                "reference": "104123345",
                                "returnUrl": "https://your-return-url.com",
                                "userClientIP": "1.1.1.1"
                            }
                            
                        

HTTP POST parameters

-Here is a detailed description for the parameters you need to complete the POST request:

Parameter type required Description
country String required Country Code.See full list here
reference String required The unique merchant payment order number.
amount
total Long required Amount(cent unit).If the amount is 0, we just bind the agreement and customer card info. If the amount is not 0, we will bind the agreement and customer card info, and complete the payment
currency String required Currency type. e.g. EGP
payMethod String required Bank Debit Payment Method: cardAutoDebit
bankDebit JSON Object
agreementId String required The agreement ID in merchant system
callbackUrl String optional If you have sent callbackUrl through API, OPay will send callback notification to this callbackUrl. If you didn't send callbackUrl through API, you need to configure webhook url on the merchant dashboard, and OPay will send callback notification to this webhook url. See callback here
returnUrl String required The URL to which OPay API should return the payment processing response.
product
name String required product name.
description String required Product description.
expireAt Integer optional Payment expiration time in minutes.(default 30)
userClientIP String optional IP address of customer's device. IPv4 or IPv6.

-An example of Bank Debit payment request for an amount of 1000 EGP is as follows :

                                
                                    class BankDebitAgreementIDOnlyController
                                    {
                                        private $secretkey;
                                        private $merchantId;
                                        private $url;

                                        public function __construct() {
                                            $this->merchantId = '281821120675251';
                                            $this->secretkey = 'OPAYPRV1638774******57474';
                                            $this->url = 'https://sandboxapi.opaycheckout.com/api/v1/international/payment/create';
                                        }

                                        public function test(){
                                            $data = [
                                                'amount'=>[
                                                  'currency'=>'EGP',
                                                  'total'=>1000
                                                ],
                                                'bankDebit'=>[
                                                  'agreementId'=>'test_20220126_001e11111'
                                                ],
                                                'callbackUrl'=>'https://your-callback-url.com',
                                                'country'=>'EG',
                                                'payMethod'=>'CardDebit',
                                                'product'=>[
                                                  'description'=>'description',
                                                  'name'=>'name'
                                                ],
                                                'reference'=>"123123222211"
                                              ]
                                            ;
                                            $data2 = (string) json_encode($data,JSON_UNESCAPED_SLASHES);
                                            $auth = $this->auth($data2);
                                            $header = ['Content-Type:application/json', 'Authorization:Bearer '. $auth, 'MerchantId:'.$this->merchantId];
                                            $response = $this->http_post($this->url, $header, json_encode($data));
                                            $result = $response?$response:null;
                                            return $result;
                                        }

                                        private function http_post ($url, $header, $data) {
                                            if (!function_exists('curl_init')) {
                                                throw new Exception('php not found curl', 500);
                                            }
                                            $ch = curl_init();
                                            curl_setopt($ch, CURLOPT_TIMEOUT, 60);
                                            curl_setopt($ch, CURLOPT_URL, $url);
                                            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
                                            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
                                            curl_setopt($ch, CURLOPT_HEADER, false);
                                            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                                            curl_setopt($ch, CURLOPT_POST, true);
                                            curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
                                            curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
                                            $response = curl_exec($ch);
                                            $httpStatusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
                                            $error=curl_error($ch);
                                            curl_close($ch);
                                            if (200 != $httpStatusCode) {
                                                print_r("invalid httpstatus:{$httpStatusCode} ,response:$response,detail_error:" . $error, $httpStatusCode);
                                            }
                                            return $response;
                                        }
                                        public function auth ( $data ) {
                                            $secretKey = $this->secretkey;
                                            $auth = hash_hmac('sha512', $data, $secretKey);
                                            return $auth;
                                        }

                                    }
                                
                            
                                
                                const request = require('request');
                                var sha512 = require('js-sha512');
                                const formData = {
                                  "amount": {
                                    "currency": "EGP",
                                    "total": 1000
                                  },
                                  "bankDebit": {
                                    "agreementId": "test_20220126_001d"
                                  },
                                  "callbackUrl": "https://your-callback-url.com",
                                  "country": "EG",
                                  "payMethod": "CardDebit",
                                  "product": {
                                    "description": "description",
                                    "name": "name"
                                  },
                                  "reference": "123321"
                                };

                                var privateKey = "OPAYPRV1638774******57474"

                                var hash = sha512.hmac.create(privateKey);
                                hash.update(JSON.stringify(formData));
                                hmacsignature = hash.hex();
                                console.log(hmacsignature)
                                request({
                                    url: 'https://sandboxapi.opaycheckout.com/api/v1/international/payment/create',
                                    method: 'POST',
                                    headers: {
                                      'MerchantId': '281821120675251',
                                      'Authorization': 'Bearer '+hmacsignature
                                    },
                                    json: true,
                                    body: formData
                                  }, function (error, response, body) {
                                    console.log('body: ')
                                    console.log(body)
                                  }
                                )
                                
                            
                                
                                    curl --location --request POST 'https://sandboxapi.opaycheckout.com/api/v1/international/payment/create' \
                                    --header 'MerchantId: 281821120675251' \
                                    --header 'Authorization: Bearer 38d469216d845f844dc571e6e2d36359f3b0bd3af011cd5f4cc54f1bd60ab2b652768a85746d8614cdcccb8c8a4d4decb26b2285709ad94fea1b3903e02d429c' \
                                    --header 'Content-Type: application/json' \
                                    --data-raw '{
                                        "amount": {
                                            "currency": "EGP",
                                            "total": 1000
                                        },
                                        "bankDebit": {
                                            "agreementId": "test_20220126_001ccc"
                                        },
                                        "callbackUrl": "https://your-callback-url.com",
                                        "country": "EG",
                                        "payMethod": "CardDebit",
                                        "product": {
                                            "description": "description",
                                            "name": "name"
                                        },
                                        "reference": "test2021_1643349294500"
                                    }'
                                
                            
                            
                                import com.google.gson.Gson;
                                import org.apache.commons.codec.binary.Hex;

                                import javax.crypto.Mac;
                                import javax.crypto.spec.SecretKeySpec;
                                import java.io.BufferedReader;
                                import java.io.InputStreamReader;
                                import java.io.OutputStream;
                                import java.net.HttpURLConnection;
                                import java.net.URL;
                                import java.nio.charset.StandardCharsets;
                                import java.util.TreeMap;
                                import java.util.UUID;

                                public class BankDebitAgreementIDOnly {

                                    private static final String privateKey = "OPAYPRV1638774******57474";

                                    private static final String endpoint = "https://sandboxapi.opaycheckout.com";

                                    private static final String merchantId = "281821120675251";

                                    public static void main(String[] args) throws Exception {
                                        String addr = endpoint + "/api/v1/international/payment/create";
                                        Gson gson = new Gson();
                                        TreeMap order = new TreeMap<>();
                                        TreeMap amount = new TreeMap<>();
                                        amount.put("currency","EGP");
                                        amount.put("total",1000);
                                        order.put("amount",amount);
                                        TreeMap bankDebit = new TreeMap<>();
                                        bankDebit.put("agreementId","d20c5e9e-11cb-4ef7-b44d-d51c7a9dd035");
                                        order.put("bankDebit",bankDebit);
                                        order.put("callbackUrl","https://your-callback-url.com");
                                        order.put("country","EG");
                                        order.put("payMethod","CardDebit");
                                        TreeMap product = new TreeMap<>();
                                        product.put("description","description");
                                        product.put("name","name");
                                        order.put("product",product);
                                        order.put("reference",UUID.randomUUID().toString());

                                        String requestBody = gson.toJson(order);
                                        System.out.println("--request:");
                                        System.out.println(requestBody);
                                        String oPaySignature = hmacSHA512(requestBody, privateKey);
                                        System.out.println("--signature:");
                                        System.out.println(oPaySignature);

                                        URL url = new URL(addr);
                                        HttpURLConnection con = (HttpURLConnection)url.openConnection();
                                        con.setRequestMethod("POST");
                                        con.setRequestProperty("Content-Type", "application/json; utf-8");
                                        con.setRequestProperty("Authorization", "Bearer "+oPaySignature);
                                        con.setRequestProperty("MerchantId", merchantId);
                                        con.setDoOutput(true);
                                        OutputStream os = con.getOutputStream();
                                        byte[] input = requestBody.getBytes(StandardCharsets.UTF_8);
                                        os.write(input, 0, input.length);
                                        BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream(), StandardCharsets.UTF_8));
                                        StringBuilder response = new StringBuilder();
                                        String responseLine = null;
                                        while ((responseLine = br.readLine()) != null) {
                                            response.append(responseLine.trim());
                                        }

                                        System.out.println("--response:");
                                        System.out.println(response.toString());
                                        //close your stream and connection
                                    }

                                    public static String hmacSHA512(final String data, final String secureKey) throws Exception{
                                        byte[] bytesKey = secureKey.getBytes();
                                        final SecretKeySpec secretKey = new SecretKeySpec(bytesKey, "HmacSHA512");
                                        Mac mac = Mac.getInstance("HmacSHA512");
                                        mac.init(secretKey);
                                        final byte[] macData = mac.doFinal(data.getBytes());
                                        byte[] hex = new Hex().encode(macData);
                                        return new String(hex, StandardCharsets.UTF_8);
                                    }
                                }

                            
                        


Bank Debit Payment Response

-Response Parameters:

the parameters contained in the response received whenever you call the payment API as a JSON Object.

                
                    {
                        "code":"00000",
                        "message":"SUCCESSFUL",
                        "data":{
                            "reference":"104123398",
                            "orderNo":"211004140885521681",
                            "status":"PENDING",
                            "amount":{
                                "total":1000,
                                "currency":"EGP"
                            },
                            "vat":{
                                "total":0,
                                "currency":"EGP"
                            },
                            "bankDebit":{
                                "agreementId":"220321148180647368855",
                                "agreementDuration":"2022-12-31",
                                "storeCard":true
                            }
                        }
                    }
                
                    

-Here is a detailed description for the parameters received in the response:

Parameter type Description example
reference String The unique merchant payment order number. 202111300001
orderNo String OPay transaction number 211130148131809099
status String This E-Wallet order status PENDING
amount JSON Object
total Long Transaction amount 1000(cent unit).
currency String currency type EGP
vat JSON Object
total Long Value Added Tax Amount 0
currency String currency type EGP
bankDebit JSON Object
agreementId String The agreement ID in merchant system 220321148180647368855
agreementDuration String The agreement duration in merchant system, the format is yyyy-MM-dd. The min duration is 1 day, the max duration is 5 years 2022-12-31
storeCard Boolean Value must be true true
failureCode String fail error code. payment fail error code, not blank when status [FAIL/CLOSE]
failureReason String fail error message. payment fail error message, not blank when status [FAIL/CLOSE]

Error Handling

After submitting an API call to OPay, you receive a response back to inform you that your request was received and processed. A successful OPay API should return a status code 00, meanwhile, in a situation where any payment processing error occurred, you will receive an error code with a message to describe the reason of the error. A sample error response can be found below.

                    
                        {
                            "code": "02004",
                            "message": "the payment reference already exists."
                        }
                    
                

Depending on the HTTP status code of the response, you should build some logic to handle any errors that a request or the system may return. A list of possible potential error codes that you may receive can be found below. A full list of all possible error codes can be found in the Error Codes section.

Error Code Error Message
02000 authentication failed.
02001 request parameters not valid.
02003 payMethod not support.
02004 the payment reference already exists.
02002 merchant not configured with this function.
05057 The agreementId does not exist
05058 The agreementId already exists
05059 The agreementId is invalid!
05060 The agreement has expired
05061 The agreement status is unavailable
02007 merchant not available.
50003 service not available, please try again.
5023 The %s parameter is required
5024 The value of enable3DS must be true

What's Next?

User Profile 12 messages

James Jones
Application Developer
Recent Notifications
Another purpose persuade Due in 2 Days
+28%
Would be to people Due in 2 Days
+50%
-27%
The best product Due in 2 Days
+8%