Money In Operation — Funds are transferred from the customer’s card to your SingaPay Payment Gateway account.
API Overview
API Version
v2.0
Base Path
/api/v2.0/cardAuthentication
Bearer Token (JWT, OAuth 2.0 client credentials)
Content-Type
application/jsonAuthentication
Merchants must obtain a JWT access token before calling Card endpoints. See Authentication for token requests, required headers, and IP whitelist setup.Base URL
| Environment | Base URL |
|---|---|
| Production | https://{your-domain}/api/v2.0/card |
| Staging / Local | https://{your-domain}/api/v2.0/card |
Card Payment Flow
Transaction Status Lifecycle
Path Parameters
| Parameter | Description |
|---|---|
{account_id} | Merchant Account ULID — e.g. 01K5G4FZZ18DMK0M5QTR8Y9QY9 |
{id} | Transaction ID (format: 99 + ULID, 28 chars) — e.g. 9901JAB3CD4E5F6G7H8J9K0 |
Available Endpoints
Payment (One-Time)
Process a one-time card payment (full or installment) in a single request with amount, customer info, and card data.
Cancel Transaction
Void or refund a transaction depending on its current status.
Inquiry Status
Check the latest transaction status and optionally update the local record.
Error Responses
HTTP Status Codes
| Code | Description |
|---|---|
200 | Success |
400 | Bad Request (validation or business rule error) |
401 | Unauthorized (invalid or missing token) |
404 | Account or resource not found |
422 | Validation error |
500 | Internal server error |
Standard Error Format
All API responses follow the v2 format withresponse_code and response_message:
Response Codes
| Code | Description | HTTP Status |
|---|---|---|
SP000 | Success | 200 |
SP001 | Transaction Failure (issuer declined) | 400 |
SP002 | General Failure (internal error) | 500 |
SP009 | Transaction Not Found | 404 |
SP012 | Bad Request (invalid status, validation) | 400 |
SP020 | Merchant Account Not Found | 404 |
Appendix
Installment Type Reference
| Value | Description |
|---|---|
1 | Full payment |
2 | Installment |
Installment Month Options
| Value | Description |
|---|---|
1 | 1 month |
3 | 3 months |
6 | 6 months |
12 | 12 months |
Transaction ID Format
| Channel | Format | Example |
|---|---|---|
| Card | 99 + ULID (28 chars) | 9901JAB3CD4E5F6G7H8J9K0M1N2 |
| E-Wallet | 88 + ULID | 8801JAB3CD4E5F6G7H8J9K0M1N2 |
| QRIS | 66 + ULID | 6601JAB3CD4E5F6G7H8J9K0M1N2 |
Important Notes
Single-Step Payment
Single-Step Payment
Card payments are processed in a single API call that includes amount, customer info, and card data together — no pre-registration step required.
3DS Authentication
3DS Authentication
When the issuing bank requires 3DS, the payment response includes a
payment_url or html_form field. Render this for the customer to complete authentication before the transaction finalises.Cancellation (Void vs Refund)
Cancellation (Void vs Refund)
Transactions can be voided (before capture) or refunded (after capture) using the Cancel endpoint. Both return
status: "success" — use the cancel_type field to distinguish which occurred.IP Whitelisting
IP Whitelisting
Merchant API routes require IP whitelisting. Ensure your server IP is registered under the merchant account before going live.
Installment Payments
Installment Payments
Supports full payment and installment options (1, 3, 6, or 12 months) via the
installment and installment_month request parameters.Changelog
| Date | Description |
|---|---|
| 2026-02-25 | Initial documentation |
| 2026-02-25 | Transaction reference kept internal; removed from API responses |
| 2026-02-25 | transaction_id format aligned with VA/E-Wallet (TransactionCode + ULID) |
| 2026-02-26 | Migrated to v2 response format (response_code/response_message), added error logging |
| 2026-02-26 | Refactored to single-step one-time payment; removed register-transaction; request uses card_number, card_expiry, card_cvv, card_holder_name |
