> ## Documentation Index
> Fetch the complete documentation index at: https://docs.singapay.id/llms.txt
> Use this file to discover all available pages before exploring further.

# Trigger Payment Credit

> Initiates an issuer-side MPM payment (money-out) from the merchant account. The endpoint creates a pending `QrisTransaction`, performs ledger debit and statement entries, and enqueues the vendor dispatch job (for supported vendors such as ALTO). See `Response Code` for the full SP000–SP020 reference; final settlement is performed asynchronously. **CRITICAL:** This is a money-out operation requiring **X-Signature** and **X-Timestamp** authentication per internal signing protocol.



## OpenAPI

````yaml https://payment-b2b.singapay.id/api/docs/merchant-api.json post /api/v2.0/qris/issuer/mpm/payment-credit
openapi: 3.1.0
info:
  title: Singa Merchant API
  description: >-
    OpenAPI specification for the merchant/partner HTTP API. All routes below
    are additionally protected by `ip.whitelisted.merchant` — the caller IP must
    be registered for the credential or merchant. Obtain a JWT using `POST
    /api/v1.0/access-token/b2b` (Basic auth) or `POST
    /api/v1.1/access-token/b2b` (X-Signature) before calling secured endpoints.
  version: 1.0.0
servers:
  - url: https://sandbox-payment-b2b.singapay.id
    description: >-
      API host. Paths include `/api` prefix (see `RouteServiceProvider`).
      Replace scheme/host with your environment.
security: []
tags:
  - name: Security
    description: >-
      Merchant authentication (`OauthMerchantTokenController`). **v1.1** B2B
      token uses `X-CLIENT-ID`, `X-PARTNER-ID`, and `X-Signature` (no Basic
      auth). Secured routes also require the issued Bearer JWT plus
      `X-PARTNER-ID`.
  - name: Accounts
    description: >-
      Account management (`routes/merchantApiRoute.php`, `v1.0`). Path parameter
      `{id}` is always the account ULID.
  - name: Balance Inquiry
    description: >-
      Merchant and per-account balance inquiry (`BalanceController`, `v1.0`).
      Path `account_id` is the account ULID.
  - name: Statements
    description: >-
      Per-account statement list and detail
      (`AccountController::accountStatements`, `accountStatementDetail`, prefix
      `v1.0/statements`). Flugger responses; detail path param `{statement_id}`
      maps to `statements.transaction_id`.
  - name: Payment Link
    description: >-
      Payment link CRUD and payment-method catalog (`PaymentLinkApiController`,
      prefix `v1.0/payment-link-manage`). `account_id` is ULID;
      `payment_link_id` is numeric `payment_links.id`.
  - name: Payment Link History
    description: >-
      Payment link transaction/history listing and detail
      (`PaymentLinkApiController`, prefix `v1.0/payment-link-histories`).
      `history_id` is numeric `payment_link_histories.id`.
  - name: Virtual Account
    description: >-
      Native VA CRUD (`VirtualAccountController`, prefix
      `v1.0/virtual-accounts`). `account_id` and `virtual_account_id` are ULIDs.
  - name: VA Transaction
    description: >-
      VA money-in transaction listing and detail (`VirtualAccountController`,
      prefix `v1.0/va-transactions`).
  - name: QRIS (Money In)
    description: >-
      MPM dynamic QRIS list, show, and generate (`QrisMpmDynamicApiController`,
      prefix `v1.0/qris-dynamic`).
  - name: QRIS (Money Out)
    description: >-
      Issuer MPM decode/inquiry, payment credit (money out), and transaction
      status (`QrisIssuerMpmController`, `QrisApiV2Controller::checkStatus`,
      prefix `v2.0/qris`). Related list/detail: `GET
      /api/v2.0/qris/transaction/...`.
  - name: E-Wallet (Money In)
    description: >-
      E-Wallet Native checkout and transactions (`EwalletNativeApiController`,
      `EwalletNativeTransactionApiController`, `EwalletNativeV2ApiController`).
      Paths include `v1.0/ewallet-native`, `v1.0/ewallet-native-transactions`,
      and `v2.0/ewallet-native`.
  - name: E-Wallet (Money Out)
    description: >-
      E-wallet disbursement / top-up to beneficiary wallets
      (`EWalletTopUpController`, prefix `v2.0/ewallet`). Responses use the
      custom **`MerchantV2ApiEnvelope`** with **`MerchantV2ResponseCode`**
      (SP000–SP020).
  - name: Card (Money In)
    description: >-
      One-time card payment, cancel, and inquiry
      (`CardPaymentMerchantApiController`, prefix `v2.0/card`).
  - name: Subscription (Recurring)
    description: >-
      Credit-card recurring subscription plans (`SubscriptionPlanApiController`,
      prefix `v2.0/recurring`). Plan `{id}` is UUID (`sub_plans.id`).
  - name: Direct Debit
    description: >-
      Direct Debit — bind a customer bank account once via hosted webview, then
      charge it host-to-host (`DirectDebitMerchantController`, prefix
      `v2.0/direct-debit`). Binding `{binding_id}` and transaction
      `{transaction_id}` are UUIDs. Responses use the
      **`MerchantV2ApiEnvelope`** with both standard SP000–SP020 codes and
      Direct-Debit-specific codes (`SP_DD_*`). The `/charge` endpoint is
      additionally protected by **`X-Signature`** + **`X-Timestamp`**
      (`verify.signature-internal`); see operation parameters for the signing
      scheme.
  - name: Account Transfer
    description: >-
      Move funds between sub-accounts within the same merchant
      (`AnotherAccountApiController`, prefix `v1.0/account-transfer`). The
      transfer endpoint requires request signature headers
      (`verify.signature-internal`). Both accounts must belong to the
      authenticated merchant and be accessible to the credential.
  - name: Disbursement (Money Out)
    description: >-
      Bank disbursement (`DisbursementController` **v1.0**,
      `DisbursementV2Controller` **v2.0**). **v1.0**
      list/show/fee/beneficiary/transfer use Flugg envelopes; v1 inquiry-status
      uses the **custom v2 envelope** (`MerchantV2ApiEnvelope`, codes
      **SP000–SP020**). **v2.0** check-beneficiary, transfer, and inquiry-status
      use the same custom envelope — see component schema
      **`MerchantV2ResponseCode`** for the full response code table.
  - name: Cardless Withdrawal
    description: >-
      Cardless withdrawal API for initiating ATM cash withdrawals without a
      physical card. Supports creating withdrawals with OTP generation, listing
      transaction history, viewing transaction details, canceling pending
      withdrawals, and deleting canceled records. All endpoints use the
      `v1.0/cardless-withdrawals` route prefix and the standard success/error
      response envelope. Path parameter `{id}` refers to the `transaction_id`
      (platform-assigned business identifier).
paths:
  /api/v2.0/qris/issuer/mpm/payment-credit:
    post:
      tags:
        - QRIS (Money Out)
      summary: Trigger Payment Credit
      description: >-
        Initiates an issuer-side MPM payment (money-out) from the merchant
        account. The endpoint creates a pending `QrisTransaction`, performs
        ledger debit and statement entries, and enqueues the vendor dispatch job
        (for supported vendors such as ALTO). See `Response Code` for the full
        SP000–SP020 reference; final settlement is performed asynchronously.
        **CRITICAL:** This is a money-out operation requiring **X-Signature**
        and **X-Timestamp** authentication per internal signing protocol.
      operationId: qrisIssuerMpmPaymentCredit
      parameters:
        - name: X-Signature
          in: header
          description: >-
            HMAC-SHA512 hex signature, computed as `HMAC_SHA512(clientSecret,
            "{HTTP_METHOD}:{REQUEST_URI}:{ACCESS_TOKEN}:{SHA256_HEX(MINIFIED_BODY)}:{X_TIMESTAMP}")`.
            `MINIFIED_BODY` is the request body with object keys recursively
            sorted alphabetically and re-serialised with no whitespace (an
            empty/missing body hashes the empty string). `ACCESS_TOKEN` is the
            bearer token without the `Bearer ` prefix. Missing header returns
            **422** (`response_code=SP018`); signature mismatch or unknown
            `X-PARTNER-ID` returns **401** (`response_code=SP016`).
          required: true
          schema:
            type: string
        - name: X-Timestamp
          in: header
          description: >-
            ISO-8601 timestamp of the request; used as part of the signed
            string. Missing header returns **422** (`response_code=SP018`).
          required: true
          schema:
            type: string
            format: date-time
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/QrisIssuerMpmPaymentCreditRequest'
      responses:
        '200':
          description: >-
            Request accepted. Transaction created and processing started
            asynchronously. `data` contains a `QrisMoneyOutTransactionData`
            snapshot (commonly status `03` — Pending).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/QrisMoneyOutSuccessTransactionEnvelope'
        '400':
          description: >-
            Bad request — validation failed or duplicate `reference_number`
            detected.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MerchantV2ApiEnvelope'
        '401':
          description: >-
            **SP016** Unauthorized — `X-Signature`/`X-Timestamp` mismatch,
            invalid `Authorization` bearer token, or unknown `X-PARTNER-ID` (no
            matching `client_secret`).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MerchantV2ApiEnvelope'
              example:
                response_code: SP016
                response_message: Signature Invalid
                data:
                  message: Unauthorized. Invalid X-SIGNATURE
        '422':
          description: >-
            **SP018** Validation error — request field validation failed,
            missing `X-Signature`/`X-Timestamp`/`X-PARTNER-ID` header, or
            invalid `qr_data`.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MerchantV2ApiEnvelope'
              example:
                response_code: SP018
                response_message: Validation error
                data:
                  message: >-
                    Unauthorized. Missing header X-SIGNATURE or X-Timestamp or
                    X-PARTNER-ID
        '500':
          description: >-
            Internal server error — persistence, vendor integration, or dispatch
            failure.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/QrisMoneyOutInternalServerErrorEnvelope'
        '504':
          description: >-
            Gateway timeout — issuer vendor did not respond within the expected
            timeframe. `data` may be null or contain partial information if
            available.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/QrisMoneyOutTimeoutEnvelope'
      security:
        - BearerAuth: []
          PartnerId: []
components:
  schemas:
    QrisIssuerMpmPaymentCreditRequest:
      required:
        - reference_number
        - account_id
        - amount
        - qr_data
        - customer_name
      properties:
        reference_number:
          description: Merchant idempotency key per account.
          type: string
          maxLength: 64
          example: INV-20231130-001
        account_id:
          description: Account ULID.
          type: string
          maxLength: 99
          example: 01K946KF851RK7FX075GJHBVKF
        amount:
          description: Net amount to beneficiary side (IDR).
          type: number
          maximum: 10000000
          minimum: 1000
          example: 100000
        qr_data:
          type: string
          maxLength: 500
          example: 00020101021226620015ID.SINGAPAY.WWW0118936012070412260002...
        customer_name:
          type: string
          maxLength: 100
          example: John Doe
        customer_email:
          type:
            - string
            - 'null'
          maxLength: 100
          example: john.doe@example.com
        customer_phone:
          type:
            - string
            - 'null'
          maxLength: 50
          example: '081234567890'
        customer_location:
          type:
            - string
            - 'null'
          maxLength: 100
          example: Jakarta
      type: object
    QrisMoneyOutSuccessTransactionEnvelope:
      description: >-
        API response envelope for successful QRIS money-out status inquiries.
        Conforms to the standard `MerchantV2ApiEnvelope` structure, with `data`
        containing a `QrisMoneyOutTransactionData` object representing the
        current state of the transaction.
      properties:
        response_code:
          description: >-
            Response code (see Response Code appendix) indicating the result of
            the inquiry. For successful inquiries, this is typically a code such
            as "00" or "SP000".
          type: string
          example: SP000
        response_message:
          description: >-
            Human-readable message providing additional context about the
            response.
          type: string
          example: Successful
        data:
          $ref: '#/components/schemas/QrisMoneyOutTransactionData'
      type: object
    MerchantV2ApiEnvelope:
      description: >-
        SingaPay Merchant API v2 custom response envelope
        (`ApiResponderHelper::responseJson`, `ApiResponseTrait`). Business
        outcome is determined by `response_code` (SP000–SP020), not by HTTP
        status alone. On success (`SP000`), `data` holds the operation payload.
        On errors, `data` often includes a `message` and may echo request
        fields.
      required:
        - response_code
        - response_message
      properties:
        response_code:
          $ref: '#/components/schemas/MerchantV2ResponseCode'
        response_message:
          $ref: '#/components/schemas/MerchantV2ResponseMessage'
        data:
          description: >-
            Endpoint-specific payload on success, or error context (validation
            message, inquiry result with `status` invalid, etc.).
          type:
            - object
            - 'null'
          additionalProperties: true
      type: object
      example:
        response_code: SP000
        response_message: Successfully
        data: []
    QrisMoneyOutInternalServerErrorEnvelope:
      description: >-
        API response envelope for failed QRIS money-out status inquiries.
        Conforms to the standard `MerchantV2ApiEnvelope` structure, with `data`
        optionally containing a `QrisMoneyOutTransactionData` object if
        transaction information is available, or null if not.
      properties:
        response_code:
          description: >-
            Response code (see Response Code appendix) indicating the reason for
            the failure. Common codes include "SP001" for transaction not found,
            "SP002" for access denied, etc.
          type: string
          example: SP002
        response_message:
          description: >-
            Human-readable message providing additional context about the
            failure.
          type: string
          example: Internal Server Error
        data:
          description: >-
            Transaction data if available, or null if the transaction could not
            be found or accessed.
          properties:
            reference_number:
              description: The reference number of the transaction.
              type: string
              example: INV-20231130-001
            type:
              description: The type of the transaction (e.g. mpm-static, mpm-dynamic).
              type: string
              example: mpm-dynamic
            scope:
              description: The scope of the transaction (e.g. issuer, acquirer).
              type: string
              example: issuer
          type:
            - object
            - 'null'
      type: object
    QrisMoneyOutTimeoutEnvelope:
      description: >-
        API response envelope for failed QRIS money-out status inquiries.
        Conforms to the standard `MerchantV2ApiEnvelope` structure, with `data`
        optionally containing a `QrisMoneyOutTransactionData` object if
        transaction information is available, or null if not.
      properties:
        response_code:
          description: >-
            Response code (see Response Code appendix) indicating the reason for
            the failure. Common codes include "SP001" for transaction not found,
            "SP002" for access denied, etc.
          type: string
          example: SP005
        response_message:
          description: >-
            Human-readable message providing additional context about the
            failure.
          type: string
          example: Timeout
        data:
          description: >-
            Transaction data if available, or null if the transaction could not
            be found or accessed.
          properties:
            reference_number:
              description: The reference number of the transaction.
              type: string
              example: INV-20231130-001
            type:
              description: The type of the transaction (e.g. mpm-static, mpm-dynamic).
              type: string
              example: mpm-dynamic
            scope:
              description: The scope of the transaction (e.g. issuer, acquirer).
              type: string
              example: issuer
          type:
            - object
            - 'null'
      type: object
    QrisMoneyOutTransactionData:
      description: >-
        Inquiry status response data structure. Similar to
        `QrisMoneyOutTransactionData` but may be extended with additional fields
        relevant to status checks.
      properties:
        transaction_id:
          description: Internal transaction identifier (reference/reff_no).
          type: string
          example: '112220251111135424691'
        transaction_status:
          description: Current status of the transaction.
          properties:
            code:
              description: Numeric or short status code (e.g. `03`, `06`).
              type: string
              example: '03'
            desc:
              description: Human readable status description.
              type: string
              example: Pending
          type: object
        qr_data:
          description: Original QRIS payload supplied with the request.
          type: string
          example: >-
            00020101021226620015ID.SINGAPAY.WWW0118936012070412260002021035224094080303UME51440014ID.CO.QRIS.WWW02153559174130477690303UME5204601153033605405110005802ID5903eos6005DEPOK6105746786221051017730486640703C0163044D76
        type:
          description: QRIS flow type, e.g. `mpm-static` or `mpm-dynamic`.
          type: string
          example: mpm-dynamic
        scope:
          description: 'Processing scope: `issuer` or `acquirer`.'
          type: string
          example: issuer
        reference_number:
          description: Merchant-supplied reference or idempotency key.
          type: string
          example: INV-20231130-001
        post_timestamp:
          description: Timestamp when transaction was posted (ISO 8601).
          type: string
          example: '2023-11-30T12:34:56Z'
        processed_timestamp:
          description: >-
            Timestamp when transaction processing completed or last updated (ISO
            8601).
          type: string
          example: '2023-11-30T12:45:00Z'
        balance_after:
          description: Account balance after the transaction was applied.
          properties:
            value:
              description: Balance value as a decimal string.
              type: string
              example: '100000.00'
            currency:
              description: Currency code (e.g. IDR).
              type: string
              example: IDR
          type: object
        net_amount:
          description: Net amount of the transaction.
          properties:
            value:
              description: Net amount value as a decimal string.
              type: string
              example: '95000.00'
            currency:
              description: Currency code (e.g. IDR).
              type: string
              example: IDR
          type: object
        fee:
          description: Transaction fee information.
          properties:
            value:
              description: Fee value as a decimal string.
              type: string
              example: '5000.00'
            currency:
              description: Currency code (e.g. IDR).
              type: string
              example: IDR
          type: object
        gross_amount:
          description: Gross amount of the transaction.
          properties:
            value:
              description: Gross amount value as a decimal string.
              type: string
              example: '100000.00'
            currency:
              description: Currency code (e.g. IDR).
              type: string
              example: IDR
          type: object
      type: object
    MerchantV2ResponseCode:
      description: SingaPay custom business response code.
      type: string
      example: SP000
    MerchantV2ResponseMessage:
      description: Human-readable label paired with `response_code`.
      type: string
      example: Successfully
  securitySchemes:
    BearerAuth:
      type: http
      description: >-
        JWT issued by `POST /api/v1.1/access-token/b2b`. Send `Authorization:
        Bearer <token>`.
      bearerFormat: JWT
      scheme: bearer
    PartnerId:
      type: apiKey
      description: Merchant API key (`Credential.api_key`). Required on every request.
      name: X-PARTNER-ID
      in: header

````