Try Citcon Today
API Reference
Citcon Integration APIs provide easy to use interfaces to fulfill all kinds of online and in-store payment needs. Citcon supports Alipay, WeChat Pay, UnionPay, Paypal, Venmo, all major Credit Cards, and other local wallets for the APAC region depending on the integrated solution. There are multiple types of integration provided: a simple yet flexible Citcon Hosted Online Payment (CHOP) method which helps merchants to get integrated fast and reduces PCI Compliance burden for merchants, a traditional backend API integration which provides the utmost granularity and flexibility but may require some additional development effort on merchant side, and a robust in-store API offering a solid in-store payment solution.
API libraries
https://citconpay.com/
This website represents the domain for Citcon's production site.
https://uat.citconpay.com/
Please note that in the examples in this documentation, the testing site is used instead of the production site.
Overview
Don't know which part of the documentation to read? This section will give a brief overview of integration options for your use case.E-Commerce
Your customers connect to your storefront through an electronic device. Whether your customers prefer to use a web browser on their desktop, a dedicated app on their mobile phone, or an email client, Citcon's many E-Commerce integration options will help you create a smooth payment system at any level of development expertiseCHOP
Citcon CHOP solution is best for merchants looking for an easy flexible solution for their web and mobile browser payment experience. CHOP offers forms that are mobile-optimized and designed to reduce friction in your customer experience. You can use CHOP's payment form template technology to create a brand-consistent, seamless checkout experience for your shoppers.Features
- Citcon Hosted Online Payment
- Single unified API interface for various payment methods
- Supports Visa, MasterCard, AMEX, Discover, JCP, China Union Pay, Alipay, WeChat Pay, Dana, Kakao Pay, GCash and JkoPay
- Reduced PCI scope for merchants
How to Get Started
Please contact a sales rep today. See our CHOP APIs for a full list of features and APIs.Online API
Traditional e-commerce approach is best for a merchant looking for complete control over the customer payment journey for Alipay and WeChat Pay and are okay with the additional development efforts related to a traditional e-commerce API solution. Additionally the Citcon Mobile SDK powered by the Online API offering is best for merchants with a strong mobile presence with its customers and sales and who would like to utilize the ease and flexibility that comes with Citcon’s mobile SDK solution.Features
- Merchant can build a fully customized checkout experience
- Generate a QR image (PNG) directly for merchants to embed into their checkout web pages
- Mobile iOS and Android SDKs
- Supports Alipay, WeChat Pay, Dana, Kakao Pay, GCash and JkoPay
How to Get Started
Please contact a sales rep today to get a list of currently integrated shopping cart partners. See our Online APIs for a full list of features and APIs. Please view our iOS Mobile SDK documentation and Android Mobile SDK and documentation .In-Store
Your customers connect to you via a physical location, and are primarily physically present at the time of payment, the following integration options are best suited for you.Integrate your POS System Directly with the Citcon In-Store API
Features
- Direct access to all Citcon In-Store API capabilities
- Seamless integration with your POS system.
- Supports Alipay, WeChat Pay, Uniionpay QR, Venmo, and Paypal
- See our In-Store APIs for a full list of features.
How to Get Started
Please contact a sales rep today to check if your POS System is integrated. If not integrated, see our In-Store APIs for a full list of features and APIs.Use Citcon Devices
Citcon’s Payment device is for a merchant looking to accept additional wallet payment options without the need to do an integration.Features
- Scan/Show payment QR codes
- Supports Alipay, WeChat Pay, Venmo, and Paypal
- Read China UnionPay cards
- Print receipts
How to Get Started
There is no API integration necessary for this method. Contact your account manager to get started!CHOP
(Citcon Hosted Online Payment)
The Citcon Hosted Online Payment (CHOP) provides a flexible, secure and easy way for shoppers to purchase goods and services:
- Shoppers go to your site, where they select and add the desired items to their shopping cart.
- When they are ready to checkout to pay and finalize their order, they are redirected to the Citcon-hosted payment page, where they enter the necessary details to complete the payment.
- After submitting the payment information, they are redirected back to your web site, where they can land on a summary information page displaying the result of the payment.
Our forms are optimized for a mobile browser and designed to reduce friction in your customer experience. You can use CHOP's payment form template technology to create a brand-consistent, seamless checkout experience for your shoppers.
Why Use CHOP
Citcon's hosted online payment helps you reduce the PCI compliance burden by removing the need to capture any sensitive payment information within the merchant network. This allows merchants to spend more time providing a better e-commerce experience without the worry of taking payment information within the merchant architecture.
CHOP also provides a single unified API interface for various payment methods Citcon supports, including Visa, MasterCard, AMEX, Discover, JCP, China Union Pay, Alipay, and WeChat Pay, Dana, Kakao Pay, GCash and JkoPay. This means that, even though these payment methods are from different countries, and have vastly different processes, CHOP helps you simplify the customer experience and integration.
Because CHOP hosts your payment forms, handles your payment data transmission, and processes your payments, it reduces PCI Compliance burden for merchants down to SAQ A-EP.
A Word On PCI Compliance
Does PCI Compliance apply to me?
If you currently or in the future will accept credit cards from your customers then the answer would be yes. However, The major benefit of CHOP is the fact that it removes the complexity of PCI compliance from the merchant. Allow CHOP to work for you and reduce the anxiety that comes with PCI Compliance for a merchant.
Which level of PCI Compliance applies to me?
PCI certification takes two forms: Self-assessment (i.e. do-it-yourself) or hiring a third party QSA (Qualified Security Assessor). Though there are obvious advantages to self-assessing, including effort and cost, your ability to self-assess is dependent on your annual transaction volume and is reflected in the resulting level of PCI certification (1-4) you attain.
The following table describes the relationship between your transaction volume, required assessment approach, and level of certification:
If you have | then you can | to achieve |
less than 20,000 online transactions per year | self-assess | PCI Level 4 certification |
between 20,000 and 1 million online transactions per year | self-assess | PCI Level 3 certification |
between 1 million and 6 million online transactions per year | self-assess | PCI Level 2 certification |
over 6 million online transactions per year | hire an independent assessor (QSA) | PCI Level 1 certification |
For Self-Assessment:
If your systems | then use |
do not touch, process or store cardholder data, and do not serve any card collection forms | SAQ A-EP |
do touch, process or store cardholder data | SAQ D |
Integration Architecture
1) After customer selects which payment method, merchant's checkout page posts data to Citcon's dynamic hosted payment form. Hosted payment form serves UI based on the selected payment method, such as QR code or credit card entry form.
2) When customer completes entries on hosted payment form, Citcon processes payments in the backend.
3) Upon successful payments, customer is redirected to a merchant-hosted confirmation page, together with data related to the payment. If merchant's confirmation page is capable of handling dynamic input data, it can display personalized confirmation using merchant's own data as well as the data sent by Citcon.
4) Asynchronously, Citcon notifies merchant's backend of successful payments.
CHOP for Alipay and WeChatPay
CHOP for Credit Cards
CHOP for China UnionPay
Charge
CHOP expects minimal parameters passed in at entry point, because all the other payment data will be entered by consumers on the hosted payment form.
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls.
-
payment_method required
This is the consumer-selected payment method. Possible values are:
- alipay
- wechatpay
- cc
- upop
- alipay_hk
- bkash
- dana
- easypaisa
- gcash
- jkopay
- kakaopay
- truemoney
Based on payment method, CHOP renders corresponding payment forms using a merchant-predefined template.
-
reference required
Merchant's identifier to locate an order, such as order ID, transaction ID, etc. This is used for merchant to inquire, refund, or internally track order and payment status. Within a merchant, this reference should be unique.
-
amount
or
trans_amount requiredThe amount your customers are going to pay is an integer entered in cents. Only numbers without decimal places, thousand separators or $, rounded to cents. For example, if the total amount is $9.99, the amount passed in the API parameter should be 999.
Please only use amount when the payment method is alipay, wechatpay, cc, or upop.
Please only use trans_amount when the payment method is jkopay, alipay_hk, kakaopay, gcash, dana, truemoney, bkash, or easypaisa. -
currency
or
trans_currency required3-character ISO currency code, such as USD
Please only use currency when the payment method is alipay, wechatpay, cc, or upop.
Please only use trans_currency when the payment method is jkopay, alipay_hk, kakaopay, gcash, dana, truemoney, bkash, or easypaisa. -
ipn_url optional
This url is invoked when Alipay, WeChat Pay, UnionPay and or a Credit Card charge is successful. It's purpose it to notify merchants of the status of a successful payment. This URL should be able to accept HTTP POST with multiple transaction parameters. See section related to IPN (Instant Payment Notification) for details.
-
ext optional
Parameter ext is used to pass additional info to Citcon. It should be in json format and urlencoded.
-
callback_url_success optional
This page will be shown to consumers after payment has been successfully completed. It could be a static "Thank you for payment" HTML page, or, could be a dynamic page that shows customized content. The URL here is in the format of https://domain.com/path. The status and other payment related parameters will be appended to the supplied url as a query string.
-
callback_url_fail optional
This page will be shown to consumers after payment has timed out. It could be a static "Sorry that payment has timed out" HTML page, or, could be a dynamic page that shows customized content. The URL here is in the format of https://domain.com/path. The status and other payment related parameters will be appended to the supplied url as query string. This will be called on desktop not mobile on timeout. Please note this is really a timeout not a decline.
-
mobile_result_url optional
If payment method is either Alipay or WeChat Pay, this page will be shown to consumers inside Alipay or WeChat app, after payment has been successfully completed. It could be a static "Thank you for payment" HTML page, or, could be a dynamic page that shows customized content. The URL here is in the format of https://domain.com/path?query_string. This URL will be loaded directly as is inside Alipay or WeChat app, without any additional query string parameters.
-
allow_duplicates optional
Allows for multiple transactions to be created from one reference ID.When called, it will create a new transaction with the same reference ID.
If omitted, the call will reference to the previously created transaction from the reference ID.
curl https://uat.citconpay.com/chop/chop \
-H "Authorization: Bearer 12341234123412341234123412341234" \
-d payment_method="alipay" \
-d amount=2 \
-d currency="USD" \
-d reference="jkh25jh1348fd89sg" \
-d ipn_url="https://merchant.com/ipn" \
-d callback_url_success="https://merchant.com/success" \
-d callback_url_fail="https://merchant.com/fail" \
-d mobile_result_url="https://merchant.com/mobile_confirm?reference=jkh25jh1348fd89sg" \
-d allow_duplicates="yes"
curl https://uat.citconpay.com/chop/chop \
-H "Authorization: Bearer JP2N5DSOBLBYAF0GXUNOQ3IONR16KPMA" \
-d payment_method="alipay_hk" \
-d trans_amount=10 \
-d currency="HKD" \
-d reference="jkh25jh1348fd89sg" \
-d ipn_url="https://merchant.com/ipn" \
-d callback_url_success="https://merchant.com/success" \
-d callback_url_fail="https://merchant.com/fail" \
-d mobile_result_url="https://merchant.com/mobile_confirm?reference=jkh25jh1348fd89sg" \
-d allow_duplicates="yes"
It returns a JSON that contains:
1) result (success or fail)
2) URL (only present when result=success
Upon successful invocation, the URL can be used to redirect
consumers to CHOP.
Sample Response:
{"result":"success","url":"https:\/\/uat.citconpay.com\/chop\/landing?q=f9cdf9f1bce99b2db73dcf119"}
To redirect consumers to this URL in PHP code:
<?php
header( 'Location: https://uat.citconpay.com/chop/landing?q=34d7bddb79533932a699bd323f224d49' ) ;
?>
Inquire
This API allows merchants to inquire about the status of a particular payment and/or order.
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls. Note this is passed in the header.
-
q required
The payment token specific to the transaction given to merchants that can inquire.
-
inquire_method optional
Set to "real" to return the details of the transaction.
Response Parameters:
Variables
-
id
Transaction ID
-
type
Type of transaction. Possible values are charge (payment) and refund (return of money)
-
amount
Amount of money charged or returned. This is an integer\ without decimal places or thousand separators. For example, 9.99 is returned as 999
-
currency
3-character ISO country code, for example, USD.
-
reference
Merchant's identifier to locate an order, such as order ID, transaction ID, etc. This is used for merchants to inquire, refund, or internal tracking of order and payment status. Within a merchant, this reference should be unique.
-
time
Time of transaction in the format of yyyy-MM-dd HH:mm:ss
-
note
Notes when refund was given, only available when notes were passed in during refund API call.
-
notify_result
Status of this transaction, can be success, null or expired. null implies Non-expired QR Code / No Payment. expired implies Expired QR Code / No Payment received
curl https://uat.citconpay.com/chop/inquire \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d q=ae217526eb4b5c40818d55e33 \
-d inquire_method=real
Example Response:
{
"amount": 1,
"reference": "test1234",
"type": "payment",
"currency": "USD",
"payment_method": "alipay",
"notify_result": "success"
}
Refund
This API allows our merchants to make full or partial refunds on successfully paid transactions in the same currency as the original transaction. Merchants may make multiple partial refunds on an original transaction. However, the total refund(s) amount cannot exceed the amount of the original transaction. Refunds are available anytime but there are considerations.
- Merchants must have funds in open balance in order to process a refund
- Refunds attempted without enough funds in open balance will result in a failure
- Open Balance is reset at the beginning of the day
Your Citcon account holds funds from payment method(s) transactions settled based on settlement timing of the payment method. Successfully charged transactions are + and refunds are - from your account. Merchants may apply for an exemption when there’s insufficient funds in your Citcon account to refund by submitting a request through support@citcon-inc.com. Merchants may also apply to support@citcon-inc.com to enable refunds within the Citcon Dashboard. Merchants may also submit to support@citcon-inc.com requesting Citcon enable refunds even when their Citcon account balance has insufficient funds.
Refund Case Study
Same-day refund transactions tend to be more successful, because if you sold something for $1000, you then have $1000 of cash in open balance. Therefore, if someone comes and asks for a $350 refund, you have enough cash to refund. However if that same person wants a $1100 refund, that would not work as you're still missing $100. Point being the funds from the original transaction are still in your Citcon account therefore you have sufficient funds to perform the refund.
Refunds submitted on subsequent days may fail due to insufficient funds in your Citcon account. For example When you start your day, you have zero $ in open balance. If a customer comes and asks for a refund, you have no cash to give, therefore a refund cannot happen.
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls. Note this is passed in the header.
-
transaction_id
or
trans_reference only one is requiredThe transaction ID to refund.
Mechant’s reference number for payment, such as order ID, transaction ID, etc. -
amount
or
trans_amount only one is requiredThe amount the customers are going to refund for. It's an integer with no decimal places or thousand separators, rounded to cents. For example, if the price for an item is 9.99, the amount passed in should be 999.
-
currency
or
trans_currency only one is required3-character ISO currency code
Please use a combination of amount and currency or another combination of trans_amount and trans_currency -
reason optional
Note or comments for this refund
curl https://uat.citconpay.com/chop/refund \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d amount=1 \
-d currency="USD" \
-d transaction_id="3bfa17281b2e20c5e3303e045" \
-d reason="test"
curl https://uat.citconpay.com/chop/refund \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d trans_amount=10 \
-d trans_currency="HKD" \
-d transaction_id="20190627182000" \
-d reason="test"
curl https://uat.citconpay.com/chop/refund \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d amount=1 \
-d currency="USD" \
-d transaction_reference="test1234" \
-d reason="test"
Example Response
{
"id":"U0000092892-f84960c2a7e3af7",
"transaction_id":"U0000092891-fe9c93c42d",
"refunded":true,
"status":"success"
}
{
"code":"4071",
"refunded":flase,
"status":"Refund amount greater than allowed."
}
Cancel
This API allows merchants to cancel a payment transaction. If the original payment is pending, it will be cancelled. If the original payment goes through successfully, it will be refunded in full amount. Merchants use this API to manage inventory and payment lifecycle.
Some wallets may have cancellation window restrictions. Please check the response code and retry if it has not reached the cancellation window. Cancel API currently supports Alipay and WeChat Pay only.
If a payment has already been settled, merchants should use refund API, instead of cancel API, to return payment funds to consumers.
If a payment has already been cancelled, merchants will receive an error message which is “Duplicate cancellation“.
If a cancel request is out of cancellation windows, merchant will receive an error message which is “Not in cancellation window“.
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls. Note this is passed in the header.
-
transaction_id
or
transaction_reference only one is requiredThe transaction ID to cancel.
Mechant’s reference number for payment, such as order ID, transaction ID, etc. -
reason optional
Note or comments for this refund
curl https://uat.citconpay.com/chop/cancel \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d transaction_id="3bfa17281b2e20c5e3303e045" \
-d reason="test"
curl https://uat.citconpay.com/chop/cancel \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d transaction_reference="72f73528a4e90898123" \
-d reason="test"
Example Response
{
"transaction_id":"81e0172f73528a4e16b726aaf",
"transaction_reference":"72f73528a4e90898123",
"cancelled":true,
"status":"Order cancelled"
}
{
"transaction_id":"81e0172f73528a4e16b726aaf",
"transaction_reference":"72f73528a4e90898123",
"cancelled":false,
"status":"Cancellation failed"
}
URL Redirect
callback_url_success
CHOP redirects to callback_url_success in the following scenarios:
- When payment method is wallet-based and the consumer successfully completes payment in their wallet app.
- When payment method is Credit Card and consumer successfully completes payment in CHOP.
Merchant's callback_url_success page can either be static (which
ignores all the query string parameters) or dynamic. If it's a
dynamic page, it should handle the following query string
parameters:
Arguments
-
merchant_reference
the same reference merchants use to initiate CHOP
-
payment_instance_token
CHOP ID that merchants can reference when contacting Citcon
-
ssl_amount
Amount paid in cents. For example 9.99 is in the form 999.
-
ssl_result
For wallet-based payment methods, any non-0 value is failed. In Credit Card transactions, this will contain the decline code.
-
ssl_cvv2_response Credit Card transactions only
The cvv2 validation result.
-
ssl_avs_response Credit Card transactions only
Only included when AVS is enabled. Contains the AVS validation result.
-
ssl_txn_id Credit Card transactions only
Contains the credit card transaction ID
-
ssl_card_number Credit Card transactions only
Masked credit card number, such as 4111xxxxxxxx1111
-
ssl_exp_date Credit Card transactions only
Expiration date as the 2-digit month followed by 2-digit year, such as 1020
-
ssl_txn_time Credit Card transactions only
Credit card transaction time in the format mm/dd/yyyy HH:mm:ss AM
callback_url_fail
CHOP redirects to callback_url_fail in the following scenarios:
- When the payment method is Credit Card and the consumer's credit card is declined.
- When payment method is wallet-based and consumer payment method is declined.
- When the consumer remains on the CHOP payment page past the timeout time without making a payment.
Merchant's callback_url_fail page can either be static (which
ignores all the query string parameters) or dynamic. If it's a
dynamic page, it should handle the following query string
parameters:
Arguments
-
merchant_reference
the same reference merchants use to initiate CHOP
-
payment_instance_token
CHOP ID that merchants can reference when contacting Citcon
-
ssl_amount Credit Card transactions only
amount paid in cents. For example 9.99 is in the form 999.
-
ssl_result
0 indicates success
-
ssl_approval_code Credit Card transactions only
-
ssl_cvv2_response Credit Card transactions only
The cvv2 validation result.
-
ssl_avs_response Credit Card transactions only
Only included when AVS is enabled. Contains the AVS validation result.
-
ssl_txn_id Credit Card transactions only
Contains the credit card transaction ID
-
ssl_card_number Credit Card transactions only
Masked credit card number, such as 4111xxxxxxxx1111
-
ssl_exp_date Credit Card transactions only
Expiration date as the 2-digit month followed by 2-digit year, such as 1020
-
ssl_txn_time Credit Card transactions only
Credit card transaction time in the format mm/dd/yyyy HH:mm:ss AM
IPN
(Instant Payment Notification)
For a merchant to get notified when a payment has been successfully completed for an order, merchants will provide an ipn_url in chop API call. When payment is successfully completed, Citcon, asynchronously, sends an HTTP POST to this url and passes in the following parameters:
Arguments
-
id
the CHOP ID merchants can reference when contacting Citcon or initiating a refund
-
amount
Amount paid in cents. For example 9.99 is in the form 999.
-
notify_status
Valid values:
- success
- fail
-
currency
ISO 3-character currency code, for example, USD
-
time
time of payment, in the format of yyyy-MM-dd HH:mm:ss
-
reference
Merchant's internal identifier that is used to initiate CHOP
-
notify_id
The notification's unique ID. Merchants can reference it when contacting Citcon
-
approval_code Credit Card transactions only
Only included for successful credit card transactions
-
card_token Credit Card transactions only
Only included for successful credit card transactions when card tokenization is enabled.
-
result_message Credit Card transactions only
Detailed message of response for credit card transactions only.
-
card_number Credit Card transactions only
Masked credit card number, such as 4111xxxxxxxx1111
-
exp_date Credit Card transactions only
Expiration date as the 2-digit month followed by 2-digit year, such as 1020
-
fields
a comma-separated list of field names included in the IPN. For example, "id,amount,notify_status,currency,time,reference,notify_id"
-
sign
A MD5-hashed signature for merchants to verify the IPN content
To verify and authenticate the IPN,
1) Construct a string of all key/value pairs using only keys in
the "fields" field,including the "fields" using the format of
key1=value1&key2=value2, this list should be sorted
alphabetically by keys. Note that neither the keys or values
should be URL encoded. For example,
amount=1&card_number=41**********1111¤cy=USD&exp_date=1020&fields=id, amount,notify_status,currency,time,reference,notify_id, result_message,card_number,exp_date,transaction_type, recurring_id&id=af37ffeb2f4785a97bba4e0496cc0c80& notify_id=090217A15-6222841B-5363-4FB7-886F-3CE38415ACDD& notify_status=success&recurring_id=af37ffeb2f4785a97bba4e0496cc0c80& reference=7ed9e2623acdd8ffb8c6a90dd605c6cf& result_message=SUCCESS&time=2017-02-09 13:50:42& transaction_type=CCADDRECURRING
2) Append &token=<merchant token> to the end of the string above:amount=1&card_number=41**********1111& currency=USD& exp_date=1020&fields=id,amount,notify_status, currency,time,reference,notify_id,result_message, card_number,exp_date,transaction_type, recurring_id&id=af37ffeb2f4785a97bba4e0496cc0c80& notify_id=090217A15-6222841B-5363-4FB7-886F-3CE38415ACDD¬ify_status=success& recurring_id=af37ffeb2f4785a97bba4e0496cc0c80& reference=7ed9e2623acdd8ffb8c6a90dd605c6cf& result_message=SUCCESS&time=2017-02-09 13:50:42& transaction_type=CCADDRECURRING&token=123456
3) MD5 hash the string above, to compute a signature. This
signature should match the sign field posted in IPN.
The sample code to compute a signature here:
function sign_ipn($reply, $token) { ksort($reply); $flat_reply = ""; foreach ($reply as $key=>$value) { $flat_reply = $flat_reply."$key=$value&"; } $flat_reply = $flat_reply."token=$token"; return md5($flat_reply); } $fields = $_POST['fields']; $data['fields'] = $fields; $tok = strtok($fields, ","); while ($tok !== false) { $data[$tok] = $_POST[$tok]; $tok = strtok(","); } $mysign = sign_ipn($data, '123456');Upon receipt of the notification, merchants can mark their internal databases or system of payment status, or communicate with customers accordingly asynchronously.
The IPN are initiated from Citcon's servers hosted in AWS. Please make sure that merchants allow HTTP incoming traffic from AWS.
An example of IPN HTTP POST field:
"id"="0c4486d74a30e87adcbc569156a6084d"
"amount"="1"
"notify_status"="success"
"currency"="USD"
"time"="2016-11-09 07:49:53"
"reference"="ABCD123457890"
"notify_id"="78b6d63503e7a97cb6e8d09c23de5f5n0u"
"fields"="id,amount,notify_status,currency,time,reference,notify_id"
Online API
QR Scan Pay is a user-friendly way for Alipay and WeChat Pay consumers to pay on the web. It differs from traditional credit card online payment flows in the way that it generates a QR image (PNG) directly for merchants to embed into their checkout web pages. Consumers, upon being presented the payment QR code, use the Alipay and/or WeChat Pay app on their devices to scan the QR code, after which payment authorization is carried out between consumers and Alipay/WeChat Pay. After the payment is successfully completed on the consumer's device, a merchant specific payment confirmation screen can be presented inside the Alipay/WeChat Pay app; this is where merchants can present more information about the orders, the company, or even upsells.
Integration Architecture
1) After consumer selects payment method on merchant's checkout page, merchant's server posts data to Citcon's Online API, requesting the URL of a unique QR code for this transaction to display to the consumer.
2) When the consumer scans the QR code with the appropriate wallet, they will complete the payment within the wallet app.
3) Upon successful payment, customer is redirected to a merchant-hosted confirmation page.
4) Asynchronously, Citcon notifies merchant's backend of successful payments.
Mobile App SDK
Merchants who wish to utilize a complete in- app payment experience, the Mobile App SDK solution powered by Citcon's Online API is for you.
Please view our iOS Mobile SDK documentation and Android Mobile SDK and documentation .
Charge
QR Code Generation
To generate a QR code specific to a merchant, an order, and price, merchants use the API pay_qr.
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls. Note this is passed in the header.
-
amount required
The amount your customers are going to pay is an integer entered in cents. Only numbers without decimal places, thousand separators or $, rounded to cents. For example, if the total amount is $9.99, the amount passed in the API parameter should be 999.
-
currency required
3-character ISO currency code
-
vendor required
alipay or wechatpay
-
reference required
Merchant's identifier to locate an order, such as order ID, transaction ID, etc. This is used for merchant to inquire, refund, or internal tracking of order and payment status. Within a merchant, this reference should be unique.
-
ipn_url optional
This url is invoked when Alipay or WeChat Pay has a successful payment status. It serves the purpose to notify merchants of this successful payment status. This URL should be able to accept HTTP POST with multiple parameters. See next section for details
-
callback_url optional
This page will be shown after payment has been successfully completed. It could be a static "Thank you for payment" HTML page, or, could be a dynamic page that shows customized content. The URL here is in the format of "https://xxxx/xxx." The dynamic page can also be used to track payment successes. For example, on receiving a call on the URL, you can update your database of payment status about case ABCD12345.
-
allow_duplicates optional
Allows for multiple transactions to be created from one reference ID. When called, it will create a new transaction with the same reference ID.
If omitted, the call will reference the previously created transactions from the reference ID. -
timeout optional
Sets the QR code URL timeout to expire within the merchants desired time frame. The timeout is calculated in seconds and recommended timeout is 5 minutes which equals a timeout setting of 300. By increasing the value the timeout may be increased accordingly. Basically, after the timeout, if you open the URL, it will show 'expired'. {"result":"fail","reason":"QR code expired."}
The successful API invocation returns a URL similar to https://uat.citconpay.com/payment/qr?q=7e79ae7950fe9549857452917ca0e90d
This URL, loaded in the browser, serves as a payment QR code.
Integration with merchants is a 2-step process.
1. Merchant's backend calls the above URL, passes in parameters, to get the QR code URL
2. Merchant's frontend then uses <img/> tag to embed the QR code URL in web page for customers to scan and pay
curl https://uat.citconpay.com/payment/pay_qr \
-H "Authorization: Bearer 12341234123412341234123412341234" \
-d amount=2 \
-d currency="USD" \
-d vendor="generic" \
-d reference="84238473247832874238" \
-d ipn_url="https://merchant.com/ipn.php" \
-d callback_url="https://dev.citcon-inc.com" \
-d allow_duplicates="yes" \
-d timeout="300"
Example Response:
https://uat.citconpay.com/payment/qr?q=D0000001097-460761bdaefd4a4e3d50
Charge
H5 Payment - Redirect
H5 Payment helps merchants quickly integrate Alipay and WeChat Pay into their H5 websites. When consumers initiate payment from merchants, Citcon provides an easy HTTP redirect integration for consumers to complete payments with either Alipay or WeChat Pay, followed by an optional confirmation page provided by merchants. Therefore, the user experience is transparent of Citcon.
The following patterns are supported with H5 Payment:
1) Alipay in PC Web - consumers shop on a merchant's website in a computer browser (all modern browsers are supported), and initiate payment. They are prompted to authenticate with Alipay if they haven't done so on the same browser. After successful authentication, they confirm payment, and are redirected back to the merchant's website.
2) Alipay in Mobile Web - consumers shop on a merchant's mobile
optimized website in a mobile browser (all modern mobile
browsers are supported), and initiate payment.
a) If Alipay App is installed on the
same mobile device, Alipay App is opened, consumers confirm to
pay inside Alipay App. Upon successful payment, they are shown
the merchant's payment confirmation inside the App.
b) If Alipay App is not installed,
consumers are prompted to authenticate with Alipay within the
same mobile browser if they haven't done so on the same browser.
After successful authentication, they confirm payment, and are
redirected back to the merchant's website.
3) WeChat Pay Within WeChat App - WeChat Pay must be initiated
within the WeChat App. The typical ways are:
a) Official Account Payment - consumers
read an article published by a merchant's WeChat official
account. Merchants embed a link inside the article to bring
consumers to their mobile optimized H5 shopping website, inside
WeChat App's in-app browser. Consumers shop and initiate payment
within WeChat App's in-app browser, after which WeChat prompts
them to confirm payment. Once the payment is successful,
consumers are brought back to the merchant's H5 websites.
Everything is done inside WeChat App.
b) Alternatively, merchants can generate
a QR code of their mobile optimized shopping website's entry
URL. Consumers use the "Scan QR Code" feature inside WeChat App
to load the website. The rest of the procedures are the same as
above.
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls. Note this is passed in the header.
-
amount required
The amount the customers are going to pay for. It's an integer with no decimal places or thousand separators, rounded to cents. For example, if the price for an item is 9.99, the amount passed in should be 999.
-
currency required
3-character ISO currency code
-
vendor required
Possible values are:
- alipay
- wechatpay
- alipay_hk
- bkash
- dana
- easypaisa
- gcash
- jkopay
- kakaopay
- truemoney
-
reference required
Merchant's identifier to locate an order, such as order ID, transaction ID, etc. This is used for merchant to inquire, refund, or internal tracking of order and payment status. Within a merchant, this reference should be unique.
-
ipn_url optional
This url is invoked when Alipay or WeChat Pay has a successful payment status. It serves the purpose to notify merchants of this successful payment status. This URL should be able to accept HTTP POST with multiple parameters. See next section for details.
-
callback_url optional
This page will be shown after payment has been successfully completed. It could be a static "Thank you for payment" HTML page, or, could be a dynamic page that shows customized content. The URL here is in the format of "https://xxxx/xxx." The dynamic page can also be used to track payment successes. For example, upon receiving a call on the URL, you can update your database of payment statuses about case ABCD12345.
-
allow_duplicates optional
Allows for multiple transactions to be created from one reference ID. When called, it will create a new transaction with the same reference ID.
If omitted, the call will reference the previously created transactions from the reference ID. -
mweb optional
Allows consumer to complete payment by opening payment URL in mobile browser.
The successful API invocation returns a URL similar to https://proxy.citconpay.com/u_landing?q=7e79ae7950fe9549857452917ca0e90d
Merchants redirect users to the resulted URL above from their websites.
Integration with merchants is a 2-step process.
1. Merchant's backend calls the above URL, passes in parameters, to get the payment URL
2. Merchant's frontend then uses the above URL to redirect users from their websites to pay.
curl https://uat.citconpay.com/payment/pay \
-H "Authorization: Bearer 12341234123412341234123412341234" \
-d amount=2 \
-d currency="USD" \
-d vendor="generic" \
-d reference="84238473247832874238" \
-d ipn_url="https://merchant.com/ipn.php" \
-d callback_url="https://dev.citcon-inc.com" \
-d allow_duplicates=yes
Example Response:
https://uat.citconpay.com/payment/landing?q=D0000001096-a456e61b3eba4fa988e9
To redirect consumers to this URL in PHP code:
<?php
header( 'Location: https://uat.citconpay.com/payment/landing?q=7e79ae7950fe9549857452917ca0e90d' ) ;
?>
Inquire
This API allows merchants to inquire about the status of a particular payment and/or order.
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls. Note this is passed in the header.
-
transaction_id conditional
The transaction ID to inquire.
Required when reference ID is not used. -
reference conditional
The reference ID of a transaction used to inquire.
Required when transaction ID is unknown. -
inquire_method optional
Set to "real" to return the details of the transaction.
curl https://uat.citconpay.com/payment/inquire \
-H "Authorization: Bearer 417356AA994543DC8F4C4776C31246D7" \
-d transaction_id=D0000001079-83c6b94bf5b61afe2e21 \
-d inquire_method=real
curl https://uat.citconpay.com/payment/inquire \
-H "Authorization: Bearer 417356AA994543DC8F4C4776C31246D7" \
-d reference=1000002061
Example Response:
{
"id": "D0000001079-83c6b94bf5b61afe2e21",
"type": "charge",
"amount": 1,
"time": "2016-11-05 06:17:12",
"reference": "1000002061",
"status": "success",
"currency": "USD",
"note": "null"
}
Status of this transaction, can be success, null or expired. null implies Non-expired QR Code / No Payment. expired implies Expired QR Code / No Payment received
Refund
This API allows our merchants to make full or partial refunds on successfully paid transactions in the same currency as the original transaction. Merchants may make multiple partial refunds on an original transaction. However, the total refund(s) amount cannot exceed the amount of the original transaction. Refunds are available anytime but there are considerations.
- Merchants must have funds in open balance in order to process a refund
- Refunds attempted without enough funds in open balance will result in a failure
- Open Balance is reset at the beginning of the day
Your Citcon account holds funds from payment method(s) transactions settled based on settlement timing of the payment method. Successfully charged transactions are + and refunds are - from your account. Merchants may apply for an exemption when there’s insufficient funds in your Citcon account to refund by submitting a request through support@citcon-inc.com. Merchants may also apply to support@citcon-inc.com to enable refunds within the Citcon Dashboard. Merchants may also submit to support@citcon-inc.com requesting Citcon enable refunds even when their Citcon account balance has insufficient funds.
Refund Case Study
Same-day refund transactions tend to be more successful, because if you sold something for $1000, you then have $1000 of cash in open balance. Therefore, if someone comes and asks for a $350 refund, you have enough cash to refund. However if that same person wants a $1100 refund, that would not work as you're still missing $100. Point being the funds from the original transaction are still in your Citcon account therefore you have sufficient funds to perform the refund.
Refunds submitted on subsequent days may fail due to insufficient funds in your Citcon account. For example When you start your day, you have zero $ in open balance. If a customer comes and asks for a refund, you have no cash to give, therefore a refund cannot happen.
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls. Note this is passed in the header.
-
transaction_id
or
transaction_reference only one is requiredThe transaction ID to refund.
Merchant's identifier to locate an order, such as order ID, transaction ID, etc. Pass by QR code generation -
amount
or
trans_amount only one is requiredThe amount the customers are going to refund for. It's an integer with no decimal places or thousand separators, rounded to cents. For example, if the price for an item is 9.99, the amount passed in should be 999.
-
currency
or
trans_currency only one is required3-character ISO currency code
Please use a combination of amount and currency or another combination of trans_amount and trans_currency -
reason optional
Note or comments for this refund
curl https://uat.citconpay.com/payment/refund \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d amount=1 \
-d currency="USD" \
-d transaction_id="3bfa17281b2e20c5e3303e045" \
-d reason="test"
curl https://uat.citconpay.com/payment/refund \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d trans_amount=10 \
-d trans_currency="HKD" \
-d transaction_id="3bfa17281b2e20c5e3303e045" \
-d reason="test"
curl https://uat.citconpay.com/payment/refund \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d amount=1 \
-d currency="USD" \
-d transaction_reference="20190627182000" \
-d reason="test"
Example Response
{
"id":"U0000092892-f84960c2a7e3af7",
"transaction_id":"U0000092891-fe9c93c42d",
"refunded":true,
"status":"success"
}
{
"refunded":flase,
"status":"Invalid source. Please contact Citcon."
}
Cancel
This API allows merchants to cancel a payment transaction. If the original payment is pending, it will be cancelled. If the original payment goes through successfully, it will be refunded in full amount. Merchants can use this API to manage inventory and payment lifecycle.
Some wallets may have cancellation window restrictions. Please check the response code and retry if it has not reached the cancellation window. Cancel API currently supports Alipay and WeChat Pay only.
If a payment has already been settled, merchants should use refund API, instead of cancel API, to return payment funds to consumers.
If a payment has already been cancelled, merchants will receive an error message which is “Duplicate cancellation“.
If a cancel request is out of cancellation windows, merchant will receive an error message which is “Not in cancellation window“.
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls. Note this is passed in the header.
-
transaction_id
or
transaction_reference only one is requiredThe transaction ID to cancel.
Merchant's identifier to locate an order, such as order ID, transaction ID, etc. Pass by QR code generation -
amount required
The amount the customers are going to refund for. It's an integer with no decimal places or thousand separators, rounded to cents. For example, if the price for an item is 9.99, the amount passed in should be 999.
-
currency required
3-character ISO currency code
-
reason optional
Note or comments for this cancel
curl https://uat.citconpay.com/payment/cancel \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d transaction_id="3bfa17281b2e20c5e3303e045" \
-d reason="test"
curl https://uat.citconpay.com/payment/cancel \
-H "Authorization: Bearer 1234567890abcdef1234567890abcdeq" \
-d transaction_reference="20190627182000" \
-d reason="test"
Example Response
{
"transaction_id":"U0000092892-f84960c2a7e3af7",
"transaction_reference":"20190627182000",
"cancelled":true,
"status":"Order cancelled"
}
{
"transaction_id":"U0000092892-f84960c2a7e3af7",
"transaction_reference":"20190627182000",
"refunded":flase,
"status":"Duplicate cancellation"
}
WeChat Mini Program Payment
WeChat Mini Programs are mobile app-like applications built using WeChat's own markup language and framework. Mini programs are published to and hosted on WeChat servers.
To initiate a WeChat Payment request inside WeChat Mini Programs, in the merchant's script, an HTTP request is made to Citcon's API via wx.request, together with an openid that the Mini Program obtained from user login, and the other payment related data. Citcon processes the API request and responds with necessary parameters for Mini Program to invoke WeChat Pay directly. The response is in JSON.
Citcon recommends that merchants invoke this API from the merchant's backend services, instead of from Mini Programs directly. Because the token and ipn_url are in the API request, initiating the call from Mini Programs adds the security risk of exposure of such sensitive information.
The preferred architecture is:
1) Mini Program uses wx.request() function to invoke merchant's own backend service, passes in the openid (obtained from wx.login() function), and other payment related data;2) Merchant's backend calls Citcon's Mini Program Payment API and passes in the code and other parameters identified below in the specification;
3) Citcon returns Mini Program required payment parameters, as described below, to merchant's backend;
4) Merchant's backend relays and returns the same parameters returned by Citcon API to Mini Program;
5) Mini Program invokes wx.requestPayment() function together with the parameters received from merchant's backend
The parameters are:
Arguments
-
Authorization required
The merchant-specific token distributed by Citcon at the time of merchant onboarding. Please keep the token secure, as this is used for authenticating merchant API calls. Note this is passed in the header.
-
openid required
This is the openid for a WeChat user that mini programs obtained after a wx.login() call. For more on how to obtain a code and exchange code for openid in mini programs, please see here.
-
amount required
The amount the customers are going to pay for. It's an integer with no decimal places or thousand separators, rounded to cents. For example, if the price for an item is 9.99, the amount passed in should be 999.
-
currency required
3-character ISO currency code
-
reference required
Merchant's identifier to locate an order, such as order ID, transaction ID, etc. This is used for merchant to inquire, refund, or internal tracking of order and payment status. Within a merchant, this reference should be unique.
-
ipn_url optional
This url is invoked when Alipay or WeChat Pay has a successful payment status. It serves the purpose to notify merchants of this successful payment status. This URL should be able to accept HTTP POST with multiple parameters. See next section for details
Returns
Returns result of the WeChat Mini Program Payment request.
Variables
-
result string
Response of the API call, success or fail.
-
reason string
If the transaction fails, reason contains details of the failure; if result is success, reason field is not returned.
-
data JSON
If the transaction is successful, data JSON object is returned. The object contains the following fields.
-
timeStamp string
Timestamp. Number of seconds since 1970-01-01 00:00:00, ie., current time.
-
nonceStr string
Random string with length less than or equal to 32 characters.
-
package string
This is the name value pair for prepay_id (returned by WeChat). It's in the format of: prepay_id=xxxx
-
signType string
Signing algorithm. Currently only MD5 is supported.
-
paySign string
Signature of this payment request.
curl https://uat.citconpay.com/payment/pay_wxmini \
-H "Authorization: Bearer C59CE8752C8C4A6FB4B610E99CE3D5A8" \
-d openid="EE8A90223BCCD" \
-d amount=2 \
-d currency="USD" \
-d reference="jkh25jh1348fd89sg" \
-d ipn_url="https://merchant.com/ipn.php"
{
"result": "success",
"data": {
"appId": "wx112121212121",
"nonceStr": "gpiorxr7oeautjes8gqw5pjco544xofb",
"package": "prepay_id=wx201704070854364686cc48c30275957447",
"signType": "MD5",
"timeStamp": "1491526475",
"paySign": "8DD4CC7A41D7831CD5CCFAD440754826"
}
}
{
"result": "fail",
"reason": "failed to create payment"
}
//app.js
App({
payTap: function() {
wx.login({
success: function(res) {
if (res.code) {
// call merchant backend here, which calls Citcon payment API
wx.request({
url: 'https://merchant_backend/generate_mini_program_pay_data',
data: {
code: res.code,
amount: 1
},
success: function(merchantRes) {
if (merchantRes.result == 'success') {
wx.requestPayment({
'timeStamp': merchantRes.timestamp,
'nonceStr': merchantRes.nonceStr,
'package': merchantRes.package,
'signType': merchantRes.signType,
'paySign': merchantRes.paySign,
'success':function(res){
// merchant handles success payment scenario, such as wx.navigateTo sucess page
},
'fail':function(res){
// merchant handles failure payment scenario, such as wx.navigateTo failure page
}
})
} else {
console.log('Failed to invoke merchant API!' + merchantRes.errMsg);
}
}
})
} else {
console.log('Failed to get user login data!' + res.errMsg)
}
}
});
}
})
IPN
(Instant Payment Notification)
For a merchant to get notified when a payment has been successfully completed for an order, merchants will provide an ipn_url in the pay_qr API call. When the payment is successfully completed, Citcon, asynchronously, sends an HTTP POST to this url and passes in the following parameters:
Arguments
-
id
The ID that shows up in the QR code URL.
-
amount
-
status
Valid values:
-
currency
ISO 3-character currency code, for example, USD
-
time
time of payment, in the format of yyyy-MM-dd HH:mm:ss
-
reference
Merchant's internal identifier used to generate the QR code
-
notify_id
The notification's unique ID. Merchants can reference it when contacting Citcon
-
fields
a comma-separated list of field names included in the IPN. For example, "id,amount,notify_status,currency,time,reference,notify_id"
-
sign
A MD5-hashed signature for merchants to verify the IPN content
Upon receipt of the notification, merchants can mark their internal databases or system of payment status, or communicate with customers accordingly.
The IPN are initiated from Citcon's servers hosted in AWS. Please make sure that merchants allow HTTP incoming traffic from AWS.
An example of IPN HTTP POST field:
"id"="0c4486d74a30e87adcbc569156a6084d"
"amount"="1"
"status"="success"
"currency"="USD"
"time"="2016-11-09 07:49:53"
"reference"="ABCD123457890"
"notify_id"="78b6d63503e7a97cb6e8d09c23de5f5n0u"
To verify and authenticate the IPN,
1) Construct a string of all key/value pairs using only keys in the "fields" field, including "fields", using the format of key1=value1&key2=value2, this list should be sorted alphabetically by keys. Note that neither the keys or values should be URL encoded. For example,
amount=1&card_number=41**********1111¤cy=USD&exp_date=1020&fields=id,
amount,notify_status,currency,time,reference,notify_id,
result_message,card_number,exp_date,transaction_type,
recurring_id&id=af37ffeb2f4785a97bba4e0496cc0c80&
notify_id=090217A15-6222841B-5363-4FB7-886F-3CE38415ACDD&
notify_status=success&recurring_id=af37ffeb2f4785a97bba4e0496cc0c80&
reference=7ed9e2623acdd8ffb8c6a90dd605c6cf&
result_message=SUCCESS&time=2017-02-09 13:50:42&
transaction_type=CCADDRECURRING
amount=1&card_number=41**********1111& currency=USD&
exp_date=1020&fields=id,amount,notify_status,
currency,time,reference,notify_id,result_message,
card_number,exp_date,transaction_type,
recurring_id&id=af37ffeb2f4785a97bba4e0496cc0c80&
notify_id=090217A15-6222841B-5363-4FB7-886F-3CE38415ACDD¬ify_status=success&
recurring_id=af37ffeb2f4785a97bba4e0496cc0c80&
reference=7ed9e2623acdd8ffb8c6a90dd605c6cf&
result_message=SUCCESS&time=2017-02-09 13:50:42&
transaction_type=CCADDRECURRING&token=123456
The sample code to compute a signature here:
function sign_ipn($reply, $token) { ksort($reply); $flat_reply = ""; foreach ($reply as $key=>$value) { $flat_reply = $flat_reply."$key=$value&"; } $flat_reply = $flat_reply."token=$token"; return md5($flat_reply); } $fields = $_POST['fields']; $data['fields'] = $fields; $tok = strtok($fields, ","); while ($tok !== false) { $data[$tok] = $_POST[$tok]; $tok = strtok(","); } $mysign = sign_ipn($data, '123456');
In-Store API
Citcon also offers the full set of RESTful POS APIs. These APIs help developers build fully functional payment solutions that accept Alipay, WeChat Pay and UnionPay on POS devices and mobile devices. Click here for request examples using C#
POS initialize
The initialize API returns detailed merchant information for a POS to initialize.
Arguments
Returns
Returns a detailed merchant information if token is accepted, and returns an error otherwise.
Variables
-
result string
Response of the API call, success or fail.
-
token string
The same token (store_code) used in API request. This token is used for any subsequent API calls such as pay and refund.
-
name_eng string
English name of the merchant, from merchant onboarding. This name can be displayed on POS and receipts.
-
name_chn string
Chinese name of the merchant, from merchant onboarding. This name can be displayed on POS and receipts.
POST https://uat.citconpay.com/posp/rest/initialize
curl https://uat.citconpay.com/posp/rest/initialize \
-d store_code=123
Example Response
{
"name_eng": "Citcontest000211",
"name_chn": "Citcontest000211",
"result": "success",
"token": "123"
}
Charge
POS Pay
(Citcon Recommended Payment Option)
The pay API accepts an alphanumeric payment code (usually obtained by the merchant by scanning a barcode or QR code from the consumer's payment app), that authorizes a transaction with corresponding payment providers. There is no need to specify which payment provider, the numeric payment code embeds this information.
Arguments
-
token required
A token distributed by Citcon at the time of merchant onboarding. Each token uniquely identifies a merchant.
-
barcode required
Payment code (usually obtained by scanning a barcode or QR code from payment apps)
-
currency required
ISO 3-character currency code, such as USD
-
total required
Total amount to be paid, including tips, in cents. For example, 999 represents 9.99. This amount is in the currency specified by currency parameter.
-
tip required
Tip in cents. Note that the parameter total includes this tip amount. For example, 999 represents 9.99. This amount is in the currency specified by currency parameter.
-
reference optional
Merchant's reference number.
-
pos_local_time required
Timestamp of POS (or local time), in the format of yyyy-MM-dd HH:mm:ss. For example, 2017-01-01 13:09:34.
Returns
Returns result of the transaction.
Variables
-
result string
Response of the API call, success or fail.
-
code string
A 2-character code that represents the status of this transaction. 00 means success.
-
error_message string
If the transaction fails, error_message contains details of the failure; if result is success, error_message contains SUCCESS.
-
transaction_id string
Citcon's record of transaction. This id is needed for refund or inquire.
-
reference string
Merchant's reference number.
-
merchant_id string
Citcon's merchant identification.
-
terminal_id string
Citcon's terminal identification.
-
subtotal string
Pre-tip amount paid, in cents. For example, 999 represents 9.99.
-
tip string
Tip amount paid, in cents. For example, 999 represents 9.99.
-
total string
Total amount paid, in cents. For example, 999 represents 9.99.
-
method string
Payment vendor. For example, WeChat, Alipay, CUP_C, CUP_D, CUP_QR.
-
pos_local_time string
Time of payment converted to POS local timezone, in the format of yyyy-MM-dd HH:mm:ss.
POST content-type: application/x-www-form-urlencoded https://uat.citconpay.com/posp/rest/pay
curl https://uat.citconpay.com/posp/rest/pay \
-d token="123" \
-d barcode="130739221328899074" \
-d total="1" \
-d pos_local_time="2017-01-27 01:39:42" \
-d currency="USD" \
-d reference="ref1234" \
-d note="test"
Example Response
{
"transaction_id": "1000000525",
"reference": "REF1234",
"code": "00",
"result": "success",
"error_message": "SUCCESS",
"total": "1",
"tip": "0",
"subtotal": "1",
"merchant_id": "634100700040000",
"terminal_id": "00000011",
"method": "WeChat",
"pos_local_time": "2017-01-27 01:39:42"
}
{
"transaction_id": "1000000527",
"reference": "REF1234",
"code": "14",
"result": "fail",
"error_message": "Wrong barcode (14)",
"total": "1",
"tip": "0",
"subtotal": "1",
"merchant_id": "634100700040000",
"terminal_id": "00000011",
"method": "WeChat",
"pos_local_time": "2017-01-27 01:52:04"
}
Charge
POS Show QR
The Show QR API accepts a request from the merchant to generate an Alipay/WeChat Pay QR code. The consumer scans the QR code to complete the payment.
Arguments
-
token required
A token distributed by Citcon at the time of merchant onboarding. Each token uniquely identifies a merchant.
-
currency required
ISO 3-character currency code, such as USD
-
total required
Total amount to be paid, including tips, in cents. For example, 999 represents 9.99. This amount is in the currency specified by currency parameter.
-
tip required
Tip in cents. Note that the parameter total includes this tip amount. For example, 999 represents 9.99. This amount is in the currency specified by currency parameter.
-
reference optional
Merchant's reference number.
-
pos_local_time required
Timestamp of POS (or local time), in the format of yyyy-mm-dd HH:mi:ss. For example, 2017-01-01 13:09:34.
Returns
Returns result of the transaction.
Variables
-
result string
Response of the API call, success or fail.
-
code string
A 2-character code that represents the status of this transaction if fails.
-
error_message string
If the transaction fails, error_message contains details of the failure; if result is success, error_message contains SUCCESS.
-
qr_code string
When success, return the qr link. e.g https://uat.citconpay.com/posp/qr?xxxxxxxxx
POST content-type: application/x-www-form-urlencoded https://uat.citconpay.com/posp/rest/pay_qr
curl
curl https://uat.citconpay.com/posp/rest/pay_qr \
-d token="123" \
-d total="1" \
-d tip="1" \
-d currency="USD" \
-d reference="ref1234" \
-d pos_local_time="2017-01-27 01:39:42"
Example Response
{
"result": "success",
"qr_code": "https://uat.citconpay.com/posp/qr?xxxxxxxxx"
}
{
"result": "fail",
"code": "01",
"error_message": "Payment fails. Please contact Citcon (01)"
}
POS Inquire
The Inquire API takes a transaction ID, and returns the status and details of the transaction.
In Alipay, WeChat and UnionPay QR POS payments, consumers may be prompted to enter their payment passwords after their payment codes are scanned by POS. This is to ensure the payments are indeed authorized by the account holders. In this case, the Inquire API will return "09" as code, to indicate that this transaction is in a pending state. The POS needs to re-inquire the status, either periodically or manually triggered to get the finalized status.
Arguments
-
token required
A token distributed by Citcon at the time of merchant onboarding. Each token uniquely identifies a merchant.
-
transaction_id required
Payment transaction ID returned by pay API.
-
pos_local_time required
Timestamp of POS (or local time), in the format of yyyy-MM-dd HH:mm:ss. For example, 2017-01-01 13:09:34.
Returns
Returns result of the transaction.
Variables
-
result string
Response of the API call, success or fail.
-
code string
A 2-character code that represents the status of this transaction.
00 means success
09 means pending (POS needs to re-inquire for final status)
Any other codes indicate payment failure -
error_message string
If the transaction fails, error_message contains details of the failure; if result is success, error_message contains SUCCESS.
-
transaction_id string
Citcon's record of transaction. This id is needed for refund or inquire.
-
original_transaction_id string
If the transaction inquired is a refund, original_transaction_id is the original payment trnasaction's reference.
-
reference string
Merchant's reference number.
-
original_reference string
If the transaction inquired is a refund, original_reference is the original payment trnasction's reference.
-
merchant_id string
Citcon's merchant identification.
-
terminal_id string
Citcon's terminal identification.
-
subtotal string
Pre-tip amount paid, in cents. For example, 999 represents 9.99.
-
tip string
Tip amount paid, in cents. For example, 999 represents 9.99.
-
total string
Total amount paid, in cents. For example, 999 represents 9.99.
-
method string
Payment vendor. For example, WeChat.
-
pos_local_time string
Time of payment converted to POS local timezone, in the format of yyyy-MM-dd HH:mm:ss.
POST content-type: application/x-www-form-urlencoded https://uat.citconpay.com/posp/rest/inquire
curl https://uat.citconpay.com/posp/rest/inquire \
-d token="123" \
-d transaction_id="1000000525" \
-d pos_local_time="2017-01-27 01:46:52" \
-d note="test"
Example Response
{
"transaction_id": null,
"code": "00",
"result": "success",
"reference":"T003657",
"error_message": null,
"total": "1",
"tip": "0",
"subtotal": 1,
"merchant_id": "634100700040000",
"terminal_id": "00000011",
"method": "WeChat",
"pos_local_time": "2017-01-01 17:33:02"
}
POS refund
The refund API takes a transaction_id or transaction_reference, and desired refund amount, authorizes a refund. A paid transaction can be refunded as a whole, or as multiple partial refunds.
Arguments
-
token required
A token distributed by Citcon at the time of merchant onboarding. Each token uniquely identifies a merchant.
-
transaction_id required
Payment transaction ID returned by pay API.
-
reference optional
Merchant's reference number for this refund (note this is not the original payment reference number.
-
refund_amount required
Total amount to be refunded, in cents. For example, 999 represents 9.99.
-
pos_local_time required
Timestamp of POS (or local time), in the format of yyyy-MM-dd HH:mm:ss. For example, 2017-01-01 13:09:34.
-
note optional
Reason of the refund.
Returns
Returns result of the refund.
Variables
-
result string
Response of the API call, success or fail.
-
code string
A 2-character code that represents the status of this transaction. 00 means success.
-
error_message string
If the transaction fails, error_message contains details of the failure; if result is success, error_message contains SUCCESS.
-
transaction_id string
Citcon's record of transaction. This is the refund transaction id.
-
original_transaction_id string
Original pay transaction ID being refunded.
-
reference string
Merchant's reference number for this refund.
-
original_reference string
Original payment transaction's merchant reference number.
-
merchant_id string
Citcon's merchant identification.
-
terminal_id string
Citcon's terminal identification.
-
total string
Total amount refunded, in cents. For example, 999 represents 9.99.
-
method string
Payment vendor. For example, WeChat Refund.
-
pos_local_time string
Time of payment converted to POS local timezone, in the format of yyyy-MM-dd HH:mm:ss.
POST content-type: application/x-www-form-urlencoded https://uat.citconpay.com/posp/rest/refund
curl https://uat.citconpay.com/posp/rest/refund \
-d token="123" \
-d transaction_id="1000000525" \
-d reference="REF000111" \
-d refund_amount="0" \
-d pos_local_time="2017-01-27 01:40:06" \
-d note="test"
curl https://uat.citconpay.com/posp/rest/refund \
-d token="123"
-d transaction_reference="REF1234"
-d reference="REF000111"
-d refund_amount="0"
-d pos_local_time="2017-01-27 01:40:06"
-d note="test"
Example Response
{
"transaction_id": 1000000526,
"reference": "REF000111",
"code": "00",
"error_message": "SUCCESS",
"method": "WeChat Refund",
"total": "1",
"merchant_id": "634100700040000",
"terminal_id": "00000011",
"original_transaction_id": "1000000525",
"original_reference": "REF1234",
"result": "success",
"pos_local_time": "2017-01-27 01:40:06"
}
{
"code": "A2",
"error_message": "Original transaction not found",
"result": "fail"
}
POS Cancel
Use Cancel API calls to cancel an Alipay or a WeChat Pay transaction only. If the payment is unpaid, the transaction will be closed. If the payment is paid, the transaction will be refunded. Transactions created within the last 15 seconds or which have already been reconciled cannot be canceled.
Arguments
-
token required
A token distributed by Citcon at the time of merchant onboarding. Each token uniquely identifies a merchant.
-
transaction_id
or
transaction_reference only one is requiredThe transaction ID to refund.
Mechant’s reference number for payment, such as order ID, transaction ID, etc. -
note optional
Reason of the refund.
Returns
Returns result of the cancellation.
Variables
-
result string
Response of the API call, success or fail.
-
code string
A 2-character code that represents the status of this transaction. 89 means transaction is canceled.
-
error_message string
If the transaction fails, error_message contains details of the failure; if result is success, error_message contains CANCELLED.
POST content-type: application/x-www-form-urlencoded https://uat.citconpay.com/posp/rest/cancel
curl https://uat.citconpay.com/posp/rest/cancel \
-d token="123" \
-d transaction_id="1000000525" \
-d note="cancel"
curl https://uat.citconpay.com/posp/rest/cancel \
-d token="123" \
-d transaction_reference="20190627182000" \
-d note="cancel"
Example Response
{
"result": "success",
"code": "89",
"error_message": "CANCELLED"
}
{
"result": "fail",
"code": "E4",
"error_message": "Duplicate cancellation"
}