Introduction

Welcome! Here at Xendit, our mission is to provide payments infrastructure that helps you succeed. We help with both the money in (accepting payments) and money out (disbursing payments). Use cases range from platform business to eCommerce, SaaS, and everything else in between.

The Xendit API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. We use built-in HTTP features and HTTP verbs, which are understood by off-the-shelf HTTP clients. JSON is returned by all API responses, including errors.

To make it easier to get familiar with our APIs, we've published a Postman Collection so that you can see examples of all of Xendit APIs in one place.

See our Postman Guide to get started!

Authentication

To successfully authenticate with Xendit's APIs, you must authenticate your secret API key using Basic Auth. You can obtain your API keys in Dashboard. For example if your API key is

xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==

Select Basic Auth authentication. Input secret API key in username and leave the password empty

Basic Auth format
{{username}}:{{password}}

Following the format (with colon)
xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==:

Encode Basic Auth format above into Base64 format

eG5kX2RldmVsb3BtZW50X1A0cURmT3NzME9DcGw4UnRLclJPSGphUVlOQ2s5ZE41bFNmaytSMWw5V2JlK3JTaUN3WjNqdz09Og==

Include Base64 encoded value in HTTP(s) header

Authorization: Basic eG5kX2RldmVsb3BtZW50X1A0cURmT3NzME9DcGw4UnRLclJPSGphUVlOQ2s5ZE41bFNmaytSMWw5V2JlK3JTaUN3WjNqdz09Og==

Xendit API is organized around REST to make it cleaner and easier to understand. All our API responses return JSON. To let you explore our APIs, make sure that you have registered an account. You can obtain and manage your API keys in API Keys Settings. We provide you API keys for both the test and live environments.

To authenticate your account, you have to include your secret API key in the request which can be accessed in Xendit Dashboard. Here are the steps to authenticate your account:

1. Generate secret API key
2. Obtain your secret API key from Dashboard
3. Select Basic Access Authentication or BASIC AUTH authentication
4. BASIC AUTH format will be {{username}}:{{password}}
5. Input Secret API key as username and leave the password empty. Make sure to include : at the end
6. Encode the value above into Base64 format
7. Include the base64 encoded into Authorization header

All the API requests should be made over HTTPS instead of HTTP (all calls made over plain HTTP will fail). All requests made in the test environment will never hit the banking networks and will not cost you anything. Your API keys should be kept private so do not share your secret API keys. Learn more about API key here

Libraries / SDKs

Xendit has official libraries for different programming languages and mobile platforms. We are continuously developing more libraries and plugins. If you have implemented your own library or an example that you would like to share, send us a link to your code and we'll be happy to add it to the list!

Node.js

Install via npm

npm install xendit-node

See the source on Github

Node.js library is a server-side library that helps you to integrate Xendit easily using Node.js.

List of Supported Products

1. Credit/debit cards
2. eWallets
3. Cardless Credit
4. QR Codes
5. Customers
6. Direct Debit
7. Bank Transfer via Virtual Accounts
8. Retail Outlets
9. Invoices
10. Recurring Payments
11. Payouts
12. Disbursements
13. Batch Disbursements

Installation

You can install our Node.js library using npm npm install xendit-node or check out the source on Github

PHP

Download PHP package here

https://packagist.org/packages/xendit/xendit-php

PHP library is a client that is created on top of PHP so it is easier for you to integrate with us to accept payments via our supported payment channels.

You can visit our PHP library in Packagist

There are two versions of Xendit PHP libraries that we support:

• v2 (latest)
• v1

List of Supported Products - Xendit PHP v2

1. Credit/debit cards
2. eWallets
3. Cardless Credit
4. Bank Transfer via Virtual Accounts
5. Retail Outlets
6. Invoices
7. Recurring Payments
8. Payouts
9. Disbursements
10. Batch Disbursements
11. Customers
12. Direct Debit

List of Supported Products - Xendit PHP v1

1. Credit/debit cards
2. Bank Transfer via Virtual Accounts
3. Invoices
4. Disbursements

Installation and Upgrade Guide

Check out our Github source to learn on how to install or upgrade Xendit PHP library

Java

Install Xendit in your Java code

Maven

<dependency>
    <groupId>com.xendit</groupId>
    <artifactId>xendit-java-lib</artifactId>
    <version>SELECTED_VERSION</version>
</dependency>

Gradle

compile 'com.xendit:xendit-java-lib:{SELECTED_VERSION}'

Import Xendit Library

import com.xendit.Xendit; 
import com.xendit.exception.XenditException; 
import com.xendit.model.AvailableBank; 
import com.xendit.model.VirtualAccount;

Java library is a server-side library that helps you to integrate Xendit easily using Java.

List of Supported Products

1. Credit/debit cards
2. eWallets
3. Cardless Credit
4. Bank Transfer via Virtual Accounts
5. Retail Outlets
6. Invoices
7. Recurring Payments
8. Payouts
9. Disbursements
10. Batch Disbursements
11. Customers
12. Direct Debit

Installation

Xendit Java library (Gradle and Maven) installation is easy and simple. For more detail about the steps, refer to the right section

1. Add Xendit dependency in your Java code
2. Import Xendit library
3. Obtain your API keys in Dashboard to start using Xendit Java library APIs.

You can also learn more on our Github source for complete installation guide

Go

See the source on Github

Go library is a server-side library that helps you to integrate Xendit easily using Go programming language.

List of Supported Products

1. Credit/debit cards
2. eWallets
3. Cardless Credit
4. Bank Transfer via Virtual Accounts
5. Retail Outlets
6. Invoices
7. Recurring Payments
8. Payouts
9. Disbursements
10. Batch Disbursements
11. Customers
12. Direct Debit

Installation

You can install our Go library by checking out our source on Github for complete installation guide

Python

Install via pip

pip install xendit-python

See the source on Github

Python library is a server-side library that helps you to integrate Xendit easily using Python.

List of Supported Products

1. Credit/debit cards
2. eWallets
3. Cardless Credit
4. QR Codes
5. Direct Debit
6. Bank Transfer via Virtual Accounts
7. Retail Outlets
8. Invoices
9. Recurring Payments
10. Payouts
11. Disbursements
12. Batch Disbursements

Installation

You can install our Python library using pip pip install xendit-python or check out the source on Github

C# / .NET

Install via .NET CLI

dotnet add package Xendit.net

Install via Package Manager

Install-Package Xendit.net

Install via PackageReference

<PackageReference Include="Xendit.net" Version="<VERSION>" />

See the source on Github

.NET library is a server-side library that helps you to integrate Xendit easily using .NET.

List of Supported Products

1. Customers
2. Direct Debit
3. Bank Transfer via Virtual Accounts
4. Retail Outlets (PH)
5. Invoices
6. Disbursements
7. eWallets

Installation

You can install our .NET library using .NET CLI dotnet add package Xendit.net or check out the source on Github and NuGet

Android

Download Xendit Android SDK

https://github.com/xendit/xendit-sdk-android

Android SDK helps you to process digital payments using Xendit with features as follow:

1. Tokenize credit/debit cards with single-use token
2. Tokenize credit/debit cards with multiple-use token
3. Authenticate credit/debit card transactions

iOS

Download Xendit iOS SDK

https://github.com/xendit/xendit-sdk-ios-src

iOS SDK helps you to process digital payments using Xendit with features as follow:

1. Tokenize credit/debit cards with single-use token
2. Tokenize credit/debit cards with multiple-use token
3. Authenticate credit/debit card transactions

Request ID

Each API request has an asssociated request identifier. You can find this value in the response headers, under Request-ID. You can use Request-ID to find logs in API Logs in Dashboard. Learn more about Searching API Logs using Request-ID in API Logs Docs.

If you need to contact us about a specific request, providing the Request ID will ensure the fastest possible resolution.

Versioning

Versioning Example

curl https://api.xendit.co/ewallets -X POST \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==: \
   -H X-API-VERSION='2020-02-01' \
   -d external_id='ovo-ewallet' \
   -d amount=1000 \
   -d phone='08123123123'\
   -d ewallet_type='OVO'

Xendit evolves APIs continuously to grow together with you. We always strive to make backward-compatible changes. When we introduce backward-incompatible changes, we release a new dated version to avoid breaking your code and you can upgrade to newer versions whenever you are ready.

To see what version you're running and upgrade to the latest one, visit your Dashboard. To test a specific API version, you can override your API version by attaching API-Version header in API requests

Header	Description
API-Version optional	string Attach this parameter in the request to specify which API version you are going to request Format: YYYY-MM-DD. Example: 2020-02-01 Default value will follow your account API version settings

Backward Compatibility

We consider the following changes to be backward compatible:

• Adding new API resources
• Adding new optional request parameters to existing API methods
• Adding new properties to existing API responses
• Changing the order of properties in existing API responses
• Changing the length or format of any object IDs
• Adding new error codes
• Adding new webhook event types
• Adding new properties to webhook payloads

Migration Guide

The following guide will help you to migrate from your current version to latest version safely

1. Test new APis using explicit API-Version header in Test mode. Make sure you have handled new request,response, errors, and callback data correctly. Test scenarios can be found in Test Scenarios section
2. When everything is working as expected in Test mode, you can switch your Test mode API version in Dashboard. This switches the version used by API calls that don't have the API-Version header and also switches the version to render objects sent to your callback URLs
3. Repeat #1 and #2 respectively in Live mode
4. When faced with any disruption during migration process, you can always switch back to previous versions

Changelog

Version Date	API	Resources Path	Changelog
2020-02-21	eWallets	/ewallets	Create OVO Payment will be processed asynchronously and callback will be sent after process has been completed
2019-05-01	Credit Cards	/credit_card_charges/refunds	Create Refund will be processed synchronously

Rate Limit

API Rate Limit is a feature that limits the number of requests that a user or account can make to an API within a specific time period. This is often used to prevent excessive or abusive usage of an API, and to ensure that all users have fair access to the resources provided by the API.

Xendit uses the Sliding Window algorithm to implement API Rate Limit. This algorithm divides a specific time period (such as an hour or a day) into smaller windows, and tracks the number of requests made within each window. For example, if the rate limit is 50 requests per second (RPS), and the window size is one minute, the algorithm will allow up to 3000 requests in each one-minute window.

In general, API Rate Limit is set 3000 requests per minute (RPM) per endpoint per account in Test mode. In Live mode, the rate limit is set to 6000 requests per minute (RPM) per endpoint per account. The Rate Limit value can be different per endpoint when stated otherwise in each API section in API Reference. We return the following headers in API response to let you check Rate Limit details:

Response Header	Example Value	Description
Rate-Limit-Limit	6000	Containing the requests quota in the time window
Rate-Limit-Remaining	5839	Containing the remaining requests quota in the current window
Rate-Limit-Reset	58.379	Containing the time remaining in the current window, specified in seconds

If you exceed the rate limit for an endpoint, you will receive an HTTP status code of 429 (Too Many Requests) with the error code RATE_LIMIT_EXCEEDED. It is important to handle this error and throttle your requests until the rate limit quota replenishes.

Here are some best practices for handling API Rate Limit gracefully as a client:

1. Implement rate limiting in your application: As a client, it is important to implement rate limiting in your own application to ensure that you do not exceed the API's rate limits. This can be done by tracking the number of requests made and the time at which they were made, and comparing this to the API's rate limit policies.
2. Handle rate limit errors: When you receive an HTTP status code of 429 (Too Many Requests) with the error code RATE_LIMIT_EXCEEDED, it is important to handle this error gracefully in your application. One way to do this is to retry the request after a certain amount of time has passed, to give the rate limit quota a chance to replenish.
3. Use exponential backoff: When retrying a request after a rate limit error, it can be helpful to use exponential backoff. This means that you should increase the amount of time you wait between retries by a factor of two (or some other multiplier) each time you receive a rate limit error. For example, you might retry the request after 1 second, then 2 seconds, then 4 seconds, and so on. This helps to reduce the risk of overwhelming the API with too many retries in a short period of time.
4. Use caching: Caching the results of API requests can help to reduce the number of requests made to the API, and can also improve the performance of your application. By storing the results of API requests locally and reusing them until they become stale, you can reduce the need to make frequent requests to the API.

By following these best practices, you can help to ensure that your application handles rate limits gracefully and provides a reliable and consistent experience for your users.

We may reduce limits to prevent abuse, or increase limits to enable high-traffic applications. To increase the rate limit for your account, you can contact us 4 weeks in advance via email api.xendit.co by providing your Business ID. We will review your request and may be able to increase the limit based on the needs of your application and the overall usage of the API.

Overall, it is important to carefully manage your API usage to ensure that you do not exceed the rate limits and disrupt the service for other users. By implementing proper rate limiting and error handling in your application, you can ensure that your users have a reliable and consistent experience when accessing the API.

Errors

Your Xendit integration might have to deal with errors at some point when making API requests to Xendit. These errors fall into a few major categories:

• Content errors occur because the content in the API request was invalid in some way. They return an HTTP response with a 4xx error code. For example, the API servers might return a 401 if an invalid API key was provided, or a 400 if a required parameter was missing
• Network errors occur as a result of intermittent communication problems between client and server. They return low-level errors, like socket or timeout exceptions. For example, a client might time out while trying to read from Xendit's servers, or an API response might never be received because a connection terminates prematurely. Note that a network errors wouldn't necessarily have otherwise been a successful request --- it can also be another type of error that's been cloaked by an intermittent problem
• Server errors occur because of a problem on Xendit's servers. Server errors return an HTTP response with a 5xx error code. Xendit works to make these errors as rare as posslble, but integrations should be able to handle them when they do arise

The right approach and idempotency semantics to use for handling errors depend on the type of error being handled.

HTTP Status Code

Xendit uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, a charge failed, etc). Codes in the 5xx range indicate an error with Xendit's servers (these are rare).

Status Code	Description
200 - OK	Everything worked as expected
400 - Bad Request	The request was unacceptable, often due to missing a required parameter
401 - Unauthorized	No valid API key provided
403 - Forbidden	The API key doesn't have permissions to perform the request
404 - Not Found	The requested resources doesn't exist
500 - Server Errors	Something went wrong on Xendit's end (These are rare)

Error Code

Below are some of most common errors across all our endpoints. Specific errors are located under each endpoint.

Error Code	Description
API_VALIDATION_ERROR	Invalid request errors arise when your request has invalid parameters
INVALID_API_KEY	No valid API key provided
REQUEST_FORBIDDEN_ERROR	The API key doesn't have permissions to perform the request
SERVER_ERROR	API errors cover any other type of problem (e.g. a temporary problem with Xendit's servers), and are extremely uncommon

Error Handling

Safely retry requests with idempotency

A key part of web API design is the idea of idempotency, defined as being able to apply the same operation multiple times without changing the result beyond the first try. Because a certain amount of intermittent failure is to be expected, clients need a way of reconciling failed requests with a server, and idempotency provides a mechanism for that.

The Xendit API guarantees the idempotency of GET requests, so it's always safe to retry them. Including an idempotency key makes POST and PATCH request idempotent, which prompts the API to do the bookkeeping required to prevent duplicate operations. For example, if a request to create disbursements does not respond due to network connection error, you can retry the request with the same idempotency key to guarantee that no more than one disbursement is created.

Idempotency keys are sent in the x-idempotency-key header, and you should use them for all POST requests to Xendit's API whenever supported. A few common strategies for generating idempotency keys are:

• Use an algorithm that generates a token with good randomness, like UUID v4
• Derive the key from a user-attached object like the ID of a shopping cart. This provides a relatively easy way to protect against double submissions

A response that's being replayed from the server because it had already executed previously can be identified by the error code DUPLICATE_TRANSACTION_ERROR

Content errors

Content errros are the result of the contents of an API request being invalid and return a 4xx error code. Integrations should correct the original request and try again. Depending of the type of user error, it may be possible to handle the problem programmatically.

For a POST operation using an idempotency key, as long as an API method began execution, Xendit's API servers will cache the results of the request regardless of what they were. A request that returns a 400 will send back the same 400 if followed by a new request with the same idempotency key. A fresh idempotency key should be generated when modifying the original request to get a successful result. The safest strategy where 4xx errors are concerned is to always generate a new idempotency key.

Network errors

Network errors are the result of connectivity problems between client and server and tend to manifest as low-level errors like socket or timeout exceptions.

This class of errors is where the value of idempotency keys and request retries is most obvious. When intermittent problems occur, clients are usually left in a state where they don't know whether or not the server received the request. To get a definitive answer, they should retry such requests with the same idempotency keys and the same parameters until they're able to receive a result from the server. Sending the same idempotency with different parameters will produce an error indicating that the new request didn't match the original.

Server errors

Server errors are the result of a server-side problem and return a 5xx error code. These errors are the most difficult to handle, so we try to ensure that they happen as infrequently as possible.

As with the errors, retrying them with the same idempotency key will usually produce the same result. The request can be retried with a new idempotency key, but we'd advice against it because it's possible for the original one to have produced side effects.

The result of a 500 request should be treated as indeterminate. The exact nature of any retroactive changes in the system depend heavily on the type of request. For example, if creating a disbursement returns a 500 error but we detect that the information has gone out to a payment network, we'll try to roll it forward and send callback after it has been completed. If not, we'll try to roll it back. However, ideal results under these circumstances are not guaranteed, and requests resulting in a 500 error may proeduce user-visible side effects.

Integration that want to maximize robustness must configure callback handlers that are capable of receiving events that have never been seen in an API response.

Callback

Xendit uses callback to notify your application any time an event happens on your account. Set up callback for events that Xendit doesn't already notify you of, like when a disbursement has been completed, a Virtual Account has been created and paid, or your invoice has expired.

Setup

You need to provide an endpoint in your system to receive callback from us. The callback notification will be sent over POST request to your callback URL that you have set. Setup your callback URL in Callback settings. You can use a tool like ngrok to make your endpoint available for receiving callback during testing.

Delivery Attempts and Retries

Understand how to view delivery attempts and retry logic when callback events aren't acknowledged

View events

When viewing information about a specific event through the Dashboard's Callback tab, you can check how many times Xendit attempted to send an event to the endpoint. This shows the latest response from your endpoint, a list of all attempted callback, and the respective HTTP status codes Xendit received.

Retry logic

Xendit attempts to deliver your callback six times with exponential backoff between each interval and will stop retrying until we have received response from your server or there is still no response yet

Retry Number	Interval (relative to last retry)	Interval (relative to original attempt)
1	15m	15m
2	45m	1h
3	2h	3h
4	3h	6h
5	6h	12h
6	12h	24h

Receive callback statistics via email

You can also receive summary of your callback statistics (number of success and failed callback) via email every 6 hours. You can enable this feature in Email Recipient settings

Event Handling

Handling callback events correctly is crucial to making sure your integration's business logic works as expected

Acknowledge events immediately

If your callback script performs complex logic, or makes network calls, it's possible that the script would time out before Xendit sees its complete execution. Ideally, your callback handler code (acknowledging receipt of an event by returning a 2xx status code) is separate of any other logic you do for that event.

Handle duplicate events

Callback endpoints might occasionally receive the same event more than once. We advise you to guard against duplicated event receipts by making your event processing idempotent. One way of doing this is logging the events you've processed, and then not processing already-logged events. We provide webhook-id as a unique identifier in the header parameter of every callback to help you to implement idempotency. Learn about idempotency.

Order of events

Xendit does not guarantee delivery of events in the order in which they are generated. Your endpoint should not expect delivery of these events in this order and should handle this accordingly. You can also use the API to fetch any missing objects.

Security

Keeping your endpoints secure is critical to protecting your customers' information. Xendit provides several ways for you to verify events are coming from Xendit in a secure manner.

Receive events with an HTTPS server

If you use an HTTPS URL for your callback endpoint, Xendit will validate that the connection to your server is secure before sending your callback data. For this to work, your server must be correctly configured to support HTTPS with a valid server certificate.

Verify events are sent from Xendit

Xendit can optionally sign the callback events it sends to your endpoints. We do so by including a token in each event's x-callback-token header. This allows you to verify that the events were sent by Xendit, not by a third party.

Header Parameter	Description
x-callback-token	string Your Xendit unique callback token to verify the origin of the callback

Before you can verify tokens, you need to retrieve your callback token from Dashboard's Callback settings. Each secret is unique to each environments.

Balances

Get Balance

Endpoint: Get Balance

GET https://api.xendit.co/balance?account_type={account_type}

Balance is like your wallet since it will tell you how much money is available to you on Xendit. You can retrieve it to see the current balance on your Xendit cash account. Your balance is debited on any money out transaction, e.g. when performing disbursements or Xendit fees are charged. Your balance is credited when money comes into your account, e.g. invoices are paid or you deposit funds.

Request Parameters

Example Get Balance Request

curl https://api.xendit.co/balance -X GET \
-u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:

<?php

  use Xendit\Xendit;
  require 'vendor/autoload.php';

  Xendit::setApiKey('xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=='); // this is Xendit API key example, you can go to Setting > API Key to get your API Key

  $getBalance = \Xendit\Balance::getBalance('CASH');
  var_dump($getBalance);

?>

const x = new require('xendit-node')({ secretKey: 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==' });

const { Balance } = x;
const balanceSpecificOptions = {};
const b = new Balance(balanceSpecificOptions);

const resp = await b.getBalance()
console.log(resp);

Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";
try {
  Balance balance = Balance.get();
} catch (XenditException e) {
  e.printStackTrace();
}

xendit.Opt.SecretKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="

data := balance.GetParams{
  AccountType: "CASH",
}

resp, err := balance.Get(&data)
if err != nil {
  log.Fatal(err)
}

fmt.Printf("balance: %+v\n", resp)

from xendit import Xendit, BalanceAccountType

api_key = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="
xendit_instance = Xendit(api_key=api_key)
Balance = xendit_instance.Balance

balance = Balance.get(
    account_type=BalanceAccountType.CASH,
)

print(balance)

string apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";

XenditClient xendit = new XenditClient(apiKey);
BalanceClient balance = xendit.Balance;

BalanceResponse holdingBalance = await balance.Get(BalanceAccountType.Holding);

Get Balance allows you to retrieve the balance of your cash and pending balance. Some use cases include: deciding when you may need to withdraw funds, and determining if you have funds to disburse

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Query Parameter	Type	Description
account_type optional default: CASH	string	The selected balance type available values: CASH, HOLDING, TAX
currency optional	string	Currency filter for customers with multi currency accounts type. This field is only optional if you have only 1 currency. If you have more than 1 currency, please specify your desired currency. sample values: IDR, PHP, USD

Response Parameters

Example Get Balance Response

{
  "balance": 1241231
}

Parameter	Description
balance	The balance remaining in your cash account

Customers

An API to manage end customer information. Supports storage of customer profiles for businesses and individuals, along with their KYC documentation and other account information. For use in support of various payment use-cases throughout the Xendit Payment APIs, including utilising the Direct Debit channel, to fulfil KYC requirements for remittance payments, or for enhanced payments reporting.

Customer Object

The Customer Object is a standard data structure to hold information relating to one of your customers. It has the following major components:

• A Type of customer (Individual or Business)
• Basic descriptive details of that customer
• Addresses of the customer
• Identity accounts and KYC documents to prove the legitimacy of the customer
• Other metadata

When one (or more) customers is returned by endpoints in this section, the response body will contain a Customer Object (or an array of Customer Objects). Each object has the following structure:

Example Customer Object - Individual

{
    "id": "cust-239c16f4-866d-43e8-9341-7badafbc019f",
    "reference_id": "demo_1475801962607",
    "type": "INDIVIDUAL",
    "individual_detail": {
        "given_names": "John",
        "surname": "Doe",
        "nationality": "ID",
        "place_of_birth": "Jakarta",
        "date_of_birth": "1980-01-01",
        "gender": "MALE",
        "employment": {
            "employer_name": "Xendit",
            "nature_of_business": "Payment Gateway",
            "role_description": "Test dummy"
        }
    },
    "business_detail": null,
    "email": "customer@website.com",
    "mobile_number": "+628121234567890",
    "phone_number": "+628121234567890",
    "hashed_phone_number": null,
    "addresses": [{
        "street_line1": "Panglima Polim IV",
        "street_line2": "Ruko Grand Panglima Polim, Blok E",
        "city": "Jakarta Selatan",
        "province_state": "DKI Jakarta",
        "postal_code": "993448",
        "country": "ID",
        "category": "HOME",
        "is_primary": true
    }],
    "identity_accounts": [{
        "type": "CREDIT_CARD",
        "company": "OCBC",
        "description": "My account",
        "country": "ID",
        "properties":{
            "token_id": "586f0ba2ab70de5d2b409e0d"
        }
    }],
    "kyc_documents": [{
        "type": "IDENTITY_CARD",
        "sub_type": "NATIONAL_ID",
        "country": "ID",
        "document_name": "KTP",
        "document_number": "12356789012456",
        "expires_at": null,
        "holder_name": "John Doe",
        "document_images": [
            "file-ec700c1c-db17-4496-b1fb-04ebe551b412"
        ]
    }],
    "description": "My first customer",
    "date_of_registration": "2020-03-30",
    "domicile_of_registration": "ID",
    "metadata": {
        "foo": "bar"
    },
    "created": "2020-03-30T06:12:47.212Z",
    "updated": "2020-03-30T06:12:47.212Z"
}

Example Customer Object - Business

{
    "id": "cust-239c16f4-866d-43e8-9341-7badafbc019f",
    "reference_id": "demo_1475801962607",
    "type": "BUSINESS",
    "individual_detail": null,
    "business_detail": {
        "business_name": "ACME Corp",
        "trading_name": null,
        "business_type": "CORPORATION",
        "nature_of_business": null,
        "business_domicile": null,
        "date_of_registration": null
    },
    "email": "customer@website.com",
    "mobile_number": null,
    "phone_number": null,
    "hashed_phone_number": null,
    "addresses": [],
    "identity_accounts": [],
    "kyc_documents": [],
    "description": null,
    "metadata": null,
    "created": "2020-03-30T06:12:47.212Z",
    "updated": "2020-03-30T06:12:47.212Z"
}

Version

You are currently viewing API version 2020-10-31. Click here to view older versions.

Version	Changelog
2020-10-31 (Latest)	Update to support BUSINESS type customers and generic identity accounts
2020-05-19	Original version

Body Parameter	Type	Description
id	string	Xendit-generated Customer ID. Will start with cust-...
reference_id required	string	Merchant-provided identifier for the customer
type required	string	Type of customer. Supported values: INDIVIDUAL, BUSINESS
individual_detail optional	object	JSON object containing details of the individual. Will be null if type is not INDIVIDUAL Individual detail child parameters given_names required string Primary or first name/s of customer surname optional string Last or family name of customer nationality optional string Country code for customer's nationality Format ISO 3166-2 Country Code place_of_birth optional string City or other relevant location for the customer’s birth place date_of_birth optional string Date of birth of the customer Format YYYY-MM-DD string gender optional string Gender of customer. Supported values: MALE, FEMALE, OTHER employment optional string Name of account holder as per the account provider employer_name optional string Name of the employer nature_of_business optional string Industry or nature of business role_description optional string Occupation or title
business_detail optional	object	JSON object containing details of the business. Will be null if type is not BUSINESS Business detail child parameters business_name required string Name of business trading_name optional string Trading name business_type required string Legal entity type of the business Supported values: CORPORATION, SOLE_PROPRIETOR, PARTNERSHIP, COOPERATIVE, TRUST, NON_PROFIT, GOVERNMENT nature_of_business optional string Free text description of the type of business this entity pursues. Examples are: Ecommerce, Travel business_domicile optional string Registered country of the business Format ISO 3166-2 Country Code date_of_registration optional string Business registration date Format YYYY-MM-DD string
mobile_number optional	string	Mobile number of customer in E.164 format Maximum length 50 characters
phone_number optional	string	Additional contact number of customer in E.164 format. May be a landline Maximum length 50 characters FormatE.164 international standard +(country code)(subscriber number)
hashed_phone_number optional	string	Hashed phone number Maximum length 255 characters
email optional	string	E-mail address of customer Maximum length 50 characters
addresses optional	array	Array of address JSON objects containing the customer's various address information. Addresses child parameters Field Description country required string Country of residence of customer Format ISO 3166-2 Country Code street_line1 optional string Line 1 of street address e.g., building name and apartment number Maximum length 255 characters street_line2 optional string Line 2 of street address e.g., street number and name Maximum length 255 characters city optional string City, village or town of residence of customer Maximum length 255 characters province_state optional string Province, state or region of residence of customer Maximum length 255 characters postal_code optional string ZIP/Postal Code of customer Maximum length 255 characters category optional string Address type. Supported values: HOME, WORK, PROVINCIAL is_primary optional boolean Defaults to false. Indicates that the information provided refers to the customer’s primary address
identity_accounts required	array	Array of JSON objects with information relating to financial, social media or other accounts associated with the customer. This array can store details for KYC purposes and can support storing of account details for execution of payments within the Xendit API ecosystem. Identity accounts child parameters Field Description type required string The account type. Supported values: BANK_ACCOUNT, EWALLET, CREDIT_CARD, PAY_LATER, OTC, QR_CODE, SOCIAL_MEDIA company optional string The issuing institution associated with the account (e.g., OCBC, GOPAY, 7-11). If adding financial accounts that Xendit supports, we recommend you use the channel_code for this field Maximum length 100 characters description optional string Free text description for the account Maximum length 255 characters country optional string Issuing country for the account, if relevant Format ISO 3166-2 Country Code properties optional string JSON object with any account-specific content as required e.g., For BANK_ACCOUNT types: Bank account parameters account_number required string Unique account identifier as per the bank records account_holder_name required string Name of account holder as per the bank records. Should match the registered account name exactly swift_code optional string The swift code for international payments account_type optional string Free text account type, e.g., Savings, Transaction, Virtual Account account_details optional string Potentially masked account detail, for display purposes only currency optional string Primary currency of the account, if relevant. Format ISO 4217 Currency Code For EWALLET types: eWallet parameters account_number required string Unique account identifier as per the ewallet records account_holder_name optional string Name of account holder as per the ewallet records. Should match the registered account name exactly currency optional string Primary currency of the account, if relevant. Format ISO 4217 Currency Code For CREDIT_CARD types: Credit card parameters token_id required string The token id returned in tokenisation For OTC types: Over The Counter parameters payment_code required string Complete fixed payment code (including prefix) expires_at optional string Expiry date for the payment code Format YYYY-MM-DD string For QR_CODE types: QR code parameters qr_string required string String representation of the unique QR code For PAY_LATER types: Pay later parameters account_id required string Alphanumeric string identifying this account. Usually an email address or phone number account_holder_name optional string Name of account holder as per the account provider currency optional string Primary currency of the account, if relevant. Format ISO 4217 Currency Code For SOCAL_MEDIA types: Social media parameters account_id required string Alphanumeric string identifying this account. Usually an email address or phone number account_handle optional string Name of account as per the account provider
kyc_documents required	array	Array of JSON objects with documents collected for KYC of this customer. KYC documents child parameters Field Description country required string Issuing country of the document Format ISO 3166-2 Country Code type required string Generic ID type Supported values: BIRTH_CERTIFICATE, BANK_STATEMENT, DRIVING_LICENSE, IDENTITY_CARD, PASSPORT, VISA, BUSINESS_REGISTRATION, BUSINESS_LICENSE sub_type optional string Specific ID type for IDENTITY_CARD types. Supported values: NATIONAL_ID, CONSULAR_ID, VOTER_ID, POSTAL_ID, RESIDENCE_PERMIT, TAX_ID, STUDENT_ID, MILITARY_ID, MEDICAL_ID document_name optional string Free text description of the type of document (e.g., NIB, SIUP, AKTA) Maximum length 255 characters document_number optional string Unique alphanumeric identity document number or code Maximum length 255 characters expires_at optional string Expiry date, if relevant. Format YYYY-MM-DD string holder_name optional string Free text to capture the full name(s) of the individual or business as defined on the document, if relevant Maximum length 255 characters document_images required string[] Array of file ids returned from uploads to the files endpoint, representing images of the front/back of the document, in png/jpg/jpeg/pdf format
description optional	string	Merchant-provided description for the customer. Maximum length 500 characters
date_of_registration optional	string	Date of which the account that the shopper had to create/sign up on the merchant’s website Format YYYY-MM-DD string
domicile_of_registration optional	string	Country within which the account that the shopper had to create/sign up on the merchant’s website resides (e.g. accounts created on Shopee SG have SG as the value for this field. Format ISO 3166-2 Country Code
metadata optional	object	Object of additional information as provided in customer creation
created required	string	Timestamp of customer creation in ISO format
updated required	string	Timestamp of customer update in ISO format

Create Customer

Make a POST request to this endpoint to create a customer for later use with a payments endpoint.

Endpoint: Create Customer

POST https://api.xendit.co/customers

Version

You are currently viewing API version 2020-10-31. Click here to view older versions.

Version	Changelog
2020-10-31 (Latest)	Update to support BUSINESS type customers and generic identity accounts
2020-05-19	Original version

Request Parameters

Example Create Customer Request

curl https://api.xendit.co/customers -X POST \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==: \
   -H 'Content-Type: application/json'
   --data-raw '{
     "reference_id": "demo_1475801962607",
     "type": "INDIVIDUAL",
     "individual_detail": {
       "given_names": "John",
       "surname": "Doe"
     },
     "email": "customer@website.com",
     "mobile_number": "+628121234567890"
     }'

<?php
  $url = "https://api.xendit.co/customers";
  $apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
  $headers = [];
  $headers[] = "Content-Type: application/json";
  $data = [
    "reference_id" => "demo_1475801962607",
    "type" => "INDIVIDUAL",
    "individual_detail" => [
       "given_names" => "John",
       "surname" => "Doe"
    ],
    "email" => "customer@website.com",
    "mobile_number" => "+628121234567890"
  ];

  $curl = curl_init();

  $payload = json_encode($data);
  curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($curl, CURLOPT_USERPWD, $apiKey.":");
  curl_setopt($curl, CURLOPT_URL, $url);
  curl_setopt($curl, CURLOPT_POST, true);
  curl_setopt($curl, CURLOPT_POSTFIELDS, $payload);
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

  $result = curl_exec($curl);
  echo $result;

let apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
let url = "https://api.xendit.co/customers";

var headers = new Headers();
headers.append("Authorization", "Basic " + btoa(apiKey + ":"));
headers.append("Content-Type", "application/json");

var reqBody = JSON.stringify({
  "reference_id": "demo_1475801962607",
  "type": "INDIVIDUAL",
  "individual_detail": {
    "given_names": "John",
    "surname": "Doe"
  },
  "email": "customer@website.com",
  "mobile_number": "+628121234567890"});

var requestOptions = {
  method: 'POST',
  headers: headers,
  body: reqBody,
  redirect: 'follow'
};

fetch(url, requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

import requests
import base64

api_key = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:"
url = "https://api.xendit.co/customers"

api_key_bytes = api_key.encode('ascii')
base64_bytes = base64.b64encode(api_key_bytes)
base64_token = base64_bytes.decode('ascii')

payload = {
  "reference_id": "demo_1475801962607",
  "type": "INDIVIDUAL",
  "individual_detail": {
    "given_names": "John",
    "surname": "Doe"
  },
  "email": "customer@website.com",
  "mobile_number": "+628121234567890"
}
auth_token = 'Basic ' + base64_token
headers = {
  'Authorization': auth_token
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

string apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";

XenditClient xendit = new XenditClient(apiKey);
CustomerClient customer = xendit.Customer;

CustomerParameter individualParameter = new CustomerParameter
{
  ReferenceId = "demo_11212163",
  Type = CustomerType.Individual,
  IndividualDetail = new IndividualDetail
  {
    GivenNames = "John",
    Gender = CustomerGender.Male,
  },
  IdentityAccount = new IdentityAccount[]
  {
    new IdentityAccount
    {
      Country = Country.Indonesia,
      Type = CustomerIdentityAccountType.BankAccount,
      Properties = new IdentityAccountProperties { AccountNumber = "account_number" }
    }
  },
  KycDocuments = new KycDocument[]
  {
    new KycDocument
    {
      Country = Country.Indonesia,
      Type = CustomerKycDocumentType.IdentityCard,
      SubType = CustomerKycDocumentSubType.NationalId,
    }
  },
};

CustomerResponse individualCustomerVersion20201031 = await customer.Create(individualParameter);

Header Parameter	Type	Description
IDEMPOTENCY-KEY optional	string	A unique key to prevent processing duplicate requests. Can be your reference_id or any GUID. Must be unique across development & production environments. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Characters Special and alphanumeric Maximum length 100 characters Minimum length 1 character
API-VERSION optional	string	API version in date semantic (e.g. 2020-10-31). Attach this parameter when calling a specific API version. List of API versions can be found here.
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Body Parameter	Type	Description
reference_id required	string	Merchant-provided identifier for the customer. Requests with a duplicate reference_id will return an error. You should PATCH the customer object resource instead. Maximum length 255 characters Characters Alphanumeric. No special characters is allowed.
type required	string	Type of customer. Supported values: INDIVIDUAL, BUSINESS
individual_detail conditionally required	object	JSON object containing details of the individual. Required if type is INDIVIDUAL Individual detail child parameters given_names required string Primary or first name/s of customer. Characters Alphanumeric. No special characters is allowed. surname optional string Last or family name of customer. Characters Alphanumeric. No special characters is allowed. nationality optional string Country code for customer's nationality Format ISO 3166-2 Country Code place_of_birth optional string City or other relevant location for the customer’s birth place. Characters Alphanumeric. No special characters is allowed. date_of_birth optional string Date of birth of the customer Format YYYY-MM-DD string gender optional string Gender of customer. Supported values: MALE, FEMALE, OTHER employment optional string Name of account holder as per the account provider. employer_name optional string Name of the employer. Characters Alphanumeric. No special characters is allowed. nature_of_business optional string Industry or nature of business. Characters Alphanumeric. No special characters is allowed. role_description optional string Occupation or title. Characters Alphanumeric. No special characters is allowed.
business_detail conditionally required	object	JSON object containing details of the business. Required if type is BUSINESS Business detail child parameters business_name required string Name of business. Required if type is BUSINESS. Characters Alphanumeric. No special characters is allowed. trading_name optional string Trading name. Characters Alphanumeric. No special characters is allowed. business_type required string Legal entity type of the business Supported values: CORPORATION, SOLE_PROPRIETOR, PARTNERSHIP, COOPERATIVE, TRUST, NON_PROFIT, GOVERNMENT nature_of_business optional string Free text description of the type of business this entity pursues. Examples are: Ecommerce, Travel Characters Alphanumeric. No special characters is allowed. business_domicile optional string Registered country of the business Format ISO 3166-2 Country Code date_of_registration optional string Business registration date Format YYYY-MM-DD string
mobile_number optional	string	Mobile number of customer in E.164 format Maximum length 50 characters
phone_number optional	string	Additional contact number of customer in E.164 format. May be a landline Maximum length 50 characters FormatE.164 international standard +(country code)(subscriber number)
hashed_phone_number optional	string	Hashed phone number Maximum length 255 characters
email optional	string	E-mail address of customer Maximum length 50 characters
addresses optional	array	Array of address JSON objects containing the customer's various address information. Addresses child parameters Field Description country required string Country of residence of customer Format ISO 3166-2 Country Code street_line1 optional string Line 1 of street address e.g., building name and apartment number. Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. street_line2 optional string Line 2 of street address e.g., street number and name Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. city optional string City, village or town of residence of customer Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. province_state optional string Province, state or region of residence of customer Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. postal_code optional string ZIP/Postal Code of customer Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. category optional string Address type. Supported values: HOME, WORK, PROVINCIAL is_primary optional boolean Defaults to false. Indicates that the information provided refers to the customer’s primary address
identity_accounts optional	array	Array of JSON objects with information relating to financial, social media or other accounts associated with the customer. This array can store details for KYC purposes and can support storing of account details for execution of payments within the Xendit API ecosystem. Identity accounts child parameters Field Description type required string The account type. Supported values: BANK_ACCOUNT, EWALLET, CREDIT_CARD, PAY_LATER, OTC, QR_CODE, SOCIAL_MEDIA company optional string The issuing institution associated with the account (e.g., OCBC, GOPAY, 7-11). If adding financial accounts that Xendit supports, we recommend you use the channel_code for this field Maximum length 100 characters description optional string Free text description for the account Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. country optional string Issuing country for the account, if relevant Format ISO 3166-2 Country Code properties optional string JSON object with any account-specific content as required e.g., For BANK_ACCOUNT types: Bank account parameters account_number required string Unique account identifier as per the bank records Characters Alphanumeric. No special characters is allowed. account_holder_name required string Name of account holder as per the bank records. Should match the registered account name exactly Characters Alphanumeric. No special characters is allowed. swift_code optional string The swift code for international payments Characters Alphanumeric. No special characters is allowed. account_type optional string Free text account type, e.g., Savings, Transaction, Virtual Account Characters Alphanumeric. No special characters is allowed. account_details optional string Potentially masked account detail, for display purposes only Characters Alphanumeric. No special characters is allowed. currency optional string Primary currency of the account, if relevant. Format ISO 4217 Currency Code For EWALLET types: eWallet parameters account_number required string Unique account identifier as per the ewallet records Characters Alphanumeric. No special characters is allowed. account_holder_name optional string Name of account holder as per the ewallet records. Should match the registered account name exactly Characters Alphanumeric. No special characters is allowed. currency optional string Primary currency of the account, if relevant. Format ISO 4217 Currency Code For CREDIT_CARD types: Credit card parameters token_id required string The token id returned in tokenisation For OTC types: Over The Counter parameters payment_code required string Complete fixed payment code (including prefix) expires_at optional string Expiry date for the payment code Format YYYY-MM-DD string For QR_CODE types: QR code parameters qr_string required string String representation of the unique QR code For PAY_LATER types: Pay later parameters account_id required string Alphanumeric string identifying this account. Usually an email address or phone number account_holder_name optional string Name of account holder as per the account provider Characters Alphanumeric. No special characters is allowed. currency optional string Primary currency of the account, if relevant. Format ISO 4217 Currency Code For SOCAL_MEDIA types: Social media parameters account_id required string Alphanumeric string identifying this account. Usually an email address or phone number account_handle optional string Name of account as per the account provider
kyc_documents optional	array	Array of JSON objects with documents collected for KYC of this customer. KYC documents child parameters Field Description country required string Issuing country of the document Format ISO 3166-2 Country Code type required string Generic ID type Supported values: BIRTH_CERTIFICATE, BANK_STATEMENT, DRIVING_LICENSE, IDENTITY_CARD, PASSPORT, VISA, BUSINESS_REGISTRATION, BUSINESS_LICENSE sub_type optional string Specific ID type for IDENTITY_CARD types. Supported values: NATIONAL_ID, CONSULAR_ID, VOTER_ID, POSTAL_ID, RESIDENCE_PERMIT, TAX_ID, STUDENT_ID, MILITARY_ID, MEDICAL_ID document_name optional string Free text description of the type of document (e.g., NIB, SIUP, AKTA) Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. document_number optional string Unique alphanumeric identity document number or code Maximum length 255 characters expires_at optional string Expiry date, if relevant. Format YYYY-MM-DD string holder_name optional string Free text to capture the full name(s) of the individual or business as defined on the document, if relevant Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. document_images optional string[] Array of file ids returned from uploads to the files endpoint, representing images of the front/back of the document, in png/jpg/jpeg/pdf format
description optional	string	Merchant-provided description for the customer. Maximum length 500 characters Characters Alphanumeric. No special characters is allowed.
date_of_registration optional	string	Date of which the account that the shopper had to create/sign up on the merchant’s website Format YYYY-MM-DD string
domicile_of_registration optional	string	Country within which the account that the shopper had to create/sign up on the merchant’s website resides (e.g. accounts created on Shopee SG have SG as the value for this field. Format ISO 3166-2 Country Code
metadata optional	object	Object of additional information related to the customer. Define the JSON properties and values as required to pass information through the APIs. You can specify up to 50 keys, with key names up to 40 characters long and values up to 500 characters long. This is only for your use and will not be used by Xendit.

Response Parameters

Success responses will contain a single Customer Object

Error Codes

See other common errors here.

Error Code	Description
DUPLICATE_ERROR 409	The provided reference_id has been used before. Please enter a unique reference_id.
IDEMPOTENCY_ERROR 409	Provided Idempotency-key already exists but the request body provided does not match the original request

Get Customer

Retrieves a single customer object

Endpoint: Get Customer

GET https://api.xendit.co/customers/:id

Version

You are currently viewing API version 2020-10-31. Click here to view older versions.

Version	Changelog
2020-10-31 (Latest)	Update to support BUSINESS type customers and generic identity accounts
2020-05-19	Original version

Request Parameters

Example Get Customer Request

curl https://api.xendit.co/customers/cust-239c16f4-866d-43e8-9341-7badafbc019f -X GET \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==: \
   --header 'API-VERSION: 2020-10-31'

<?php
  $url = "https://api.xendit.co/customers/cust-239c16f4-866d-43e8-9341-7badafbc019f";
  $apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
  $headers = [];
  $headers[] = "Content-Type: application/json";

  $curl = curl_init();

  $payload = json_encode($data);
  curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($curl, CURLOPT_USERPWD, $apiKey.":");
  curl_setopt($curl, CURLOPT_URL, $url);
  curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "GET");
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

  $result = curl_exec($curl);
  echo $result;

let apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
let url = "https://api.xendit.co/customers/cust-239c16f4-866d-43e8-9341-7badafbc019f";

var headers = new Headers();
headers.append("Authorization", "Basic " + btoa(apiKey + ":"));
headers.append("Content-Type", "application/json");
headers.append("API-VERSION", "2020-10-31");

var requestOptions = {
  method: 'GET',
  headers: headers,
  redirect: 'follow'
};

fetch(url, requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

xendit.Opt.SecretKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="

data := customer.getCustomer{
  id: 'cust-239c16f4-866d-43e8-9341-7badafbc019f'
}

resp, err := customer.getCustomer(&getCustomerByReferenceIDData)
if err != nil {
  log.Fatal(err)
}

fmt.Printf("retrieved customer: %+v\n", resp)

try {
    Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";

    Customer[] customers = Customer.getCustomer("cust-239c16f4-866d-43e8-9341-7badafbc019f");
} catch (XenditException e) {
    e.printStackTrace();
}

import requests
import base64

api_key = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:"
url = "https://api.xendit.co/customers/239c16f4-866d-43e8-9341-7badafbc019f"

api_key_bytes = api_key.encode('ascii')
base64_bytes = base64.b64encode(api_key_bytes)
base64_token = base64_bytes.decode('ascii')

auth_token = 'Basic ' + base64_token
headers = {
  'Authorization': auth_token,
  'API-VERSION': '2020-10-31'
}

response = requests.request("GET", url, headers=headers)

print(response.text)

Header Parameter	Type	Description
API-VERSION optional	string	API version in date semantic (e.g. 2020-10-31). Attach this parameter when calling a specific API version. List of API versions can be found here.
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Parameter	Type	Description
id	string	Xendit-generated Customer ID. Will start with cust-...

Response Parameters

Success responses will contain a single Customer Object

Error Codes

See other common errors here.

Error Code	Description
DATA_NOT_FOUND 404	The provided id does not exist. Please review the id and try again

Get Customer by Reference ID

Retrieves an array with a customer object that matches the provided reference_id - the identifier provided by you

Endpoint: Get Customer by Reference ID

GET https://api.xendit.co/customers?reference_id={reference_id}

Version

You are currently viewing API version 2020-10-31. Click here to view older versions.

Version	Changelog
2020-10-31 (Latest)	Update to support BUSINESS type customers and generic identity accounts
2020-05-19	Original version

Request Parameters

Example Get Customer by Reference ID Request

curl https://api.xendit.co/customers?reference_id=demo_1475801962607 -X GET \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==: 

<?php
  $url = "https://api.xendit.co/customers";
  $apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
  $headers = [];
  $headers[] = "Content-Type: application/json";

  $queryString = "?reference_id=demo_1475801962607";

  $curl = curl_init();

  $payload = json_encode($data);
  curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($curl, CURLOPT_USERPWD, $apiKey.":");
  curl_setopt($curl, CURLOPT_URL, $url.$queryString);
  curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "GET");
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

  $result = curl_exec($curl);
  echo $result;

let apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
let url = "https://api.xendit.co/customers";

var headers = new Headers();
headers.append("Authorization", "Basic " + btoa(apiKey + ":"));
headers.append("Content-Type", "application/json");

let queryString = "?reference_id=demo_1475801962607";

var requestOptions = {
  method: 'GET',
  headers: headers,
  redirect: 'follow'
};

fetch(url + queryString, requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

Query Parameter	Type	Description
reference_id required	string	Your identifier for the customer

Response Parameters

Example Get Customer by Reference ID Success Response

{
    "data": [{
        "id": "cust-239c16f4-866d-43e8-9341-7badafbc019f",
        "reference_id": "demo_1475801962607",
        "type": "INDIVIDUAL",
        "individual_detail": {
            "given_names": "John",
            "surname": "Doe",
            "nationality": null,
            "place_of_birth": null,
            "date_of_birth": null,
            "gender": null,
            "employment": null
        },
        "business_detail": null,
        "email": "customer@website.com",
        "mobile_number": null,
        "phone_number": null,
        "hashed_phone_number": null,
        "addresses": [],
        "identity_accounts": [],
        "kyc_documents": [],
        "description": null,
        "metadata": null,
        "created": "2020-03-30T06:12:47.212Z",
        "updated": "2020-03-30T06:12:47.212Z"
    }],
    "has_more": false
}

Header Parameter	Type	Description
API-VERSION optional	string	API version in date semantic (e.g. 2020-10-31). Attach this parameter when calling a specific API version. List of API versions can be found here.
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Body Parameter	Type	Description
data	array	Array of Customer Objects returned by the query. May be an empty array
has_more	boolean	Indicates whether there are more items to be queried with after_id of the last item from current result

Error Codes

See other common errors here.

Update Customer

Make a PATCH request to this endpoint to update the details on a customer. Only fields present in the request will be updated. Any changes to fields on the customer object will replace that item in its entirety. If you wish to append to an array, your PATCH request should contain the desired end state array (i.e., both the current content and the new array element to append to it). Pass a NULL value to remove the existing content.

Note that the reference_id and type on a customer cannot be updated.

Endpoint: Update Customer

PATCH https://api.xendit.co/customers/:id

Version

You are currently viewing API version 2020-10-31. Click here to view older versions.

Version	Changelog
2020-10-31 (Latest)	Update to support BUSINESS type customers and generic identity accounts
2020-05-19	Original version

Request Parameters

Example Update Customer Request

curl https://api.xendit.co/customers/cust-239c16f4-866d-43e8-9341-7badafbc019f -X PATCH \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==: \
   -H 'Content-Type: application/json'
   --data-raw '{
     "individual_detail": {
       "given_names": "Jane",
       "surname": "Doe"
     }
     }'

<?php
  $url = "https://api.xendit.co/customers/cust-239c16f4-866d-43e8-9341-7badafbc019f";
  $apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
  $headers = [];
  $headers[] = "Content-Type: application/json";
  $data = [
    "individual_detail" => [
       "given_names" => "Jane",
       "surname" => "Doe"
    ]
  ];

  $curl = curl_init();

  $payload = json_encode($data);
  curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($curl, CURLOPT_USERPWD, $apiKey.":");
  curl_setopt($curl, CURLOPT_URL, $url);
  curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'PATCH');
  curl_setopt($curl, CURLOPT_POSTFIELDS, $payload);
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

  $result = curl_exec($curl);
  echo $result;

let apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
let url = "https://api.xendit.co/customers/cust-239c16f4-866d-43e8-9341-7badafbc019f";

var headers = new Headers();
headers.append("Authorization", "Basic " + btoa(apiKey + ":"));
headers.append("Content-Type", "application/json");

var reqBody = JSON.stringify({
  "type": "INDIVIDUAL",
  "individual_detail": {
    "given_names": "John",
    "surname": "Doe"
  },
  "email": "customer@website.com",
  "mobile_number": "+628121234567890"});

var requestOptions = {
  method: 'PATCH',
  headers: headers,
  body: reqBody,
  redirect: 'follow'
};

fetch(url, requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

import requests
import base64

api_key = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:"
url = "https://api.xendit.co/customers"

api_key_bytes = api_key.encode('ascii')
base64_bytes = base64.b64encode(api_key_bytes)
base64_token = base64_bytes.decode('ascii')

payload = {
  "type": "INDIVIDUAL",
  "individual_detail": {
    "given_names": "John",
    "surname": "Doe"
  },
  "email": "customer@website.com",
  "mobile_number": "+628121234567890"
}
auth_token = 'Basic ' + base64_token
headers = {
  'Authorization': auth_token
}

response = requests.request("PATCH", url, headers=headers, data=payload)

print(response.text)

string apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";

XenditClient xendit = new XenditClient(apiKey);
CustomerClient customer = xendit.Customer;

CustomerParameter individualParameter = new CustomerParameter
{
  Type = CustomerType.Individual,
  IndividualDetail = new IndividualDetail
  {
    GivenNames = "John",
    Gender = CustomerGender.Male,
  }
};

CustomerResponse individualCustomerVersion20201031 = await customer.Update(individualParameter);

Header Parameter	Type	Description
API-VERSION optional	string	API version in date semantic (e.g. 2020-10-31). Attach this parameter when calling a specific API version. List of API versions can be found here.
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Body Parameter	Type	Description
individual_detail optional	object	JSON object containing details of the individual. Will fail API validation if type is not INDIVIDUAL Individual detail child parameters given_names required string Primary or first name/s of customer Characters Alphanumeric. No special characters is allowed. surname optional string Last or family name of customer Characters Alphanumeric. No special characters is allowed. nationality optional string Country code for customer's nationality Format ISO 3166-2 Country Code place_of_birth optional string City or other relevant location for the customer’s birth place Characters Alphanumeric. No special characters is allowed. date_of_birth optional string Date of birth of the customer Format YYYY-MM-DD string gender optional string Gender of customer. Supported values: MALE, FEMALE, OTHER employment optional string Name of account holder as per the account provider employer_name optional string Name of the employer Characters Alphanumeric. No special characters is allowed. nature_of_business optional string Industry or nature of business Characters Alphanumeric. No special characters is allowed. role_description optional string Occupation or title Characters Alphanumeric. No special characters is allowed.
business_detail optional	object	JSON object containing details of the business. Will fail API validation if type is not BUSINESS Business detail child parameters business_name required string Name of business Characters Alphanumeric. No special characters is allowed. business_type required string Legal entity type of the business Supported values: CORPORATION, SOLE_PROPRIETOR, PARTNERSHIP, COOPERATIVE, TRUST, NON_PROFIT, GOVERNMENT nature_of_business optional string Free text description of the type of business this entity pursues. Examples are: Ecommerce, Travel Characters Alphanumeric. No special characters is allowed. business_domicile optional string Registered country of the business Format ISO 3166-2 Country Code date_of_registration optional string Business registration date Format YYYY-MM-DD string
mobile_number optional	string	Mobile number of customer in E.164 format Maximum length 50 characters
phone_number optional	string	Additional contact number of customer in E.164 format. May be a landline Maximum length 50 characters FormatE.164 international standard +(country code)(subscriber number)
email optional	string	E-mail address of customer Maximum length 50 characters
addresses optional	array	Array of address JSON objects containing the customer's various address information. Addresses child parameters Field Description country required string Country of residence of customer Format ISO 3166-2 Country Code street_line1 optional string Line 1 of street address e.g., building name and apartment number Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. street_line2 optional string Line 2 of street address e.g., street number and name Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. city optional string City, village or town of residence of customer Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. province_state optional string Province, state or region of residence of customer Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. postal_code optional string ZIP/Postal Code of customer Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. category optional string Address type. Supported values: HOME, WORK, PROVINCIAL is_primary optional boolean Defaults to false. Indicates that the information provided refers to the customer’s primary address
identity_accounts optional	array	Array of JSON objects with information relating to financial, social media or other accounts associated with the customer. This array can store details for KYC purposes and can support storing of account details for execution of payments within the Xendit API ecosystem. Identity accounts child parameters Field Description type required string The account type. Supported values: BANK_ACCOUNT, EWALLET, CREDIT_CARD, PAY_LATER, OTC, QR_CODE, SOCIAL_MEDIA company optional string The issuing institution associated with the account (e.g., OCBC, GOPAY, 7-11). If adding financial accounts that Xendit supports, we recommend you use the channel_code for this field Maximum length 100 characters Characters Alphanumeric. No special characters is allowed. description optional string Free text description for the account Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. country optional string Issuing country for the account, if relevant Format ISO 3166-2 Country Code properties optional string JSON object with any account-specific content as required e.g., For BANK_ACCOUNT types: Bank account parameters account_number required string Unique account identifier as per the bank records Characters Alphanumeric. No special characters is allowed. account_holder_name required string Name of account holder as per the bank records. Should match the registered account name exactly Characters Alphanumeric. No special characters is allowed. swift_code optional string The swift code for international payments Characters Alphanumeric. No special characters is allowed. account_type optional string Free text account type, e.g., Savings, Transaction, Virtual Account Characters Alphanumeric. No special characters is allowed. account_details optional string Potentially masked account detail, for display purposes only Characters Alphanumeric. No special characters is allowed. currency optional string Primary currency of the account, if relevant. Format ISO 4217 Currency Code For EWALLET types: eWallet parameters account_number required string Unique account identifier as per the ewallet records Characters Alphanumeric. No special characters is allowed. account_holder_name optional string Name of account holder as per the ewallet records. Should match the registered account name exactly Characters Alphanumeric. No special characters is allowed. currency optional string Primary currency of the account, if relevant. Format ISO 4217 Currency Code For CREDIT_CARD types: Credit card parameters token_id required string The token id returned in tokenisation For OTC types: Over The Counter parameters payment_code required string Complete fixed payment code (including prefix) expires_at optional string Expiry date for the payment code Format YYYY-MM-DD string For QR_CODE types: QR code parameters qr_string required string String representation of the unique QR code For PAY_LATER types: Pay later parameters account_id required string Alphanumeric string identifying this account. Usually an email address or phone number account_holder_name optional string Name of account holder as per the account provider Characters Alphanumeric. No special characters is allowed. currency optional string Primary currency of the account, if relevant. Format ISO 4217 Currency Code For SOCAL_MEDIA types: Social media parameters account_id required string Alphanumeric string identifying this account. Usually an email address or phone number account_handle optional string Name of account as per the account provider Characters Alphanumeric. No special characters is allowed.
kyc_documents optional	array	Array of JSON objects with documents collected for KYC of this customer. KYC documents child parameters Field Description country required string Issuing country of the document Format ISO 3166-2 Country Code type required string Generic ID type Supported values: BIRTH_CERTIFICATE, BANK_STATEMENT, DRIVING_LICENSE, IDENTITY_CARD, PASSPORT, VISA, BUSINESS_REGISTRATION, BUSINESS_LICENSE sub_type optional string Specific ID type for IDENTITY_CARD types. Supported values: NATIONAL_ID, CONSULAR_ID, VOTER_ID, POSTAL_ID, RESIDENCE_PERMIT, TAX_ID, STUDENT_ID, MILITARY_ID, MEDICAL_ID document_name optional string Free text description of the type of document (e.g., NIB, SIUP, AKTA) Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. document_number optional string Unique alphanumeric identity document number or code Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. expires_at optional string Expiry date, if relevant. Format YYYY-MM-DD string holder_name optional string Free text to capture the full name(s) of the individual or business as defined on the document, if relevant Maximum length 255 characters Characters Alphanumeric. No special characters is allowed. document_images optional string[] Array of file ids returned from uploads to the files endpoint, representing images of the front/back of the document, in png/jpg/jpeg/pdf format
description optional	string	Merchant-provided description for the customer. Maximum length 500 characters Characters Alphanumeric. No special characters is allowed.
date_of_registration optional	string	Date of which the account that the shopper had to create/sign up on the merchant’s website Format YYYY-MM-DD string
domicile_of_registration optional	string	Country within which the account that the shopper had to create/sign up on the merchant’s website resides (e.g. accounts created on Shopee SG have SG as the value for this field. Format ISO 3166-2 Country Code
metadata optional	object	Object of additional information related to the customer. Define the JSON properties and values as required to pass information through the APIs. You can specify up to 50 keys, with key names up to 40 characters long and values up to 500 characters long. This is only for your use and will not be used by Xendit.

Response Parameters

Success responses will contain a single Customer Object with the updated content

Error Codes

See other common errors here.

Error Code	Description
DATA_NOT_FOUND 404	The provided id does not exist. Please review the id and try again

Files

An API to store and manage files for any purpose. Files may be used in any payments endpoint, including for example, KYC documentation for customers and remittance payments, or providing evidence to help support chargeback investigations.

Upload File

Make a POST request to this endpoint to upload a file. We currently support uploading PNG, JPG/JPEG, PDF files of less than 10 MB.

Endpoint: Upload File

POST https://api.xendit.co/files

Request parameters

Example Upload File Request

curl https://api.xendit.co/files -X POST \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==: \
   --form 'file=@/Users/utkarshagarwal/Desktop/Screenshot 2020-10-13 at 5.28.45 PM.png' \
   --form 'purpose=CHARGEBACK_EVIDENCE'

<?php
  $url = "https://api.xendit.co/files";
  $apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==";
  $headers = [];
  $headers[] = "Content-Type: application/json";
  $payload = array('file'=> new CURLFILE('~/yourpath/file.png'),'purpose' => 'CHARGEBACK_EVIDENCE');

  $curl = curl_init();

  $payload = json_encode($data);
  curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($curl, CURLOPT_USERPWD, $apiKey.":");
  curl_setopt($curl, CURLOPT_URL, $url);
  curl_setopt($curl, CURLOPT_POST, true);
  curl_setopt($curl, CURLOPT_POSTFIELDS, $payload);
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

  $result = curl_exec($curl);
  echo $result;

let apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==";
let url = "https://api.xendit.co/files";

var headers = new Headers();
headers.append("Authorization", "Basic " + btoa(apiKey + ":"));
var formdata = new FormData();
formdata.append("file", fileInput.files[0], "file.png");
formdata.append("purpose", "CHARGEBACK_EVIDENCE");

var requestOptions = {
  method: 'POST',
  headers: headers,
  body: formdata,
  redirect: 'follow'
};

fetch(url, requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

import requests
import base64

api_key = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:"
url = "https://api.xendit.co/files"

api_key_bytes = api_key.encode('ascii')
base64_bytes = base64.b64encode(api_key_bytes)
base64_token = base64_bytes.decode('ascii')

payload={'purpose': 'CHARGEBACK_EVIDENCE'}
files=[
  ('file', open('/yourpath/file.png','rb'))
]
auth_token = 'Basic ' + base64_token
headers = {
  'Authorization': auth_token
}

response = requests.request("POST", url, headers=headers, data=payload, files=files)

print(response.text)

Body Parameter	Type	Description
purpose required	string	Purpose of the file being uploaded Supported values: KYC_DOCUMENT, CHARGEBACK_EVIDENCE
file required	file	The file. Supported types: application/pdf, image/png, image/jpg, image/jpeg

Response parameters

Example Upload File Success Response

{
  "id": "file-ec700c1c-db17-4496-b1fb-04ebe551b412",
  "business_id": "ec700c1c-db17-4496-b1fb-04ebe551b412",
  "purpose": "CHARGEBACK_EVIDENCE",
  "created": "2020-10-08T06:38:33.479Z",
  "updated": "2020-10-08T06:38:33.479Z",
  "type": "image/png",
  "size": 10000,
  "url": "https://files.xendit.co/file-ec700c1c-db17-4496-b1fb-04ebe551b412"
}

Body Parameter	Type	Description
id required	string	Unique ID generated by Xendit for the particular file
business_id required	string	Your Xendit business id
purpose required	string	Purpose of the file
created required	string	UTC Timestamp of file upload in ISO format
updated required	string	UTC Timestamp of last file update in ISO format
type required	string	Type of the file
size required	integer	Size of the file in bytes
url required	string	URL to download the file

Error Codes

See other common errors here.

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
FILE_TOO_LARGE_EXCEEDED_ERROR 413	The file size is greater than 2000000 bytes and exceeded size limits. Please compress the payload before retrying
UNSUPPORTED_CONTENT_TYPE_ERROR 415	The file format is not supported. Please review the file type before retrying
REQUEST_FORBIDDEN_ERROR 403	API key in use does not have necessary permissions to perform the request. Please assign proper permissions for the key. Learn more here
RATE_LIMIT_EXCEEDED 429	You have reached the rate limit for file transfer. Please exponentially back off requests until you no longer receive this error

Get File by Id

Make a GET request to this endpoint to get file details

Endpoint: Get File

GET https://api.xendit.co/files/{file-id}

Example Get File Request

curl https://api.xendit.co/files/file-ec700c1c-db17-4496-b1fb-04ebe551b412 --request GET \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:

<?php

  $fileId = "file-ec700c1c-db17-4496-b1fb-04ebe551b412";
  $url = "https://api.xendit.co/files/" . $fileId;
  $apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
  $headers = [];

  $curl = curl_init();

  $payload = json_encode($data);
  curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($curl, CURLOPT_USERPWD, $apiKey.":");
  curl_setopt($curl, CURLOPT_URL, $url);
  curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "GET");
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

  $result = curl_exec($curl);
  echo $result;

let apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==";
let fileId= "file-ec700c1c-db17-4496-b1fb-04ebe551b412";
let url = "https://api.xendit.co/files/"+fileId;

var headers = new Headers();
headers.append("Authorization", "Basic " + btoa(apiKey + ":"));


var requestOptions = {
  method: 'GET',
  headers: headers,
  redirect: 'follow'
};

fetch(url, requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

import requests
import base64

api_key = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:"
url = "https://api.xendit.co/files/file-ec700c1c-db17-4496-b1fb-04ebe551b412"

api_key_bytes = api_key.encode('ascii')
base64_bytes = base64.b64encode(api_key_bytes)
base64_token = base64_bytes.decode('ascii')
payload={}

auth_token = 'Basic ' + base64_token
headers = {
  'Authorization': auth_token
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

Response parameters

Example Get File Success Response

{
  "id": "file-ec700c1c-db17-4496-b1fb-04ebe551b412",
  "business_id": "ec700c1c-db17-4496-b1fb-04ebe551b412",
  "purpose": "CHARGEBACK_EVIDENCE",
  "created": "2020-10-08T06:38:33.479Z",
  "updated": "2020-10-08T06:38:33.479Z",
  "type": "image/png",
  "size": 10000,
  "url": "https://files.xendit.co/file-ec700c1c-db17-4496-b1fb-04ebe551b412"
}

Body Parameter	Type	Description
id required	string	Unique ID generated by Xendit for the particular file
business_id required	string	Your Xendit business id
purpose required	string	Purpose of the file
created required	string	UTC Timestamp of file upload in ISO format
updated required	string	UTC Timestamp of last file update in ISO format
type required	string	Type of the file
size required	integer	Size of the file in bytes
url required	string	URL to download the file

Error Codes

See other common errors here.

Error Code	Description
DATA_NOT_FOUND 404	File not found for the given id

Download File by Id

Make a GET request to this endpoint to download a file

Endpoint: Download File

GET https://api.xendit.co/files/{file-id}/download

Example Download File Request

curl https://api.xendit.co/files/file-ec700c1c-db17-4496-b1fb-04ebe551b412/download --request GET \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:

<?php

  $fileId = "file-ec700c1c-db17-4496-b1fb-04ebe551b412";
  $url = "https://api.xendit.co/files/" . $fileId . "/download";
  $apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
  $headers = [];

  $curl = curl_init();

  $payload = json_encode($data);
  curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($curl, CURLOPT_USERPWD, $apiKey.":");
  curl_setopt($curl, CURLOPT_URL, $url);
  curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "GET");
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

  $result = curl_exec($curl);
  echo $result;

let apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==";
let fileId= "file-ec700c1c-db17-4496-b1fb-04ebe551b412";
let url = "https://api.xendit.co/files/"+fileId+"/download";

var headers = new Headers();
headers.append("Authorization", "Basic " + btoa(apiKey + ":"));


var requestOptions = {
  method: 'GET',
  headers: headers,
  redirect: 'follow'
};

fetch(url, requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

import requests
import base64

api_key = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:"
url = "https://api.xendit.co/files/file-ec700c1c-db17-4496-b1fb-04ebe551b412/download"

api_key_bytes = api_key.encode('ascii')
base64_bytes = base64.b64encode(api_key_bytes)
base64_token = base64_bytes.decode('ascii')
payload={}

auth_token = 'Basic ' + base64_token
headers = {
  'Authorization': auth_token
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response)

Error Codes

See other common errors here.

Error Code	Description
DATA_NOT_FOUND 404	File not found for the given id
RATE_LIMIT_EXCEEDED 429	You have reached the rate limit for file transfer. Please exponentially back off requests until you no longer receive this error

Delete File by Id

Make a Delete request to this endpoint to delete the file

Endpoint: Delete File

DELETE https://api.xendit.co/files/{file-id}

Example Delete File Request

curl https://api.xendit.co/files/file-ec700c1c-db17-4496-b1fb-04ebe551b412 --request DELETE \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:

<?php

  $fileId = "file-ec700c1c-db17-4496-b1fb-04ebe551b412";
  $url = "https://api.xendit.co/files/" . $fileId;
  $apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:";
  $headers = [];

  $curl = curl_init();

  $payload = json_encode($data);
  curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($curl, CURLOPT_USERPWD, $apiKey.":");
  curl_setopt($curl, CURLOPT_URL, $url);
  curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

  $result = curl_exec($curl);
  echo $result;

let apiKey = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==";
let fileId= "file-ec700c1c-db17-4496-b1fb-04ebe551b412";
let url = "https://api.xendit.co/files/"+fileId;

var headers = new Headers();
headers.append("Authorization", "Basic " + btoa(apiKey + ":"));


var requestOptions = {
  method: 'DELETE',
  headers: headers,
  redirect: 'follow'
};

fetch(url, requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

import requests
import base64

api_key = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:"
url = "https://api.xendit.co/files/file-ec700c1c-db17-4496-b1fb-04ebe551b412"

api_key_bytes = api_key.encode('ascii')
base64_bytes = base64.b64encode(api_key_bytes)
base64_token = base64_bytes.decode('ascii')
payload={}

auth_token = 'Basic ' + base64_token
headers = {
  'Authorization': auth_token
}

response = requests.request("DELETE", url, headers=headers, data=payload)

print(response.text)

Response parameters

Example Delete File Success Response

{
  "is_deleted": true,
  "id": "file-ec700c1c-db17-4496-b1fb-04ebe551b412",
  "business_id": "b647524d-9c5d-414c-843a-3c819853d6b0"
}

Body Parameter	Type	Description
id required	string	Unique ID generated by Xendit for the particular file
business_id required	string	Your Xendit business id
is_deleted required	boolean	Deletion status. True if file was successfully deleted

Error Codes

See other common errors here.

Error Code	Description
DATA_NOT_FOUND 404	File not found for the given id

Reports

An API to generate and get report. The available report are Balance and Transaction Report. You can use this endpoint to automate the report generation process. You can use the content of the report to get the detail of transactions and do reconciliation. The report on this API is equivalent to the report that you can download from dashboard.

Report Object

Report Object Example

{
    "id": "report_5c1b34a2-6ceb-4c24-aba9-c836bac82b28",
    "type": "BALANCE_HISTORY",
    "status": "COMPLETED",
    "filter": {
        "from": "2021-06-23T04:01:55.574Z",
        "to": "2021-06-24T04:01:55.574Z"
    },
    "format": "CSV",
    "url": "https://transaction-report-files.s3-us-west-2.amazonaws.com/{report_name}",
    "currency": "IDR",
    "business_id": "5f34f60535ba7c1c0eed846a",
    "created": "2021-06-24T04:01:55.570Z",
    "updated": "2021-06-24T04:01:55.570Z"
}

Body Parameter	Type	Description
id required	string	The unique id of report. It will have report_ as prefix.
type required	string	The type of report. Available types: Type Description BALANCE_HISTORY Report that shows the historical line per line of your balance. This report is equivalent to Balance History tab in Dashboard. See Balance History Report for more information. TRANSACTIONS Report that shows history of transaction. This report is equivalent to Transactions tab in Dashboard. See Transactions Report for more information. UPCOMING_TRANSACTIONS Report that shows the list of upcoming (incoming & outgoing) transactions. This report is equivalent to Upcoming Transaction tab in Dashboard.
filter required	object	Filtering that are applied to report. Filter Parameter Key Value from required string (ISO 8601) The start time of the transaction on the report at UTC+0. to required string (ISO 8601) The end time of the transaction on the report at UTC+0.
format required	string	The format of the report. Available format is CSV.
status required	string	The status of the report. The status will be PENDING when you hit generate the report and will change after that. Type Description PENDING The report is acknowledged and being processed. COMPLETED The report is done and the file can be downloaded. FAILED The report is failed to be generated. Failed report is safe to retry.
url optional	string	URL to download after report is completed. The file to download will only be accessible for 24 hours. When the url is expired, you will need to send a new request to generate the report.
currency required	string	The currency inside the report. See our supported currencies.
business_id required	string	The id of business where this transaction belong to.
created required	string (ISO 8601	The time when the report request is created at UTC+0.
updated required	string (ISO 8601	The time when the report is updated at UTC+0.

Generate Report

Endpoint: Generate Report

POST https://api.xendit.co/reports

Request this endpoint to generate the report. You can specify the type and filter the content of the report. The flow of this endpoint is asynchronous. It means Xendit will send callbacks to you after the report is done. See report callback for more information. Alternatively, you can use the get report endpoint to get the report status and its detail.

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to get this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Example Generate Report Request

curl https://api.xendit.co/reports -X POST \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==: \
   -d type=BALANCE_HISTORY \
   -d currency=IDR

Example Generate Report Response

{
    "id": "report_5c1b34a2-6ceb-4c24-aba9-c836bac82b28",
    "type": "BALANCE_HISTORY",
    "status": "PENDING",
    "filter": {
        "from": "2021-06-23T04:01:55.574Z",
        "to": "2021-06-24T04:01:55.574Z"
    },
    "format": "CSV",
    "currency": "IDR",
    "business_id": "5f34f60535ba7c1c0eed846a",
    "created": "2021-06-24T04:01:55.570Z",
    "updated": "2021-06-24T04:01:55.570Z"
}

Body Parameter	Type	Description
type required	string	The type of report that will be generated. Available types: Type Description BALANCE_HISTORY Report that shows the historical line per line of your balance. This report is equivalent to Balance History tab in Dashboard. See Balance History Report for more information. TRANSACTIONS Report that shows history of transaction. This report is equivalent to Transactions tab in Dashboard. See Transactions Report for more information. UPCOMING_TRANSACTIONS Report that shows the list of upcoming (incoming & outgoing) transactions. This report is equivalent to Upcoming Transaction tab in Dashboard.
filter required	object	Filtering that are applied to report. Filter Parameter Key Value from string (ISO 8601) required The start time of the transaction to be filtered. If not specified, from is 24 hours before current time to string (ISO 8601) required The end time of the transaction to be filtered. If not specified, to is current time. This means if both from and to is not specified, the report will generate the last 24 hours of data. The combination of from and to must be less than 31 days.
format optional default: CSV	string	The format of the report. Available format is CSV.
currency optional default: IDR	string	The currency to filter. See our supported currencies.
report_version optional	string	Report version indicates which version of report you need. This parameter is only applicable to Transaction Report. Default value: VERSION_0 Version value <> changelog: VERSION_0: Original version VERSION_1: Includes Settlement Status, Actual Settlement Time, and Estimated Settlement Time VERSION_2: Includes Early Settlement Fee Columns, swapped Payment ID with Product ID

Response Parameters

Return Report Object with status code 201

Error Codes

See other common errors here.

Error Code	Description
FEATURE_NOT_AVAILABLE 400	During this beta, some of customer may encounter this error. Please contact our customer support to enable this feature.
INVALID_DATE_RANGE 400	The from and to filter range is too huge. Please reduce the range according to limit on the request parameter.

Get Report

Endpoint: Get Report

GET https://api.xendit.co/reports/{report_id}

Request this endpoint to get single specific report details by report id. You can use this endpoint as alternative compared to using the report callback.

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to get this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Example Get Report

curl https://api.xendit.co/transactions/report_5c1b34a2-6ceb-4c24-aba9-c836bac82b28 -X GET \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:

Example Get Report Response

{
    "id": "report_5c1b34a2-6ceb-4c24-aba9-c836bac82b28",
    "type": "BALANCE_HISTORY",
    "status": "COMPLETED",
    "filter": {
        "from": "2021-06-23T04:01:55.574Z",
        "to": "2021-06-24T04:01:55.574Z"
    },
    "format": "CSV",
    "url": "https://transaction-report-files.s3-us-west-2.amazonaws.com/{report_name}",
    "currency": "IDR",
    "business_id": "5f34f60535ba7c1c0eed846a",
    "created": "2021-06-24T04:01:55.570Z",
    "updated": "2021-06-24T04:01:55.570Z"
}

Path Parameter	Type	Description
report_id required	string	The id of report.

Response Parameters

Return Report Object with status code 200

Error Codes

See other common errors here.

Error Code	Description
TRANSACTION_NOT_FOUND 404	Report the id is not found.
FEATURE_NOT_AVAILABLE 400	During this beta, some of customer may encounter this error. Please contact our customer support to enable this feature.

Report Callback

Endpoint: Report Callback

POST https://yourcompany.com/report_callback_url

Xendit notifies your system upon the completed or failed report via callback. You need to provide an URL to receive callback. Please specify your URL in Callback Settings in Xendit Dashboard.

The payment notification will be sent as POST request to the URL you set. Xendit attach x-callback-token header that you can validate against Verification Token in Callback Settings to verify message authenticity.

Please response back with status 200 immediately. Xendit marks callback event as failed if there is no response within 30s. When events failed, automatic retry will kick-off for the next 24h. Alternatively, you can resend any event in Callback tab at anytime. You can also receive notification via email every 6h to check your callback health.

Learn more about Callback

Callback Payload

Example Report Callback Request for Successful Report

curl --include \
     --request POST \
     --header "x-callback-token: MuaJALKJSDK12LASHD123kSAKSDHzjahwUWjkasJSDSA12KSNAK21n==" \
     --header "Content-Type: application/json" \
     --data-binary "{
    \"id\": \"report_5c1b34a2-6ceb-4c24-aba9-c836bac82b28\",
    \"type\": \"BALANCE_HISTORY\",
    \"status\": \"PENDING\",
    \"filter\": {
        \"from\": \"2021-06-23T04:01:55.574Z\",
        \"to\": \"2021-06-24T04:01:55.574Z\"
    },
    \"format\": \"CSV\",
    \"currency\": \"IDR\",
    \"business_id\": \"5f34f60535ba7c1c0eed846a\",
    \"created\": \"2021-06-24T04:01:55.570Z\",
    \"updated\": \"2021-06-24T04:01:55.570Z\"
}}" \
'{{your_company_domain}}/{{callback_url}}'

Body Parameter	Type	Description
event required	string	The type of the event. The available types are: Type Description reports.completed Report is completed. You can download the report from the url parameter. reports.failed Report is failed to generate. You are safe tor retry the report request.
	Report Object	The rest of parameter is the same as report object.

Balance History Report

Balance history report is report that show the historical list of balance movements from your accounts. This report is equivalent to Balance Tab on dashboard. You can use this report for checking the daily balance or do reconciliation between your transaction data with the balance that are deducted or added into your account. On the report API you can generate this report by using BALANCE_HISTORY as a type.

Report Columns

Column	Description
Product Id	Xendit generated ID which will be sent to you via API callback as ‘id’
Transaction Id	Xendit uniquely generated ID for each transactions and this ID help you identify Fee or Reversal for specific transactions. This ID can be used to reconcile between Balance History Report and Transaction Report.
Transaction Type	List of available transaction type VA_PAYMENT Payment using Virtual Account RO_PAYMENT Payment using Retail Outlet EWALLET_PAYMENT Payment using Ewallet CARDLESS_CREDIT_PAYMENT Payment using Cardless Credit DIRECT_DEBIT_PAYMENT Payment using Direct Debit CREDIT_CARD_PAYMENT Payment using Credit Card QR_CODE_PAYMENT Payment using QR Code DISBURSEMENT Disbursement BATCH_DISBURSEMENT Batch Disbursement REMITTANCE_PAYOUT Remittance Payout DEPOSIT Topup to your account WITHDRAWAL Withdrawal from your account
Line Type	List of available line type TRANSACTION The transaction row, the deduction/addition of balance because of transaction FEE The fee row, the deduction of balance because of fee VAT The VAT row, the deduction of balance because of VAT TRANSACTION_REVERSAL, FEE_REVERSAL, VAT_REVERSAL The reversal of TRANSACTION, FEE, or VAT
Payment Channel	The channel to identify the source of the transaction. See channel codes for more information.
Reference	Your generated ID which will be sent to Xendit’s system and will also be available on some product callback as ‘external_id’
Currency	Transaction currency. See our supported currencies.
Amount	Nominal amount for the transaction. The number of decimal place will be different for each currency according to ISO 4217.
Balance	Your account balance on this transaction.
Debit or Credit	DEBIT Balance is deducted CREDIT Balance is added
Created Date ISO	Date on when the transaction is created using ISO 8601 format.
Timezone	Timezone information formatted as “+XXXX UTC”. The timezone will always be +0000 UTC when report is generated via this API. This is different from Dashboart which will use the user timezone.
Created Date	Date on when the transaction is created.
Payment Date	Date on when payment is received but not yet settled. This is only available for payment transaction.
Settlement Date	Date on when payment is settled. This means the fund is already received and added to your balance. This is only available for payment transaction.
Completed Date	Date on when fund has been disbursed to the destination bank account. This is only available for disbursement transaction.
Bank Code	The bank channel that are used as source or destination of transaction. This is only available for VA_PAYMENT and DISBURSEMENT.
Name	The name of the VA or receiver. This is only available for VA_PAYMENT and DISBURSEMENT.
Account Number	The account number of VA or receiver. This is only available for VA_PAYMENT and DISBURSEMENT.
Description	The description of transaction
Invoice ID	The ID of invoice. This is only available for payment that are paid via invoice.
Bank Reference	The bank reference that is used only for DISBUSEMENT transaction

Transactions Report

Transaction reports are the report that shows all transactions that exist whether it is already deduct the balance or not. This report will not show the non-transaction like topup and withdrawal. This report is equivalent to the Transaction Tab on the dashboard. On the report API you can generate this report by using TRANSACTIONS as a type.

Report Columns

Column	Description
Status	The corresponding transaction status PENDING The transaction is still in processing. This refers to money out-transaction when the amount is still on hold SUCCESS The transaction is successfully sent for money-out or already arrives on money-in FAILED The transaction failed to send/receive VOIDED The money-in transaction is voided by you REVERSED The transaction is reversed by Xendit
Type	The corresponding transaction type DISBURSEMENT The disbursement transaction PAYMENT The payment transaction. All channels of money-in transactions REMITTANCE_PAYOUT The remittance pay-out transactions TRANSFER The transfer transaction between Xendit account. This can be transfer in or out REFUND The money-in transaction is refunded by you TOP UP The money-in transaction to add money to your balance WITHDRAWAL The money-out transaction to withdraw the money to your bank account
Channel	The channel to identify the source of the transaction. The available channel for each type are: Type Channels DISBURSEMENT and REMITTANCE_PAYOUT BANK and CASH PAYMENT CARDS, CARDLESS_CREDIT, DIRECT_DEBIT, EWALLET, PAYLATER, QR_CODE, RETAIL_OUTLET, VIRTUAL_ACCOUNT TRANSFER XENPLATFORM
Channel Name	Channel name will be different for each channel. See channel codes for more information
Account Number	The account number used for the transaction. The definition of this will be different for each channel. For example, on CARD channel this will be masked card number and on BANK channel it will be account number.
Currency	Transaction currency. See our supported currencies.
Amount	Amount of the transaction. The number of decimal place will be different for each currency according to ISO 4217.
Fee Amount	Amount of the fee for this transaction.
VAT Amount	Amount of the VAT for this transaction.
3rd Party WHT	Amount of the 3rd Party Withholding Tax for this transaction if applicable.
Xendit WHT	Amount of the Xendit Withholding Tax for this transaction if applicable.
Net Amount	Net Amount of transaction after fee/VAT/WHT is included.
Reference	The reference of transaction. This is generated from your side and on some product is known as External Id
Transaction Id	The id of the transaction
Invoice Id	The id of the invoice, if this transaction is payment using invoice
Batch Id	Batch settlement id for credit card transaction
Payment Id	Xendit generated payment id which are equivalent to product Id
Payment Date	The date when the payment is received to Xendit
Timestamp - Created	The timestamp when the transaction is recorded
Timestamp - Updated	The timestamp of the latest update occurring for the transaction
Timestamp - Settled	The timestamp when the transaction is settled to the merchant
Timezone	Timezone information formatted as “+XXXX UTC”. The timezone will always be +0000 UTC when report is generated via this API. This is different from Dashboart which will use the user timezone.
Description	The description of transaction
Channel Reference	The reference that is generated by our channel partner. This can be used to reconcile between the data from your side, Xendit, and our partner.

Transactions

An API to search and view transactions. The transactions include money in, money out, and transfer that happens within your account. You can use this single endpoint to get the status of a transaction and do reconciliation. This API is equivalent to the transactions tab from dashboard. See our docs of how to use transaction tab for reconciliation.

Transaction Object

Transaction Object Example

{
    "id": "txn_13dd178d-41fa-40b7-8fd3-f83675d6f413",
    "product_id": "d290f1ee-6c54-4b01-90e6-d701748f0701",
    "type": "PAYMENT",
    "channel_category": "RETAIL_OUTLET",
    "channel_code": "ALFAMART",
    "reference_id": "ref23232",
    "account_identifier": null,
    "currency": "IDR",
    "amount": 500000,
    "cashflow": "MONEY_IN",
    "status": "SUCCESS",
    "business_id": "5fc9f5b246f820517e38c84d",
    "created": "2021-06-23T02:42:15.601Z",
    "updated": "2021-06-23T02:42:15.601Z",
    "fee":{
        "xendit_fee": 1500,
        "value_added_tax": 500,
        "xendit_withholding_tax": 0,
        "third_party_withholding_tax": 0,
        "status": "COMPLETED"
    }
}

Body Parameter	Type	Description
id required	string	The unique id of transaction. It will have txn_ as prefix
product_id required	string	The product_id of transaction. Product id will have different prefix for each different product. You can use this id to match the transaction from this API to each product API.
type required	string	The type of the transactions. Available types: Type Description DISBURSEMENT The disbursement of money-out transaction. PAYMENT The payment that includes all variation of money-in transaction. REMITTANCE_PAYOUT The remittance pay-out transaction. TRANSFER The transfer transaction between xendit account. This can be transfer in or out. REFUND A refund transaction created to refund amount from money-in transaction
channel_code optional	string	The channel of the transaction that is used. See channel codes for the list of available per channel categories.
reference_id required	string	The reference of transaction. On some product, the term reference is the same as external_id. This is the id that you generate that can be used for reconciliation.
account_identifier optional	string	Account identifier of transaction. The format will be different from each channel. For example, on BANK channel it will be account number and on CARD it will be masked card number.
currency optional	string (ISO 4217)	Currency of transaction. See our supported currencies.
amount required	number	The amount of transaction. The number of decimal place will be different for each currency according to ISO 4217.
net_amount required	number	The net amount of transaction after it deducted with fee/vat.
cashflow required	string	Representing whether the transaction is money in or money out For transfer, the transfer out side it will shows up as money out and on transfer in side in will shows up as money-in. Available values are MONEY_IN for money in and MONEY_OUT for money out.
status required	string	The status of the transaction. Available status: Status Description PENDING The transaction is still pending to be processed. This refers to money out-transaction when the amount is still on hold. SUCCESS The transaction is successfully sent for money-out or already arrives on money-in. FAILED The transaction failed to send/receive. VOIDED The money-in transaction is voided by customer. REVERSED The transaction is reversed by Xendit.
channel_category required	string	The channel category of the transaction to identify the source of the transaction. The available channel for each type are: Type Channels DISBURSEMENT and REMITTANCE_PAYOUT BANK and CASH PAYMENT CARDS, CARDLESS_CREDIT, DIRECT_DEBIT, EWALLET, PAYLATER, QR_CODE, RETAIL_OUTLET, VIRTUAL_ACCOUNT TRANSFER XENPLATFORM
business_id required	string	The id of business where this transaction belong to
created required	string (ISO 8601)	Transaction created timestamp on UTC+0
updated required	string (ISO 8601)	Transaction updated timestamp on UTC+0
fee required	object	Body Parameter Description xendit_fee number Amount of the Xendit fee for this transaction. value_added_tax number Amount of the VAT for this transaction. xendit_withholding_tax number Amount of the Xendit Withholding Tax for this transaction if applicable. See Tax Documentation for more information. third_party_withholding_tax number Amount of the 3rd Party Withholding Tax for this transaction if applicable. 3rd party example: Bank status string Status of fee Status Description PENDING The fee is still pending to be charged COMPLETED The fee is successfully charged CANCELED The transaction failed and fee is cancelled REVERSED The transaction is reversed and fee is reversed
settlement_status optional	string	Settlement Status Description PENDING Transaction amount has not been settled to merchant's balance SETTLED Transaction has been settled to merchant's balance
estimated_settlement_time optional	string (ISO 8601)	Estimated settlement time will only apply to money-in transactions. For money-out transaction, value will be NULL Estimated settlement time in which transaction amount will be settled to merchant's balance. example: "2022-04-26T08:44:39.566Z"

Get Transaction

Endpoint: Get Transaction

GET https://api.xendit.co/transactions/{transaction_id}

Request this endpoint to get single specific transaction details by transaction id. If you need to search by other parameters or to get multiple result, see list transactions.

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to get this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Example Get Transaction Request

curl https://api.xendit.co/transactions/txn_13dd178d-41fa-40b7-8fd3-f83675d6f413 -X GET \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:

Example Get Transaction Response

{
    "id": "txn_13dd178d-41fa-40b7-8fd3-f83675d6f413",
    "product_id": "d290f1ee-6c54-4b01-90e6-d701748f0701",
    "type": "PAYMENT",
    "status": "SUCCESS",
    "channel_category": "RETAIL_OUTLET",
    "channel_code": "ALFAMART",
    "reference_id": "ref23232",
    "account_identifier": null,
    "currency": "IDR",
    "amount": 1,
    "cashflow": "MONEY_IN",
    "business_id": "5fc9f5b246f820517e38c84d",
    "created": "2021-06-23T02:42:15.601Z",
    "updated": "2021-06-23T02:42:15.601Z"
}

Path Parameter	Type	Description
transaction_id required	string	The id of transaction.

Response Parameters

Returns Transaction Object with status code 200

Error Codes

See other common errors here.

Error Code	Description
TRANSACTION_NOT_FOUND 404	Transaction with the id is not found.
FEATURE_NOT_AVAILABLE 400	During this beta, some of customer may encounter this error. Please contact our customer support to enable this feature.

List Transactions

Endpoint: List Transactions

GET https://api.xendit.co/transactions

Request this endpoint to get all transactions or select specific filter and search parameters. You can filter by date, type, or status. And you can search by reference, product id, or account identifier. The returned result will be paginated and ordered by the created date.

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to get this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Example List Transactions Request

curl https://api.xendit.co/transactions?types=PAYMENT&statuses=SUCCESS&channel_categories=EWALLET&channel_categories=RETAIL_OUTLET&limit=2 -X GET \
   -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==:

Query Parameter	Type	Description
types optional	array of strings	The type of the transactions that will be filtered. If not specified, all transaction type will be returned. Available types: DISBURSEMENT: The disbursement of money-out transaction. PAYMENT: The payment that includes all variation of money-in transaction. REMITTANCE_PAYOUT: The remittance pay-out transaction. TRANSFER: The transfer transaction between xendit account. This can be transfer in or out. REFUND: A refund transaction created to refund amount from money-in Transaction.
statuses optional	array of strings	The status of the transactions that will be filtered. If not specified, all transaction status will be returned. Available status: PENDING: The transaction is still pending to be processed. This refers to money out-transaction when the amount is still on hold. SUCCESS: The transaction is successfully sent for money-out or already arrives on money-in. FAILED: The transaction failed to send/receive. VOIDED: The money-in transaction is voided by customer. REVERSED: The transaction is reversed by Xendit.
channel_categories optional	array of strings	The channel of the transactions that will be filtered. If not specified, all transaction channel will be returned. For DISBURSEMENT and REMITTANCE_PAYOUT type, the available channel categories are BANK and CASH. For PAYMENT type, the available channel categories are CARDS, CARDLESS_CREDIT, DIRECT_DEBIT, EWALLET, PAYLATER, QR_CODE, RETAIL_OUTLET, VIRTUAL_ACCOUNT. For TRANSFER type, the available channel category is XENPLATFORM.
reference_id optional	string	Reference that will be searched. Search by reference is case sensitive and can be partial match.
product_id optional	string	Product_id that will be searched. Product_id search is an exact match and case sensitive.
account_identifier optional	string	Account identifier that will be searched. Account identifier search is exact match case sensitive.
currency optional default: IDR	string (ISO 4217)	Currency to filter. See our supported currencies.
amount optional	number	Transaction amount to search. This will be exact match.
created[gte] optional	string (ISO 8601)	Start time of transaction by created date. If not specified will list all dates.
created[lte] optional	string (ISO 8601)	End time of transaction by created date. If not specified will list all dates.
updated[lte] optional	string (ISO 8601)	End time of transaction by updated date. If not specified will list all dates.
updated[gte] optional	string (ISO 8601)	Start time of transaction by updated date. If not specified will list all dates.
limit optional default: 10	number	A limit on the number of transactions to be returned for each request. Limit can range between 1 and 50.
after_id optional	string	Id of the immediately previous item. Use this with links on the response for pagination.
before_id optional	string	Id of the immediately following item.

Response Parameters

Example List Transactions Response

{
    "has_more": true,
    "data": [
        {
            "id": "txn_13dd178d-41fa-40b7-8fd3-f83675d6f413",
            "product_id": "d290f1ee-6c54-4b01-90e6-d701748f0701",
            "type": "PAYMENT",
            "status": "SUCCESS",
            "channel_category": "RETAIL_OUTLET",
            "channel_code": "ALFAMART",
            "reference_id": "ref23244",
            "account_identifier": null,
            "currency": "IDR",
            "amount": 1,
            "cashflow": "MONEY_IN",
            "business_id": "5fc9f5b246f820517e38c84d",
            "created": "2021-06-23T02:42:15.601Z",
            "updated": "2021-06-23T02:42:15.601Z"
        },
        {
            "id": "txn_a765a3f0-34c0-41ee-8686-bca11835ebdc",
            "product_id": "d290f1ee-6c54-4b01-90e6-d701748f0700",
            "type": "PAYMENT",
            "status": "SUCCESS",
            "channel_category": "RETAIL_OUTLET",
            "channel_code": "ALFAMART",
            "reference_id": "ref242424",
            "account_identifier": null,
            "currency": "IDR",
            "amount": 1,
            "cashflow": "MONEY_IN",
            "business_id": "5fc9f5b246f820517e38c84d",
            "created": "2021-06-23T02:39:23.176Z",
            "updated": "2021-06-23T02:39:23.176Z"
        }
    ],
    "links": [
        {
            "href": "/transactions?types=PAYMENT&statuses=SUCCESS&channel_categories=EWALLET&channel_categories=RETAIL_OUTLET&limit=2&after_id=txn_a765a3f0-34c0-41ee-8686-bca11835ebdc",
            "method": "GET",
            "rel": "next"
        }
    ]
}

Body Parameter	Type	Description
data required	array of objects	Returns an array of Transaction Object. Returns empty array when there is no result.
has_more required	bolean	Indicates whether there are more items to be queried with after_id of the last item from the current result. Use the links to follow to the next result.
links optional	object	The links to the next page based on HATEOAS if there is next result. The HATEOAS format are: href: URI of target, this will be to the next link. rel: The relationship between source and target. The value will be next. method: The HTTP method, the alue will be GET.

Error Codes

See other common errors here.

Error Code	Description
FEATURE_NOT_AVAILABLE 400	During this beta, some of customer may encounter this error. Please contact our customer support to enable this feature.

Payments

Our new set of Payment APIs allows merchants to integrate to any of our supported money-in payment channels using a consolidated and unified set of APIs. Through these APIs, merchants are able to use the same endpoint for any payment method type in any supported market.

The Payment APIs consist of two main resources:

• Payment Method - refers to the source of funds or the payment instrument used for the payment. This may also refer to linked/tokenized cards, bank accounts, or e-wallet accounts.
• Payment Request - initializes a payment transaction for a particular PaymentMethod

The Payment Object unifies callback notification across all money-in channels.

Payment Object

Payment object represents the actual funds transaction/attempt made to a payment method.

Payment Object Example

{
    "id": "ddpy-3cd658ae-25b9-4659-aa36-596ae41a809f",
    "amount": 1000,
    "status": "SUCCEEDED",
    "country": "PH",
    "created": "2022-08-12T13:30:40.9209Z",
    "updated": "2022-08-12T13:30:58.729373Z",
    "currency": "PHP",
    "metadata": {
        "sku": "ABCDEFGH"
    },
    "customer_id": "c832697e-a62d-46fa-a383-24930b155e81",
    "reference_id": "25cfd0f9-baee-44ca-9a12-6debe03f3c22",
    "payment_method": {
        "id": "pm-951b1ad9-1fbb-4724-a744-8956ab6ed17f",
        "card": null,
        "type": "DIRECT_DEBIT",
        "status": "ACTIVE",
        "created": "2022-08-12T13:30:26.579048Z",
        "ewallet": null,
        "qr_code": null,
        "updated": "2022-08-12T13:30:40.221525Z",
        "metadata": null,
        "description": null,
        "reusability": "MULTIPLE_USE",
        "direct_debit": {
            "type": "BANK_ACCOUNT",
            "debit_card": null,
            "bank_account": {
                "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
                "masked_bank_account_number": "XXXXXX1234"
            },
            "channel_code": "BPI",
            "channel_properties": {
                "failure_return_url": "https://your-redirect-website.com/failure",
                "success_return_url": "https://your-redirect-website.com/success"
            }
        },
        "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
        "virtual_account": null,
        "over_the_counter": null,
        "direct_bank_transfer": null
    },
    "description": null,
    "failure_code": null,
    "payment_detail": null,
    "channel_properties": null,
    "payment_request_id": "pr-5b26cae1-545b-49e9-855e-f85128f3e705"
}

Body Parameter	Type	Description
id required	string	Unique identifier for the payment. Its prefix varies based on the payment method type.
payment_request_id nullable	string	Unique identifier for the payment request. Prefix will vary according to the payment method used.
reference_id required	string	Identifier provided by the merchant or automatically generated by Xendit if it was not provided. Maximum length: 255 characters
customer_id nullable	string	ID of the customer object to which the account token are linked to
currency required	string	ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Possible values: IDR PHP THB MYR
amount required	number	Authorized amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. PHP - Supports up to two decimal places. THB - Supports up to two decimal places. MYR - Supports up to two decimal places. If amount is not provided, the corresponding payment method will accept any amount as payment (open amount). (Applicable only for OVER_THE_COUNTER and VIRTUAL_ACCOUNT)
country required	string	2-letter ISO 3166-2 country code indicating country of transaction. This is also be used as indicator for channels that are present in multiple markets (e.g. SHOPEEPAY).
status required	string	Status of the payment method. Possible values: SUCCEEDED - The payment was successfully completed. FAILED - The payment failed. See failure_code for the specific reason why the transaction failed.
payment_method required	object	Corresponding Payment Method created or used for the Payment Method. Note: customer_id, currency, and amount are moved to the root level of the Payment Request object.
channel_properties nullable	object	Specific settings applied to the payment request, overwriting the ones in the Payment Method object. For multiple use OVO, and SHOPEEPAY (ID): Key Value redeem_points nullable string Indicates whether or not to use the Payment Method's points_balance in the transaction Possible values: REDEEM_NONE - No points will be used REDEEM_ALL - points will be used to offset payment amount before cash balance is used. REDEEM_ALL can only be used when approved by OVO for promotions. For SHOPEEPAY (ID), only up to 50% of the transaction amount (rounded down) can be paid using SHOPEEPAY coins. Default value: REDEEM_NONE success_return_url nullable string URL where the end-customer is redirected if the authorization is successful For PAYMAYA: Key Value success_return_url nullable string URL where the end-customer is redirected if the authorization is successful failure_return_url nullable string URL where the end-customer is redirected if the authorization failed cancel_return_url nullable string URL where the end-customer is redirected if the authorization has been cancelled. End-customer can retry payment on the same link within 15 minutes. For BRI Direct Debit: Key Value require_auth nullable string Toggle used to require end-customer to input undergo OTP validation before completing a payment. true false Default value: true For BPI, UBP, RCBC, CHINABANK Direct Debit: Key Value success_return_url nullable string URL where the end-customer is redirected if the authorization is successful failure_return_url nullable string URL where the end-customer is redirected if the authorization failed For CARD: Key Value skip_three_d_secure required boolean To indicate whether to perform 3DS on the payment request Defaults to false success_return_url nullable string URL where the end-customer is redirected if the linking is successful. Required when skip_three_d_secure = false. This will be null if not applicable. failure_return_url nullable string URL where the end-customer is redirected if the linking has failed. Required when skip_three_d_secure = false. This will be null if not applicable. merchant_id_tag nullable string Tag for the Merchant ID that you want to associate this payment with. This is for merchants using their own MIDs to specify which MID they want to use cardonfile_type nullable string Type of “credential-on-file” / “card-on-file” / COF payment for subsequent usage. Indicates future card-on-file usage. If you intend for a card to be used for future COF transactions, then this value must be included so that Xendit can inform the processors of this setup, and then after that on every transaction following the first transaction. Default: CUSTOMER_UNSCHEDULED Possible values: CUSTOMER_UNSCHEDULED - If you intend to use this Payment Method to perform future COF payments that do not follow a schedule. Example: simple “save card for future checkout” eCommerce flow, the future payments would always be CUSTOMER_UNSCHEDULED MERCHANT_UNSCHEDULED - If you intend to use this Payment Method to perform future COF payments initiated without customer interaction and do not follow a schedule Example: auto top-up payment flow RECURRING - If you intend to use this Payment Method to process a series of transactions at fixed, regular intervals. Example: Subscriptions Notes: In order to process MERCHANT_UNSCHEDULED and RECURRING card-on-file transaction types: Aggregator Merchant will need to be allowed to perform transaction without 3DS, please check this guide for self-serve or contact Xendit representative for enabling 3DS as optional Switcher Merchant with their own acquiring bank MID will need to have MID for non 3DS transactions and support recurring configured by the acquirer.
payment_detail nullable	object	Additional information provided by that partner channel upon the creation of the payment. For OVER_THE_COUNTER Payments: Key Value remarks nullable string This can be provided by the partner channel for additional information upon payment of the end-customer in the outlet/branch. Will be null if none is provided.
failure_code nullable	string	If the status of the transaction is FAILED, this describes the reason for failure. Will be null if the transaction did not fail.
created required	string	ISO 8601 Timestamp for Payment object creation. Timezone UTC+0
updated required	string	ISO 8601 Timestamp for latest Payment object update. Timezone UTC+0
metadata nullable	object	User defined object with JSON properties and values passed in during Payment creation.

Callback: Payment Succeeded

This callback is triggered when a payment is successfully received on a OVER_THE_COUNTER, VIRTUAL_ACCOUNT or QR_CODE payment method.

This is also send for successful Payment Requests for EWALLET, DIRECT_DEBIT, and CARD.

Callback Payload

Example: Payment Succeeded Callback Payload

{
    "event": "payment.succeeded",
    "data": {
        "id": "ddpy-3cd658ae-25b9-4659-aa36-596ae41a809f",
        "amount": 1000,
        "status": "SUCCEEDED",
        "country": "PH",
        "created": "2022-08-12T13:30:40.9209Z",
        "updated": "2022-08-12T13:30:58.729373Z",
        "currency": "PHP",
        "metadata": {
            "sku": "ABCDEFGH"
        },
        "customer_id": "c832697e-a62d-46fa-a383-24930b155e81",
        "reference_id": "25cfd0f9-baee-44ca-9a12-6debe03f3c22",
        "payment_method": {
            "id": "pm-951b1ad9-1fbb-4724-a744-8956ab6ed17f",
            "card": null,
            "type": "DIRECT_DEBIT",
            "status": "ACTIVE",
            "created": "2022-08-12T13:30:26.579048Z",
            "ewallet": null,
            "qr_code": null,
            "updated": "2022-08-12T13:30:40.221525Z",
            "metadata": null,
            "description": null,
            "reusability": "MULTIPLE_USE",
            "direct_debit": {
                "type": "BANK_ACCOUNT",
                "debit_card": null,
                "bank_account": {
                    "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
                    "masked_bank_account_number": "XXXXXX1234"
                },
                "channel_code": "BPI",
                "channel_properties": {
                    "failure_return_url": "https://your-redirect-website.com/failure",
                    "success_return_url": "https://your-redirect-website.com/success"
                }
            },
            "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
            "virtual_account": null,
            "over_the_counter": null,
            "direct_bank_transfer": null
        },
        "description": null,
        "failure_code": null,
        "payment_detail": null,
        "channel_properties": null,
        "payment_request_id": "pr-5b26cae1-545b-49e9-855e-f85128f3e705"
    },
    "created": "2022-08-12T13:30:58.986Z",
    "business_id": "5f27a14a9bf05c73dd040bc8",
    "api_version": null
}

Header Parameters

Header Parameter	Type	Description
x-callback-token required	string	Your Xendit unique callback token to verify the origin of the callback
webhook-id required	string	A unique identifier of every webhook to help you to handle double callback by implementing idempotency. When you receive the same webhook-id twice, treat the subsequent request as duplicate and reject the webhook accordingly to prevent double webhook

Body Parameter	Type	Description
event required	string	Identifies the event that triggered a notification to the merchant - payment.succeeded
business_id required	string	Business ID of the merchant
created required	string	ISO 8601 Timestamp for callback notification creation. Timezone UTC+0.
data optional	object	Payment Object with status SUCCEEDED

Callback: Payment Failed

This callback is sent when a pending EWALLET, DIRECT_DEBIT, and CARD has failed.

Note: Make sure that you ONLY have a callback URL registered in the Payment Request section in your Dashboard settings for payments. To prevent duplicate callbacks, DO NOT fill out product-specific sections.

Callback Payload

Example: Payment Succeeded Callback Payload

{
  "event": "payment.failed",
  "data": {
      "id": "ddpy-3cd658ae-25b9-4659-aa36-596ae41a809f",
      "amount": 1000,
      "status": "FAILED",
      "country": "PH",
      "created": "2022-08-12T13:30:40.9209Z",
      "updated": "2022-08-12T13:30:58.729373Z",
      "currency": "PHP",
      "metadata": {
          "sku": "ABCDEFGH"
      },
      "customer_id": "c832697e-a62d-46fa-a383-24930b155e81",
      "reference_id": "25cfd0f9-baee-44ca-9a12-6debe03f3c22",
      "payment_method": {
          "id": "pm-951b1ad9-1fbb-4724-a744-8956ab6ed17f",
          "card": null,
          "type": "DIRECT_DEBIT",
          "status": "ACTIVE",
          "created": "2022-08-12T13:30:26.579048Z",
          "ewallet": null,
          "qr_code": null,
          "updated": "2022-08-12T13:30:40.221525Z",
          "metadata": null,
          "description": null,
          "reusability": "MULTIPLE_USE",
          "direct_debit": {
              "type": "BANK_ACCOUNT",
              "debit_card": null,
              "bank_account": {
                  "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
                  "masked_bank_account_number": "XXXXXX1234"
              },
              "channel_code": "BPI",
              "channel_properties": {
                  "failure_return_url": "https://your-redirect-website.com/failure",
                  "success_return_url": "https://your-redirect-website.com/success"
              }
          },
          "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
          "virtual_account": null,
          "over_the_counter": null,
          "direct_bank_transfer": null
      },
      "description": null,
      "failure_code": "INSUFFICIENT_BALANCE",
      "payment_detail": null,
      "channel_properties": null,
      "payment_request_id": "pr-5b26cae1-545b-49e9-855e-f85128f3e705"
  },
  "created": "2022-08-12T13:30:58.986Z",
  "business_id": "5f27a14a9bf05c73dd040bc8",
  "api_version": null
}

Header Parameters

Header Parameter	Type	Description
x-callback-token required	string	Your Xendit unique callback token to verify the origin of the callback
webhook-id required	string	A unique identifier of every webhook to help you to handle double callback by implementing idempotency. When you receive the same webhook-id twice, treat the subsequent request as duplicate and reject the webhook accordingly to prevent double webhook

Body Parameter	Type	Description
event required	string	Identifies the event that triggered a notification to the merchant - payment.failed
business_id required	string	Business ID of the merchant
created required	string	ISO 8601 Timestamp for callback notification creation. Timezone UTC+0.
data optional	object	Payment Object with status FAILED. See the Failure Code table below to see the possible values of failure_code.

Failure Code	Description
ACCOUNT_ACCESS_BLOCKED	End customer bank account has been blocked, end user should contact the bank for resolution.
ACCOUNT_NOT_ACTIVATED	End-customer's account is not activated for payments.
CHANNEL_UNAVAILABLE	The partner channel cannot be reached or currently having a downtime
CUSTOMER_UNREACHABLE	The end-user's device cannot be reached at this moment by the partner channel
DUPLICATE_ERROR	There's an existing record of linking the same underlying account for the provided customer_id OR Virtual Account Number/Payment Code already exists
INSUFFICIENT_BALANCE	Source of funds has insufficient balance to complete the transaction
INVALID_MERCHANT_CREDENTIALS	Merchant credentials met with an error with the partner channel
INVALID_PAYMENT_METHOD	The provided payment method id has already expired or is inactive
MAX_ACCOUNT_LINKING	Partner channel blocked the linking because the underlying account has been linked to the maximum number allowed by the channel.
MAX_AMOUNT_LIMIT_ERROR	The transaction amount exceeds the partner channel's set limits
MAX_OTP_ATTEMPTS_ERROR	The maximum incorrect attempts allowed by the channel has been reached.
PARTNER_CHANNEL_ERROR	Error received from partner channel but no reasons provided
SERVER_ERROR	An unexpected error occured. Our team has been notified and will troubleshoot the issue.
PAYMENT_METHOD_ALREADY_EXISTS	An active Payment Method with the same customer_id, channel_code for that merchant already exists.
PAYMENT_EXPIRED	If you are using Xendit-hosted OTP page, end-user needs to input their OTP within 15 minutes or else the payment will be expired. You may need to create a new payment.
PAYMENT_STATUS_FAILED	Payment has failed with no further information from channel. You may need to check before retrying. Recommended to wait ~30 minutes before retrying unless given further instruction.

Payment Methods

Payment Methods represent the underlying source of funds or instrument used for a payment.

For Virtual Accounts, Over-the-Counter, and QR, a Payment Method generates the corresponding payment instrument (eg. virtual account number, OTC payment code, QR code) and is already activated to accept payments.

For Cards, E-wallets, and Direct Debit, a corresponding Payment Request is needed to initialize a payment. The Payment Method object also enables saving of card tokens, e-wallet or bank accounts for subsequent payments.

Support for linking and multiple-use payment methods varies depending on the partner channel; it may require further configuration or approval from partner channels. To know more, go to our documentation.

A Payment callback will be received for payments made via Over-the-Counter, QR Codes or Virtual Accounts.

Payment Method Object

Payment Method Object Example

{
    "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
    "card": null,
    "type": "DIRECT_DEBIT",
    "status": "ACTIVE",
    "actions": [],
    "country": "PH",
    "created": "2022-08-12T13:30:26.579048Z",
    "ewallet": null,
    "qr_code": null,
    "updated": "2022-08-12T13:30:58.908220358Z",
    "metadata": null,
    "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
    "description": null,
    "reusability": "MULTIPLE_USE",
    "direct_debit": {
        "type": "BANK_ACCOUNT",
        "debit_card": null,
        "bank_account": {
            "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
            "masked_bank_account_number": "XXXXXX1234"
        },
        "channel_code": "BPI",
        "channel_properties": {
            "failure_return_url": "https://your-redirect-website.com/failure",
            "success_return_url": "https://your-redirect-website.com/success"
        }
    },
    "failure_code": null,
    "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
    "virtual_account": null,
    "over_the_counter": null,
    "billing_information": null,
    "direct_bank_transfer": null,
    "business_id": "5f27a14a9bf05c73dd040bc8"
}

Body Parameter	Type	Description
id required	string	Unique identifier for the payment method. This has a prefix of pm-. Example: pm-6d1c8be4-f4d9-421c-9f0b-ab3b2b6bbc39
business_id required	string	Xendit-generated identifier for the business that owns the transaction
customer_id nullable	string	ID of the customer object to which the account token will be linked to
reference_id nullable	string	Identifier provided by the merchant or automatically generated by Xendit if it was not provided. Maximum length: 255 characters
reusability required	string	Describes whether or not the payment method can be reused for subsequent payments without going through the same linking process again. Possible values: ONE_TIME_USE MULTIPLE_USE
country required	string	2-letter ISO 3166-2 country code indicating country of transaction. This is also be used as indicator for channels that are present in multiple markets (e.g. SHOPEEPAY).
status required	string	Status of the payment method. Possible values: REQUIRES_ACTION - The request passed validation but requires additional steps in order to activate the payment method for use. Typical actions are for merchant to trigger OTP validation or redirect your customer to authentication page. ACTIVE - The payment method can be used for payment requests (for Cards, E-wallets, Direct Debit) or can now accept payments (for Virtual Account, Over-the-Counter, QR Code) INACTIVE - Merchant-toggled status to temporarily prevent further transactions from the payment method. This status is reversible. EXPIRED - The underlying authorization has expired, invalidated, or has been unlinked. This status is not reversible. PENDING - The request is successfully passed, and need to acivate asynchronously. Please listen to our callback to get the updated status.
actions required	object array	If status=REQUIRES_ACTION, this contains objects that detail the possible next steps in order to activate a payment method. Only one of the provided actions is required to be fulfilled. If no further action is needed, this parameter will be an empty array []. Each object will have the following properties: Key Value method required string HTTP method for calling the url. Possible values: GET POST url_type required string Type of url for the specific action. Possible values: API - The provided url is a server-side API, merchant will need to provide necessary information to the API WEB - The provided redirect url is optimized for desktop or web interface. This can also be used if no MOBILE url is provided. Merchant will need to redirect their end user to this page to complete payment authentication. MOBILE - The provided redirect url is optimized for mobile devices. Merchant will need detect the mobile device and redirect their end user to this page to complete payment authentication. DEEPLINK - The provided redirect url utilizes deep linking to the channel partner’s platform. Merchant will need detect the mobile device and redirect their end user to this page to complete payment authentication. action required string Describes the purpose the corresponding action Possible values: AUTH - Trigger this action in order to authorize linking or payment. RESEND_AUTH - Trigger this action in order to resend the authorization code to the end-customer. url required string The generated URL to hit in order to perform the action
type required	string	Type of payment method. Refer to the corresponding object to access further information Possible values: EWALLET DIRECT_DEBIT CARD VIRTUAL_ACCOUNT OVER_THE_COUNTER QR_CODE
ewallet nullable	object	For type='EWALLET', this contains the necessary information to describe an ewallet payment method. This will be null otherwise. Key Value channel_code required string Identifier for the payment channel partner Possible values: Indonesia DANA OVO LINKAJA ASTRAPAY JENIUSPAY SHOPEEPAY Philippines SHOPEEPAY GRABPAY PAYMAYA GCASH channel_properties required object Information provided specific to the channel partner that was provided during the request Key Value success_return_url nullable string URL where the end-customer is redirected if the authorization is successful. This will be null if not applicable. failure_return_url nullable string URL where the end-customer is redirected if the authorization has failed. This will be null if not applicable. cancel_return_url nullable string URL where the end-customer is redirected if the authorization has been cancelled. End-customer can retry payment on the same link within 15 minutes. This will be null if not applicable. mobile_number nullable string Registered mobile number of the end-customer to the channel partner in E.164 Format. This will be null if not applicable. cashtag nullable string Only for JENIUSPAY, this is the registered cashtag of the wallet. This will be null if not applicable. account nullable object Object that contains information of the linked eWallet account. Will be null if information is not available. Key Value account_details nullable string Masked public identifier for the eWallet account. This typically contains the masked mobile number registered to the eWallet account. This will be null if unavailable. name nullable string Name of the eWallet account holder. This will be null if unavailable. balance nullable number Current available balance in the eWallet. This will be null if unavailable. point_balance nullable number Current available points in the eWallet for consumption. This will be null if unavailable.
direct_debit nullable	object	For type='DIRECT_DEBIT', this contains the necessary information to describe a direct debit payment method. This will be null otherwise. Key Value channel_code required string Identifier for the payment channel partner Possible values: Indonesia BRI MANDIRI Philippines BPI UBP RCBC CHINABANK Thailand SCB KTB BBL BAY Malaysia FPX Channels here type required string The type of the underlying direct debit payment instrument. Possible values: BANK_ACCOUNT DEBIT_CARD channel_properties required object Information provided specific to the channel partner that was provided during the request Key Value success_return_url nullable string URL where the end-customer is redirected if the authorization is successful. This will be null if not applicable. failure_return_url nullable string URL where the end-customer is redirected if the authorization has failed. This will be null if not applicable. mobile_number nullable string Registered mobile number of the end-customer to the channel partner in E.164 Format. This will be null if not applicable. card_last_four nullable string Last four digits of the debit card. This will be null if not applicable. card_expiry nullable string Expiry month and year of the debit card (in MM/YY format). This will be null if not applicable. email nullable string Email address of the customer that is registered to the partner channel. This will be null if not applicable. identity_document_number nullable string The account holder's ID Card number or passport number. Required for BAY and KTB This will be null if not applicable. bank_account nullable object If direct_debit.type='BANK_ACCOUNT', this contains details regarding the underlying bank account of the payment method. This will be null otherwise. Key Value masked_bank_account_number nullable string Masked account details as provided by the bank. This can be used for displaying a portion of the account number. This will be null if unavailable. bank_account_hash nullable string Unique hash for the specific account. This does not change across different authorizations or integrations. This will be null if unavailable. debit_card nullable object If direct_debit.type='DEBIT_CARD', this contains details regarding the debit card to be used for payments. This will be null otherwise. Key Value mobile_number nullable string Registered mobile number of the end-customer to the channel partner in E.164 Format. This will be null if not applicable. card_last_four nullable string Last four digits of the debit card. This will be null if not applicable. card_expiry nullable string Expiry month and year of the debit card (in MM/YY format). This will be null if not applicable. email nullable string Email address of the customer that is registered to the partner channel. This will be null if not applicable.
card nullable	object	For type='CARD', this contains the necessary information to describe a Card payment method. This will be null otherwise. Key Value currency required string ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Possible values: IDR PHP USD channel_properties required object Information provided specific to the channel partner that was provided during the request Key Value skip_three_d_secure nullable boolean This field value is only configurable for reusability = MULTIPLE_USE to indicate whether to perform 3DS during the linking phase. Defaults to false cardonfile_type nullable string Type of “credential-on-file” / “card-on-file” / COF payment for subsequent usage. Indicates future card-on-file usage. If you intend for a card to be used for future COF transactions, then this value must be included so that Xendit can inform the processors of this setup, and then after that on every transaction following the first transaction. Default: CUSTOMER_UNSCHEDULED Possible values: CUSTOMER_UNSCHEDULED - If you intend to use this Payment Method to perform future COF payments that do not follow a schedule. Example: simple “save card for future checkout” eCommerce flow, the future payments would always be CUSTOMER_UNSCHEDULED MERCHANT_UNSCHEDULED - If you intend to use this Payment Method to perform future COF payments initiated without customer interaction and do not follow a schedule Example: auto top-up payment flow RECURRING - If you intend to use this Payment Method to process a series of transactions at fixed, regular intervals. Example: Subscriptions Notes: In order to process MERCHANT_UNSCHEDULED and RECURRING card-on-file transaction types: Aggregator Merchant will need to be allowed to perform transaction without 3DS, please check this guide for self-serve or contact Xendit representative for enabling 3DS as optional Switcher Merchant with their own acquiring bank MID will need to have MID for non 3DS transactions and support recurring configured by the acquirer. success_return_url nullable string URL where the end-customer is redirected if the linking is successful. Required when skip_three_d_secure = false. This will be null if not applicable. failure_return_url nullable string URL where the end-customer is redirected if the linking has failed. Required when skip_three_d_secure = false. This will be null if not applicable. card_information required object Information pertaining to the actual card Key Value token_id required string Corresponding token ID of the card masked_card_number required string Masked card number expiry_month required string Card expiry month in MM format. expiry_year required number Card expiry year in YYYY format. cardholder_name nullable number Cardholder name is optional but recommended for 3DS 2 / AVS verification fingerprint nullable number Unique consistent identifier for the card. This does not change values over different authorizations. type nullable string Type of card used. Possible values: CREDIT DEBIT country nullable string 2-letter country code of the issuing country of the card issuer nullable string Name of the issuing entity of the card
over_the_counter nullable	object	For type='OVER_THE_COUNTER', this contains the necessary information to describe an over-the-counter payment method. This will be null otherwise. Key Value channel_code required string Identifier for the payment channel partner Possible values: Indonesia ALFAMART INDOMARET Philippines 7ELEVEN 7ELEVEN_CLIQQ CEBUANA ECPAY PALAWAN MLHUILLIER ECPAY_DRAGONLOAN currency required string ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Possible values: IDR PHP amount nullable number Expected and accepted amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. PHP - Supports up to two decimal places. If amount is not provided, the corresponding payment code will accept any amount as payment (open amount). channel_properties required object Information provided specific to the channel partner that was provided during the request Key Value customer_name required string Complete name of the payor. May be used by the channel partner to verify their identity. Must contain letters and space only. payment_code nullable string The corresponding payment code to be given to the Customer to be presented at OTC partner channels. expires_at required string Timestamp in ISO 8601 UTC+0 for when the payment code will be valid.
virtual_account nullable	object	For type='VIRTUAL_ACCOUNT', this contains the necessary information to describe a virtual account payment method. This will be null otherwise. Key Value channel_code required string Identifier for the payment channel partner Possible values: Indonesia BCA BSI BJB CIMB SAHABAT_SAMPOERNA ARTAJASA BRI BNI MANDIRI PERMATA currency required string ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Possible values: IDR amount nullable number Expected and accepted amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. If amount is not provided, the corresponding virtual account will accept any amount as payment (open amount). channel_properties required object Information provided specific to the channel partner that was provided during the request Key Value customer_name required string Complete name of the payor. May be used by the channel partner to verify their identity. virtual_account_number string The corresponding virtual account number that can be used by Customers to send payments to. expires_at required string Timestamp in ISO 8601 UTC+0 for when the virtual account will be valid. suggested_amount nullable string Provided suggested amount to be paid. Will be visible to the Customer on supported channels.
qr_code nullable	object	For type='QR_CODE', this contains the necessary information to describe a QR Code payment method. This will be null otherwise. Key Value channel_code required string Identifier for the QR Code standard used Possible values: Indonesia DANA LINKAJA Thailand PROMPTPAY currency required string ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Possible values: IDR amount nullable number Expected and accepted amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. If amount is not provided, the corresponding virtual account will accept any amount as payment (open amount). channel_properties required object Information regarding the payment method / instrument Key Value qr_string required string QR string to be rendered for display to end users.
description nullable	string	Free-text field for any additional information regarding the payment method. Maximum length: 255 characters
billing_information nullable	object	Object containing the payor's billing address. For CARD, this should match the billing information on record with the cardholder's issuer. Key Value country required string 2-letter ISO 3166-2 country code for the customer’s country of residence street_line1 nullable string Building name and apartment unit number street_line2 nullable string Building street address city nullable string City, village or town as appropriate province_state nullable string Either one of (whichever is applicable): Geographic area, province, or region Formal state designation within country postal_code nullable string Postal, zip or rural delivery code, if applicable
failure_code nullable	string	If the status of the transaction is FAILED, this describes the reason for failure. Will be null if the transaction did not fail. See possible codes here.
created required	string	ISO 8601 Timestamp for Payment Method object creation. Timezone UTC+0
updated required	string	ISO 8601 Timestamp for latest Payment Method object update. Timezone UTC+0
metadata nullable	object	User defined object with JSON properties and values passed in during Payment Method creation.

Create Payment Method

This endpoint provides the following functionalities:

• Initializes the tokenization and linking process for Cards, multiple-use E-wallets and Direct Debits
• Creates the payment instruments for Over-the-Counter, Virtual Accounts, and QR Code
• Creates an payment method object placeholder for one-time use E-wallets and Direct Debits

Endpoint: Create Payment Method

POST https://api.xendit.co/v2/payment_methods

Create Payment Method Request

Example Create Payment Method Request

curl https://api.xendit.co/v2/payment_methods -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \
   --data-raw '{
      "type": "EWALLET",
      "reusability": "MULTIPLE_USE",
      "ewallet": {
        "channel_code": "OVO",
        "channel_properties": {
          "success_return_url": "https://your-redirect-website.com/success",
          "failure_return_url": "https://your-redirect-website.com/failure"
        }
      },
      "customer_id": "fc4c060b-3c41-4707-b7b2-df9c3376edde"
}' \

Header	Type	Description
idempotency-key optional	string	Provided to prevent duplicate requests. Can be equal to any UUID. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Note: Max 100 characters
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Request Body Parameter	Type	Description
type required	string	Type of payment method Accepted values: CARD EWALLET DIRECT_DEBIT OVER_THE_COUNTER QR_CODE VIRTUAL_ACCOUNT
reusability required	string	Describes whether or not the payment method can be reused for subsequent payments. For VIRTUAL_ACCOUNT, OVER_THE_COUNTER, and QR_CODE, this determines whether or not the payment instrument stays valid after a successful payment is made. For CARD, EWALLET, and DIRECT_DEBIT, this determines whether or not authentication is performed again for subsequent payments. Accepted values: ONE_TIME_USE - Payment method is expired after one successful payment. MULTIPLE_USE - Payment method is tokenized and may be reused for subsequent payments.
reference_id optional	string	Merchant-provided identifier for this payment method. If none is provided, Xendit will randomly generate a unique reference_id. For OVER_THE_COUNTER, QR_CODE, and VIRTUAL_ACCOUNT, this will be extended to the actual payments made. Maximum length: 255 characters
customer_id conditional	string	ID of the customer object to which the account token will be linked to. Call Create Customer to generate Customer ID. The value will always have prefix cust-xxx A customer_id is required for all DIRECT_DEBIT payment methods and MULTIPLE_USE EWALLETs. Except that, you need to ignore this parameter or set as null.
country conditional	string	2-letter ISO 3166-2 country code indicating country of transaction. This is also be used as indicator for channels that are present in multiple markets (e.g. SHOPEEPAY). Accepted values: ID - Indonesia PH - Philippines
description optional	string	Free-text field for any additional information regarding the payment method. Maximum length: 255 characters
billing_information optional	object	Object containing the payor's billing address. For CARD, this should match the billing information on record with the cardholder's issuer. This is recommended for 3DS 2 / AVS. Key Value country required string 2-letter ISO 3166-2 country code for the customer’s country of residence street_line1 optional string Building name and apartment unit number street_line2 optional string Building street address city optional string City, village or town as appropriate province_state optional string Either one of (whichever is applicable): Geographic area, province, or region Formal state designation within country postal_code optional string Postal, zip or rural delivery code, if applicable
metadata optional	object	A free-format JSON for additional information that you may use. Object can be up to 50 keys, with key names up to 40 characters long and values up to 500 characters long.
ewallet conditional	object	Required for type='EWALLET', this contains the necessary information to describe an ewallet payment method. Key Value channel_code required string Identifier for the payment channel partner Supported eWallets and their channel codes: Indonesia DANA OVO LINKAJA ASTRAPAY JENIUSPAY SHOPEEPAY Philippines SHOPEEPAY GRABPAY PAYMAYA GCASH channel_properties required object Object that contains the required information to perform payments with eWallet account OVO (ONE_TIME_USE) required fields Key Value mobile_number required string Registered mobile number of the end-customer to the channel partner in E.164 Format. DANA (ONE_TIME_USE), LINKAJA (ONE_TIME_USE), SHOPEEPAY (ONE_TIME_USE) (ID & PH), ASTRAPAY (ONE_TIME_USE), GCASH (ONE_TIME_USE) required fields, Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful GRABPAY, OVO (MULTIPLE_USE), DANA (MULTIPLE_USE), LINKAJA (MULTIPLE_USE), SHOPEEPAY (MULTIPLE_USE) (ID & PH), ASTRAPAY (MULTIPLE_USE), GCASH (MULTIPLE_USE) fields Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful failure_return_url required string URL where the end-customer is redirected if the authorization failed MAYA (PAYMAYA) required fields Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful failure_return_url required string URL where the end-customer is redirected if the authorization failed cancel_return_url required string URL where the end-customer is redirected if the authorization has been cancelled. End-customer can retry payment on the same link within 15 minutes. JENIUSPAY required fields Key Value cashtag required string Cashtag of the funding source
direct_debit conditional	object	Required for type='DIRECT_DEBIT', this contains the necessary information to describe a direct debit payment method. Key Value channel_code required string Identifier for the payment channel partner Supported banks and their channel codes: Indonesia BRI MANDIRI Philippines BPI UBP RCBC CHINABANK Thailand SCB KTB BBL BAY Malaysia FPX Channels here channel_properties required object Object that contains the required information to perform payments using direct debit BRI Direct Debit required fields Key Value mobile_number required string Registered mobile number of the end-customer to the channel partner in E.164 Format. card_last_four required string Last four digits of the debit card card_expiry required string Expiry month and year of the debit card (in MM/YY format) email required string Email address of the customer that is registered to the partner channel MANDIRI, BPI, UBP, RCBC, CHINABANK, and FPX Channels under Direct Debit required fields Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful failure_return_url required string URL where the end-customer is redirected if the authorization failed SCB and BBL Direct Debit required fields Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful failure_return_url required string URL where the end-customer is redirected if the authorization failed mobile_number required string Registered mobile number of the end-customer to the channel partner in E.164 Format. KTB and BAY Direct Debit required fields Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful failure_return_url required string URL where the end-customer is redirected if the authorization failed mobile_number required string Registered mobile number of the end-customer to the channel partner in E.164 Format. identity_document_number required number The account holder's ID Card number or passport number.
card conditional	object	For type='CARD', this contains the necessary information to describe a Card payment method. This will be null otherwise. Key Value currency required string ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Possible values: IDR PHP USD channel_properties required object Information provided specific to the channel partner that was provided during the request Key Value skip_three_d_secure conditional boolean This field value is only configurable for reusability = MULTIPLE_USE to indicate whether to perform 3DS during the linking phase. Defaults to false cardonfile_type conditional string Type of “credential-on-file” / “card-on-file” / COF payment for subsequent usage. Indicates future card-on-file usage. If you intend for a card to be used for future COF transactions, then this value must be included so that Xendit can inform the processors of this setup, and then after that on every transaction following the first transaction. Default: CUSTOMER_UNSCHEDULED Possible values: CUSTOMER_UNSCHEDULED - If you intend to use this Payment Method to perform future COF payments that do not follow a schedule. Example: simple “save card for future checkout” eCommerce flow, the future payments would always be CUSTOMER_UNSCHEDULED MERCHANT_UNSCHEDULED - If you intend to use this Payment Method to perform future COF payments initiated without customer interaction and do not follow a schedule Example: auto top-up payment flow RECURRING - If you intend to use this Payment Method to process a series of transactions at fixed, regular intervals. Example: Subscriptions Notes: In order to process MERCHANT_UNSCHEDULED and RECURRING card-on-file transaction types: Aggregator Merchant will need to be allowed to perform transaction without 3DS, please check this guide for self-serve or contact Xendit representative for enabling 3DS as optional Switcher Merchant with their own acquiring bank MID will need to have MID for non 3DS transactions and support recurring configured by the acquirer. success_return_url conditional string URL where the end-customer is redirected if the linking is successful. Required when skip_three_d_secure = false. This will be null if not applicable. failure_return_url conditional string URL where the end-customer is redirected if the linking has failed. Required when skip_three_d_secure = false. This will be null if not applicable. card_information required object Information pertaining to the actual card Key Value card_number required string Full card number (Only for PCI-DSS compliant merchants) expiry_month required string Card expiry month in MM format. (Only for PCI-DSS compliant merchants) expiry_year required number Card expiry year in YY format. (Only for PCI-DSS compliant merchants) cardholder_name nullable number Cardholder name is optional but recommended for 3DS 2 / AVS verification
over_the_counter conditional	object	Required for type='OVER_THE_COUNTER', this contains the necessary information to describe an over-the-counter payment method. Key Value channel_code required string Identifier for the payment channel partner Supported over-the-counter channels and their respective codes: Indonesia ALFAMART INDOMARET Philippines 7ELEVEN 7ELEVEN_CLIQQ CEBUANA ECPAY PALAWAN MLHUILLIER DRAGONLOAN_ECPAY currency optional string ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Accepted values: IDR PHP amount optional number Expected and accepted amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. PHP - Supports up to two decimal places. If amount is not provided, the corresponding payment code will accept any amount as payment (open amount). channel_properties required object Object that contains the information to generate a valid payment code Key Value customer_name required string Complete name of the payor. May be used by the channel partner to verify their identity. Must contain letters and space only. payment_code optional string The payment code that you want to assign, e.g 12345. If none is provided, one will be generated at random. Default: 8 random alphanumeric characters Note: Do not include your prefix on this field. expires_at optional ISO 8601 string The date and time in ISO 8601 UTC+0 when the payment code will be expired. Default: The default validity period will be 31 years for Indonesian channels and 2 days for Philippine channels from creation date. Note: The minimum is 2 hours and the maximum is 9 days for 7ELEVEN
virtual_account conditional	object	Required for type='VIRTUAL_ACCOUNT', this contains the necessary information to describe a virtual account payment method. Key Value channel_code required string Identifier for the payment channel partner Supported virtual account channels and their respective codes: Indonesia BCA BSI BJB CIMB SAHABAT_SAMPOERNA ARTAJASA BRI BNI MANDIRI PERMATA currency optional string ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Accepted values: IDR amount optional number Expected and accepted amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. If amount is not provided, the corresponding virtual account will accept any amount as payment (open amount). channel_properties required object Object that contains the information to generate a valid payment code Key Value customer_name required string Complete name of the payor. May be used by the channel partner to verify their identity. Must contain letters and space only. virtual_account_number optional string You may assign a specific Virtual Account number using this parameter. If you do not send one, one will be picked at random. Make sure the number you specify is within your Virtual Account range. suggested_amount optional number The suggested amount you want to be displayed on the partner channel's platform Note: Suggested amount is the amount that can seen as a suggestion, but user can still put any number (only supported for MANDIRI and BRI) expires_at optional ISO 8601 string The date and time in ISO 8601 UTC+0 when the virtual account number will be expired. Default: The default expiration date will be 31 years from creation date.
qr_code conditional	object	Required for type='QR_CODE', this contains the necessary information to describe a QR Code payment method. Key Value channel_code conditional string QR payments standard used in generating the QR code. Channel_code is not required for Indonesia country. Indonesia DANA LINKAJA Thailand PROMPTPAY currency optional string ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Accepted values: IDR PHP THB amount conditional number Expected and accepted amount of the transaction in the actual value in the provided currency. Requied if the Reusability is ONE_TIME_USE. Decimal places support varies per currency: IDR - Only supports positive integers. If amount is not provided, the corresponding QR Code will accept any amount as payment (open amount).

Create Payment Method Response

Example Create Payment Method Success Response

{
  "id": "pm-6d1c8be4-f4d9-421c-9f0b-ab3b2b6bbc39",
  "type": "EWALLET",
  "reusability": "MULTIPLE_USE",
  "customer_id": "fc4c060b-3c41-4707-b7b2-df9c3376edde",
  "business_id": "5f27a14a9bf05c73dd040bc8",
  "status": "REQUIRES_ACTION",
  "country": "ID",
  "actions": [
    {
      "action": "AUTH",
      "url_type": "WEB",
      "url": "https://link-web.xendit.co/oauth/user_redirection_url",
      "method": "GET"
    }
  ],
  "ewallet": {
    "channel_code": "OVO",
    "channel_properties": {
      "success_return_url": "https://your-redirect-website.com/success",
      "failure_return_url": "https://your-redirect-website.com/failure"
    },
    "account": {
      "account_details": "+62*****3123",
      "name": null,
      "balance": 123456,
      "point_balance": 123456
    }
  },
  "qr_code": null,
  "created": "2020-08-29T09:12:33.001Z",
  "updated": "2020-08-29T09:12:33.001Z",
  "metadata": {
    "sku": "iPixel phone - 123xa2"
  }
}

A successful Payment Method creation returns a Payment Method Object with an HTTP 201 status code.

Create Payment Method Errors

Error Code	Description
API_VALIDATION_ERROR 400	There is invalid input in one of the request fields or a required field was not filled out
ACCOUNT_ACCESS_BLOCKED 400	Access to the underlying account or card has been blocked by the partner channel or the issuer.
CUSTOMER_NOT_FOUND_ERROR 400	The provided customer_id does not exist.
INVALID_ACCOUNT_DETAILS 400	The provided details were rejected by the partner channel due to incorrect information.
MAX_ACCOUNT_LINKING 400	The direct debit account being attempted to be linked has reached the maximum linking allowed by the partner channel.
VA_NUMBER_OUT_OF_RANGE 400	The provided virtual_account_number is out of the merchant's range
INVALID_API_KEY 401	API key format is invalid
CHANNEL_NOT_ACTIVATED 403	Request failed because this specific payment channel has not been activated through Xendit. Please activate via Xendit dashboard or our customer service
FEATURE_NOT_ACTIVATED 403	A certain feature being accessed has not yet activated. Please reach out to our customer service for further assistance.
FEATURE_NOT_SUPPORTED 403	A certain feature being accessed is not supported
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DUPLICATE_ERROR 409	There's an already existing record with the provided details
IDEMPOTENCY_ERROR 409	The same Idempotency-key was provided with a different payload
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue
CHANNEL_UNAVAILABLE 503	The payment channel requested is currently experiencing unexpected issues. The eWallet provider will be notified to resolve this issue
OTP_DELIVERY_ERROR 503	The partner channel has failed to send the OTP to the Customer

Authorize Payment Method

This endpoint only applies to BRI Direct Debit. This is used when an additional authorization (ex. OTP Validation) is required in order to successfully activate a payment method. This is equivalent to the POST - AUTH action provided when a Payment Method has the status REQUIRES_ACTION.

Endpoint: Account Linking - Authorize Payment Method

POST https://api.xendit.co/v2/payment_methods/:id/auth

Authorize Payment Method Request

Example Account Linking - Authorize Payment Method Request

curl https://api.xendit.co/v2/payment_methods/pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a/auth -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \
   --data-raw '{
      "auth_code": "356443"
}' \

Header	Type	Description
idempotency-key optional	string	Provided to prevent duplicate requests. Can be equal to any UUID. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Note: Max 100 characters
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Path Parameter	Type	Description
id required	string	Primary identifier for the Payment Method object. This starts with the prefix pm-.

Request Body Parameter	Type	Description
auth_code required	string	The authorization code or OTP inputted by the end-customer.

Authorize Payment Method Response

Example Account Linking - Authorize Payment Method Success Response

{
  "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
  "card": null,
  "type": "DIRECT_DEBIT",
  "status": "ACTIVE",
  "actions": [],
  "country": "ID",
  "created": "2022-08-12T13:30:26.579048Z",
  "ewallet": null,
  "qr_code": null,
  "updated": "2022-08-12T13:30:58.908220358Z",
  "metadata": null,
  "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
  "description": null,
  "reusability": "MULTIPLE_USE",
  "direct_debit": {
      "type": "DEBIT_CARD",
      "debit_card": {
        "mobile_number": "+62818555988",
            "card_last_four": "8888",
            "card_expiry": "06/24",
            "email": "email@email.com"
      },
      "bank_account": null,
      "channel_code": "BRI",
      "channel_properties": {
          "mobile_number": "+62818555988",
          "card_last_four": "8888",
          "card_expiry": "06/24",
          "email": "test.email@xendit.co"
      }
  },
  "failure_code": null,
  "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
  "virtual_account": null,
  "over_the_counter": null,
  "billing_information": null,
  "direct_bank_transfer": null,
  "business_id": "5f27a14a9bf05c73dd040bc8"
}

Returns a Payment Method Object with an HTTP 200 status code.

Authorize Payment Method Errors

Error Code	Description
API_VALIDATION_ERROR 400	There is invalid input in one of the request fields or a required field was not filled out
ACCOUNT_ACCESS_BLOCKED 400	Access to the underlying account or card has been blocked by the partner channel or the issuer.
EXPIRED_OTP_ERROR 400	The provided auth_code has expired
INVALID_OTP_ERROR 400	The provided auth_code is incorrect
MAX_OTP_ATTEMPTS_ERROR 400	The maximum attempts allowed by the channel has been reached
INVALID_API_KEY 401	API key format is invalid
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
FEATURE_NOT_SUPPORTED 403	A certain feature being accessed is not supported
DATA_NOT_FOUND 404	The provided id did not match any of our records
IDEMPOTENCY_ERROR 409	The same Idempotency-key was provided with a different payload
PAYMENT_METHOD_ALREADY_ACTIVE 409	Cannot proceed because the payment method is already active or has been activated
PAYMENT_METHOD_ALREADY_FAILED 409	Cannot proceed because the payment method has failed authorization and cannot be retried
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue
CHANNEL_UNAVAILABLE 503	The payment channel requested is currently experiencing unexpected issues. The eWallet provider will be notified to resolve this issue

List Payment Methods

This endpoints returns a list of matching Payment Method objects based on the provided query.

Each unique query string parameter is AND operator to each other.

Endpoint: List Payment Methods

GET https://api.xendit.co/v2/payment_methods

List Payment Methods Request

Example List Payment Methods Request

curl https://api.xendit.co/v2/payment_methods?reference_id="620b9df4-fe69-4bfd-b9d4-5cba6861db8a" -X GET \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \ \

Header	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Query String Parameter	Type	Description
id required	string	Primary identifier for the Payment Method object. This starts with the prefix pm-.
type optional	string	Type of payment method Accepted values: CARD EWALLET DIRECT_DEBIT OVER_THE_COUNTER QR_CODE VIRTUAL_ACCOUNT
reusability optional	string	Describes whether or not the payment method can be reused for subsequent payments. For VIRTUAL_ACCOUNT, OVER_THE_COUNTER, and QR_CODE, this determines whether or not the payment instrument says valid after a successful payment is made. For CARD, EWALLET, and DIRECT_DEBIT, this determines whether or not authentication is performed again for subsequent payments. Accepted values: ONE_TIME_USE - Payment method is expired after one successful payment. MULTIPLE_USE - Payment method is tokenized and may be reused for subsequent payments.
reference_id optional	string	Merchant-provided identifier for this payment method. If none is provided, Xendit will randomly generate a unique reference_id. For OVER_THE_COUNTER, QR_CODE, and VIRTUAL_ACCOUNT, this will be extended to the actual payments made.
customer_id optional	string	ID of the customer object to which the account token will be linked to.
limit optional	number	Maximum number of resources to be returned in the response. Use after_id and before_id to navigate to other resources. Default: 10
after_id optional	string	Retrieve all resources created after the provided after_id
before_id optional	string	Retrieve all resources created before the provided before_id

List Payment Methods Response

Example List Payment Methods Response

{
  "data": [
      {
        "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
        "card": null,
        "type": "DIRECT_DEBIT",
        "status": "ACTIVE",
        "actions": [],
        "country": "ID",
        "created": "2022-08-12T13:30:26.579048Z",
        "ewallet": null,
        "qr_code": null,
        "updated": "2022-08-12T13:30:58.908220358Z",
        "metadata": null,
        "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
        "description": null,
        "reusability": "MULTIPLE_USE",
        "direct_debit": {
            "type": "DEBIT_CARD",
            "debit_card": {
                "mobile_number": "+62818555988",
                    "card_last_four": "8888",
                    "card_expiry": "06/24",
                    "email": "email@email.com"
            },
            "bank_account": null,
            "channel_code": "BRI",
            "channel_properties": {
                "mobile_number": "+62818555988",
                "card_last_four": "8888",
                "card_expiry": "06/24",
                "email": "test.email@xendit.co"
            }
        },
        "failure_code": null,
        "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
        "virtual_account": null,
        "over_the_counter": null,
        "billing_information": null,
        "direct_bank_transfer": null,
        "business_id": "5f27a14a9bf05c73dd040bc8"
    }
  ],
  "has_more": false
}

Body Parameter	Type	Description
data required	array of objects	Returns an array of matching Payment Method Objects. Returns empty array when there is no result.
has_more required	boolean	Indicates whether there are more items to be queried with after_id of the last item from the current result.

List Payment Methods Errors

Error Code	Description
INVALID_API_KEY 401	API key format is invalid
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue

Get Payment Method by ID

This endpoints returns the corresponding Payment Method that matches the provided ID.

Endpoint: Get Payment Method by ID

GET https://api.xendit.co/v2/payment_methods/:id

Get Payment Method Request

Example Get Payment Method by ID Request

curl https://api.xendit.co/v2/payment_methods/pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' 

Header	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Path Parameter	Type	Description
id required	string	Primary identifier for the Payment Method object. This starts with the prefix pm-.

Get Payment Method by ID Response

Example Get Payment Method by ID Response

{
  "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
  "card": null,
  "type": "DIRECT_DEBIT",
  "status": "ACTIVE",
  "actions": [],
  "country": "ID",
  "created": "2022-08-12T13:30:26.579048Z",
  "ewallet": null,
  "qr_code": null,
  "updated": "2022-08-12T13:30:58.908220358Z",
  "metadata": null,
  "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
  "description": null,
  "reusability": "MULTIPLE_USE",
  "direct_debit": {
      "type": "DEBIT_CARD",
      "debit_card": {
          "mobile_number": "+62818555988",
              "card_last_four": "8888",
              "card_expiry": "06/24",
              "email": "email@email.com"
      },
      "bank_account": null,
      "channel_code": "BRI",
      "channel_properties": {
          "mobile_number": "+62818555988",
          "card_last_four": "8888",
          "card_expiry": "06/24",
          "email": "test.email@xendit.co"
      }
  },
  "failure_code": null,
  "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
  "virtual_account": null,
  "over_the_counter": null,
  "billing_information": null,
  "direct_bank_transfer": null,
  "business_id": "5f27a14a9bf05c73dd040bc8"
}

A successful Payment Method retrieval returns the matching Payment Method Object with an HTTP 200 status code.

Get Payment Method by ID Errors

Error Code	Description
INVALID_API_KEY 401	API key format is invalid
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DATA_NOT_FOUND 404	The provided id did not match any of our records
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue

List Payments by Payment Method ID

This endpoints returns a list of matching Payment objects made on a Payment Method.

Each unique query string parameter is AND-ed to each other.

Endpoint: List Payments by Payment Method ID

GET https://api.xendit.co/v2/payment_methods/:id/payments

List Payments by Payment Method ID Request

Example List Payments by Payment Method ID Request

curl https://api.xendit.co/v2/payment_methods/pm-a327c780-66f0-4eb0-aa92-277afdf777c6/payments -X GET \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' 

Header	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Path Parameter	Type	Description
id required	string	Primary identifier for the Payment Method object. This starts with the prefix pm-.

Query String Parameter	Type	Description
payment_request_id optional	string	Retrieve payments made via this payment_request_id
reference_id optional	string	Retrieve payments that match the provided reference_id
status optional	string	Retrieve payments with the provided status Accepted values: SUCCEEDED FAILED PENDING
limit optional	number	Maximum number of resources to be returned in the response. Use after_id and before_id to navigate to other resources. Default: 10
after_id optional	string	Retrieve all resources created after the provided after_id
before_id optional	string	Retrieve all resources created before the provided before_id
created[gte] optional	string	Retrieve all resources created after or on the the provided UTC+0 ISO 8601 timestamp
created[lte] optional	string	Retrieve all resources created before or on the the provided UTC+0 ISO 8601 timestamp
updated[gte] optional	string	Retrieve all resources updated after or on the the provided UTC+0 ISO 8601 timestamp
updated[lte] optional	string	Retrieve all resources updated before or on the the provided UTC+0 ISO 8601 timestamp

List Payments by Payment Method ID Response

Example List Payments by Payment Method ID Success Response

{
  "data": [
      {
        "id": "qrpy_0de1622b-677c-48c5-ac8c-ea1b9636c48f",
        "amount": 10000,
        "status": "SUCCEEDED",
        "channel_properties": null,
        "country": "ID",
        "created": "2022-09-22T09:05:29.649418Z",
        "currency": "IDR",
        "customer_id": null,
        "description": null,
        "failure_code": null,
        "metadata": null,
        "payment_method": {
            "type": "QR_CODE",
            "card": null,
            "description": null,
            "direct_bank_transfer": null,
            "direct_debit": null,
            "ewallet": null,
            "id": "pm-a327c780-66f0-4eb0-aa92-277afdf777c6",
            "metadata": null,
            "over_the_counter": null,
            "qr_code": {
                "amount": 10000,
                "channel_code": "QRIS",
                "channel_properties": {
                "qr_string": "some-random-qr-string"
                },
                "currency": "IDR"
            },
            "reference_id": "a4486137-7624-4b34-b879-16cbbfc1a032",
            "reusability": "ONE_TIME_USE",
            "status": "EXPIRED",
            "virtual_account": null,
            "created": "2022-09-22T09:03:39.197475Z",
            "updated": "2022-09-22T09:03:39.197475Z"
        },
        "payment_request_id": "pr-b33ecb15-c8e6-455c-9b1b-84612b6fd13b",
        "reference_id": "a4486137-7624-4b34-b879-16cbbfc1a032",
        "created": "2022-09-22T09:05:30.452Z",
        "updated": "2022-09-22T09:05:29.649418Z"
    }
  ],
  "has_more": false,
  "links": [
    {
      "href": "/v2/payment_methods/pm-a327c780-66f0-4eb0-aa92-277afdf777c6/payments",
      "rel": "first",
      "method": "GET"
    }
  ]
}

Body Parameter	Type	Description
data required	array of objects	Returns an array of matching Payment Objects. Returns empty array when there is no result.
has_more required	boolean	Indicates whether there are more items to be queried with after_id of the last item from the current result.
links optional	object	The links to the next page based on HATEOAS if there is next result. The HATEOAS format are: href: URI of target, this will be to the next link. rel: The relationship between source and target. The value will be next. method: The HTTP method, the value will be GET.

List Payment Methods Errors

Error Code	Description
INVALID_API_KEY 401	API key format is invalid
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DATA_NOT_FOUND 404	The provided id did not match any of our records
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue

Update Payment Method

This endpoint is used to update specific information of a particular payment method.

Endpoint: Update Payment Method

PATCH https://api.xendit.co/v2/payment_methods/:id

Update Payment Method Request

Example Update Payment Method Request

curl https://api.xendit.co/v2/payment_methods/pm-4c85fd2c-29da-4bc4-b642-064a42727d89 -X PATCH \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \
   --data-raw '{
      "over_the_counter": {
        "channel_properties": {
          "expires_at": "2022-08-29T09:12:33.001Z",
        }
      },
}' \

Header	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Path Parameter	Type	Description
id required	string	Primary identifier for the Payment Method object. This starts with the prefix pm-.

Request Body Parameter	Type	Description
reference_id optional	string	Merchant-provided identifier for this payment method. For OVER_THE_COUNTER, QR_CODE, and VIRTUAL_ACCOUNT, this will be extended to the actual payments made. Maximum length: 255 characters
description optional	string	Free-text field for any additional information regarding the payment method. Maximum length: 255 characters
metadata optional	object	A free-format JSON for additional information that you may use. Object can be up to 50 keys, with key names up to 40 characters long and values up to 500 characters long.
status optional	object	Desired new status of the payment method. This is used for temporarily disable/enable a certain payment method. Only toggle from ACTIVE to INACTIVE and vice versa is supported.
reusability optional	object	Only supported for select VIRTUAL_ACCOUNT channels. Describes whether or not the payment method can be reused for subsequent payments without going through the same linking process again. Accepted values: ONE_TIME_USE - Payment method is expired after one successful payment. MULTIPLE_USE - Payment method is tokenized and may be reused for subsequent payments.
over_the_counter optional	object	For type='OVER_THE_COUNTER', the following properties may be updated: Key Value amount optional number Expected and accepted amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. PHP - Supports up to two decimal places. If amount is not provided, the corresponding payment code will accept any amount as payment (open amount). channel_properties optional object Object that contains the information to generate a valid payment code Key Value customer_name optional string Complete name of the payor. May be used by the channel partner to verify their identity. Must contain letters and space only. expires_at optional ISO 8601 string The date and time in ISO 8601 UTC+0 when the payment code will be expired. Default: The default validity period will be 31 years for Indonesian channels and 2 days for Philippine channels from creation date. Note: The minimum is 2 hours and the maximum is 9 days for 7ELEVEN
virtual_account optional	object	For type='VIRTUAL_ACCOUNT', the following properties may be updated: Key Value amount optional number Expected and accepted amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. If amount is not provided, the corresponding virtual account will accept any amount as payment (open amount). channel_properties optional object Object that contains the information to generate a valid payment code Key Value suggested_amount optional number The suggested amount you want to be displayed on the partner channel's platform Note: Suggested amount is the amount that can seen as a suggestion, but user can still put any number (only supported for MANDIRI and BRI) expires_at optional ISO 8601 string The date and time in ISO 8601 UTC+0 when the virtual account number will be expired. Default: The default expiration date will be 31 years from creation date.

Update Payment Method Response

Example Update Payment Method Response

{
  "id": "pm-4c85fd2c-29da-4bc4-b642-064a42727d89",
  "type": "OVER_THE_COUNTER",
  "reusability": "MULTIPLE_USE",
  "customer_id": null,
  "business_id": "5f27a14a9bf05c73dd040bc8",
  "status": "PENDING",
  "country": "PH",
  "description": null,
  "actions": [],
  "ewallet": null,
  "direct_debit": null,
  "over_the_counter": {
    "channel_code": "7ELEVEN_CLIQQ",
    "currency": "PHP",
    "amount": 1000,
    "channel_properties": {
      "customer_name": "John Doe",
      "payment_code": "12345678",
      "expires_at": "2022-08-29T09:12:33.001Z"
    }
  },
  "virtual_account": null,
  "qr_code": null,
  "reference_id": "371d8a6e-587c-4789-bea5-fac4319b2409",
  "created": "2020-08-29T09:12:33.001Z",
  "updated": "2020-08-29T09:12:33.001Z",
  "metadata": {
    "sku": "ABCDEFGH"
  }
}

The updated Payment Method Object with an HTTP 200 status code.

Update Payment Method Errors

Error Code	Description
API_VALIDATION_ERROR 400	There is invalid input in one of the request fields or a required field was not filled out
INVALID_API_KEY 401	API key format is invalid
FEATURE_NOT_SUPPORTED 403	A certain feature being accessed is not supported
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DATA_NOT_FOUND 404	The provided id did not match any of our records
DUPLICATE_ERROR 409	There's an already existing record with the provided details
IDEMPOTENCY_ERROR 409	The same Idempotency-key was provided with a different payload
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue
CHANNEL_UNAVAILABLE 503	The payment channel requested is currently experiencing unexpected issues. The eWallet provider will be notified to resolve this issue

Expire Payment Method

This API is used to force expiry or revoke authorization to an active payment method. For VIRTUAL_ACCOUNT and OVER_THE_COUNTER, this will also set the expires_at to the time the expiration request was made. For DIRECT_DEBIT with KTB as channel_code, required confirmation from end users.

Endpoint: Expire Payment Method

POST https://api.xendit.co/v2/payment_methods/:id/expire

Endpoint: Expire Direct Debit KTB Payment Method

POST https://api.xendit.co/v2/payment_methods/:id/expire?success_return_url=https://your-redirect-website.com/success&failure_return_url=https://your-redirect-website.com/failure

Expire Payment Method Request

Example Expire Payment Method Request

curl https://api.xendit.co/v2/payment_methods/pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a/expire -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \

Header	Type	Description
idempotency-key optional	string	Provided to prevent duplicate requests. Can be equal to any UUID. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Note: Max 100 characters
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Path Parameter	Type	Description
id required	string	Primary identifier for the Payment Method object. This starts with the prefix pm-.

Query String Parameter	Type	Description
success_return_url	string	URL where the end customer is redirected if the unlinking authorization is successful. Required if the payment method is direct debit and the channel is KTB.
failure_return_url	string	URL where the end customer is redirected if the unlinking authorization is failed. Required if the payment method is direct debit and the channel is KTB.

Expire Payment Method Response

Example Expire Payment Method Success Response

{
    "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
    "card": null,
    "type": "DIRECT_DEBIT",
    "status": "EXPIRED",
    "actions": [],
    "country": "PH",
    "created": "2022-08-12T13:30:26.579048Z",
    "ewallet": null,
    "qr_code": null,
    "updated": "2022-08-12T13:30:58.908220358Z",
    "metadata": null,
    "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
    "description": null,
    "reusability": "MULTIPLE_USE",
    "direct_debit": {
        "type": "BANK_ACCOUNT",
        "debit_card": null,
        "bank_account": {
            "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
            "masked_bank_account_number": "XXXXXX1234"
        },
        "channel_code": "BPI",
        "channel_properties": {
            "failure_return_url": "https://your-redirect-website.com/failure",
            "success_return_url": "https://your-redirect-website.com/success"
        }
    },
    "failure_code": null,
    "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
    "virtual_account": null,
    "over_the_counter": null,
    "billing_information": null,
    "direct_bank_transfer": null,
    "business_id": "5f27a14a9bf05c73dd040bc8"
}

Example Expire Direct Debit KTB Payment Method REQUIRES_ACTION Response

{
    "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485b",
    "card": null,
    "type": "DIRECT_DEBIT",
    "status": "REQUIRES_ACTION",
    "actions": [
        {
            "action": "AUTH",
            "url": "https://link-web.xendit.co/oauth/lat-aa620619-124f-41db-995b-66a52abe036a/confirm_unlink",
            "url_type": "WEB",
            "method": "GET"
        }
    ],
    "country": "TH",
    "created": "2022-08-12T13:30:26.579048Z",
    "ewallet": null,
    "qr_code": null,
    "updated": "2022-08-12T13:30:58.908220358Z",
    "metadata": null,
    "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
    "description": null,
    "reusability": "MULTIPLE_USE",
    "direct_debit": {
        "type": "BANK_ACCOUNT",
        "debit_card": null,
        "bank_account": {
            "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
            "masked_bank_account_number": "XXXXXX1234"
        },
        "channel_code": "KTB",
        "channel_properties": {
            "failure_return_url": "https://your-redirect-website.com/failure",
            "success_return_url": "https://your-redirect-website.com/success",
            "mobile_number": "",
            "identity_document_number": ""
        }
    },
    "failure_code": null,
    "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8b",
    "virtual_account": null,
    "over_the_counter": null,
    "billing_information": null,
    "direct_bank_transfer": null,
    "business_id": "5f27a14a9bf05c73dd040bc9"
}

Returns a Payment Method Object with an HTTP 200 status code.

Expire Payment Method Errors

Error Code	Description
API_VALIDATION_ERROR 400	There is invalid input in one of the request fields or a required field was not filled out
INVALID_API_KEY 401	API key format is invalid
FEATURE_NOT_SUPPORTED 403	A certain feature being accessed is not supported
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DATA_NOT_FOUND 404	The provided id did not match any of our records
IDEMPOTENCY_ERROR 409	The same Idempotency-key was provided with a different payload
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue
CHANNEL_UNAVAILABLE 503	The payment channel requested is currently experiencing unexpected issues. The eWallet provider will be notified to resolve this issue

Callback: Payment Method Activated

This callback is triggered when a particular Payment Method has been successfully created and can be used for payments.

Note: Make sure that you have a callback URL registered in the Payment Method field in your Dashboard settings.

Callback Payload

Example: Payment Method Activated Callback Payload

{

    "event": "payment_method.activated",
    "data": {
        "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
        "card": null,
        "type": "DIRECT_DEBIT",
        "status": "ACTIVE",
        "actions": [],
        "country": "PH",
        "created": "2022-08-12T13:30:26.579048Z",
        "ewallet": null,
        "qr_code": null,
        "updated": "2022-08-12T13:30:58.908220358Z",
        "metadata": null,
        "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
        "description": null,
        "reusability": "MULTIPLE_USE",
        "direct_debit": {
            "type": "BANK_ACCOUNT",
            "debit_card": null,
            "bank_account": {
                "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
                "masked_bank_account_number": "XXXXXX1234"
            },
            "channel_code": "BPI",
            "channel_properties": {
                "failure_return_url": "https://your-redirect-website.com/failure",
                "success_return_url": "https://your-redirect-website.com/success"
            }
        },
        "failure_code": null,
        "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
        "virtual_account": null,
        "over_the_counter": null,
        "billing_information": null,
        "direct_bank_transfer": null
    },
    "created": "2022-08-12T13:30:59.074277334Z",
    "business_id": "5f27a14a9bf05c73dd040bc8"
}

Header Parameters

Header Parameter	Type	Description
x-callback-token required	string	Your Xendit unique callback token to verify the origin of the callback
webhook-id required	string	A unique identifier of every webhook to help you to handle double callback by implementing idempotency. When you receive the same webhook-id twice, treat the subsequent request as duplicate and reject the webhook accordingly to prevent double webhook

Body Parameter	Type	Description
event required	string	Identifies the event that triggered a notification to the merchant - payment_method.activated
business_id required	string	Business ID of the merchant
created required	string	ISO 8601 Timestamp for callback notification creation. Timezone UTC+0.
data optional	object	Payment Method object with status ACTIVE

Callback: Payment Method Expired

This callback is triggered when a particular Payment Method has expired and will be unusable for payment transactions.

Note: Make sure that you have a callback URL registered in the Payment Method field in your Dashboard settings.

Callback Payload

Example: Payment Method Expired Callback Payload

{
    "event": "payment_method.expired",
    "data": {
        "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
        "card": null,
        "type": "DIRECT_DEBIT",
        "status": "EXPIRED",
        "actions": [],
        "country": "PH",
        "created": "2022-08-12T13:30:26.579048Z",
        "ewallet": null,
        "qr_code": null,
        "updated": "2022-08-12T13:30:58.908220358Z",
        "metadata": null,
        "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
        "description": null,
        "reusability": "MULTIPLE_USE",
        "direct_debit": {
            "type": "BANK_ACCOUNT",
            "debit_card": null,
            "bank_account": {
                "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
                "masked_bank_account_number": "XXXXXX1234"
            },
            "channel_code": "BPI",
            "channel_properties": {
                "failure_return_url": "https://your-redirect-website.com/failure",
                "success_return_url": "https://your-redirect-website.com/success"
            }
        },
        "failure_code": null,
        "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
        "virtual_account": null,
        "over_the_counter": null,
        "billing_information": null,
        "direct_bank_transfer": null
    },
    "created": "2022-08-12T13:30:59.074277334Z",
    "business_id": "5f27a14a9bf05c73dd040bc8"
}

Header Parameters

Header Parameter	Type	Description
x-callback-token required	string	Your Xendit unique callback token to verify the origin of the callback
webhook-id required	string	A unique identifier of every webhook to help you to handle double callback by implementing idempotency. When you receive the same webhook-id twice, treat the subsequent request as duplicate and reject the webhook accordingly to prevent double webhook

Body Parameter	Type	Description
event required	string	Identifies the event that triggered a notification to the merchant - payment_method.expired
business_id required	string	Business ID of the merchant
created required	string	ISO 8601 Timestamp for callback notification creation. Timezone UTC+0.
data optional	object	Payment Method object with status EXPIRED

Callback: Payment Method Failed

This callback is triggered when a particular Payment Method has failed during authentication/authorization.

Note: Make sure that you have a callback URL registered in the Payment Method field in your Dashboard settings.

Callback Payload

Example: Payment Method Failed Callback Payload

{
    "event": "payment_method.failed",
    "data": {
        "id": "pm-d15e011d8-d238-47f6-8041-4a0fe1cc78f0",
        "type": "CARD",
        "status": "FAILED",
        "card": {
            "currency": "PHP",
            "card_information": {
                "type": "UNKNOWN",
                "issuer": "UNKNOWN",
                "country": "US",
                "network": "VISA",
                "token_id": "7ac5069c3e52ececb8e0d7302002a739",
                "expiry_year": "2023",
                "fingerprint": "bdf256307a23088dbd41cf9668a7c95a",
                "expiry_month": "11",
                "cardholder_name": null,
                "masked_card_number": "450159XXXXXX6146"
            },
            "channel_properties": {
                "failure_return_url": "https://your-redirect-website.com/failure",
                "success_return_url": "https://your-redirect-website.com/success",
                "skip_three_d_secure": false
            },
            "card_verification_results": {
                "cvv_result": null,
                "three_d_secure": {
                    "eci_code": "07",
                    "three_d_secure_flow": "CHALLENGE",
                    "three_d_secure_result": "FAILED",
                    "three_d_secure_version": "1.0.2",
                    "three_d_secure_result_reason": "REJECTED"
                },
                "address_verification_result": null
            }
        },
        "actions": [],
        "country": "PH",
        "created": "2022-09-06T05:36:09.674547Z",
        "ewallet": null,
        "qr_code": null,
        "updated": "2022-09-06T05:36:26.158740637Z",
        "metadata": {},
        "customer_id": "15e011d8-d238-47f6-8041-4a0fe1cc78f0",
        "description": "Card Failure",
        "reusability": "MULTIPLE_USE",
        "direct_debit": null,
        "failure_code": "AUTHENTICATION_FAILED",
        "reference_id": "ec13dd21-8e14-4a4f-ab0e-727a2b977e50",
        "virtual_account": null,
        "over_the_counter": null,
        "billing_information": null,
        "direct_bank_transfer": null
    },
    "created": "2022-09-06T05:36:26.166166474Z",
    "business_id": "5f27a14a9bf05c73dd040bc8"
}

Header Parameters

Header Parameter	Type	Description
x-callback-token required	string	Your Xendit unique callback token to verify the origin of the callback
webhook-id required	string	A unique identifier of every webhook to help you to handle double callback by implementing idempotency. When you receive the same webhook-id twice, treat the subsequent request as duplicate and reject the webhook accordingly to prevent double webhook

Body Parameter	Type	Description
event required	string	Identifies the event that triggered a notification to the merchant - payment_method.failed
business_id required	string	Business ID of the merchant
created required	string	ISO 8601 Timestamp for callback notification creation. Timezone UTC+0.
data optional	object	Payment Method object with status FAILED. See the Failure Code table below to see the possible values of failure_code.

Failure Code	Description
ACCOUNT_ACCESS_BLOCKED	End customer bank account has been blocked, end user should contact the bank for resolution.
CHANNEL_UNAVAILABLE	The partner channel cannot be reached or currently having a downtime
DUPLICATE_ERROR	There's an existing record of linking the same underlying account for the provided customer_id OR Virtual Account Number/Payment Code already exists
MAX_ACCOUNT_LINKING	Partner channel blocked the linking because the underlying account has been linked to the maximum number allowed by the channel.
SERVER_ERROR	An unexpected error occured. Our team has been notified and will troubleshoot the issue.
PAYMENT_METHOD_ALREADY_EXISTS	An active Payment Method with the same customer_id, channel_code for that merchant already exists.

Payment Requests

Payment Requests initializes the actual payment transaction to an underlying Payment Method.

Calling the Create Payment Request API directly creates a corresponding Payment Method object automatically in the background.

For Over-the-Counter, QR Codes, and Virtual Accounts, ACTIVE Payment Methods are able to accept payments without a Payment Request.

A Payment callback will be received for any successful or failed initialized transaction.

Payment Request Object

Payment Request Object Example

{
    "id": "pr-76aca7a8-da92-4480-b97a-1c44b05d132d",
    "reference_id": "15bafc7c-b5ea-484b-a151-41d60bb1e964",
    "business_id": "5f27a14a9bf05c73dd040bc8",
    "currency": "IDR",
    "amount": 10000,
    "country": "ID",
    "payment_method": {
        "id": "pm-f77e73c7-ade1-45bf-8aa8-bc320124877c",
        "type": "CARD",
        "reference_id": "ed9061ee-0f0e-4086-b6b9-5282a30fadf3",
        "description": "Card Transaction",
        "created": "2022-09-13T02:14:31.096959Z",
        "updated": "2022-09-13T02:14:31.318608Z",
        "card": {
            "currency": "IDR",
            "channel_properties": {
                "skip_three_d_secure": null,
                "success_return_url": "https://your-redirect-website.com/success",
                "failure_return_url": "https://your-redirect-website.com/failure",
                "cardonfile_type": null
            },
            "card_information": {
                "token_id": "8b8b6ff69cf169c534a828fbce61e0a2",
                "masked_card_number": "400000XXXXXX1091",
                "cardholder_name": "Test Person",
                "expiry_month": "10",
                "expiry_year": "2026",
                "fingerprint": "c5fdf4f5e775ac60ced4447857c3e9ef",
                "type": "CREDIT",
                "network": "VISA",
                "country": "ID",
                "issuer": "BRI"
            },
            "card_verification_results": null
        },
        "ewallet": null,
        "direct_debit": null,
        "direct_bank_transfer": null,
        "over_the_counter": null,
        "virtual_account": null,
        "qr_code": null,
        "metadata": {},
        "reusability": "ONE_TIME_USE",
        "status": "ACTIVE"
    },
    "description": null,
    "metadata": null,
    "customer_id": null,
    "created": "2022-09-13T02:14:37.192601423Z",
    "updated": "2022-09-13T02:14:37.192601423Z",
    "status": "PENDING",
    "actions": [],
    "failure_code": null,
    "capture_method": "AUTOMATIC",
    "initiator": "CUSTOMER",
    "card_verification_results": null,
    "channel_properties": {
        "skip_three_d_secure": true
    },
    "shipping_information": null
}

Body Parameter	Type	Description
id required	string	Unique identifier for the payment request. This has a prefix of pr-. Example: pr-6d1c8be4-f4d9-421c-9f0b-ab3b2b6bbc39
business_id required	string	Xendit-generated identifier for the business that owns the transaction
customer_id nullable	string	ID of the customer object to which the account token will be linked to
reference_id nullable	string	Identifier provided by the merchant or automatically generated by Xendit if it was not provided. Maximum length: 255 characters
currency required	string	ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Possible values: IDR PHP THB
amount nullable	number	Authorized amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. PHP - Supports up to two decimal places. If amount is not provided, the corresponding payment method will accept any amount as payment (open amount). (Applicable only for OVER_THE_COUNTER and VIRTUAL_ACCOUNT)
capturable_amount nullable	number	Remaining amount that can be captured. Decimal places support varies per currency: IDR - Only supports positive integers. PHP - Supports up to two decimal places. If amount is not provided, the corresponding payment method will accept any amount as payment (open amount). (Applicable only for OVER_THE_COUNTER and VIRTUAL_ACCOUNT)
country required	string	2-letter ISO 3166-2 country code indicating country of transaction. This is also be used as indicator for channels that are present in multiple markets (e.g. SHOPEEPAY).
status required	string	Status of the payment method. Possible values: REQUIRES_ACTION - The request passed validation but requires additional steps in order to complete the payment. Typical actions are for merchant to trigger OTP validation or redirect your customer to an authentication page. PENDING - The transaction passed initial validation and the payment channel is currently processing the transaction. SUCCEEDED - The payment was successfully completed. FAILED - The payment request failed. See failure_code for the specific reason why the transaction failed. AWAITING_CAPTURE - The payment request is eligible for manual capture and is awaiting the trigger of the manual Capture API.
description nullable	string	Free-text field for any additional information regarding the payment method. Maximum length: 255 characters
payment_method required	object	Corresponding Payment Method created or used for the Payment Method. Note: customer_id, currency, and amount are moved to the root level of the Payment Request object.
actions required	object array	If status=REQUIRES_ACTION, this contains objects that detail the possible next steps in order to complete a payment. Only one of the provided actions is required to be fulfilled. If no further action is needed, this parameter will be an empty array []. Each object will have the following properties: Key Value method required string HTTP method for calling the url. Possible values: GET POST url_type required string Type of url for the specific action. Possible values: API - The provided url is a server-side API, merchant will need to provide necessary information to the API WEB - The provided redirect url is optimized for desktop or web interface. This can also be used if no MOBILE url is provided. Merchant will need to redirect their end user to this page to complete payment authentication. MOBILE - The provided redirect url is optimized for mobile devices. Merchant will need detect the mobile device and redirect their end user to this page to complete payment authentication. DEEPLINK - The provided redirect url utilizes deep linking to the channel partner’s platform. Merchant will need detect the mobile device and redirect their end user to this page to complete payment authentication. action required string Describes the purpose the corresponding action Possible values: AUTH - Trigger this action in order to authorize linking or payment. RESEND_AUTH - Trigger this action in order to resend the authorization code to the end-customer. url required string The generated URL to hit in order to perform the action
capture_method nullable	string	Describes when the funds are captured. Defaults to AUTOMATIC Possible values: AUTOMATIC MANUAL - Only supported for payment method type CARD
initiator required	string	Identifies whether the payment is initiated by the end-customer or the merchant. Defaults to CUSTOMER Possible values: CUSTOMER - The transaction was initiated by the payor MERCHANT - The transaction was initiated by the merchant
channel_properties nullable	object	Specific settings applied to the payment request, overwriting the ones in the Payment Method object. For multiple use OVO, and SHOPEEPAY (ID): Key Value redeem_points nullable string Indicates whether or not to use the Payment Method's points_balance in the transaction Possible values: REDEEM_NONE - No points will be used REDEEM_ALL - points will be used to offset payment amount before cash balance is used. REDEEM_ALL can only be used when approved by OVO for promotions. For SHOPEEPAY (ID), only up to 50% of the transaction amount (rounded down) can be paid using SHOPEEPAY coins. Default value: REDEEM_NONE success_return_url nullable string URL where the end-customer is redirected if the authorization is successful For PAYMAYA: Key Value success_return_url nullable string URL where the end-customer is redirected if the authorization is successful failure_return_url nullable string URL where the end-customer is redirected if the authorization failed cancel_return_url nullable string URL where the end-customer is redirected if the authorization has been cancelled. End-customer can retry payment on the same link within 15 minutes. For BRI Direct Debit: Key Value require_auth nullable string Toggle used to require end-customer to input undergo OTP validation before completing a payment. true false Default value: true For BPI, UBP, RCBC, CHINABANK Direct Debit: Key Value success_return_url nullable string URL where the end-customer is redirected if the authorization is successful failure_return_url nullable string URL where the end-customer is redirected if the authorization failed For SCB and BBL Direct Debit: Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful failure_return_url required string URL where the end-customer is redirected if the authorization failed mobile_number required string Registered mobile number of the end-customer to the channel partner in E.164 Format. For KTB and BAY Direct Debit: Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful failure_return_url required string URL where the end-customer is redirected if the authorization failed mobile_number required string Registered mobile number of the end-customer to the channel partner in E.164 Format. identity_document_number required number The account holder's ID Card number or passport number. For CARD: Key Value skip_three_d_secure required boolean To indicate whether to perform 3DS on the payment request Defaults to false success_return_url nullable string URL where the end-customer is redirected if the linking is successful. Required when skip_three_d_secure = false. This will be null if not applicable. failure_return_url nullable string URL where the end-customer is redirected if the linking has failed. Required when skip_three_d_secure = false. This will be null if not applicable. merchant_id_tag nullable string Tag for the Merchant ID that you want to associate this payment with. This is for merchants using their own MIDs to specify which MID they want to use cardonfile_type nullable string Type of “credential-on-file” / “card-on-file” / COF payment for subsequent usage. Indicates future card-on-file usage. If you intend for a card to be used for future COF transactions, then this value must be included so that Xendit can inform the processors of this setup, and then after that on every transaction following the first transaction. Default: CUSTOMER_UNSCHEDULED Possible values: CUSTOMER_UNSCHEDULED - If you intend to use this Payment Method to perform future COF payments that do not follow a schedule. Example: simple “save card for future checkout” eCommerce flow, the future payments would always be CUSTOMER_UNSCHEDULED MERCHANT_UNSCHEDULED - If you intend to use this Payment Method to perform future COF payments initiated without customer interaction and do not follow a schedule Example: auto top-up payment flow RECURRING - If you intend to use this Payment Method to process a series of transactions at fixed, regular intervals. Example: Subscriptions Notes: In order to process MERCHANT_UNSCHEDULED and RECURRING card-on-file transaction types: Aggregator Merchant will need to be allowed to perform transaction without 3DS, please check this guide for self-serve or contact Xendit representative for enabling 3DS as optional Switcher Merchant with their own acquiring bank MID will need to have MID for non 3DS transactions and support recurring configured by the acquirer.
shipping_information nullable	object	Object containing the payor's shipping address. Key Value country required string 2-letter ISO 3166-2 country code for the customer’s shipping country street_line1 nullable string Building name and apartment unit number street_line2 nullable string Building street address city nullable string City, village or town as appropriate province_state nullable string Either one of (whichever is applicable): Geographic area, province, or region Formal state designation within country postal_code nullable string Postal, zip or rural delivery code, if applicable
card_verification_results nullable	object	This is only applicable for CARD transactions. This contains the results of various checks done to verify the transaction such as CVV, and AVS. Key Value three_d_secure nullable object Only applicable for Payment Requests when 3DS is performed Indicates the result of any 3DS transaction initiated when Payment Request creation is performed using 3DS. Note that each 3DS transaction performed using a unique Payment Method will be unique and may have a different three_ds_result unique for each Payment Request. Key Value three_d_secure_flow required string Whether the 3DS transaction went through a frictionless or challenge flow. Possible values: FRICTIONLESS - 2FA was not required CHALLENGE - 2FA was required via OTP or other means eci_code required string Electronic Commerce Indicator (ECI) is a number that indicates the level of security that was used when obtaining the customer’s payment credentials. An ECI is included as part of the authorization request for each transaction. Possible values: 00 - Unable to authenticate (Mastercard) 01 - Authentication attempted (Mastercard) 02 - Successful authentication (Mastercard) 05 - Successful authentication (Visa, AMEX, JCB) 06 - Authentication attempted (Visa, AMEX, JCB) 07 - Unable to authenticate (Visa, AMEX, JCB) three_d_secure_result required string The result of the 3DS authentication. Possible values: SUCCESSFUL [ECI 02 / 05] - 3DS authentication was successful. Liability shift available. ATTEMPTED [ECI 01 / 06] - 3DS authentication was attempted, but not completed. This could be due to either: issuer does not support 3DS, issuer supports 3DS but card not enabled for 3DS, or issuer 3DS server experiencing an outage. In most cases, liability shift is available FAILED [ECI 00 / 07] - 3DS authentication failed. Liability shift not available. authorization request must not be submitted. NOT_AVAILABLE [No ECI code being returned] - 3DS could not be performed on this card. In most cases, you can proceed to authorization request but liability shift will not be available. PROCESSING_ERROR [No ECI code being returned] - An issue occurred with the issuer’s 3DS server or with the card processor, and no proof of any 3DS attempt can be provided. In most cases, liability shift will not be available. three_d_secure_version nullable string Indicates the 3DS version. Possible values: null - if no 3DS version returned by the processor 1.0.x - 3DS version 1.0, the basic version. From 2021 onwards, high chance that there will be no chargeback liability shift for payments using 3DS 1.0. 2.1.x - Minimum version returned for EMV 3DS. Frictionless authentication is possible. 2.2.x - Upgraded version returned for EMV 3DS. Returned if more advanced authentication methods are used, such as biometrics. cvv_result nullable Indicates the result from verifying the Card Validation Value / Card Validation Code (CVV / CVC) when creating the Payment Method / token. Possible values: MATCHED - CVV entered matched issuer’s records. NOT_MATCHED - CVV entered did not match issuer’s records. Try entering the CVV again or a different card. NOT_PROCESSED - CVV entered was not processed, for an unspecified reason. Try repeating the transaction and re-entering the CVV. NOT_INCLUDED - CVV exists on the card but was not included in the request VALIDATION_FAILED - CVV entered failed data validation. Try repeating the transaction and re-entering the CVV. SUSPICIOUS_TRANSACTION - The transaction was considered suspicious by the issuer. Try a different card. NOT_SUPPORTED - CVV verification is not supported by the issuer, card association, or processor. UNKNOWN_FROM_PROCESSOR - Unrecognized or no result code returned by processor. address_verification_result nullable Only applicable for cards issued in USA, CAN or the UK. Indicates the result from verifying the street address and zip code provided when creating the Payment Request. Possible values: MATCHED - Street address and zip code match. NOT_MATCHED - Street address and zip code entered do not match issuer’s records. Try repeating the transaction and re-entering the address and zip. NOT_MATCHED_NAME - Street address and zip code entered match issuer’s records, but not cardholder name. Try repeating the transaction and re-entering the cardholder name. PARTIAL_MATCH_ADDRESS - Street address entered matches issuer’s records, but not the zip code. Try repeating the transaction and re-entering the zip and/or cardholder name. PARTIAL_MATCH_ZIP - Zip code entered matches issuer’s records, but not the street address. Try repeating the transaction and re-entering the address and/or cardholder name. PARTIAL_MATCH_NAME - Cardholder name entered matches issuer’s records, but not the street address and zip code. Try repeating the transaction and re-entering the street address and zip. INVALID - Address verification data provided was invalid, or it is not allowed for this card type. NOT_SUPPORTED - Address verification is not supported for this card NOT_AVAILABLE - The address verification system is temporarily unavailable. Try repeating the transaction again later. UNKNOWN_FROM_PROCESSOR - The processor returned an unrecognized value for the address verification response.
failure_code nullable	string	If the status of the transaction is FAILED, this describes the reason for failure. Will be null if the transaction did not fail. See possible codes here.
created required	string	ISO 8601 Timestamp for Payment Request object creation. Timezone UTC+0
updated required	string	ISO 8601 Timestamp for latest Payment Request object update. Timezone UTC+0
metadata nullable	object	User defined object with JSON properties and values passed in during Payment Request creation.

Create Payment Request

This endpoint provides the following functionalities:

• Initializes the payment/capture process for Cards, E-wallets and Direct Debits
• Creates a payment method object along with the payment initialization

Endpoint: Create Payment Request

POST https://api.xendit.co/payment_requests

Create Payment Request Request

Example Create Payment Request Request

curl https://api.xendit.co/payment_requests -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \
   --data-raw '{
    "currency": "IDR",
    "amount": 100000,
    "payment_method": {
        "type": "EWALLET",
        "reusability": "ONE_TIME_USE",
        "ewallet": {
            "channel_code": "SHOPEEPAY",
            "channel_properties": {
                "success_return_url": "https://your-redirect-website.com/success"
            }
        }
    },
    "customer_id": "fc4c060b-3c41-4707-b7b2-df9c3376edde",
    "metadata": {
        "sku": "ABCDEFGH"
    }
}' \

Header	Type	Description
idempotency-key optional	string	Provided to prevent duplicate requests. Can be equal to any UUID. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Note: Max 100 characters
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Request Body Parameter	Type	Description
currency required	string	ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Accepted values: IDR PHP THB MYR
amount conditional	number	Expected and accepted amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. PHP - Supports up to two decimal places. THB - Supports up to two decimal places. MYR - Supports up to two decimal places. Notes: Required for payment method types CARD, EWALLET and DIRECT_DEBIT. For OVER_THE_COUNTER and VIRTUAL_ACCOUNT this will be the expected amount to be paid. If none is provided, the resulting payment instrument will accept any amount as payment. For QR_CODE, this is required for ONE_TIME_USE. For MULTIPLE_USE QR Codes, amount provided will be ignored.
reference_id optional	string	Merchant-provided identifier for this payment request. If none is provided, Xendit will randomly generate a unique reference_id. Maximum length: 255 characters
customer_id conditional	string	ID of the customer object to which the account token will be linked to. Call Create Customer to generate Customer ID. A customer_id is required for all DIRECT_DEBIT payment methods and MULTIPLE_USE EWALLETs.
country conditional	string	2-letter ISO 3166-2 country code indicating country of transaction. This is also be used as indicator for channels that are present in multiple markets (e.g. SHOPEEPAY). Accepted values: ID - Indonesia PH - Philippines
description optional	string	Free-text field for any additional information regarding the payment method. Maximum length: 255 characters
payment_method conditional	object	Note: Only one of payment_method{} or payment_method_id must be present. Respective Payment Method properties that corresponds to the chosen payment method type or channel. The request will apply the top-most values for customer_id, currency, and amount.
payment_method_id conditional	object	Note: Only one of payment_method{} or payment_method_id must be present. ID of the ACTIVE Payment Method to be used in the payment.
channel_properties optional	object	Specific settings to be applied to the transaction. This also overwrites any common parameters with the Payment Method Object. For multiple use OVO, and SHOPEEPAY (ID): Key Value redeem_points nullable string Indicates whether or not to use the Payment Method's points_balance in the transaction Possible values: REDEEM_NONE - No points will be used REDEEM_ALL - points will be used to offset payment amount before cash balance is used. REDEEM_ALL can only be used when approved by OVO for promotions. For SHOPEEPAY (ID), only up to 50% of the transaction amount (rounded down) can be paid using SHOPEEPAY coins. Default value: REDEEM_NONE success_return_url nullable string URL where the end-customer is redirected if the authorization is successful For PAYMAYA: Key Value success_return_url nullable string URL where the end-customer is redirected if the authorization is successful failure_return_url nullable string URL where the end-customer is redirected if the authorization failed cancel_return_url nullable string URL where the end-customer is redirected if the authorization has been cancelled. End-customer can retry payment on the same link within 15 minutes. For BRI Direct Debit: Key Value require_auth nullable string Toggle used to require end-customer to input undergo OTP validation before completing a payment. true false Default value: true For BPI, UBP, RCBC, CHINABANK, and FPX Channels under Direct Debit: Key Value success_return_url nullable string URL where the end-customer is redirected if the authorization is successful failure_return_url nullable string URL where the end-customer is redirected if the authorization failed For SCB and BBL Direct Debit: Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful failure_return_url required string URL where the end-customer is redirected if the authorization failed mobile_number required string Registered mobile number of the end-customer to the channel partner in E.164 Format. For KTB and BAY Direct Debit: Key Value success_return_url required string URL where the end-customer is redirected if the authorization is successful failure_return_url required string URL where the end-customer is redirected if the authorization failed mobile_number required string Registered mobile number of the end-customer to the channel partner in E.164 Format. identity_document_number required number The account holder's ID Card number or passport number.
metadata optional	object	A free-format JSON for additional information that you may use. Object can be up to 50 keys, with key names up to 40 characters long and values up to 500 characters long.

Create Payment Request Response

Example Create Payment Request Response

{
  "id": "pr-6d1c8be4-f4d9-421c-9f0b-ab3b2b6bbc39",
  "currency": "IDR",
  "amount": 100000,
  "customer_id": "fc4c060b-3c41-4707-b7b2-df9c3376edde",
  "business_id": "5f27a14a9bf05c73dd040bc8",
  "status": "REQUIRES_ACTION",
  "payment_method": {
    "id": "pm-6d1c8be4-f4d9-421c-9f0b-ab3b2b6bbc39",
    "type": "EWALLET",
    "reusability": "ONE_TIME_USE",
    "status": "ACTIVE",
    "ewallet": {
      "channel_code": "SHOPEEPAY",
      "channel_properties": {
        "success_return_url": "https://your-redirect-website.com/success",
      },
      "account": {
        "account_details": null,
        "name": null,
        "balance": null,
        "point_balance": null
      }
    },
    "direct_debit": null
  },
  "channel_properties": {
    "redeem_points": "REDEEM_NONE"
  },
  "actions": [
    {
      "action": "AUTH",
      "url_type": "WEB",
      "url": "https://link-web.xendit.co/oauth/lat-4ec01c8d-0326-4a35-bc11-b64c85f7408e/confirm",
      "method": "GET"
    }
  ],
  "created": "2020-08-29T09:12:33.001Z",
  "updated": "2020-08-29T09:12:33.001Z",
  "metadata": {
    "sku": "ABCDEFGH"
  }
}

A successful Payment Request creation returns a Payment Request Object with an HTTP 201 status code.
Listen to the payment.* callbacks for the final status of the transaction.

Create Payment Request Errors

Error Code	Description
API_VALIDATION_ERROR 400	There is invalid input in one of the request fields or a required field was not filled out
ACCOUNT_ACCESS_BLOCKED 400	Access to the underlying account or card has been blocked by the partner channel or the issuer.
CUSTOMER_NOT_FOUND_ERROR 400	The provided customer_id does not exist.
CUSTOMER_PAYMENT_METHOD_MISMATCHED 400	Error due to the customer_id provided does not have access to the provided payment method information
INVALID_ACCOUNT_DETAILS 400	The provided details were rejected by the partner channel due to incorrect information.
INVALID_PAYMENT_METHOD 400	The provided payment_method_id has already expired or is inactive
MAX_ACCOUNT_LINKING 400	The direct debit account being attempted to be linked has reached the maximum linking allowed by the partner channel.
PARTNER_CHANNEL_ERROR 400	Error received from partner channel but no reasons provided
INVALID_API_KEY 401	API key format is invalid
INVALID_MERCHANT_CREDENTIALS 401	API key format is invalid
CHANNEL_NOT_ACTIVATED 403	Request failed because this specific payment channel has not been activated through Xendit. Please activate via Xendit dashboard or our customer service
FEATURE_NOT_ACTIVATED 403	A certain feature being accessed has not yet activated. Please reach out to our customer service for further assistance.
FEATURE_NOT_SUPPORTED 403	A certain feature being accessed is not supported
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DUPLICATE_ERROR 409	There's an already existing record with the provided details
IDEMPOTENCY_ERROR 409	The same Idempotency-key was provided with a different payload
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue
PROCESSOR_CONFIGURATION_ERROR 500	Payment declined due to a problem with the merchant configuration on the Card Processor. Contact Xendit to troubleshoot the issue.
CHANNEL_UNAVAILABLE 503	The payment channel requested is currently experiencing unexpected issues. The eWallet provider will be notified to resolve this issue
OTP_DELIVERY_ERROR 503	The partner channel has failed to send the OTP to the Customer
PROCESSOR_ERROR 503	General system failure returned by the Card processor. Retry the request again after couple of minutes.
PROCESSOR_TEMPORARILY_UNAVAILABLE 503	The Card Processor appears to be temporarily unavailable. Wait for a couple minutes, then resend the request. If it fails again, Cardholder can try using a different card or other form of payment.
PROCESSOR_TIMEOUT_ERROR 503	Request was received by the processor, but there was a server timeout. Wait for a couple minutes and then retry the request.

Simulate Payments

Simulate Payments API allows you to emulate your customer behavior to pay to your payment request (i.e. Virtual Account, Over-the-counter / Retail Outlet, QR Code) in TEST mode.

A callback will be sent to your callback URL upon payment completion. Please refer to the callback section for further information about the callback that will be delivered.

Endpoint: Perform Capture Payment

POST https://api.xendit.co/v2/payment_methods/{id}/payments/simulate

Request Parameters

Example Perform Simulate Payment

curl https://api.xendit.co/v2/payment_methods/pm-b264541b-286d-4044-bac0-ace45b158bef/payments/simulate -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \
   --data-raw '{
    "amount": 507000
}' \

Header	Type	Description
idempotency-key optional	string	Provided to prevent duplicate requests. Can be equal to any UUID. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Note: Max 100 characters

Path Parameter	Type	Description
id required	string	Payment Method ID. This starts with the prefix pm-. You will get this ID from payment request's response in the payment_method object.

Body Parameter	Type	Description
amount required	number	The amount that needs to be paid. For a close amount case, the amount must be the expected amount stated in the payment request.

Response Parameters

Body Parameter	Type	Description
status required	string	The status of the request. If it successfully being processed then the status will be PENDING.
message required	string	Additional information regarding the payment simulation process

Example Simulate Payment Success Response

{
   "status": "PENDING",
   "message": "We're processing payment for payment method ID [pm-xxx] and will send you the result via callback. Please make sure you've set a callback URL in "Payment Succeeded" section in Callback settings in Xendit Dashboard. If you don't receive the callback within the next 5 minutes, please contact us."
}

Error Codes

Error Code	Description
INCORRECT_AMOUNT 400	Incorrect amount. The expected amount for this payment method is xxxx.
INACTIVE_PAYMENT_METHOD 400	Could not pay callback {payment method} that is inactive
API_VALIDATION_ERROR 400	There is invalid input in one of the required request fields
PAYMENT_METHOD_NOT_SUPPORTED 400	Simulate Payment API supports VA, OTC, and QR Payment Method. Please try again using VA/OTC/QR Payment Method ID.
REQUEST_FORBIDDEN_ERROR 403	Simulate Payment API cannot be accessed using Live API Key. Please try again using Test API Key and Payment Method ID.
INVALID_API_KEY 401	API key format is invalid.
DATA_NOT_FOUND 404	Provided payment_method_id is invalid, not found or access is unauthorized.
SERVER_ERROR 500	An unexpected error occured. Our team has been notified and will troubleshoot the issue

Capture Payment

Payment Request for Cards can be split into 2 parts - Authorization and Capture:

• An Authorization verifies the card’s validity and remaining credit/funds, then places a hold on the card for a certain amount, in real time.
  
• A Capture completes the payment and initiates the batch process of settling authorized funds from the cardholder’s issuer to the merchant’s acquirer
  

This endpoint is used to perform capture payment after proceed manual authorization. The pre-requisite of using this endpoint is to perform Create Payment Request with capture_method value == MANUAL.

Endpoint: Perform Capture Payment

POST https://api.xendit.co/payment_requests/{id}/captures

Request Parameters

Example Perform Capture Payment Request

curl https://api.xendit.co/payment_requests/pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f/captures -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \
   --data-raw '{
    "capture_amount": "15000",
    "reference_id": "capture_referenceID",
}' \

Header	Type	Description
idempotency-key optional	string	Provided to prevent duplicate requests. Can be equal to any UUID. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Note: Max 100 characters

Path Parameter	Type	Description
id required	string	Primary identifier for the Payment Request object. This starts with the prefix pr-.

Body Parameter	Type	Description
capture_amount required	number	specify amount to be captured from the authorization, amount must be exactly to authorized amount.
reference_id nullable	string	Your identifier for this specific transaction. This will be extended to the actual payment transactions.

Response Parameters

Body Parameter	Type	Description
id required	string	Identifier for the capture object. This starts with the prefix cptr-.
payment_request_id required	string	Unique identifier for the payment request. Prefix will vary according to the payment method used. This starts with the prefix pr-.
payment_id required	string	Corresponding Payment ID the Capture belongs to.
reference_id required	string	Merchant-provided identifier for this specific transaction. Will be extended to the actual payment transactions.
currency required	string	ISO 4217 three-letter code of the transaction's currency.
authorized_amount required	number	Total and original authorized amount. Decimal places support varies per currency: - IDR - Only supports whole numbers. - PHP - Supports up to two decimal places.
captured_amount required	number	Amount of the specific capture in the actual value in the provided currency. Decimal places support varies per currency: - IDR - Only supports whole numbers. - PHP - Supports up to two decimal places.
capturable_amount required	number	Remaining amount that can be captured. Decimal places support varies per currency: - IDR - Only supports whole numbers. - PHP - Supports up to two decimal places.
status required	string	Status of the Capture Possible values: SUCCEED, FAILED
payment_method required	object	The corresponding Payment Method Object used for the Payment. Please refer to this for more details.
failure_code nullable	string	If status is FAILED, this is the corresponding specific failure code.
created required	string	Timestamp when when payment was created. Format: YYYY-MM-DDTHH:mm:ssZ. Timezone: UTC+0.
updated required	string	Timestamp when when payment was updated Format: YYYY-MM-DDTHH:mm:ssZ. Timezone: UTC+0.
customer_id nullable	string	ID of the Customer Object the payment is attached to
metadata nullable	object	A free-format JSON for additional information that was provided on the corresponding payment request
channel_properties required	object	Parameters provided by the Customer when the payment was initiated.

Example Perform Capture Request Success Response

{
    "id": "cptr-f32d234d-7117-4f56-ac49-9533fb8893e5",
    "payment_request_id": "pr-d2e856d0-7892-4038-9fe6-ea6926be410c",
    "payment_id": "cc_63102f4807ecf7001a894a3c",
    "payment_method": {
        "id": "pm-dca996d1-61b5-4c7b-bad9-ad81eb6e76a3",
        "type": "CARD",
        "reference_id": "11764813-e7fa-4cbf-926e-994d46908f9b",
        "description": "Testing",
        "created": "2022-09-01T04:01:23.44455Z",
        "updated": "2022-09-01T04:01:23.44455Z",
        "card": {
            "currency": "PHP",
            "channel_properties": {
                "skip_three_d_secure": null,
                "success_return_url": "https://redirect.me/goodstuff",
                "failure_return_url": "https://redirect.me/badstuff"
            },
            "card_information": {
                "token_id": "63102e930e9558001b88d4b4",
                "masked_card_number": "400000XXXXXX1091",
                "cardholder_name": "John Doe",
                "expiry_month": "12",
                "expiry_year": "2027",
                "fingerprint": "61f632879e9e27001a8165b9",
                "type": "CREDIT",
                "network": "VISA",
                "country": "ID",
                "issuer": "BRI"
            },
            "card_verification_results": null
        },
        "ewallet": null,
        "direct_debit": null,
        "direct_bank_transfer": null,
        "over_the_counter": null,
        "virtual_account": null,
        "qr_code": null,
        "metadata": {},
        "reusability": "ONE_TIME_USE",
        "status": "EXPIRED"
    },
    "reference_id": "11764813-e7fa-4cbf-926e-994d46908f9b",
    "currency": "PHP",
    "authorized_amount": 10000,
    "captured_amount": 10000,
    "status": "SUCCEEDED",
    "failure_code": null,
    "customer_id": null,
    "metadata": null,
    "channel_properties": null,
    "created": "2022-09-01T04:04:24.869754071Z",
    "updated": "2022-09-01T04:04:24.869754071Z"
}

Error Codes

Error Code	Description
AMOUNT_MISMATCHED 400	Transaction was declined as the requested transaction amount must match the previous transaction amount. Correct the amount, then resend the request.
DUPLICATE_REFERENCE 400	reference_id sent for the auth matches to previous or of another auth sent in the last 15mins. Resend request with unique reference_id value.
EXCEEDS_CAPTURABLE_AMOUNT 400	Payment declined as the requested amount exceeds the originally authorized amount. Merchant would need to send another request with an amount within the original authorization amount or create a new authorization and capture request for the new amount.
EXPIRED_CARD 400	Expired card. This may also be received if the expiry date entered by the end customer does not match the date the issuer has on file. Cardholder can try again using the correct expiry date or use another card.
INVALID_ACCOUNT_DETAILS 400	The card number entered is invalid or using a test card number on live environment. Cardholder can try using a different card or other form of payment.
PAYMENT_REQUEST_ALREADY_FAILED 409	The payment_request_id provided has already been processed and has failed.
PAYMENT_REQUEST_ALREADY_FULLY_CAPTURED 409	Authorization amount have been fully captured by previous attempt.
PROCESSOR_CONFIGURATION_ERROR 500	Payment declined due to a problem with the merchant configuration on the processor. Contact Xendit to troubleshoot the issue.
PROCESSOR_TEMPORARILY_UNAVAILABLE 500	The processor appears to be temporarily unavailable. Wait for a couple minutes, then resend the request. If it fails again, Cardholder can try using a different card or other form of payment.
PROCESSOR_TIMEOUT_ERROR 500	Request was received by the processor, but there was a server timeout. Wait for a couple minutes and then retry the request.

Perform Capture Failure Code

Failure Code	Description
CARD_DECLINED	Payment could not be processed as the card is refused due to several reasons. Request a different card or other form of payment.
DECLINED_BY_ISSUER	The transaction was declined by the card issuer bank.
DECLINED_BY_PROCESSOR	The payment was declined by the processor.
DENIED_PERSON_LIST_MATCHED	The cardholder matched the Denied Persons List. Blacklist the customer and do not let them make further payments.
INACTIVE_OR_UNAUTHORIZED_CARD	The issuer bank declined the transaction as it is either inactive, or not authorized for online transactions. Cardholder can use another card or can try again after resolving the issue with the bank.
INSUFFICIENT_BALANCE	Insufficient balance in the cardholder's account. Cardholder can use another card or can try again after adding funds to their bank account.
INVALID_CVV	The CVV (3 or 4-digit security code) entered was either invalid or did not match the issuer’s records. Cardholder can retry the payment and enter the correct CVV. If it fails again, request a different card or other form of payment.
REJECTED_BY_ACQUIRER	Acquirer is not accepting this transaction may be due to a transaction without 3DS or deemed as high risk by the acquirer.
STOLEN_CARD	The card was declined as it has been reported stolen or lost by the cardholder. Validate the customer's authenticity and refer them to their bank.
STRONG_CUSTOMER_AUTHENTICATION_REQUIRED	The card used requires strong customer authentication to be performed. SCA (Strong Customer Authentication) is currently not supported, please try a different card.
SUSPECTED_FRAUDULENT	The payment is assessed as being high risk by xenshield, Xendit Fraud Prevention. Check the payment details on the Xendit Dashboard to see risk factors. Review the payment to confirm the risk of fraud - check with the user if possible. If you think the risk of fraud is low, Allow the card for all future transactions on the Xendit Dashboard and ask the user to retry again.

Confirm Payment Request

This endpoint only applies to BRI Direct Debit. This is only applicable for select payment DIRECT_DEBIT channels (BRI Direct Debit, BPI, RCBC, UBP, CHINABANK)

This is used when an additional authorization (ex. OTP Validation, PIN validation) is required in order to successfully activate a payment method. This is equivalent to the POST - AUTH action provided when a Payment Method has the status REQUIRES_ACTION.

Endpoint: Confirm Payment Request

POST https://api.xendit.co/payment_requests/:id/auth

Confirm Payment Request Request

Example Confirm Payment Request Request

curl https://api.xendit.co/payment_requests/pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f/auth -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \
   --data-raw '{
      "auth_code": "123456"
}' \

Header	Type	Description
idempotency-key optional	string	Provided to prevent duplicate requests. Can be equal to any UUID. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Note: Max 100 characters
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Path Parameter	Type	Description
id required	string	Primary identifier for the Payment Request object. This starts with the prefix pr-.

Request Body Parameter	Type	Description
auth_code required	string	The authorization code, OTP, or PIN inputted by the end-customer.

Confirm Payment Request Response

Example Confirm Payment Request Response

{
  "id": "pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f",
  "currency": "PHP",
  "amount": 10000,
  "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
  "business_id": "5f27a14a9bf05c73dd040bc8",
  "status": "PENDING",
  "reference_id": "a2c66ceb-2cbe-4541-bb69-9f50fd2040e0",
  "payment_method": {
    "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
    "card": null,
    "type": "DIRECT_DEBIT",
    "status": "ACTIVE",
    "actions": [],
    "country": "PH",
    "ewallet": null,
    "qr_code": null,
    "metadata": null,
    "description": null,
    "reusability": "MULTIPLE_USE",
    "direct_debit": {
        "type": "BANK_ACCOUNT",
        "debit_card": null,
        "bank_account": {
            "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
            "masked_bank_account_number": "XXXXXX1234"
        },
        "channel_code": "BPI",
        "channel_properties": {
            "failure_return_url": "https://your-redirect-website.com/failure",
            "success_return_url": "https://your-redirect-website.com/success"
        }
    },
    "failure_code": null,
    "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
    "virtual_account": null,
    "over_the_counter": null,
    "billing_information": null,
    "direct_bank_transfer": null,
    "created": "2022-08-12T13:30:26.579048Z",
    "updated": "2022-08-12T13:30:58.908220358Z"
  },
  "channel_properties": null,
  "actions": [],
  "created": "2020-08-29T09:12:33.001Z",
  "updated": "2020-08-29T09:12:33.001Z",
  "metadata": {
    "sku": "ABCDEFGH"
  }
}

Returns a Payment Request Object with an HTTP 200 status code.

Confirm Payment Request Errors

Error Code	Description
API_VALIDATION_ERROR 400	There is invalid input in one of the request fields or a required field was not filled out
ACCOUNT_ACCESS_BLOCKED 400	Access to the underlying account or card has been blocked by the partner channel or the issuer.
EXPIRED_OTP_ERROR 400	The provided auth_code has expired
INVALID_OTP_ERROR 400	The provided auth_code is incorrect
INVALID_PAYMENT_METHOD 400	The provided payment_method_id has already expired or is inactive
MAX_OTP_ATTEMPTS_ERROR 400	The maximum attempts allowed by the channel has been reached
PARTNER_CHANNEL_ERROR 400	Error received from partner channel but no reasons provided
INVALID_API_KEY 401	API key format is invalid
FEATURE_NOT_ACTIVATED 403	A certain feature being accessed has not yet activated. Please reach out to our customer service for further assistance.
FEATURE_NOT_SUPPORTED 403	A certain feature being accessed is not supported
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DATA_NOT_FOUND 404	The provided id did not match any of our records
IDEMPOTENCY_ERROR 409	The same Idempotency-key was provided with a different payload
PAYMENT_REQUEST_ALREADY_FAILED 409	Cannot proceed because the payment method has already failed and cannot be retried.
PAYMENT_REQUEST_ALREADY_PENDING 409	Payment request ID already is processing and waiting for results from the partner channel.
PAYMENT_REQUEST_ALREADY_SUCCEEDED 409	Cannot proceed because the payment request has been successfully processed.
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue
CHANNEL_UNAVAILABLE 503	The payment channel requested is currently experiencing unexpected issues. The eWallet provider will be notified to resolve this issue

Resend Auth for Payment Request

This endpoint only applies to BRI Direct Debit. This is only applicable for select payment DIRECT_DEBIT channels (BRI Direct Debit, BPI, UBP, CHINABANK)

This is used when an additional authorization (ex. OTP Validation) is required in order to successfully activate a payment method. This is equivalent to the POST - AUTH action provided when a Payment Method has the status REQUIRES_ACTION.

Endpoint: Resend Auth for Payment Request

POST https://api.xendit.co/payment_requests/:id/auth/resend

Resend Auth for Payment Request Request

Example Resend Auth for Payment Request Request

curl https://api.xendit.co/payment_requests/pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f/auth/resend -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \

Header	Type	Description
idempotency-key optional	string	Provided to prevent duplicate requests. Can be equal to any UUID. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Note: Max 100 characters
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Path Parameter	Type	Description
id required	string	Primary identifier for the Payment Request object. This starts with the prefix pr-.

Resend Auth for Payment Request Response

Example Resend Auth for Payment Request Success Response

{
  "id": "pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f",
  "currency": "PHP",
  "amount": 10000,
  "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
  "business_id": "5f27a14a9bf05c73dd040bc8",
  "status": "REQUIRES_ACTION",
  "reference_id": "a2c66ceb-2cbe-4541-bb69-9f50fd2040e0",
  "payment_method": {
    "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
    "card": null,
    "type": "DIRECT_DEBIT",
    "status": "ACTIVE",
    "actions": [],
    "country": "PH",
    "ewallet": null,
    "qr_code": null,
    "metadata": null,
    "description": null,
    "reusability": "MULTIPLE_USE",
    "direct_debit": {
        "type": "BANK_ACCOUNT",
        "debit_card": null,
        "bank_account": {
            "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
            "masked_bank_account_number": "XXXXXX1234"
        },
        "channel_code": "BPI",
        "channel_properties": {
            "failure_return_url": "https://your-redirect-website.com/failure",
            "success_return_url": "https://your-redirect-website.com/success"
        }
    },
    "failure_code": null,
    "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
    "virtual_account": null,
    "over_the_counter": null,
    "billing_information": null,
    "direct_bank_transfer": null,
    "created": "2022-08-12T13:30:26.579048Z",
    "updated": "2022-08-12T13:30:58.908220358Z"
  },
  "channel_properties": null,
  "actions": [
    {
      "action": "AUTH",
      "url_type": "API",
      "url": "https://api.xendit.co/payment_requests/pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f/auth",
      "method": "POST"
    }
  ],
  "created": "2020-08-29T09:12:33.001Z",
  "updated": "2020-08-29T09:12:33.001Z",
  "metadata": {
    "sku": "ABCDEFGH"
  }
}

Returns a Payment Request Object with an HTTP 200 status code.

Resend Auth for Payment Request Errors

Error Code	Description
API_VALIDATION_ERROR 400	There is invalid input in one of the request fields or a required field was not filled out
ACCOUNT_ACCESS_BLOCKED 400	Access to the underlying account or card has been blocked by the partner channel or the issuer.
INVALID_PAYMENT_METHOD 400	The provided payment_method_id has already expired or is inactive
PARTNER_CHANNEL_ERROR 400	Error received from partner channel but no reasons provided
INVALID_API_KEY 401	API key format is invalid
FEATURE_NOT_ACTIVATED 403	A certain feature being accessed has not yet activated. Please reach out to our customer service for further assistance.
FEATURE_NOT_SUPPORTED 403	A certain feature being accessed is not supported
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DATA_NOT_FOUND 404	The provided id did not match any of our records
IDEMPOTENCY_ERROR 409	The same Idempotency-key was provided with a different payload
PAYMENT_REQUEST_ALREADY_FAILED 409	Cannot proceed because the payment method has already failed and cannot be retried.
PAYMENT_REQUEST_ALREADY_PENDING 409	Payment request ID already is processing and waiting for results from the partner channel.
PAYMENT_REQUEST_ALREADY_SUCCEEDED 409	Cannot proceed because the payment request has been successfully processed.
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue
CHANNEL_UNAVAILABLE 503	The payment channel requested is currently experiencing unexpected issues. The eWallet provider will be notified to resolve this issue

List Payment Requests

This endpoints returns a list of matching Payment Request objects based on the provided query.

Each unique query string parameter is AND-ed to each other.

Endpoint: List Payment Requests

GET https://api.xendit.co/payment_requests

List Payment Requests Request

Example List Payment Requests Request

curl https://api.xendit.co/payment_requests?reference_id="a2c66ceb-2cbe-4541-bb69-9f50fd2040e0" -X GET \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \ \

Header	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Query String Parameter	Type	Description
id optional	string	Primary identifier for the Payment Request object.
reference_id optional	string	Merchant-provided identifier for this payment request.
customer_id optional	string	ID of the customer object to which the payment request is attached to.
type optional	string	Type of payment method Accepted values: CARD EWALLET DIRECT_DEBIT OVER_THE_COUNTER QR_CODE VIRTUAL_ACCOUNT
channel_code optional	string	Retrieve accessible payment requests with the provided channel_code. For more accurate results, use with type.
status optional	string	Retrieve accessible payment requests with the provided status Accepted values: SUCCEEDED FAILED PENDING REQUIRES_ACTION
limit optional	number	Maximum number of resources to be returned in the response. Use after_id and before_id to navigate to other resources. Default: 10
after_id optional	string	Retrieve all resources created after the provided after_id
before_id optional	string	Retrieve all resources created before the provided before_id

List Payment Requests Response

Example List Payment Requests Response

{
  "data": [
      {
        "id": "pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f",
        "currency": "PHP",
        "amount": 10000,
        "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
        "business_id": "5f27a14a9bf05c73dd040bc8",
        "status": "SUCCEEDED",
        "reference_id": "a2c66ceb-2cbe-4541-bb69-9f50fd2040e0",
        "payment_method": {
            "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
            "card": null,
            "type": "DIRECT_DEBIT",
            "status": "ACTIVE",
            "actions": [],
            "country": "PH",
            "ewallet": null,
            "qr_code": null,
            "metadata": null,
            "description": null,
            "reusability": "MULTIPLE_USE",
            "direct_debit": {
                "type": "BANK_ACCOUNT",
                "debit_card": null,
                "bank_account": {
                    "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
                    "masked_bank_account_number": "XXXXXX1234"
                },
                "channel_code": "BPI",
                "channel_properties": {
                    "failure_return_url": "https://your-redirect-website.com/failure",
                    "success_return_url": "https://your-redirect-website.com/success"
                }
            },
            "failure_code": null,
            "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
            "virtual_account": null,
            "over_the_counter": null,
            "billing_information": null,
            "direct_bank_transfer": null,
            "created": "2022-08-12T13:30:26.579048Z",
            "updated": "2022-08-12T13:30:58.908220358Z"
        },
        "channel_properties": null,
        "actions": [],
        "created": "2020-08-29T09:12:33.001Z",
        "updated": "2020-08-29T09:12:33.001Z",
        "metadata": {
            "sku": "ABCDEFGH"
        }
    }
  ],
  "has_more": false
}

Body Parameter	Type	Description
data required	array of objects	Returns an array of matching Payment Request Objects. Returns empty array when there is no result.
has_more required	boolean	Indicates whether there are more items to be queried with after_id of the last item from the current result.

List Payment Requests Errors

Error Code	Description
INVALID_API_KEY 401	API key format is invalid
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue

Get Payment Request by ID

This endpoints returns the corresponding Payment Method that matches the provided ID.

Endpoint: Get Payment Request by ID

GET https://api.xendit.co/payment_requests/:id

Get Payment Request by ID Request

Example Get Payment Request by ID Request

curl https://api.xendit.co/payment_requests/pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f -X GET \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoRe

Header	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Path Parameter	Type	Description
id required	string	Primary identifier for the Payment Request object.

Get Payment Request by ID Response

Example Get Payment Request by ID Success Response

{
  "id": "pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f",
  "currency": "PHP",
  "amount": 10000,
  "customer_id": "e2878b4c-d57e-4a2c-922d-c0313c2800a3",
  "business_id": "5f27a14a9bf05c73dd040bc8",
  "status": "SUCCEEDED",
  "reference_id": "a2c66ceb-2cbe-4541-bb69-9f50fd2040e0",
  "payment_method": {
      "id": "pm-6ff0b6f2-f5de-457f-b08f-bc98fbae485a",
      "card": null,
      "type": "DIRECT_DEBIT",
      "status": "ACTIVE",
      "actions": [],
      "country": "PH",
      "ewallet": null,
      "qr_code": null,
      "metadata": null,
      "description": null,
      "reusability": "MULTIPLE_USE",
      "direct_debit": {
          "type": "BANK_ACCOUNT",
          "debit_card": null,
          "bank_account": {
              "bank_account_hash": "b4dfa99c9b60c77f2e3962b73c098945",
              "masked_bank_account_number": "XXXXXX1234"
          },
          "channel_code": "BPI",
          "channel_properties": {
              "failure_return_url": "https://your-redirect-website.com/failure",
              "success_return_url": "https://your-redirect-website.com/success"
          }
      },
      "failure_code": null,
      "reference_id": "620b9df4-fe69-4bfd-b9d4-5cba6861db8a",
      "virtual_account": null,
      "over_the_counter": null,
      "billing_information": null,
      "direct_bank_transfer": null,
      "created": "2022-08-12T13:30:26.579048Z",
      "updated": "2022-08-12T13:30:58.908220358Z"
  },
  "channel_properties": null,
  "actions": [],
  "created": "2020-08-29T09:12:33.001Z",
  "updated": "2020-08-29T09:12:33.001Z",
  "metadata": {
      "sku": "ABCDEFGH"
  }
}

A successful Payment Request retrieval returns the matching Payment Request Object with an HTTP 200 status code.

Get Payment Request by ID Errors

Error Code	Description
INVALID_API_KEY 401	API key format is invalid
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DATA_NOT_FOUND 404	The provided id did not match any of our records
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue

Refunds

Refunds allows merchants to return the specified amount back to the payor for a specified payment transaction. The funds are sent back to the original source of funds.

Refund Object

The Refund Object represents a request to have a certain amount to be refunded from a succeeded payment.

Refund Object Example

{
    "id": "rfd-69e77490-d2cc-4bf3-8319-e064e121db93",
    "payment_id": "pr-d5fe8554-fbcd-42b3-956d-867376550ed9",
    "invoice_id": "",
    "amount": 3000,
    "payment_method_type": "CARD",
    "channel_code": "",
    "currency": "PHP",
    "status": "SUCCEEDED",
    "reason": "CANCELLATION",
    "reference_id": "9d9c04a9-55c8-4eea-8b09-4109ac10b7f0",
    "failure_code": null,
    "refund_fee_amount": null,
    "created": "2022-09-29T03:37:07.06648896Z",
    "updated": "2022-09-29T03:37:07.06648906Z",
    "metadata": null
}

Body Parameter	Type	Description
id required	string	Unique identifier for the refund request. It will have the prefix rfd-.
payment_request_id required	string	Identifier for the corresponding Payment Request
invoice_id nullable	string	If the refund request was made using the ID for a Invoice/Checkout/Payment Link, this is the corresponding identifier for it.
payment_method_type required	string	Type of the payment method used in the original payment. Possible values: CARD EWALLET DIRECT_DEBIT
reference_id nullable	string	Identifier provided by the merchant for the refund request. This may be automatically generated by Xendit if it was not provided. Maximum length: 255 characters
amount required	string	Amount of the transaction reflecting the actual decimal places. (Ex. 1234.56 with currency PHP is one thousand thirty-four pesos and fifty-six centavos) Decimal places support varies per currency: IDR - Only supports whole numbers (can't support decimal number). PHP - Supports up to two decimal places.
currency required	string	Three-letter ISO 4217 currency code of the transaction, in uppercase.
status required	string	Status of the refund. Possible values: REQUIRES_ACTION - The request passed validation but requires additional steps in order to activate the payment method for use. Typical actions are for merchant to trigger OTP validation or redirect your customer to authentication page. SUCCEEDED FAILED PENDING CANCELLED
country required	string	2-letter ISO 3166-2 country code indicating country of transaction. This is also be used as indicator for channels that are present in multiple markets (e.g. SHOPEEPAY).
channel_code required	string	Identifier for the payment channel partner
reason required	string	Provided reason why the refund was requested. Possible values: FRAUDULENT DUPLICATE REQUESTED_BY_CUSTOMER CANCELLATION OTHERS
failure_code nullable	string	If the status of the refund is FAILED, this describes the reason for failure. Will be null if the refund did not fail. See possible codes here.
refund_fee_amount nullable	number	(if applicable) This will be the corresponding additional fee for processing the refund.
created required	string	ISO 8601 Timestamp for refund object creation. Timezone UTC+0
updated required	string	ISO 8601 Timestamp for latest refund object update. Timezone UTC+0
metadata nullable	object	User defined object with JSON properties and values passed in during Refund creation.

Create Refund

This endpoint initialized the refund process for the provided amount for a given successful payment.

Endpoint: Create Refund

POST https://api.xendit.co/refunds

Create Refund Request

Example Create Refund Request

curl https://api.xendit.co/refunds -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \
   --data-raw '{
    "payment_request_id": "pr-6e9778ea-7d62-40fe-8b25-a4d740754c5f",
    "reference_id": "b2756a1e-e6cd-4352-9a68-0483aa2b6a2f",
    "currency":"PHP",
    "reason":"CANCELLATION"
}' \

Header	Type	Description
idempotency-key optional	string	Provided to prevent duplicate requests. Can be equal to any UUID. Idempotency keys are stored on the request layer; it expires after 24 hours from the first request. Note: Max 100 characters
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Request Body Parameter	Type	Description
payment_request_id conditional	string	Identifier for the corresponding Payment Request to be refunded Note: One of payment_request_id or invoice_id must be provided in the request.
reference_id nullable	string	Identifier provided by the merchant for the refund request. This may be automatically generated by Xendit if it was not provided. Maximum length: 255 characters
invoice_id conditional	string	Identifier for the corresponding Invoice / Payment Link transaction to be refunded Note: One of payment_request_id or invoice_id must be provided in the request.
currency nullable	string	ISO 4217 three-letter code of the transaction's currency. Will be auto-filled based on the channel_code if not provided. Accepted values: IDR PHP
amount conditional	number	Expected and accepted amount of the transaction in the actual value in the provided currency. Decimal places support varies per currency: IDR - Only supports positive integers. PHP - Supports up to two decimal places. Note: If amount is not provided, the refund request will default to the maximum possible amount to be refunded from the provided transaction. Amount is required if payment is 'CARD' type
reason required	string	Provided reason why the refund was requested. Accepted values: FRAUDULENT DUPLICATE REQUESTED_BY_CUSTOMER CANCELLATION OTHERS
metadata optional	object	A free-format JSON for additional information that you may use. Object can be up to 50 keys, with key names up to 40 characters long and values up to 500 characters long.

Create Refund Response

Example Create Refund Response

{
    "id": "rfd-6f4a377d-a201-437f-9119-f8b00cbbe857",
    "payment_id": "ddpy-3cd658ae-25b9-4659-aa36-596ae41a809f",
    "invoice_id": null,
    "amount": 10000,
    "payment_method_type": "DIRECT_DEBIT",
    "channel_code": "BPI",
    "currency": "PHP",
    "status": "SUCCEEDED",
    "reason": "CANCELLATION",
    "reference_id": "b2756a1e-e6cd-4352-9a68-0483aa2b6a2",
    "failure_code": null,
    "refund_fee_amount": null,
    "created": "2020-08-30T09:12:33.001Z",
    "updated": "2020-08-30T09:12:33.001Z",
    "metadata": null
}

A successful Refund creation returns a Refund Object with an HTTP 201 status code.
Listen to the refund.* callbacks for the final status of the transaction.

Create Refund Errors

Error Code	Description
API_VALIDATION_ERROR 400	There is invalid input in one of the request fields or a required field was not filled out
INELIGIBLE_TRANSACTION 400	Error because the transaction provided has either been fully refunded or was never successful
INSUFFICIENT_BALANCE 400	Error because there is no sufficient balance in your Xendit balance to perform the refund
MAXIMUM_REFUND_AMOUNT_REACHED 400	Error because the provided amount is greater than the allowed refund amount.
PARTIAL_REFUND_NOT_SUPPORTED 400	Error because the partner channel for the transaction does not support partial transactions
REFUND_NOT_SUPPORTED 400	Refund request failed because refunds are not supported by the channel.
INVALID_API_KEY 401	API key format is invalid
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
IDEMPOTENCY_ERROR 409	The same Idempotency-key was provided with a different payload
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue
CHANNEL_UNAVAILABLE 503	The payment channel requested is currently experiencing unexpected issues. The downstream provider will be notified to resolve this issue

List Refunds

This endpoints returns a list of matching Refund objects based on the provided query.

Each unique query string parameter is AND operator to each other.

Endpoint: List Refunds

GET https://api.xendit.co/refunds

Request Parameters

Example List Refunds Request

curl https://api.xendit.co/refunds?payment_method_type='DIRECT_DEBIT' -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \

Header	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Query String Parameter	Type	Description
payment_request_id optional	string	Respective ID for the corresponding Payment Request to be refunded
invoice_id optional	string	Respective ID for the corresponding Checkout/Payment Link of the Payment
payment_method_type optional	string	Type of payment method Accepted values: EWALLET DIRECT_DEBIT CARDS
channel_code optional	string	The code used to identify the payment channel partner.
limit optional	number	Maximum number of resources to be returned in the response. Use after_id and before_id to navigate to other resources. Default: 10
after_id optional	string	Retrieve all resources created after the provided after_id
before_id optional	string	Retrieve all resources created before the provided before_id

Response Parameters

Example List Refunds Response

{
  "data": [
    {
        "id": "rfd-6f4a377d-a201-437f-9119-f8b00cbbe857",
        "payment_id": "ddpy-3cd658ae-25b9-4659-aa36-596ae41a809f",
        "invoice_id": null,
        "amount": 10000,
        "payment_method_type": "DIRECT_DEBIT",
        "channel_code": "BPI",
        "currency": "PHP",
        "status": "SUCCEEDED",
        "reason": "CANCELLATION",
        "reference_id": "b2756a1e-e6cd-4352-9a68-0483aa2b6a2",
        "failure_code": null,
        "refund_fee_amount": null,
        "created": "2020-08-30T09:12:33.001Z",
        "updated": "2020-08-30T09:12:33.001Z",
        "metadata": null
    }
  ],
  "links": [
    {
      "href": "/refunds?after_id='rfd-7a836151-7a2c-4cc9-b158-07a617cc0e3a'&limit=10",
      "rel": "first",
      "method": "GET"
    }
  ],
  "has_more": true
}

Body Parameter	Type	Description
data required	array of objects	Returns an array of matching Refund Objects. Returns empty array when there is no result.
has_more required	boolean	Indicates whether there are more items to be queried with after_id of the last item from the current result.
links optional	object	The links to the next page based on HATEOAS if there is next result. The HATEOAS format are: href: URI of target, this will be to the next link. rel: The relationship between source and target. The value will be next. method: The HTTP method, the value will be GET.

List Refunds Errors

Error Code	Description
INVALID_API_KEY 401	API key format is invalid
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue

Get Refund by ID

This endpoints returns the corresponding Refund that matches the provided ID.

Endpoint: Get Payment Request by ID

GET https://api.xendit.co/refunds/:id

Get Refund by ID Request

Example Get Refund by ID Request

curl https://api.xendit.co/refunds/rfd-6f4a377d-a201-437f-9119-f8b00cbbe857 -X POST \
   --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
   --header 'Content-Type: application/json' \

Header	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Path Parameter	Type	Description
id required	string	Primary identifier for the Refund object.

Get Refund by ID Response

Example Get Refund by ID Success Response

{
    "id": "rfd-6f4a377d-a201-437f-9119-f8b00cbbe857",
    "payment_id": "ddpy-3cd658ae-25b9-4659-aa36-596ae41a809f",
    "invoice_id": null,
    "amount": 10000,
    "payment_method_type": "DIRECT_DEBIT",
    "channel_code": "BPI",
    "currency": "PHP",
    "status": "SUCCEEDED",
    "reason": "CANCELLATION",
    "reference_id": "b2756a1e-e6cd-4352-9a68-0483aa2b6a2",
    "failure_code": null,
    "refund_fee_amount": null,
    "created": "2020-08-30T09:12:33.001Z",
    "updated": "2020-08-30T09:12:33.001Z",
    "metadata": null
}

A successful Payment Request retrieval returns the matching Refund Object with an HTTP 200 status code.

Get Refund by ID Errors

Error Code	Description
INVALID_API_KEY 401	API key format is invalid
REQUEST_FORBIDDEN_ERROR 403	The API key is forbidden to perform this request
DATA_NOT_FOUND 404	The provided id did not match any of our records
SERVER_ERROR 500	An unexpected error occured, our team has been notified and will troubleshoot the issue

Callback: Refund Succeeded

This callback is triggered when a refund is successfully processed.

Callback Payload

Example: Refund Succeeded Callback Payload

{
  "event": "refund.succeeded",
  "business_id": "5f27a14a9bf05c73dd040bc8",
  "created": "2020-08-29T09:12:33.001Z",
  "data": {
    "id": "rfd-6f4a377d-a201-437f-9119-f8b00cbbe857",
    "payment_id": "ddpy-3cd658ae-25b9-4659-aa36-596ae41a809f",
    "invoice_id": null,
    "amount": 10000,
    "payment_method_type": "DIRECT_DEBIT",
    "channel_code": "BPI",
    "currency": "PHP",
    "status": "SUCCEEDED",
    "reason": "CANCELLATION",
    "reference_id": "b2756a1e-e6cd-4352-9a68-0483aa2b6a2",
    "failure_code": null,
    "refund_fee_amount": null,
    "created": "2020-08-30T09:12:33.001Z",
    "updated": "2020-08-30T09:12:33.001Z",
    "metadata": null
  }
}

Header Parameters

Header Parameter	Type	Description
x-callback-token required	string	Your Xendit unique callback token to verify the origin of the callback
webhook-id required	string	A unique identifier of every webhook to help you to handle double callback by implementing idempotency. When you receive the same webhook-id twice, treat the subsequent request as duplicate and reject the webhook accordingly to prevent double webhook

Body Parameter	Type	Description
event required	string	Identifies the event that triggered a notification to the merchant - refund.succeeded
business_id required	string	Business ID of the merchant
created required	string	ISO 8601 Timestamp for callback notification creation. Timezone UTC+0.
data optional	object	Refund Object with status SUCCEEDED

Callback: Refund Failed

This callback is triggered when a refund request has failed.

Callback Payload

Example: Refund Failed Callback Payload

{
  "event": "refund.failed",
  "business_id": "5f27a14a9bf05c73dd040bc8",
  "created": "2020-08-29T09:12:33.001Z",
  "data": {
    "id": "rfd-fca8d8bc-497c-42a5-b16f-97825323502a",
    "payment_id": "ddpy-3cd658ae-25b9-4659-aa36-596ae41a809f",
    "invoice_id": null,
    "amount": 10000,
    "payment_method_type": "DIRECT_DEBIT",
    "channel_code": "BPI",
    "currency": "PHP",
    "status": "FAILED",
    "reason": "CANCELLATION",
    "reference_id": "b2756a1e-e6cd-4352-9a68-0483aa2b6a2",
    "failure_code": "DUPLICATE_ERROR",
    "refund_fee_amount": null,
    "created": "2020-08-30T09:12:33.001Z",
    "updated": "2020-08-30T09:12:33.001Z",
    "metadata": null
  }
}

Header Parameters

Header Parameter	Type	Description
x-callback-token required	string	Your Xendit unique callback token to verify the origin of the callback
webhook-id required	string	A unique identifier of every webhook to help you to handle double callback by implementing idempotency. When you receive the same webhook-id twice, treat the subsequent request as duplicate and reject the webhook accordingly to prevent double webhook

Body Parameter	Type	Description
event required	string	Identifies the event that triggered a notification to the merchant - refund.failed
business_id required	string	Business ID of the merchant
created required	string	ISO 8601 Timestamp for callback notification creation. Timezone UTC+0.
data optional	object	Refund Object with status FAILED. See the Failure Code table below to see the possible values of failure_code.

Failure Code	Description
ACCOUNT_ACCESS_BLOCKED	End customer account has been blocked, end user should contact the bank for resolution.
ACCOUNT_NOT_FOUND	Destination account for refund was not found
DUPLICATE_ERROR	There's an existing record of refund
INSUFFICIENT_BALANCE	Error because there is no sufficient balance in your Xendit balance to perform the refund
REFUND_FAILED	Refund rejected by the partner channel

Credit Cards

Our Credit Cards API enables you to seamlessly charge Indonesian and international credit / debit cards from major schemes: Visa, MasterCard and JCB. To accept AMEX payments, you'll need your own merchant account with Bank Central Asia in Indonesia.

Our APIs are designed to be modular so you can have full control over each step of the card payment process. No sensitive card data will reach your servers when using Xendit - we take care of that for you. We build our integrations to optimize card acceptance rates for all the cards that we help you accept. To date, we've charged cards from over 100 countries.

For full details on each API as well as help on integration, please refer to our documentation.

Using a plugin like Shopify or WooCommerce (Wordpress)? Xendit supports card payments on these as well, see here.

Create Token

Javascript Function: createToken

Xendit.card.createToken(tokenData, function (err, data) {
    if (err) {
        //Define error handling
    }

    if (data.status === 'VERIFIED') {
        // Handle success
    } else if (data.status === 'IN_REVIEW') {
        // Handle authentication (3DS)
    } else if (data.status === 'FAILED') {
        // Handle failure
    }
});

Tokenization is the process where card details (account number and expiration date) are securely collected on the client-side, so that sensitive card data is never passed through your systems. Tokens are then used to Charge Cards. It is important to pass us the details of the cardholder such as their contact details and billing/shipping details, as these will be used for 3DS authentication later on.

Example tokenData object with billing details

{        
    "amount": "10000",        
    "card_data": {
        "account_number": "4456530000001096",        
        "exp_month": "12",        
        "exp_year": "2020"
    },
    "card_cvn": "123",
    "is_multiple_use": false,
    "should_authenticate": true,
    "billing_details": {
        "given_names": "John",
        "surname": "Hudson",
        "email": "john@xendit.co",
        "mobile_number": "+6208123123123",
        "phone_number": "+6208123123123",
        "address": {
            "country": "ID",
            "street_line1": "Panglima Polim IV",
            "street_line2": "Ruko Grand Panglima Polim, Blok E",
            "city": "Jakarta Selatan",
            "province_state": "DKI Jakarta",
            "postal_code": "12345"
        }
    }
}

Example tokenData object with customer object

{        
    "amount": "10000",        
    "card_data": {
        "account_number": "4456530000001096",        
        "exp_month": "12",        
        "exp_year": "2020"
    },
    "card_cvn": "123",
    "is_multiple_use": false,
    "should_authenticate": true,
    "customer": {
        "reference_id": "123e4567-e89b-12d3-a456-426614174000",
        "mobile_number": "+6208123123123",
        "email": "john@xendit.co",
        "given_names": "John",
        "surname": "Hudson",
        "phone_number": "+6208123123123",
        "nationality": "ID",
        "addresses": [{
            "country": "ID",
            "street_line1": "Panglima Polim IV",
            "street_line2": "Ruko Grand Panglima Polim, Blok E",
            "city": "Jakarta Selatan",
            "province_state": "DKI Jakarta",
            "postal_code": "12345",
            "category": "WORK"
        }],
        "date_of_birth": "1990-04-13",
        "description": "customer using promo",
        "metadata": {}
    }
}

Tokens can be created for single or multiple use. If you plan to save a card for future use, set is_multiple_use to true.

See our Tokenization Sample for an example implementation for web application. For SDK implementation, please refer to Xendit Documentation for Android SDK and IOS SDK.

Single Use Tokens

For single-use tokens, authentication is performed by default, and so the amount field is also required. If optional authentication is enabled on your account, it can be bypassed by setting should_authenticate to false.

Multiple Use Tokens

When tokenizing a card for multi-use, the amount field is optional. If you want to use Authentication for a multi-use token, the amount field must be specified during Authentication. See Create Authentication for more details.

Request Parameters (Money-in write permission)

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Body Parameter	Type	Description
amount optional	string	The charge amount. Only required for single use tokens with bundled authentication.
card_data required	object	Customer's card details informations card details child parameters Key Value account_number required string Card number which will be converted into a secured token exp_month required string Card expiration month exp_year required string Card expiration year
card_cvn optional	string	Three digit code written on the back of the card (usually called CVV/CVN). Optional but highly recommended. Required for cards issued in Europe.
is_multiple_use optional default: false	boolean	Whether or not to save token for multiple use
currency optional	string	Currency which you want to process the transaction in. Use a three-letter ISO currency code. Xendit by default supports IDR for Indonesia and PHP for Philippines. Other currencies are supported only if you are using your own MIDs. If left blank, defaults to currency based on your business country.
should_authenticate default: true	boolean	Whether or not to bundle authentication with tokenization. By default, authentication is required for all transactions. You can request to enable optional authentication via your Xendit Dashboard.
billing_details optional	object	Billing details of the cardholder. If entered, should correspond with billing details registered by the cardholder with their issuer. These are required for US / CA / UK cards to be verified by the Address Verification System (AVS), and are also recommended for increased likelihood of frictionless authentication on 3DS 2.0. billing details child parameters Key Value given_names optional string Primary or first name/s of the customer minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 surname optional string Surname or last name of the customer minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 email optional string Enduser's email address which associated with the card mobile_number optional string Enduser's mobile phone number which associated with the card phone_number optional string Enduser's other phone number which associated with the card (e.g. landline) address optional object Billing Address of the cardholder Note: Required for AVS and recommended for 3DS 2.0 address details child parameters Key Value country required string 2-letter ISO 3166-2 country code for the customer's country of residence street_line1 optional string Building name and apartment unit number minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 street_line2 optional string Building street address minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 city optional string City, village or town as appropriate minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 province_state optional string Use this to enter province, state or region of residence. If the user is USA citizen, make sure to use state code (e.g put CA instead of California) minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 postal_code optional string Postal, zip or rural delivery code, if applicable minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0
customer optional	object	Information about your customer (the cardholder), e.g. their contact details. Sending these details is recommended as they are needed for the best authentication protocols, improving acceptance rates and fraud prevention. Use this object to pass Xendit the customer’s shipping address if they provide it. Customer object child parameters Key Value reference_id optional string This is the customer ID that is referenced in your system, if you have previously created a Customer with our Create Customer API. minimum length: 1 character maximum length: 255 characters mobile_number optional string Mobile number of customer in E.164 format Note: Required for AVS and recommended for 3DS 2.0 phone_number optional string Additional contact number of the customer. can be landline Note: Required for AVS and recommended for 3DS 2.0 email optional string Additional contact number of the customer. can be landline Note: Required for AVS and recommended for 3DS 2.0 given_names optional string Primary or first name/s of customer minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 surname optional string Surname (or last name) of the customer minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 nationality optional string Country code for the customer’s nationality 2-letter ISO 3166-2 country code date_of_birth optional string Date of birth of the customer in YYYY-MM-DD format description optional string Merchant-provided description for the customer object minimum length: 1 character maximum length: 500 characters metadata optional object A free-format JSON for additional information that you want to provide in the request. addresses optional Array of JSON Information about the customer’s address. Use this to pass Xendit the customer’s shipping address if they provide it. Billing address should be provided in the billing details object above. object addresses details child parameters Key Value country required string 2-letter ISO 3166-2 country code for the customer's country of residence street_line1 optional stringLine 1 of Building name and apartment unit number minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 street_line2 optional stringLine 2 of Building street address minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 city optional string City, village or town as appropriate of customer minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 province_state optional string Use this to enter province, state or region of residence. If the user is USA citizen, make sure to use state code (e.g put CA instead of California) minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 postal_code optional string Postal, zip or rural delivery code, if applicable minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 category optional string Address type. Supported values: HOME, WORK, PROVINCIAL

Example Tokenization Response

{
    "id": "5fcd8deb93e9a90020d8fd2d",
    "masked_card_number": "445653XXXXXX1096",
    "authentication_id": "5fcd8deb93e9a90020d8fd2e",
    "status": "IN_REVIEW",
    "card_info": {
        "bank": "PT. Bank Rakyat Indonesia (Persero)",
        "country": "ID",
        "type": "CREDIT",
        "brand": "VISA"
    },
    "payer_authentication_url": "https://redirect-staging.xendit.co/redirects/authentications/bundled/5fcd8deb93e9a90020d8fd2d?api_key=xnd_public_development_bPgL7lc65YTfywEk10f5qneRuu537yonRbfgQRMBLPUr1mZP4nNVd7iNHU"
}

Response Parameters

Body Parameter	Type	Description
id required	string	The token ID. This will be used later to Charge the funds from the credit card.
authentication_id required	string	ID for the authentication process. This should be attached during charge in authentication_id field
masked_card_number required	string	The first 6 digits and last 4 digits of the tokenized card.
status required	string	Tokenization status. See Tokenization Statuses
payer_authentication_url optional	string	Returned only if authentication is bundled with tokenization, and the status returned is IN_REVIEW. This field contains the URL to the page for users to authenticate themselves using 3DS. See Tokenization Statuses.
failure_reason optional	string	If the tokenization status is FAILED, this describes the reason for failure. See Tokenization Failure Reasons
card_info optional	object	Information of the card that's already tokenized. card info child parameters Key Value bank optional string Bank name which issued the card country optional string 2-letter ISO 3166-2 country code Country code where the card is issued from type optional string Type of card that is being tokenized. Can be CREDIT, DEBIT, PREPAID, and UNKNOWN brand optional string Brand of the card that is being tokenized. Can be VISA, MASTERCARD, JCB, AMEX

Statuses

Status	Description
IN_REVIEW	Returned only if authentication is bundled with tokenization, and therefore the customer must authenticate their identity. Xendit provides a URL which you should navigate your users to for easily performing 3DS.
VERIFIED	This means that a token was successfully created. If authentication was bundled with tokenization, it also means that the user has successfully authenticated their identity via 3DS. It is now safe to send the token to your backend for charging.
FAILED	Returned only if authentication is bundled with tokenization, and authentication has failed. Will always return AUTHENTICATION_FAILED as the failure reason. The token will still be created and authentication can be attempted again using the created token.

Failure Reasons

Failure Reason	Description
AUTHENTICATION_FAILED	This status means the customer tried to authenticate using 3DS but did not successfully complete the authentication.

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
INVALID_JSON_FORMAT 400	The request body is not valid JSON.
ACCOUNT_NUMBER_INVALID_ERROR 400	Credit card number is invalid.
VALIDATION_ERROR 400	Data was passed in an incorrect format.
BRAND_NOT_SUPPORTED_ERROR 400	Card brand is not supported. Ask user to try a Visa/Mastercard.
AUTHENTICATION_REQUIRED_ERROR 400	A valid authentication_id was not included in the request, and your account is not configured for optional authentication. Include a valid authentication_id or contact us if you would like to enable optional authentication.
REQUEST_FORBIDDEN_ERROR 403	API key in use does not have necessary permissions to perform the request. Please assign proper permissions for the key. Learn more here
VERIFICATION_TIMEOUT_ERROR 408	The credit card network timed out when trying to tokenize the card.
TEMPORARY_SERVICE_ERROR 503	There was a problem with the credit card network, which prevents tokenization.
CONNECTION_ERROR 500	Error connecting to our server. Try again and if the error persists, try with another device/network.

Get Token

Definition: Get Token

GET https://api.xendit.co/credit_card_tokens/:credit_card_token_id

Example Get Token Request Using Token ID (Default)

curl https://api.xendit.co/credit_card_tokens/605c05d3f81fa60011b2fa4e \
    -X GET \
    -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==:

Example Get Token Response

{
  "business_id": "602103396f17450020ca2246",
  "created": "2021-03-25T03:38:59.318Z",
  "id": "605c05d3f81fa60011b2fa4e",
  "status": "VALID",
  "card_expiration_month": "12",
  "card_expiration_year": "2025",
  "metadata": {
      "bank": "PT. Bank Rakyat Indonesia (Persero)",
      "country_code": "US",
      "type": "CREDIT",
      "brand": "VISA",
  },
  "card_info": {
      "bank": "PT. Bank Rakyat Indonesia (Persero)",
      "country": "ID",
      "type": "CREDIT",
      "brand": "VISA",
      "card_art_url": "",
      "fingerprint": "6021f7d3717e0500115fbb0d",
  }, 
}

This is endpoint to get a token object. You need to specify the id in the query parameter.

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to the token for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Query Parameter	Type	Description
credit_card_token_id required	string	token id of credit card that has been tokenized.

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
CREDIT_CARD_TOKEN_NOT_FOUND_ERROR 404	credit_card_token_id not found

Create Authentication

Javascript Function: createAuthentication

Xendit.card.createAuthentication(authenticationData, function (err, data) {
    if (err) {
        //Define error handling
    }

    if (data.status === 'VERIFIED') {
        // Handle success
    } else if (data.status === 'IN_REVIEW') {
        // Handle authentication (3DS)
    } else if (data.status === 'FAILED') {
        // Handle failure
    }
});

To authenticate a token, use the Xendit.card.createAuthentication function in Xendit.js. This function accepts an authenticationData object and returns an authentication_id which can be used to authenticate a charge. For more details on creating a charge, see Create Charge.

See our Authentication Sample for an example implementation.

Example authenticationData object

{
    "amount": "10000",
    "token_id": "58e2096018b815f555c8a524"
}

Example Authentication Response

{
    "id": "58e2097218b815f555c8a526",
    "status": "VERIFIED"
}

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Body Parameter	Type	Description
amount required	string	Authentication amount
token_id required	string	Token to authenticate
currency optional	string	Currency which you want to process the transaction in. Use a three-letter ISO currency code. Xendit by default supports IDR for Indonesia and PHP for Philippines. Other currencies are supported only if you are using your own MIDs. If left blank, defaults to currency based on your business country.
xenditResponseHandler required	function	Response handler, called after authentication attempt to handle errors and response.

Response Parameters

Parameter	Type	Description
id required	string	Authentication ID returned by Xendit, used when creating a Charge. If authentication status is FAILED, this id will still be returned but authentication will need to be performed again.
status required	string	Authentication status. See Tokenization Statuses
payer_authentication_url optional	string	If status is IN_REVIEW, this contains the URL for authenticating users with 3DS
failure_reason optional	string	If status is FAILED, this describes the failure. See Tokenization Failure Reasons.

Failure Reasons

Failure Reason	Description
AUTHENTICATION_FAILED	The customer tried to authenticate using 3DS but did not successfully complete the authentication.

Create Authorization

Definition: Create authorization

POST https://api.xendit.co/credit_card_charges

Example Create Authorization Request

curl -X POST \
  https://api.xendit.co/credit_card_charges \
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \
  -d '{
      "token_id" : "598d5d0e51e0870d44c61534",
      "external_id": "postman-charge-1502436817",
      "amount": 140000,
      "authentication_id":"598d5d0f51e0870d44c61535",
      "capture":false
    }'

<?php
  require 'vendor/autoload.php';

  $options['secret_api_key'] = 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==';

  $xenditPHPClient = new XenditClient\XenditPHPClient($options);

  $external_id = 'sample-external-id-1475459775872';
  $token_id = 'sample-token-id-1475459775872';
  $amount = 140000;
  $authentication_id = '58e2097218b815f555c8a526';
  $capture = false;

  $response = $xenditPHPClient->captureCreditCardPayment($external_id, $token_id, $amount);
  print_r($response);
?>

const x = new require('xendit-node')({ secretKey: 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==' });

const { Card } = x;
const cardSpecificOptions = {};
const card = new Card(cardSpecificOptions);

const resp = await card.createAuthorization({
  externalID: 'sample-external-id-1475459775872',
  tokenID: 'sample-token-id-1475459775872',
  amount: 140000,
  authID: '58e2097218b815f555c8a526',
})
console.log(resp);

Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";
try {
  CreditCardCharge creditCardCharge = CreditCard.createAuthorization(
  "token_id", // tokenId
  "postman-charge-1502436793", // externalId
  140000, // amount
  "auth_id", // authenticationId
  false // capture
  );
} catch (XenditException e) {
  e.printStackTrace();
}

from xendit import Xendit

api_key = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="
xendit_instance = Xendit(api_key=api_key)
CreditCard = xendit_instance.CreditCard

charge = CreditCard.create_authorization(
    token_id="5f0410898bcf7a001a00879d",
    external_id="card_preAuth-1594106356",
    amount=75000
)
print(charge)

Example Create Authorization Response

{
    "created": "2020-01-11T07:33:14.442Z",
    "status": "AUTHORIZED",
    "business_id": "5850e55d8d9791bd40096364",
    "authorized_amount": 140000,
    "external_id": "postman-charge-1502436793",
    "merchant_id": "xendit",
    "merchant_reference_code": "598d5d0d51e0870d44c61533",
    "card_type": "CREDIT",
    "masked_card_number": "400000XXXXXX0002",
    "charge_type": "SINGLE_USE_TOKEN",
    "card_brand": "VISA",
    "bank_reconciliation_id": "5132390610356134503009",
    "eci": "05",
    "id": "598d5dba51e0870d44c61539"
}

You can do authorization using create charge endpoint. Just capture field as false, and you will receive an authorized charge response.

Zero Amount Authorization

You can also do zero amount authorization amount using create charge endpoint. Just put 0 for amount field, and you will receive and authorized charge response.

To be able to do zero amount authorization, your account must have card processor that has zero amount authorization compatibility.
Please contact us to set up zero amount compatible card processor for your account. You can always use development environment to try zero amount authorization feature.

Example Zero Amount Authorization Request

curl -X POST \
  https://api.xendit.co/credit_card_charges \
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \
  -d '{
      "token_id" : "598d5d0e51e0870d44c61534",
      "external_id": "postman-charge-1502436817",
      "amount": 0,
      "authentication_id":"598d5d0f51e0870d44c61535"
    }'

<?php
  require 'vendor/autoload.php';

  $options['secret_api_key'] = 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==';

  $xenditPHPClient = new XenditClient\XenditPHPClient($options);

  $external_id = 'sample-external-id-1475459775872';
  $token_id = 'sample-token-id-1475459775872';
  $amount = 0;
  $authentication_id = '58e2097218b815f555c8a526';

  $response = $xenditPHPClient->captureCreditCardPayment($external_id, $token_id, $amount);
  print_r($response);
?>

const x = new require('xendit-node')({ secretKey: 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==' });

const { Card } = x;
const cardSpecificOptions = {};
const card = new Card(cardSpecificOptions);

const resp = await card.createAuthorization({
  externalID: 'sample-external-id-1475459775872',
  tokenID: 'sample-token-id-1475459775872',
  amount: 0,
  authID: '58e2097218b815f555c8a526'
});
console.log(resp);

Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";
try {
  CreditCardCharge creditCardCharge = CreditCard.createAuthorization(
  "token_id", // tokenId
  "test_id", // externalId
  0, // amount
  "auth_id", // authenticationId
  false // capture
  );
} catch (XenditException e) {
  e.printStackTrace();
}

Example Zero Amount Authorization Response

{
    "created": "2020-01-11T07:33:14.442Z",
    "status": "AUTHORIZED",
    "business_id": "5850e55d8d9791bd40096364",
    "authorized_amount": 0,
    "external_id": "postman-charge-1502436793",
    "merchant_id": "xendit",
    "merchant_reference_code": "598d5d0d51e0870d44c61533",
    "card_type": "CREDIT",
    "masked_card_number": "400000XXXXXX0002",
    "charge_type": "SINGLE_USE_TOKEN",
    "card_brand": "VISA",
    "bank_reconciliation_id": "5132390610356134503009",
    "eci": "05",
    "id": "598d5dba51e0870d44c61539"
}

Reverse Authorization

Definition: Reversing Authorized Charge

POST https://api.xendit.co/credit_card_charges/:charge_id/auth_reversal

Example Reverse Authorization

curl -X POST \
  https://api.xendit.co/credit_card_charges/:charge_id/auth_reversal \
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -d '{
    "external_id": "reverse-authorization-1502436817",
    }'

<?php

    use Xendit\Xendit;
    require 'vendor/autoload.php';

    Xendit::setApiKey('xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==');

    $id = '5ecc82736275b80019591c91';
    $params = ['external_id' => 'reverse-authorization-1502436817'];

    $reverseAuth = \Xendit\Cards::reverseAuthorization(
        $id,
        $params
    );
    var_dump($reverseAuth);

?>

const x = new require('xendit-node')({ secretKey: 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==' });

const { Card } = x;
const cardSpecificOptions = {};
const card = new Card(cardSpecificOptions);

const resp = await card.reverseAuthorization({
  externalID: 'reverse-authorization-1502436817',
});
console.log(resp);

Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";
try {
  CreditCardReverseAuth creditCardReverseAuth = CreditCard.reverseAuthorization(
    "1234567", //chargeId
    "reverse-authorization-1502436817" //externalId
  );
} catch (XenditException e) {
  e.printStackTrace();
}

xendit.Opt.SecretKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="

reverseAuthorizationData := card.ReverseAuthorizationParams{
  ChargeID:   "123",
  ExternalID: "reverse-authorization-1502436817",
}

reverseAuthorizationResp, err := card.ReverseAuthorization(&reverseAuthorizationData)
if err != nil {
  log.Fatal(err)
}

fmt.Printf("reversed authorization: %+v\n", reverseAuthorizationResp)

from xendit import Xendit

api_key = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="
xendit_instance = Xendit(api_key=api_key)
CreditCard = xendit_instance.CreditCard

reverse_authorization = CreditCard.reverse_authorizatiton(
    credit_card_charge_id="5f0421fa8cc1e8001973a1d6",
    external_id="reverse-authorization-1594106387",
)
print(reverse_authorization)

Example of request body

{        
    "external_id": "reverse-authorization-1502436817",
}

Example of Reverse Authorization Response

{
    "status": "SUCCEEDED",
    "currency": "IDR",
    "credit_card_charge_id": "5ecc82640d679500199621ad",
    "business_id": "5dd7928f4e6d9a2ec299ea43",
    "external_id": "reverse-authorization-1502436817",
    "amount": 5000,
    "created": "2020-05-26T02:44:03.458Z",
    "id": "5ecc82736275b80019591c91"
}

This API provides reversing charge when the charge has AUTHORIZED status and hasn't yet captured.

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Body Parameter	Type	Description
external_id required	string	Reverse authorization reference to help you track your request

Response Parameters

Parameter	Type	Description
status required	string	Status of the reverse authorization. See Reverse Authorization Statuses.
currency required	string	Currency of the charge that requested to be reversed.
credit_card_charge_id required	string	The ID of the charge that requested to be reversed.
business_id required	string	The ID of your business in Xendit.
external_id required	string	Unique Identifier for your Reversed Charge reference
amount required	number	The amount that requested to be reversed for this charge.
created required	string	An ISO timestamp that tracks when the reverse authorization was made.
id required	string	ID of the charge transaction in Xendit system that requested to be reversed.
failure_reason optional	string	If status is FAILED, this describes the failure. See Reverse Authorization Failure Reasons.

Statuses

Recommendation	Description
SUCCEEDED	Reverse Authorization request is success
FAILED	Reverse Authorization is failed with detailed failure reason

Failure Reasons

Failure Reason	Description
REVERSE_AUTHORIZATION_REJECTED_BY_BANK	The authorization that you requested to be reversed is rejected by the bank. There's possibility that the authorization is no longer valid and the authorized amount is already reversed back automatically to the card holder's credit balance.
PROCESSOR_ERROR	The reverse authorization failed because there's an integration issue between card processor and the bank. Contact us if you encounter this issue.

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
CHARGE_ALREADY_REVERSED_ERROR 400	Charge already reversed, therefore cannot be reversed
CHARGE_ALREADY_CAPTURED_ERROR 400	Charge already captured, therefore cannot be reversed
CHARGE_FAILED_ERROR 400	Charge is failed, therefore cannot be reversed
REQUEST_FORBIDDEN_ERROR 403	API key in use does not have necessary permissions to perform the request. Please assign proper permissions for the key. Learn more here
CREDIT_CARD_CHARGE_NOT_FOUND_ERROR 404	credit_card_charge_id not found for this transaction. Please try with another valid charge ID
INVALID_AMOUNT_FOR_REVERSE_AUTHORIZATION_ERROR 400	Invalid charge amount to be reversed. Please make sure that the authorized amount that you requested to be reversed is no 0.

Create Charge

Definition: Create Charge

POST https://api.xendit.co/credit_card_charges

Example Charge Request

curl -X POST \
  https://api.xendit.co/credit_card_charges \
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \
  -d '{
      "token_id" : "598d5d0e51e0870d44c61534",
      "external_id": "postman-charge-1502436817",
      "amount": 900000,
      "authentication_id": "598d5d0f51e0870d44c61535",
      "descriptor": "My new store",
      "currency": "IDR",
      "mid_label": "IDR_MID",
      "billing_details": {
        "given_names": "John",
        "surname": "John Doe",
        "email": "johndoe@xendit.co",
        "mobile_number": "+62899336634448",
        "phone_number": "+629934448",
        "address": {
          "street_line1": "Panglima Polim IV",
          "street_line2": "Ruko Grand Panglima Polim, Blok E",
          "city": "Jakarta Selatan",
          "province_state": "DKI Jakarta",
          "postal_code": "993448",
          "country": "ID"
        }
      },
      "promotion": {
          "reference_id": "BCA_10",
          "original_amount": 1000000
      },
      "installment": {
          "count": 3,
            "interval": "month"
      },
      "metadata": {}
    }'

<?php

  use Xendit\Xendit;
  require 'vendor/autoload.php';

  Xendit::setApiKey('xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==');

  $params = [
      'token_id' => '5e2e8231d97c174c58bcf644',
      'external_id' => 'card_' . time(),
      'authentication_id' => '5e2e8658bae82e4d54d764c0',
      'amount' => 15000,
      'capture' => false
  ];

  $createCharge = \Xendit\Cards::create($params);
  var_dump($createCharge);

?>

const x = new require('xendit-node')({ secretKey: 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==' });

const { Card } = x;
const cardSpecificOptions = {};
const card = new Card(cardSpecificOptions);

const resp = await card.createCharge({
  externalID: 'sample-external-id-1475459775872',
  tokenID: 'sample-token-id-1475459775872',
  amount: 900000,
  authID: '58e2097218b815f555c8a526',
  descriptor: "My new store",
  currency: "IDR",
  midLabel: "IDR_MID",
  billingDetails: {
      given_names: "John",
      surname: "John Doe",
      email: "johndoe@xendit.co",
      mobile_number: "+62899336634448",
      phone_number: "+629934448",
      address: {
          street_line1: "Panglima Polim IV",
          street_line2: "Ruko Grand Panglima Polim, Blok E",
          city: "Jakarta Selatan",
          province_state: "DKI Jakarta",
          postal_code: "993448",
          country: "ID"
      }
  },
  promotion: {
      referenceId: "BCA_10",
      originalAmount: 1000000
  },
  installment: {
      count: 3,
      interval: "month"
  }
});
console.log(resp);

Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";
try {
  CreditCardCharge creditCardCharge = CreditCard.createCharge(
    "token_id", //tokenId
    "postman-authorize-1502437417", //externalId
    90000, //amount
    "auth_id", //authenticationId
    "XDT*MYBUSINESS-MY NEW STORE" //Descriptor
  );
} catch (XenditException e) {
  e.printStackTrace();
}

xendit.Opt.SecretKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="

createChargeData := card.CreateChargeParams{
  TokenID:          "example-token-id",
  AuthenticationID: "example-authentication-id",
  ExternalID:       "postman-charge-1502436793",
  Amount:           900000,
  Capture:          new(bool),
}

chargeResp, err := card.CreateCharge(&createChargeData)
if err != nil {
  log.Fatal(err)
}

fmt.Printf("created charge: %+v\n", chargeResp)

from xendit import Xendit

api_key = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="
xendit_instance = Xendit(api_key=api_key)
CreditCard = xendit_instance.CreditCard

charge = CreditCard.create_charge(
    token_id="5f0410898bcf7a001a00879d",
    external_id="card_charge-1594106478",
    amount=75000
)
print(charge)

Once you have a token, that token can be used to charge a card.

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information
with-fee-rule optional	string	Fee Rule ID that you would like to apply to this card charge Please note: If you include this parameter, we will return the fee_rule_id in the header of the API response. If for-user-id header is not present, Fee Rule will still be routed from master account to the specified destination account This header is only used if you have access to xenPlatform. See xenPlatform for more information

Body Parameter	Type	Description
token_id required	string	The token ID used to charge the card.
external_id required	string	A unique identifier of your choice. Max 64 characters.
amount required	number	Amount that expected to be charged.
authentication_id optional	string	Authentication ID for authenticating charge. Optional only if charge was already authenticated with a single-use token, or if optional authentication is enabled for your account.
capture optional default: true	boolean	Whether or not to capture immediately. Set to false to issue an authorization (hold funds) only, to be captured later with the capture endpoint. Note: Authorizations expire in 7 days.
descriptor optional	string	Specific descriptor to define merchant's identity. Note: For aggregator merchant, it will always return XDT*[MERCHANT_NAME]-DESCRIPTOR For switcher merchant, it will always return [MERCHANT_NAME]-DESCRIPTOR
currency optional	string	Currency which you want to process the transaction in. Use a three-letter ISO currency code. Xendit by default supports IDR for Indonesia and PHP for Philippines. Other currencies are supported only if you are using your own MIDs. If left blank, defaults to currency based on your business country.
mid_label optional	string	Specific string value which labels any of your Merchant IDs (MID) set up with Xendit. This can be configured in the list of MIDs on your Dashboard settings. (If this is not included in a request, and you have more than 1 MID in your list, the transaction will proceed using your prioritized MID (first MID on your list)). Note: Only available in the response for switcher merchant
billing_details optional	object	Billing details of the cardholder. If entered, should correspond with billing details registered by cardholder with their issuer. Required for a card to be verified by the Address Verification System (AVS) - only for USA / Canadian / Great Britain cards. billing details child parameters Key Value given_names string Given name (also known as first name) minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 surname optional string Surname (also known as last name) minimum length: 1 character maximum length: 255 characters Note: Required for AVS and recommended for 3DS 2.0 email optional string Enduser's email address which associated with the card mobile_number optional string Enduser's mobile phone number which associated with the card phone_number optional string Enduser's other phone number which associated with the card (e.g. landline) address required object Address Object address details child parameters Key Value country required string 2-letter ISO 3166-2 country code for the customer's country of residence street_line1 optional string Building name and apartment unit number minimum length: 1 character maximum length: 255 characters street_line2 optional string Building street address minimum length: 1 character maximum length: 255 characters city optional string City, village or town as appropriate minimum length: 1 character maximum length: 255 characters province_state optional string Geographic area, province, state, or region, if applicable. If the user is USA citizen, make sure to use state code (e.g put CA instead of California) minimum length: 1 character maximum length: 255 characters postal_code optional string Postal, zip or rural delivery code, if applicable minimum length: 1 character maximum length: 255 characters
metadata optional	object	A free-format JSON for additional information that you want to provide in the request.
promotion optional	object	If you are want to apply a Promotion to a charge, you must input these parameters. promotion details child parameters Key Value reference_id optional stringUnique reference ID that was used at the Create Promotion API. original_amount optional numberThe amount of the original transaction (before the Promotion discount).
installment optional	object	These parameters are required to mark a transaction as an installment. installment details child parameters count optional numberTogether with the "interval" parameter, this defines your installment tenor. If you want the installment tenor to be 3 months, then the value of "count" should be 3. interval optional string Together with the "count" parameter, this defines your installment tenor. If you want the installment tenor to be 3 months, then the value of "interval" should be "month"

Example Charge Response

{
    "created": "2020-01-11T07:33:14.442Z",
    "status": "CAPTURED",
    "business_id": "5850e55d8d9791bd40096364",
    "authorized_amount": 900000,
    "external_id": "postman-charge-1502436793",
    "merchant_id": "xendit",
    "merchant_reference_code": "598d5d0d51e0870d44c61533",
    "card_type": "CREDIT",
    "masked_card_number": "400000XXXXXX0002",
    "charge_type": "SINGLE_USE_TOKEN",
    "card_brand": "VISA",
    "bank_reconciliation_id": "5132390610356134503009",
    "eci": "05",
    "capture_amount": 900000,
    "descriptor": "XDT*MYBUSINESS-MY NEW STORE",
    "id": "598d5dba51e0870d44c61539",
    "mid_label": "IDR_MID",
    "promotion": {
        "reference_id": "BCA_10",
        "original_amount": "1000000"
    },
    "installment": {
        "count": 3,
        "interval": "month"
    }
}

Example Authorization Response

{
    "created": "2020-01-11T07:43:39.563Z",
    "status": "AUTHORIZED",
    "business_id": "5850e55d8d9791bd40096364",
    "authorized_amount": 90000,
    "external_id": "postman-authorize-1502437417",
    "merchant_id": "xendit",
    "merchant_reference_code": "598d5ffb51e0870d44c6153a",
    "card_type": "CREDIT",
    "masked_card_number": "400000XXXXXX0002",
    "charge_type": "SINGLE_USE_TOKEN",
    "card_brand": "VISA",
    "bank_reconciliation_id": "5132390610356134503009",
    "eci": "05",
    "descriptor": "XDT*MYBUSINESS-MY NEW STORE",
    "id": "598d602b51e0870d44c6153d",
    "mid_label": "IDR_MID",
    "promotion": {
        "reference_id": "BCA_10",
        "original_amount": "100000"
    },
    "installment": {
        "count": 3,
        "interval": "month"
    }
}

Charge Response

Parameter	Type	Description
created required	string	An ISO timestamp that tracks when the charge was made.The token ID used to charge the card. The timezone will be default Timezone: GMT+0
business_id required	string	The ID of your business in Xendit.
authorized_amount required	number	The amount that've been authorized for this charge.
external_id required	string	A unique identifier of your choice.
card_type required	string	Type of card (CREDIT or DEBIT).
merchant_id required	string	Your merchant ID used for processing credit cards with the bank.
masked_card_number required	string	Masked card number. The first 6 digits are the BIN (Bank Identification Number).
charge_type required	string	Types of charges. See Charge types.
card_brand required	string	Card scheme (VISA, MASTERCARD, JCB, ...).
bank_reconciliation_id required	string	ID of the transaction that can be reconciled with the bank.
eci optional	string	Status of 3DS authentication. See ECI codes.
capture_amount optional	number	Amount captured for this charge. Can be up to authorized_amount.
status required	string	Status of the charge transaction in xendit system. See [Charge Statuses] (#statuses).
failure_reason optional	string	If status is FAILED, this describes the failure. See Charge Failure Reasons.
approval_code optional	string	Represents the five or six numbers generated by an issuing bank, or the bank of a buyer using a credit card, for the purpose of validating a credit card whenever it is approved in the transaction.
cvn_code optional	string	Response from validating the CVN (3-digit security code on back of card). See CVN Codes.
merchant_reference_code required	string	An ID used to reconcile transactions with the bank.
descriptor optional	string	Description which already inputted by merchant when creating a charge. Note: For aggregator merchant, it will always return XDT*[MERCHANT_NAME]-DESCRIPTOR For switcher merchant, it will always return [MERCHANT_NAME]-DESCRIPTOR
currency optional	string	Currency which you want to process the transaction in. Use a three-letter ISO currency code. Xendit by default supports IDR for Indonesia and PHP for Philippines. Other currencies are supported only if you are using your own MIDs. If left blank, defaults to currency based on your business country.
mid_label optional	string	Specific string value which labels any of your Merchant IDs (MID) set up with Xendit. This can be configured in the list of MIDs on your Dashboard settings. (If this is not included in a request, and you have more than 1 MID in your list, the transaction will proceed using your prioritized MID (first MID on your list)). Note: Only available in the response for switcher merchant
id required	string	ID of the charge transaction in Xendit system.
promotion optional	object	Detail of promotion that used for this transaction. promotion details child parameters Key Value reference_id optional stringUnique reference, such as an ID or name, you wish to assign to the created Promotion original_amount optional numberThe amount of the original transaction (before the Promotion discount).
installment optional	object	These parameters will be returned to mark a transaction as an installment. installment details child parameters count optional numberTogether with the "interval" parameter, this defines your installment tenor count. interval optional string Together with the "count" parameter, this defines your installment tenor interval."

Statuses

Status	Description
CAPTURED	Charge is successfully captured and the funds will be settled according to the settlement schedule.
AUTHORIZED	Charge is successfully authorized.
REVERSED	Charge is successfully reversed.
FAILED	Charge failed. See Charge Failure Reasons

CVN Codes

Code	Description
M	Match - CVN provided matches the CVN on the issuer's record.
N	Not match - CVN provided does not match CVN on the issuer's record.
P	Not processed - either the card does not have a valid CVN, or the CVN was somehow not accepted by the issuer. Retry again and if the response persists, try a different card.

Failure Reasons

Failure Reason	Description
EXPIRED_CARD	The card you are trying to capture is expired. Ask your customer for a different card
CARD_DECLINED	The card you are trying to capture has been declined by the bank. Ask your customer for a different card
BLOCKED_BY_ACQUIRER	The charge failed because our acquirer can't accept the transactions. Most likely due to 3DS authentication was either failed or not attempted. The customer should complete 3DS authentication or retry with the cards that have 3DS enrolled.
INSUFFICIENT_BALANCE	The card you are trying to capture does not have enough balance to complete the capture
STOLEN_CARD	The card you are trying to capture has been marked as stolen. Ask your customer for a different card
INACTIVE_CARD	The card you are trying to capture is inactive. Ask your customer for a different card
INVALID_CVN	The cvn that being submitted is not correct.
CREDIT_LIMIT	The charge amount exceeded the approval limit from the issuer. Recommend the user to use a different card or top up the limit.
PROCESSOR_ERROR	The charge failed because there's an integration issue between card processor and the bank. Contact us if you encounter this issue.
PROCESSOR_TIMEOUT	We got timeout from our processor when requested the charge which indicated as intermittent connection problem. Advise customer to retry the transaction.
BIN_BLOCK	The cards' BIN has been blocked by request from the Bank.

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
INVALID_JSON_FORMAT 400	The request body is not valid JSON.
TOKEN_ALREADY_USED_ERROR 400	The single-use token ID has already been used in a charge.
AUTHENTICATION_ALREADY_USED_ERROR 400	The authentication ID has already been used in a charge.
INVALID_TOKEN_ID_ERROR 400	The token ID format is invalid.
INVALID_CVN_LENGTH_ERROR 400	The length of CVN is invalid. For AMEX card, CVN length must be 4 digit and for the others card type it must be 3.
AUTHENTICATION_ID_MISSING_ERROR 400	Authentication ID is required for this charge.
AMOUNT_GREATER_THAN_AUTHENTICATED_ERROR 400	Charge amount was greater than what was authenticated.
INVALID_AUTHENTICATION_ID_ERROR 400	The authentication ID format is invalid.
REQUEST_FORBIDDEN_ERROR 403	API key in use does not have necessary permissions to perform the request. Please assign proper permissions for the key. Learn more here
TOKEN_NOT_FOUND_ERROR 404	The token ID was not found in the system.
AUTHENTICATION_NOT_FOUND_ERROR 404	Authenticated token with given authentication ID is not found.
MID_NOT_FOUND_ERROR 404	The MID specified in "mid_label" cannot be found. Check if you have registered this MID, or if you entered the MID label incorrectly
INVALID_PROMOTION_DETAILS 400	The promotion detail which inputted in this request is invalid. Please change the input or check if you have available promotion in your system or not.
CARDHOLDER_NAME_REQUIRED 400	Please send cardholder name fields in the billing_details object in your request body.
INSTALLMENT_BELOW_MINIMUM_AMOUNT 400	Amount is below the minimum allowed for installments. BRI, BNI: Rp 500.000
INSTALLMENT_UNAVAILABLE 404	Possible error messages: Installments are not available for cards from this bank. Please try with a card from another bank. The requested installment interval is currently not supported. Please try an installment transaction with another interval.
AMOUNT_BELOW_MINIMUM_LIMIT 400	The amoubnt which inputted in this request is below your minimum limit. Please send another request with amount equal to or greater than the minimum limit. Default minimum limit based on currency: IDR: 5000. PHP: 20.
AMOUNT_ABOVE_MAXIMUM_LIMIT 400	The amoubnt which inputted in this request is above your maximum limit. Please send another request with amount equal to or lower than the maximum limit. Default maximum limit based on currency: IDR: 200000000. PHP: 700000.
INCOMPLETE_AUTHENTICATION 400	The authentication_id sent cannot be used as authentication could not be completed. This usually happens when there is an issue preventing generation of the 2FA page, if the user did not complete the 3DS process, or something else happened such as a bank timeout. Please attempt the payment again, or exclude authentication_id from the Charge request if optional 3DS has been enabled for you. (If you’d like to skip authentication for optional or dynamic 3DS, please contact us so we can enable this feature for you. Refer to our Authentication documentation for instructions on integration and testing.)

Charge Types

Status	Description
SINGLE_USE_TOKEN	Charge created with single-use token
MULTIPLE_USE_TOKEN	Charge created with multiple-use token
RECURRING	Charge a recurring charge in a subscription

ECI Codes

ECI	Description
0	Unable to Authenticate (MasterCard)
1	Authentication attempted (MasterCard)
2	Successful authentication (MasterCard)
5	Successful authentication (Visa, AMEX, JCB)
6	Authentication attempted (Visa, AMEX, JCB)
7	Unable to Authenticate (Visa, AMEX, JCB)

Charge with CVV for Multi-Use Token

Example Charge with CVV using Xendit.js

const tokenData = {
    token_id: “sample-token-id-6ab4hmu832j8oenx71b”,
    card_cvn: “123”,
    billing_details: object, 
    customer: object
};

Example Charge with CVV using Android SDK

final Xendit xendit = new Xendit(getApplicationContext(), <PUBLISHABLE_KEY>, this);

xendit.storeCVN(
        <tokenId>,
        <cardCVN>,
        <billingDetails>,
        <customerDetails>,
        null,
        callback);

Example Charge with CVV using iOS SDK

let storeCVNRequest = XenditStoreCVNRequest.init(tokenId: <tokenId>);
authenticationRequest.cardCvn = <cardCvn>;

Xendit.storeCVN(
        fromViewController: self,
        storeCVNRequest: storeCVNRequest,
        onBehalfOf: nil,
        completion: completion)

CVV is part of the requirement that’s included specifically in card transactions, with cardholders providing three or four digit code to authorize the transaction. Why is including CVV important?

• Plays as an additional security precaution to authorize the transactions are coming from the real cardholder
• Increase issuer (bank) confidence to accept the transaction as it indicates the transaction made from the real cardholder

If a merchant would want to perform a transaction with CVN/CVV for multi-use token, please follow along this guide.

What is CVV?

CVV stands for “Card Verification Value,” is a three- or four-digit code on the front or back of the card. CVV is being used by the issuer as an additional layer of security, and thus providing it might increase the success rate and reduce the chance of fraud.

CVV is part of a Sensitive Authentication Data (SAD) and is highly regulated by PCI. According to the PCI rule, the business is not allowed to store the CVN/CVV after the authorization takes place and the system must be following the PCI regulation and processing CVN/CVV must be within the Card Data Environment (CDE) that’s being audited.

How to use

Prepare multiple use token ID that you would want to use to perform charge. Use the token ID by referring to the sample code on the right section.

Safe Acceptance

An alternative to the Charge API endpoint, for the following use cases:

• Creating credit/debit card payments by sending Xendit the full card number from your frontend client without needing to use our Tokenization API (for standard Visa/MasterCard/JCB/AMEX transactions)
• Creating credit/debit card payments where the payment interface is controlled by the processor and the end-customer is redirected to the payment processor's interface to enter card details.

Use this demo page to test scenarios using Safe Acceptance, and to see examples of how Safe Acceptance can be integrated in a web page.

Payment Processor Integration Methods in Safe Acceptance

A strength of our Safe Acceptance API is that it is flexible to support card processing using the most common integration methods offered by payment processors. These are generally known as 2.5 or 3-party methods, explained below:

• 2.5 party
  Merchant will perform 3DS authentication and the payment itself in a single API request. Merchant sends the full card number to Xendit, who will forward it to the processor. Before processing the payment, Xendit will initiate 3DS with the processor and redirect the merchant to the processor's 3DS 2-Factor Authentication page which the cardholder will use to enter the One-Time Password (or other authentication method).

• 3 party
  Merchant will perform 3DS authentication and the payment according to the processor's flow. Safe Acceptance will be used to initiate the payment, and Xendit will redirect the merchant to the processor's interface immediately. The cardholder enters the card number in the processor's checkout page directly, and engages in 3DS authentication on the same page. The card number is not sent by the merchant to Xendit and is instead received directly by the processor.

Note that because the Safe Acceptance API accepts token_id as a valid field, you are still able to use Xendit Tokenization with it if you choose.

Definition: Create Safe Acceptance

POST 
https://api.xendit.co/credit_cards/safe_acceptance

Example Safe Acceptance Request

{
    "amount": "1200000",
    "return_url": "https://mybusiness.co",
    "reference_id": "xdt-safe-acceptance-007",
    "transaction_type": "SALES",
    "request_timestamp": "2021-01-10T09:50:40+03:00",
    "descriptor": "INV-SAFE-ACCEPTANCE-007",
    "card_number": "1889800000000171",
    "card_exp_year": "2021",
    "card_exp_month": "03",
    "card_cvn": "101",
    "should_authenticate": true,
    "currency": "IDR",
    "promotion_reference_id": "promo-jan-0c927488-b4df-11ec-b909-0242ac120002",
    "promotion_original_amount: 50000,
    "authorization": "Basic eG5kX3B1YmxpY19kZXZlbG9wbWVudF9PNDZBZkw4azFlRGtwSnRmN3RPSERDV01OQ2w4dFI0azNibVJ4bm1EUnIyb0NnZHdnQTo=",
    "signed_field_names": "reference_id,amount,currency,request_timestamp,return_url,authorization,signed_field_names",
    "signature": "37c0323212908b9d4fe607f9d237c95aae2503a799d278afdc663268b5f8906e",

}

Example Safe Acceptance Webhook Response (Visa / MasterCard / JCB cards)

{
        "created": "2021-01-10T09:50:40+03:00",
        "business_id": "5d08a4nfea3b620019cfa213c",
        "authorized_amount": 1200000,
        "reference_id": "ecm-8112",
        "merchant_reference_code": "5d1ec8f4a3bcd10019a7e2de",
        "masked_card_number": "400000XXXXXX0002",
        "charge_type": "SINGLE_USE_TOKEN",
        "card_brand": "VISA",
        "card_type": "CREDIT",
        "status": "CAPTURED",
        "bank_reconciliation_id": "5622988916826241203012",
        "eci": "05",
        "capture_amount": "1200000",
        "currency": "IDR",
        "id": "5d1eca0ca3bcd10019a7e2ee",
        "authorized_amount": "1200000",
        "merchant_id" : "00080091009103589348501",
        "descriptor": "INV-SAFE-ACCEPTANCE-007",
        "promotion_reference_id": "promo-jan-0c927488-b4df-11ec-b909-0242ac120002",
           "promotion_original_amount: 50000,
        "signed_field_names": "create,business_id,authorized_amount,reference_id,merchant_reference_code,masked_card_number,charge_type,card_brand,card_type,status,bank_reconciliation_id,eci,capture_amount,currency,id,authorized_amount,merchant_id,mid_label,descriptor",
        "signature": "25798ae4db8361fa4ee423e7321a1558a1b0bf0863e8082e0551e62fd8e7a771"
}

Example Safe Acceptance Webhook Response (BCA-branded cards)

{
        "created": "2021-01-10T09:50:40+03:00",
        "business_id": "5d08a4nfea3b620019cfa213c",
        "authorized_amount": 1200000,
        "reference_id": "ecm-8112",
        "merchant_reference_code": "5d1ec8f4a3bcd10019a7e2de",
        "masked_card_number": "143481XXXXXX0002",
        "charge_type": "SINGLE_USE_TOKEN",
        "card_brand": "BCA",
        "status": "CAPTURED",
        "bank_reconciliation_id": "5622988916826241203012",
        "eci": "05",
        "capture_amount": "1200000",
        "currency": "IDR",
        "id": "5d1eca0ca3bcd10019a7e2ee",
        "authorized_amount": "1200000",
        "merchant_id" : "00080091009103589348501",
        "descriptor": "INV-SAFE-ACCEPTANCE-007",
        "promotion_reference_id": "promo-jan-0c927488-b4df-11ec-b909-0242ac120002",
            "promotion_original_amount: 50000,
        "signed_field_names": "create,business_id,authorized_amount,reference_id,merchant_reference_code,masked_card_number,charge_type,card_brand,card_type,status,bank_reconciliation_id,eci,capture_amount,currency,id,authorized_amount,merchant_id,mid_label,descriptor",
        "signature": "25798ae4db8361fa4ee423e7321a1558a1b0bf0863e8082e0551e62fd8e7a771"
}    

Example Safe Acceptance Webhook Response (GPN-branded cards)

{
        "created": "2021-01-10T09:50:40+03:00",
        "business_id": "5d08a4nfea3b620019cfa213c",
        "authorized_amount": 1200000,
        "reference_id": "ecm-8112",
        "merchant_reference_code": "5d1ec8f4a3bcd10019a7e2de",
        "masked_card_number": "143481XXXXXX0002",
        "charge_type": "SINGLE_USE_TOKEN",
        "card_brand": "GPN",
        "status": "CAPTURED",
        "bank_reconciliation_id": "5622988916826241203012",
        "eci": "05",
        "capture_amount": "1200000",
        "currency": "IDR",
        "promotion_reference_id": "promo-jan-0c927488-b4df-11ec-b909-0242ac120002",
            "promotion_original_amount: 50000,
        "id": "5d1eca0ca3bcd10019a7e2ee",
        "authorized_amount": "1200000",
        "merchant_id" : "00080091009103589348501",
        "descriptor": "INV-SAFE-ACCEPTANCE-007",
        "signed_field_names": "create,business_id,authorized_amount,reference_id,merchant_reference_code,masked_card_number,charge_type,card_brand,card_type,status,bank_reconciliation_id,eci,capture_amount,currency,id,authorized_amount,merchant_id,mid_label,descriptor",
        "signature": "25798ae4db8361fa4ee423e7321a1558a1b0bf0863e8082e0551e62fd8e7a771"
}    

Request Parameters

Parameter	Type	Description
amount required	number	Amount of the card payment being processed.
reference_id required	string	A unique identifier of your choice. Max 64 chars.
request_timestamp required	string	Timestamp when you sent the request, in ISO8601 format. Required for creating the signature and subsequent validation by Xendit. Example: 2021-01-10T09:50:40+03:00
currency required	string	Currency which you want to process the transaction in. Use a three-letter ISO currency code. Supported currencies: Indonesian businesses: IDR Philippines businesses: PHP, USD
return_url required	string	This is a URL that your customers will be redirected to after the transaction is completed. The URL will be called using a form POST with the results of the transaction. A signature will be sent in the response for the merchant to verify.
authorization required	string	Your Xendit Public API key (must be base-64 encoded).
signature required	string	This value is generated by retrieving your Xendit secret API key from your Xendit Dashboard, then hashing it with SHA256. See our Safe Acceptance Docs for guide.
signed_field_names required	string	The value here should be the names of all the fields you want to use for verification with the created signature, separated with commas. Mandatory(if your request contains them): amount, currency, authorization, reference_id, request_timestamp,mid_label, channel_code, return_url, should_authenticate
channel_code optional	string	Value used to determine the connector which the Safe Acceptance request runs through. Defaults to Visa/MasterCard/JCB/AMEX connectors if left blank. For other transactions, please see: GPN: (Gerbang Pembayaran Nasional) use this value to charge a GPN card (3 party integration method) BCA: use this value to charge a BCA-branded card on its inhouse connector (2.5 party integration method)
card_number optional	string	Credit / debit card number 16 digits. Note: Required when 2 or 2.5 party processors are used
card_exp_year optional	string	Credit / debit card expiration year (4 digit number) Note: Required when 2 or 2.5 party processors are used
card_exp_month optional	string	Credit / debit card expiration month (2 digit number) Note: Required when 2 or 2.5 party processors are used
card_cvn optional	string	Security code on back of card 3 or 4 digits Note: Required when 2 or 2.5 party processors are used
card_holder_name optional	string	Full name of the cardholder
token_id optional	string	ID of the token created during Tokenization. Only required if the selected processor requires Tokenization, and you have a Token ID from a Tokenization request previously sent.
should_authenticate optional	boolean	Whether or not to initiate 3D-Secure authentication for this transaction. If not inputted, will follow the merchant's 3DS settings. Accepted values: true: 3DS will be initiated false: 3DS will be skipped
given_names optional	string	Primary or first name/s of the customer minimum length: 1 character maximum length: 255 characters
surname optional	string	Surname or last name of the customer minimum length: 1 character maximum length: 255 characters
email optional	string	Enduser's email address which associated with the card
mobile_number optional	string	Enduser's mobile phone number which associated with the card
phone_number optional	string	Enduser's other phone number which associated with the card (e.g. landline)
country required	string	2-letter ISO 3166-2 country code for the customer's country of residence
street_line1 optional	string	Building name and apartment unit number minimum length: 1 character maximum length: 255 characters
street_line2 optional	string	Building street address minimum length: 1 character maximum length: 255 characters
city optional	string	City, village or town as appropriate minimum length: 1 character maximum length: 255 characters
province_state optional	string	Use this to enter province, state or region of residence. If the user is USA citizen, make sure to use state code (e.g put CA instead of California) minimum length: 1 character maximum length: 255 characters
postal_code optional	string	Postal, zip or rural delivery code, if applicable minimum length: 1 character maximum length: 255 characters
descriptor optional	string	Specific descriptor to define merchant's identity. This is the message that will be printed in the credit card statement. minimum length: 1 character maximum length: 20 characters
use_reward optional	boolean	Whether to use cardholder’s rewards balance available with their issuing bank for the payment. Should only be sent if merchant has received a Get Charge Option stating that the card is eligible for rewards. Values: ‘true’: all available rewards balance on the card will be used ‘false’: no rewards balance on the card will be used
installment_count optional	number	Together with the "interval" parameter, this defines your installment tenor. If you want the installment tenor to be 3 months, then the value of "count" should be 3
installment_interval optional	string	Together with the "count" parameter, this defines your installment tenor. If you want the installment tenor to be 3 months, then the value of "interval" should be "month".
installment_code optional	string	Used to identify the installment type and associated features such as interest rates and fees. Mandatory if Xendit has returned an installment_code in a Get Charge Option response for this card.
mid_label optional	string	Label assigned to a Merchant ID. Merchant IDs are accounts opened with acquirers to enable Visa/MasterCard (and others) transactions. Use only if you have your own MID with an acquirer, and have configured its label in the Xendit Dashboard.
promotion_reference_id optional	string	Unique reference ID that was used at the Create Promotion API.
promotion_original_amount optional	string	The amount of the original transaction (before the Promotion discount).

Response Parameters

Parameter	Type	Description
id required	string	Unique ID of the transaction in Xendit’s system.
created required	string	An ISO timestamp that tracks when the charge was made (Timezone: GMT+0).
reference_id required	string	A unique identifier of your choice, included in the request.
business_id required	string	The ID of your business in Xendit.
card_brand required	string	Card scheme (VISA, MASTERCARD, JCB, ...)
card_type required	string	Type of card (CREDIT or DEBIT)
masked_card_number required	number	Masked card number. The first 6 digits are the BIN (Bank Identification Number).
authorized_amount required	number	Amount that was authorized for this charge.
capture_amount required	number	Amount that was captured for this charge. Can be up to the authorized_amount.
currency required	string	Currency in which the payment was made, included in the request.
status required	string	Status of the charge transaction in xendit system. See Charge Statuses.
eci required	string	"Electroni" Commerce Indicator”, which tells you whether 3DS authentication was successful or not. Status of 3DS authentication. See ECI codes.
cvn_code optional	string	Response from validating the CVN (3-digit security code on back of card). See CVN Codes.
merchant_id optional	string	Merchant ID used for processing credit cards. Will return the Merchant ID number provided by the acquirer. Use this to identify the MID used, and reconcile transactions processed with each MID. Only returned if you are using your own MID.
merchant_reference_code required	string	Unique identification code used by the card processor to identify the transaction.Used as another unique identifier for referencing the transaction.
bank_reconciliation_id required	string	Secondary ID used by the processor and bank to reconcile the transaction. Used for reconciling the transaction with acquirers, e.g. when finding out when funds will be settled or if there is an amount discrepancy.
descriptor optional	string	Freetext you can use to describe the transaction. Used to add notes about the transaction e.g. "recurrin" payment for meal plan ABCDE”.
signed_field_names required	string	Names of all the fields used for verification with the created signature, separated with commas.
signature required	string	Signature you provided in the request.
reward_balance required	string	Balance of rewards left in the issuing bank for this card. Only returned if ‘use_reward’ was set to ‘true’ in the Safe Acceptance request.
installment_count required	string	Returned to mark a transaction as an installment. Together with the "interval" parameter, this defines your installment tenor.
installment_interval required	string	Returned to mark a transaction as an installment. Together with the "count" parameter, this defines your installment tenor.
installment_code required	string	Returned to mark a transaction as an installment. Used to identify the installment type and associated features such as interest rates and fees.
promotion_reference_id required	string	Returned to mark a transaction that has promotion applied. Used to identify the promotion reference id.
promotion_original_amount required	string	Returned to mark a transaction that has promotion applied. Used to identify the original amount before promo being applied.
approval_code required	string	Represents the five or six numbers generated by an issuing bank, or the bank of a buyer using a credit card, for the purpose of validating a credit card whenever it is approved in the transaction.

Statuses

Status	Description
CAPTURED	Charge is successfully captured and the funds will be settled according to the settlement schedule.
AUTHORIZED	Charge is successfully authorized.
REVERSED	Charge is successfully reversed.
FAILED	Charge failed. See Charge Failure Reasons

CVN Codes

Code	Description
M	Match - CVN provided matches the CVN on the issuer's record.
N	Not match - CVN provided does not match CVN on the issuer's record.
P	Not processed - either the card does not have a valid CVN, or the CVN was somehow not accepted by the issuer. Retry again and if the response persists, try a different card.

Failure Reasons

Failure Reason	Description
EXPIRED_CARD	The card you are trying to capture has expired. Ask your customer for a different card.
INSUFFICIENT_BALANCE	The card you are trying to capture does not have enough balance to complete the capture.
INVALID_CVN	The CVN that is being submitted is not correct.
CARD_DECLINED	The card you are trying to capture has been declined by the issuing bank. Ask your customer for a different card.
ISSUING_BANK_UNAVAILABLE	The card you are trying to use is either a test or invalid card, or the issuing bank is not enrolled in 3DS.

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
INVALID_JSON_FORMAT 400	The request body is not a valid JSON.
INVALID_API_KEY 400	Please include your public API key as an authorization.
SIGNATURE_VALIDATION_ERROR 400	The signature created for this transaction is not valid.

Capture Charge

Definition: Capture Charge

POST https://api.xendit.co/credit_card_charges/:credit_card_charge_id/capture

Example Capture Charge Request

curl https://api.xendit.co/credit_card_charges/5877255293ff67900c6aa64e/capture \
    -X POST \
    -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
    -d amount=15000

<?php

  use Xendit\Xendit;
  require 'vendor/autoload.php';

  Xendit::setApiKey('xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==');

  $id = '598942c4bb91a4ec309e9a37';
  $params = ['amount' => 10000];

  $captureCharge = \Xendit\Cards::capture($id, $params);
  var_dump($captureCharge);

?>

const x = new require('xendit-node')({ secretKey: 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==' });

const { Card } = x;
const cardSpecificOptions = {};
const card = new Card(cardSpecificOptions);

const resp = await card.captureCharge({
  chargeID: id,
  amount: 10000,
});
console.log(resp)

Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";
try {
  CreditCardCharge creditCardCharge = CreditCard.captureCharge(
    "12345678", //chargeId
    10000 //amount
  );
} catch (XenditException e) {
  e.printStackTrace();
}

captureChargeData := card.CaptureChargeParams{
    ChargeID: "598942c4bb91a4ec309e9a37",
    Amount:   9900,
}

chargeResp, err := card.CaptureCharge(&captureChargeData)
if err != nil {
    log.Fatal(err)
}

fmt.Printf("captured charge: %+v\n", chargeResp)

from xendit import Xendit

api_key = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="
xendit_instance = Xendit(api_key=api_key)
CreditCard = xendit_instance.CreditCard

charge = CreditCard.capture_charge(
    credit_card_charge_id="5f0422aa2bbbe50019a368c2",
    amount=75000,
)
print(charge)

Example Capture Charge Response

{
  "created": "2020-01-08T04:49:08.815Z",
  "status": "CAPTURED",
  "business_id": "5848fdf860053555135587e7",
  "authorized_amount": 10000,
  "external_id": "test-pre-auth",
  "merchant_id": "xendit",
  "merchant_reference_code": "598942aabb91a4ec309e9a35",
  "card_type": "CREDIT",
  "masked_card_number": "400000XXXXXX0002",
  "charge_type": "SINGLE_USE_TOKEN",
  "card_brand": "VISA",
  "bank_reconciliation_id": "5132390610356134503009",
  "capture_amount": 9900,
  "descriptor": "My new store",
  "id": "598942c4bb91a4ec309e9a37"
}

Capturing a charge only needed if you do pre-authorization by specifying capture to false in create charge request. You can capture a charge with amount different than authorized amount as long as it's less than authorized amount. Response for this endpoint is the same as create charge response

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Query Parameter	Type	Description
credit_card_charge_id required	string	Charge ID of authorization

Body Parameter	Type	Description
amount required	string	Amount to be captured. Can be up to amount of authorization but not more

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
INVALID_JSON_FORMAT 400	The request body is not valid JSON.
AMOUNT_GREATER_THAN_AUTHORIZED_ERROR 400	Capture amount is larger than authorized amount
INVALID_CHARGE_STATUS_ERROR 400	Charge status is not AUTHORIZED
REQUEST_FORBIDDEN_ERROR 403	API key in use does not have necessary permissions to perform the request. Please assign proper permissions for the key. Learn more here
CREDIT_CARD_CHARGE_NOT_FOUND_ERROR 404	credit_card_charge_id not found
AUTHORIZATION_EXPIRED 400	It is likely that the authorization has been reversed because it expired. Please create another authorization or charge.

Create Refund

Definition: Create Refund

POST https://api.xendit.co/credit_card_charges/:credit_card_charge_id/refunds

Example Refund Request

curl https://api.xendit.co/credit_card_charges/5877255293ff67900c6aa64e/refunds \
    -X POST \
    -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==: \
    -H "X-IDEMPOTENCY-KEY: unique-id-12345" \
    -H "x-api-version: 2019-05-01" \
    -d "amount": 15000
    -d "external_id": unique-external-id

<?php

  use Xendit\Xendit;
  require 'vendor/autoload.php';

  Xendit::setApiKey('xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==');

  $params = [
      'external_id' => 'postman-charge-1502436793',
      'amount' => 15000,
      'X-IDEMPOTENCY-KEY' => 'unique-id'
  ];

  $refund = \Xendit\Cards::createRefund($id, $params);
  var_dump($refund);

?>

const x = new require('xendit-node')({ secretKey: 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==' });

const { Card } = x;
const cardSpecificOptions = {};
const card = new Card(cardSpecificOptions);

const resp = await card.createRefund({
  chargeID: '5877255293ff67900c6aa64e',
  amount: 15000,
  externalID: 'unique-external-id',
});
console.log(resp);

Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";
try {
  CreditCardRefund creditCardRefund = CreditCard.createRefund(
    "1234567", //id
    15000, //amount
    "unique-external-id" //externalId
  );
} catch (XenditException e) {
  e.printStackTrace();
}

xendit.Opt.SecretKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="

createRefundData := card.CreateRefundParams{
  IdempotencyKey: "unique-idempotency-key",
  ChargeID:       "58f984f09d1b74bc08506c34",
  Amount:         15000,
  ExternalID:     "unique-external-id",
}

refundResp, err := card.CreateRefund(&createRefundData)
if err != nil {
  log.Fatal(err)
}

fmt.Printf("refunded charge: %+v\n", refundResp)

from xendit import Xendit

api_key = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="
xendit_instance = Xendit(api_key=api_key)
CreditCard = xendit_instance.CreditCard

refund = CreditCard.create_refund(
    credit_card_charge_id="5f0422aa2bbbe50019a368c2",
    amount=10000,
    external_id="card_refund-1594106755",
)
print(refund)

Example Refund Response

{
  "updated": "2020-01-21T04:05:09.755Z",
  "created": "2020-01-21T04:05:04.936Z",
  "credit_card_charge_id": "58f89041780d51ed097896c5",
  "user_id": "57c5aa7a36e3b6a709b6e148",
  "amount": 15000,
  "external_id": "unique-external-id",
  "status": "REQUESTED",
  "fee_refund_amount": 150,
  "id": "58f984f09d1b74bc08506c34"
}

The Refund API accepts two parameters, amount and external_id. The charge ID, which is returned after a successful charge, must be used in request URL per the definition. Several partial refund calls can be made, so long as the total amount refunded is not greater than the total charge amount.

Note: Idempotency can be achieved by sending a header with the key X-IDEMPOTENCY-KEY.

Request Parameters

Header Parameter	Type	Description
X-IDEMPOTENCY-KEY optional	string	A unique key to prevent processing duplicate requests. Must be unique across test & live mode.
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information
x-api-version required	string	Value of this must be "2019-05-01".

Body Parameter	Type	Description
amount required	string	The amount to be refunded.
external_id required	string	A unique identifier of your choice. Max 64 characters.

Response Parameters

Parameter	Type	Description
updated required	string	ISO timestamp that tracks when the last time refund was updated.
created required	string	ISO timestamp that tracks when the refund was made Timezone: GMT+0 .
credit_card_charge_id required	string	charge ID, a unique identifier for each charge.
user_id required	string	ID of your business in Xendit's system.
amount required	number	Refund amount.
external_id required	string	Unique identifier for refund request, provided by you.
status required	string	Status of the refund. See Refund Statuses below
failure_reason optional	string	Reason provided if refund request fails. See Refund Failure Reasons below
fee_refund_amount required	number	Amount of Xendit's fee refunded (proportional to the refund amount).
id required	string	Unique ID referencing the refund request.

Statuses

Status	Description
REQUESTED	Refund request succeeded
FAILED	Refund failed

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
INVALID_JSON_FORMAT 400	The request body is not valid JSON.
REFUND_AMOUNT_EXCEEDED_ERROR 400	Refunded amount would exceed total charge
DUPLICATE_REFUND_ERROR 400	external_id has already been used
REQUEST_FORBIDDEN_ERROR 403	API key in use does not have necessary permissions to perform the request. Please assign proper permissions for the key. Learn more here
CREDIT_CARD_CHARGE_NOT_FOUND_ERROR 404	credit_card_charge_id not found

Failure Reason

Failure Reason	Description
INSUFFICIENT_BALANCE	Your Xendit balance has insufficient funds to create a refund
REFUND_FAILED	The refund request has been rejected by the processor. Please try again or contact us at help@xendit.co
REFUND_PERIOD_EXPIRED	Refund period expired. The period where this charge can be refunded has expired. You can try refunding the charge by making a disbursement

Get Charge

Definition: Get Charge

GET https://api.xendit.co/credit_card_charges/:credit_card_id?id_type=charge

Example Get Charge Request Using External ID

curl https://api.xendit.co/credit_card_charges/5877255293ff67900c6aa64e?id_type=external \
    -X GET \
    -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==:

Example Get Charge Request Using Charge ID (Default)

curl https://api.xendit.co/credit_card_charges/5877255293ff67900c6aa64e \
    -X GET \
    -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==:

<?php

  use Xendit\Xendit;
  require 'vendor/autoload.php';

  Xendit::setApiKey('xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==');

  $id = '598942c4bb91a4ec309e9a37';
  $getCharge = \Xendit\Cards::retrieve($id);
  var_dump($getCharge);

?>

const x = new require('xendit-node')({ secretKey: 'xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==' });

const { Card } = x;
const cardSpecificOptions = {};
const card = new Card(cardSpecificOptions);

const resp = await card.getCharge({ chargeID: '5877255293ff67900c6aa64e' });
console.log(resp);

Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";
try {
  CreditCardCharge creditCardCharge = CreditCard.getCharge("5877255293ff67900c6aa64e");
} catch (XenditException e) {
  e.printStackTrace();
}

xendit.Opt.SecretKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="

getChargeData := card.GetChargeParams{
  ChargeID: "598942c4bb91a4ec309e9a37",
}

chargeResp, err := card.GetCharge(&getChargeData)
if err != nil {
  log.Fatal(err)
}

fmt.Printf("retrieved charge: %+v\n", chargeResp)

from xendit import Xendit

api_key = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="
xendit_instance = Xendit(api_key=api_key)
CreditCard = xendit_instance.CreditCard

charge = CreditCard.get_charge(
    credit_card_charge_id="5f0422aa2bbbe50019a368c2",
)
print(charge)

Example Get Charge Response

{
  "created": "2020-01-08T04:49:08.815Z",
  "status": "CAPTURED",
  "business_id": "5848fdf860053555135587e7",
  "authorized_amount": 10000,
  "external_id": "test-pre-auth",
  "merchant_id": "xendit",
  "merchant_reference_code": "598942aabb91a4ec309e9a35",
  "card_type": "CREDIT",
  "masked_card_number": "400000XXXXXX0002",
  "charge_type": "SINGLE_USE_TOKEN",
  "card_brand": "VISA",
  "bank_reconciliation_id": "5132390610356134503009",
  "capture_amount": 9900,
  "descriptor": "My new store",
  "id": "598942c4bb91a4ec309e9a37"
}

This is endpoint to get a charge object. You need to specify the id in the query parameter which you can choose between charge to use charge_id and external to use the external id / reference provided in your create charge request. Response for this endpoint is the same as create charge response

Request Parameters

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information

Query Parameter	Type	Description
credit_card_id required	string	Can be either charge id of the payment that have been authorized / captured OR external_id of the payment that already requested by the user
id_type optional	string	Defined in [ID Types] (#id-types). If not filled, value will use charge by default.

ID Types

Type	Description
charge	Use charge ID provided by xendit which can be retrieved from the charge response to retrieve the transaction detail (default value)
external	Use external ID submitted by the user during charge / authorization request to retrieve the transaction detail

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
REQUEST_FORBIDDEN_ERROR 403	API key in use does not have necessary permissions to perform the request. Please assign proper permissions for the key. Learn more here
CREDIT_CARD_CHARGE_NOT_FOUND_ERROR 404	credit_card_charge_id not found

Get Charge Option

When accepting credit card payments from your customers, you may wish to give them additional payment options. These can include:

• Paying by installments
• Giving a discount through a Promotion

These options must be selected by a customer before you create a Charge. For example, you would check if a card is eligible for a Promotion, and discount the Charge amount if so, before you initiate payment you would check if a card can be used for installments, and return the option to the customer, to let them choose if they want to do so

Our GET Charge Option API endpoint helps you with this. Send a request to this endpoint with info entered by your customer (such as card Bank Identification Number (BIN), promo code) and Xendit checks to see what Charge Options are available. The response will contain all options available for that card. You can select an option and create a Charge with the details from that option. This API will only return promotion response with ACIVE status.

Definition: Get Charge Option

GET https://api.xendit.co/credit_card_charges/option?amount={amount}&bin={bin}&currency={currency}

Example Get Charge Option Using First 6 Digits of Card

curl -X GET \
  https://api.xendit.co/credit_card_charges/option?amount=1000000&bin=552002&currency=IDR
  -u xnd_public_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \

Example Get Charge Option Using Token ID

curl -X POST \
  https://api.xendit.co/credit_card_charges/option?amount=1000000&token_id=598d5d0e51e0870d44c61534&currency=IDR
  -u xnd_public_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \

Get Charge Option Request

Query Parameter	Type	Description
bin required but optional if token_id exists	string	The BIN (first 6 digits of a card) entered by the cardholder, which you want to check if it is associated with any Charge Option.
amount required	number	The amount of the original transaction.
currency optional	string	The currency which payment will be made in.
promo_code optional	string	Promo code which can be used by an end user to activate the promo. Include this if you want your Promotion be activated by your user entering a promo code is entered. Charactersa-z, A-Z, 0-9; accepted symbols - _ \
token_id optional	string	Token ID of a card, obtained during tokenization with Xendit. We will look up the token to associate it with a BIN and get the available options.

Example Get Charge Option Response

{
    "business_id": "5ea2a0cdb62b6a00108ed248",
    "bin": "552002",
    "promotions":[{
        "reference_id": "some_promo_1",
        "discount_percent": "25",
        "original_amount": 1000000,
        "final_amount": 975000,
        "currency": "IDR",
        "min_original_amount": 500000,
        "max_discount_amount": 25000
    }],
    "installments" : [{
        "count": 3,
        "interval": "month",
        "acquirer": "BRI",
        "currency": "IDR",
        "minimum_amount": 500000
    },{
        "count": 6,
        "interval": "month",
        "acquirer": "BRI",
        "currency": "IDR",
        "minimum_amount": 500000
    },{
        "count": 12,
        "interval": "month",
        "acquirer": "BRI",
        "currency": "IDR",
        "minimum_amount": 500000
    }]
}

Get Charge Option Response

Parameter	Type	Description
business_id required	string	The ID of your business in Xendit.
bin required	string	The BIN (first 6 digits of a card) entered by the cardholder, which you sent in the Get Charge Option request.
promotions optional	array	Array containing details of all promotions applicable to the card. promotion details child parameters Key Value reference_id optional string Unique reference, such as an ID or name which you assigned to the promo and you've inputted in the promo creation request. Charactersa-z, A-Z, 0-9; accepted symbols - _ \ original_amount required number The amount of the original transaction (before the Promotion discount). discount_amount optional number Amount of discount applicable for a specific Promotion (includes decimal). MaximumNone Minimum0 discount_percent optional number Percentage discount applicable for a specific Promotion (includes decimal). Maximum100 Minimum0 final_amount required number The final amount, after the Promotion discount has been applied. You should use this sum to charge the card. currency required string The currency which payment will be made in. min_original_amount optional number Minimum of the original amount for a certain promo to be applicable or calculated. max_discount_amount optional number Maximum of the discount amount that will be applied for a certain promo.
installments optional	array	Define the available installment option. installments details child parameters Key Value count required numberTogether with the "interval" parameter, this defines your installment tenor count. interval required string Together with the "count" parameter, this defines your installment tenor period. acquirer required stringThe bank corresponding to the card BIN, which offers the installments. currency required string The currency which payment will be made in. minimum_amount required numberThe minimum amount necessary for a card Charge to be paid via installments. A Charge with amount below this minimum cannot be paid via installments. May differ across banks, and may not always apply. maximum_amount optional numberWill be returned if the Installment plan limits the transaction amount for payments using Installments. If the transaction you have created exceeds this amount, an error may be returned. code optional stringWill be returned if the issuing bank returns an installment code to identify or categorize the available installments. description optional stringWill be returned if the bank returns a description of the Installment plan. interest_free_duration optional numberDescribes the number of months that interest will not be charged for the installments, if available. Should be returned to the customer on the frontend client. Only returned if provided by the bank. installment_amount optional numberThe amount that the cardholder needs to pay for each installment. Takes the total transaction amount and divides it over the installment_count.
reward optional	object	If Rewards are available for the card, this object will be returned. reward details child parameters Key Value balance required numberThe balance of rewards available to be used for this card.

Create Promotion

A great way to attract more customers is to offer discounts based on the type of card that they use. Issuing banks often collaborate with merchants to provide discounts to users if they choose to use their cards. An important feature in the payment flow is the ability to check if the card number entered by a user is issued by a specific bank.

Xendit's Promotion APIs fully support such promotions. They allow you to create a Promotion and select a range of credit card Bank Identification Numbers (BINs) to whitelist (BINs are the first 6 digits of a card, e.g. 480012). During the card payment process, send us a request to GET a Promotion Calculation. If an applicable Promotion for the type of card exists, Xendit automatically applies the promotion discount rate and returns you the information so you can charge the discounted amount.

Definition: Create Promotion

POST https://api.xendit.co/promotions

Example Create Promotion Request

curl -X POST \
  https://api.xendit.co/promotions
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \
  -d {
      "reference_id": "BRI_20_JAN",
      "description": "20% discount applied for all BRI cards",
      "bin_list": [
          "400000",
          "460000"
      ],
      "discount_percent": 20,
      "channel_code": "BRI",
      "currency": "IDR",
      "min_original_amount": 25000,
      "max_discount_amount": 5000
    }

from xendit import Xendit

api_key = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="
xendit_instance = Xendit(api_key=api_key)
CreditCard = xendit_instance.CreditCard

promotion = CreditCard.create_promotion(
    reference_id="BRI_20_JAN-1594176600",
    description="20% discount applied for all BRI cards",
    discount_amount=10000,
    bin_list=['400000', '460000'],
    start_time="2020-01-01T00:00:00.000Z",
    end_time="2021-01-01T00:00:00.000Z",
    min_original_amount=25000,
    max_discount_amount=5000
)
print(promotion)

Example Create Promotion Response

{
    "id": "36ab1517-208a-4f22-b155-96fb101cb378",
    "business_id": "5e61664b3dba955c203d232e",
    "reference_id": "BRI_20_JAN",
    "description": "20% discount applied for all BRI cards",
    "start_time": "2020-01-01 00:00:00.000Z",
    "end_time": "2020-01-01 00:00:00.000Z",
    "status": "ACTIVE",
    "bin_list": [
      "400000",
      "460000"
    ],
    "discount_percent": 20,
    "channel_code": "BRI",
    "currency": "IDR",
    "min_original_amount": 25000,
    "max_discount_amount": 5000
}

Request Parameters

Body Parameter	Type	Description
reference_id required	string	Unique reference, such as an ID or name, you wish to assign to the created Promotion. Charactersa-z, A-Z, 0-9; accepted symbols all special characters are allowed
description required	text	The description of the Promotion. This will later be returned in the Get Promotions Calculation response, and you can expose it to the user on your user interface.
promo_code optional	string	Promo code which can be used by an end user to activate the promo. Include this if you want your Promotion to be activated by the end user entering a code. A Promotion can be created with both the promo_code and bin_list or channel_code, if you want only certain cards to be able to use the promo code. Charactersa-z, A-Z, 0-9; accepted symbols all special characters are allowed
bin_list optional	array of strings	The list of BINs whitelisted for a specific Promotion. Example: [ "400000", "460000" ]
channel_code optional	string	The bank whitelisted for a specific Promotion. When a specific bank is chosen, any BIN which Xendit associates with that bank will be eligible for the Promotion.
discount_percent optional	number	Percentage discount applicable for a specific Promotion. e.g. you want the Promotion to be a 20% discount. Either discount_percent or discount_amount is required. CharactersNumbers (includes decimals) Maximum 100 Minimum0
discount_amount optional	number	Amount of discount applicable for a specific Promotion. e.g. you want the Promotion to be a 50000 IDR discount. Either discount_percent or discount_amount is required. CharactersNumbers (includes decimals) Maximum none Minimum0
currency required default: IDR	string	Currency which you want to process the transaction in. Use a three-letter ISO currency code. For banks with branches in more than one country, a Promotion will only apply to cards based on the currency. e.g. if currency is IDR and channel_code is DBS, then the Promotion will apply only to BINs issued by DBS Indonesia.
start_time required	ISO	All created Promotions will start immediately by default. If you want a Promotion to start later, use this field to enter the start date of the promotion. Promo end date must be a date in the future.
end_time required	ISO	Date which the Promotion will end. Promo end date must be a date in the future.
min_original_amount optional	number	Minimum of the original amount for a certain promo to be applicable or calculated.
max_discount_amount optional	number	Maximum of the discount amount that will be applied for a certain promo.

Response Parameters

Promotion Object

Parameter	Type	Description
id	string	Unique ID of the created Promotion (generated by Xendit).
business_id	string	ID of your account with Xendit, used to identify you as a unique merchant.
status	string	Status of the Promotion. See Promotion Statuses
reference_id	string	Unique reference, such as an ID or name, you wish to assign to the created Promotion. Charactersa-z, A-Z, 0-9; accepted symbols all special characters are allowed
description	text	The description of the Promotion. You can expose this to the user on your user interface to give them details about the Promotion.
promo_code	string	Promo code which can be used by an end user to activate the promo. Include this if you want your Promotion to be activated by the end user entering a code. A Promotion can be created with both the promo_code and bin_list or channel_code, if you want only certain cards to be able to use the promo code.. Charactersa-z, A-Z, 0-9; accepted symbols all special characters are allowed
bin_list	array of strings	The list of BINs whitelisted for a specific Promotion.
channel_code	string	The bank whitelisted for a specific Promotion. When a specific bank is chosen, any BIN which Xendit associates with that bank will be eligible for the Promotion. The channel code must match the channel codes here precisely.
discount_percent	number	Percentage discount applicable for a specific Promotion. CharactersNumbers (includes decimals) Maximum 100 Minimum0
discount_amount	number	Amount of discount applicable for a specific Promotion. CharactersNumbers (includes decimals) Maximum none Minimum0
currency default: IDR	string	Currency which you want to process the transaction in. Use a three-letter ISO currency code. For banks with branches in more than one country, a Promotion will only apply to cards based on the currency. e.g. if currency is IDR and channel_code is DBS, then the Promotion will apply only to BINs issued by DBS Indonesia.
start_time	ISO	All created Promotions will start immediately by default. If you want a Promotion to start later, use this field to enter the start date of the promotion. Promo end date must be a date in the future.
end_time	ISO	Date which the Promotion will end. Promo end date must be a date in the future.
min_original_amount	number	Minimum of the original amount for a certain promo to be applicable or calculated.
max_discount_amount	number	Maximum of the discount amount that will be applied for a certain promo.

Promotion Statuses

Status	Description
ACTIVE	Promotion is active and eligible
INACTIVE	Promotion is still valid but inactive due to not yet started
EXPIRED	Promotion is already passed the end_time
PAUSED	Promotion is paused in the middle of the period based on user's request

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
INVALID_JSON_FORMAT 400	The request body is not valid JSON.
REQUEST_FORBIDDEN_ERROR 403	API key in use does not have the necessary permissions to perform the request. Please assign proper permissions for the key, or use a different key.
REFERENCE_IN_USE 409	This Promotion name has been used for a previous or existing Promotion. Please use a different name.
PROMO_CODE_IN_USE 409	This Promotion code has been used for a previous or existing Promotion. Please use a different code

Get Promotions

Use this API endpoint to obtain details of a created Promotion. Useful to get a quick snapshot of your available Promotions. If more than one Promotion matches a field you have entered, an array of all the relevant Promotions will be returned.

Definition: Get Promotions

GET https://api.xendit.co/promotions?reference_id={reference_id}

Example Get Promotions Request

curl -X GET \
  https://api.xendit.co/promotions?reference_id=BRI_20_JAN
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \

Example Get Promotions Response

{
    "id": "36ab1517-208a-4f22-b155-96fb101cb378",
    "business_id": "5e61664b3dba955c203d232e",
    "reference_id": "BRI_20_JAN",
    "description": "20% discount applied for all BRI cards",
    "start_time": "2020-01-01 00:00:00.000Z",
    "end_time": "2020-01-01 00:00:00.000Z",
    "status": "ACTIVE",
    "bin_list": [
        "400000",
        "460000"
    ],
    "discount_percent": 20,
    "channel_code": "BRI",
    "currency": "IDR",
    "min_original_amount": 25000,
    "max_discount_amount": 5000
}

Request Parameters

Query Parameter	Type	Description
reference_id optional	string	Enter the specific reference_id of a single Promotion.
status required	enum	Status of the Promotion. ACTIVE or INACTIVE.
bin optional	string	A specific BIN. Example: 460000
channel_code optional	string	The bank whitelisted for a specific Promotion.
currency optional default: IDR	string	Currency which you want to process the transaction in. Use a three-letter ISO currency code. currently, only IDR is accepted.

Response Parameters

The array returns details of available Promotions depending on what fields you included in your query, in the Promotion Object format. For example, if you entered the bin_list value as [ "400000" ], an array of all available Promotions which include that BIN value will be returned.

If no promotions match the query, an empty array will be returned.

Get Promotions Calculation

This endpoint is used to calculate how much discount should be applied to an amount being charged. It accepts a BIN or a promo_code, as well as the original charge amount. If the BIN or promo_code matches an available Promotion, Xendit will apply the discount to the original amount and return the discounted amount in the response. This API will only perform calculation for promotion with ACIVE status.

We've built a page for you to test sending Get Promotion Calculations requests before you integrate. Try it out here. You'll need your Public API key, which you can obtain from registering on our Dashboard and heading to the Settings page.

Definition: Get Promotions Calculation

GET https://api.xendit.co/promotions/calculate?amount={amount}&bin={bin}

Example Get Promotions Calculation Request using Bin

curl -X GET \
  https://api.xendit.co/promotions/calculate?amount=1000000&bin=460000
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \

Example Get Promotions Calculation Request using Token ID

curl -X GET \
  https://api.xendit.co/promotions/calculate?amount=1000000&token_id=598d5d0e51e0870d44c61534
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \

Get Promotions Calculation Request

Query Parameter	Type	Description
amount required	number	The amount of the original transaction (before the Promotion discount).
bin optional	string	The BIN entered by the cardholder, which you want to check if it is associated with any active Promotion.
promo_code optional	string	The promo_code entered by the cardholder, which you want to check if it is associated with any active Promotion.
currency optional default: IDR	string	Currency which you want to process the transaction in. Use a three-letter ISO currency code.
token_id optional	string	Token ID of a card, obtained during tokenization with Xendit. We will look up the token to associate it with a BIN and get the available options.

Example Get Promotions Calculation Response

{
    "original_amount": 1000000,
    "discount_percent": 20,
    "reference_id": "BRI_20_JAN",
    "final_amount": 900000,
    "currency": "IDR",
    "description": "20% discount applied for all BRI cards with maximum discount amount 100000",
    "min_original_amount": 500000,
    "max_discount_amount": 100000
}

Get Promotions Calculation Response

Parameter	Type	Description
reference_id required	string	Unique reference which you assigned to the created Promotion.
original_amount required	number	The amount of the original transaction (before the Promotion discount).
discount_percent optional	number	Percentage discount applicable for a specific Promotion. Returned if the Promotion was created using discount_percent.
discount_amount optional	number	Amount of discount applicable for a specific Promotion. Returned if the Promotion was created using discount_amount.
final_amount required	number	The final amount, after the Promotion discount has been applied. You should use this sum to charge the card.
description required	text	The description of the Promotion. Returned in the Get Promotions Calculation response so you can expose it on your user interface.
min_original_amount optional	number	Minimum of the original amount for a certain promo to be applicable or calculated.
max_discount_amount optional	number	Maximum of the discount amount that will be applied for a certain promo.

Update Promotion

Use this endpoint to update the details of an existing Promotion.

Definition: Update Promotion

PATCH https://api.xendit.co/promotions/:promotion_id

Example Update Promotion request

curl -X PATCH \
  https://api.xendit.co/promotions/36ab1517-208a-4f22-b155-96fb101cb378
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \
  -H 'content-type: application/json' \
 -d {
        "description": "20% discount applied for all BCA cards",
        "bin_list": [
          "411455",
          "422566"
        ],
        "discount_percent": 20,
        "channel_code": "BCA",
        "currency": "IDR"
    }

Example Update Promotion response

{
    "id": "36ab1517-208a-4f22-b155-96fb101cb378",
    "business_id": "5e61664b3dba955c203d232e",
    "reference_id": "BCA_20",
    "description": "20% discount applied for all BRI cards",
    "start_time": "2020-01-01 00:00:00.000Z",
    "end_time": "2020-01-01 00:00:00.000Z",
    "transaction_limit": 0,
    "is_deleted": false,
    "status": "ACTIVE",
    "bin_list": [
        "411455",
        "422566"
    ],
    "discount_percent": 20,
    "channel_code": "BCA",
    "currency": "IDR",
    "min_original_amount": 25000,
    "max_discount_amount": 5000
}

Request Parameters

Path Parameter	Type	Description
promotion_id required	string	Enter promotion id which provided by Xendit in promotion object

Not every parameter in the Promotion Object can be updated. Those that can be updated can be found below.

Body Parameter	Type	Description
description optional	text	The description of the Promotion. This will later be returned in the Get Promotions Calculation response, and you can expose it to the user on your user interface.
promo_code optional	string	Promo code which can be used by an end user to activate the promo. Include this if you want your Promotion to be activated by the end user entering a code. A Promotion can be created with both the promo_code and bin_list or channel_code, if you want only certain cards to be able to use the promo code. Charactersa-z, A-Z, 0-9; accepted symbols all special characters are allowed
bin_list optional	array of strings	The list of BINs whitelisted for a specific Promotion.
channel_code optional	string	The bank whitelisted for a specific Promotion. When a specific bank is chosen, any BIN which Xendit associates with that bank will be eligible for the Promotion. The channel code must match the channel codes here precisely.
discount_percent optional	number	Percentage discount applicable for a specific Promotion. e.g. you want the Promotion to be a 20% discount. Either discount_percent or discount_amount is required. CharactersNumbers (includes decimals) Maximum 100 Minimum0
discount_amount optional	number	Amount of discount applicable for a specific Promotion. e.g. you want the Promotion to be a 50000 IDR discount. Either discount_percent or discount_amount is required. CharactersNumbers (includes decimals) Maximum none Minimum0
currency default: IDR	string	The currency which payment will be made in. For banks with branches in more than one country, a Promotion will only apply to cards based on the currency. e.g. if currency is IDR and channel_code is DBS, then the Promotion will apply only to BINs issued by DBS Indonesia.
start_time optional	ISO	All created Promotions will start immediately by default. If you want a Promotion to start later, use this field to enter the start date of the promotion. Promo end date must be a date in the future.
end_time optional	ISO	Date which the Promotion will end. Promo end date must be a date in the future.
min_original_amount optional	number	Minimum of the original amount for a certain promo to be applicable or calculated.
max_discount_amount optional	number	Maximum of the discount amount that will be applied for a certain promo.

Response Parameters

Returns Promotion Object. The parameters which you updated via the Update Promotion request will be the new parameters.

Error Codes

Error Code	Description
API_VALIDATION_ERROR 400	Inputs are failing validation. The errors field contains details about which fields are violating validation.
INVALID_JSON_FORMAT 400	The request body is not valid JSON.
PROMOTION_NOT_FOUND_ERROR 404	Promotion not found. Please try again with valid promotion id.
PROMO_CODE_IN_USE 400	This Promotion code has been used for a previous or existing Promotion. Please use a different promo_code.
INVALID_DISCOUNT_TYPE 400	Promotion with promotion_id has [discount_amount / discount_percent] type. Please use the correct discount type
INVALID_START_TIME_UPDATE 400	Promotion with promotion_id has end time. Please try again with an updated start time that is before the end time.

Delete Promotion

Use this endpoint to delete an existing Promotion from your list of available Promotions.

Definition: Delete Promotion

DELETE https://api.xendit.co/promotions/:promotion_id

Example Delete Promotion request

curl -X DELETE \
  https://api.xendit.co/promotions/6055a96c-a870-4a2f-b61f-4015af6478cb
  -u xnd_development_OYiAfOR3gbOunJU4frcaHmLCYNLy8oQuknDm+R1r9G3S/byhDAB+gA==: \

Example Delete Promotion response

{
      "id":"6055a96c-a870-4a2f-b61f-4015af6478cb",
      "created":"2020-07-29T10:57:47.426Z",
      "business_id":"5edfb2a5d40e3040347d91fd",
      "reference_id":"Cypress-Test-Promo-Delete-1596020266435",
      "start_time":"2020-07-29T10:57:46.373Z",
      "end_time":"2020-07-30T10:57:46.373Z",
      "status":"DELETED",
      "type":"PROMO_CODE",
      "discount_amount":5000,
      "promo_code":"Cypress-Test-Promo-Delete-1596020266435",
      "currency":"IDR"
   }
}

Delete Promotion Request

Path Parameter	Type	Description
promotion_id required	string	Enter promotion id which provided by Xendit in promotion object

Delete Promotion Response

Parameter	Type	Description
id	string	Unique ID of the deleted Promotion (generated by Xendit).
is_deleted	boolean	Status of a promotion to describe that it's already deleted.

Error Codes

Error Code	Description
PROMOTION_NOT_FOUND_ERROR 404	Promotion with id not found. Please try again with valid id.

eWallets

Our eWallet API allows you to seamlessly charge and receive payments directly from top ewallets providers in SEA. With one integration, get access to all our available eWallets and upcoming eWallets integrations as well. To date, we've processed millions of eWallet transactions and support various business use cases

For full details on each API as well as help on integration, please refer to our documentation

API Version

You are currently viewing the newest version of our eWallets API. In this API version, integrate once to get access to all available eWallets and future eWallets in Xendit! This API will also be used to support tokenized payment flow and auth/capture payment flow in the near future.

Version	Changelog
2021-01-25 Latest	New simple and consistent eWallets API to support top eWallets providers in Indonesia and Philippines You can access the new API easily by calling POST /ewallets/charges

Create eWallet Charge

Endpoint: Create eWallet Charge Request

POST https://api.xendit.co/ewallets/charges

eWallet

Request Parameters

Example: Create eWallet Charge Request

curl https://api.xendit.co/ewallets/charges -X POST \
  --user xnd_development_LoReMIPman+ZPGT+ZZ9b3ooF4w3Dn+R1k+LoReMIPman: \
  --header 'content-type: application/json' \
  --data '{
    "reference_id": "order-id-123",
    "currency": "IDR",
    "amount": 25000,
    "checkout_method": "ONE_TIME_PAYMENT",
    "channel_code": "ID_SHOPEEPAY",
    "channel_properties": {
        "success_redirect_url": "https://redirect.me/payment"
        },
    "metadata": {
        "branch_area": "PLUIT",
        "branch_city": "JAKARTA"
        }
    }' \

try {
    Xendit.apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";

    Map<String, String> channelProperties = new HashMap<>();
    channelProperties.put("success_redirect_url", "https://dashboard.xendit.co/register/1");
    Map<String, String> metadata = new HashMap<>();
    metadata.put("branch_code", "tree_branch");

    Map<String, Object> params = new HashMap<>();
    params.put("reference_id", "test-reference-id");
    params.put("currency", "IDR");
    params.put("amount", 1000);
    params.put("checkout_method", "ONE_TIME_PAYMENT");
    params.put("channel_code", "ID_SHOPEEPAY");
    params.put("channel_properties", channelProperties);
    params.put("metadata", metadata);

    EWalletCharge charge = EWalletCharge.createEWalletCharge(params);
} catch (XenditException e) {
    e.printStackTrace();
}

<?php

use Xendit\Xendit;
require 'vendor/autoload.php';

Xendit::setApiKey('xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==');

$params = [
    'reference_id' => 'test-reference-id',
    'currency' => 'IDR',
    'amount' => 1000,
    'checkout_method' => 'ONE_TIME_PAYMENT',
    'channel_code' => 'ID_SHOPEEPAY',
    'channel_properties' => [
        'success_redirect_url' => 'https://dashboard.xendit.co/register/1',
    ],
    'metadata' => [
        'branch_code' => 'tree_branch'
    ]
];

$createEWalletCharge = \Xendit\EWallets::createEWalletCharge($ewalletChargeParams);
var_dump($createEWalletCharge);

?>

from xendit import EWallet

ewallet_charge = EWallet.create_ewallet_charge(
    reference_id="test-reference-id",
    currency="IDR",
    amount=1000,
    checkout_method="ONE_TIME_PAYMENT",
    channel_code="ID_SHOPEEPAY",
    channel_properties={
        "success_redirect_url": "https://dashboard.xendit.co/register/1",
    },
    metadata={
        "branch_code": "tree_branch",
    },
)

xendit.Opt.SecretKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw=="

data := ewallet.CreateEWalletChargeParams{
    ReferenceID:    "test-reference-id",
    Currency:       "IDR",
    Amount:         1000,
    CheckoutMethod: "ONE_TIME_PAYMENT",
    ChannelCode:    "ID_SHOPEEPAY",
    ChannelProperties: map[string]string{
        "success_redirect_url": "https://dashboard.xendit.co/register/1",
    },
    Metadata: map[string]interface{}{
        "branch_code": "tree_branch",
    },
}

charge, chargeErr := ewallet.CreateEWalletCharge(&data)
if chargeErr != nil {
    log.Fatal(chargeErr)
}

fmt.Printf("created e-wallet charge: %+v\n", charge)

const x = new require("xendit-node")({
  secretKey:
    "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==",
});

const { EWallet } = x;
const ewalletSpecificOptions = {};
const ew = new EWallet(ewalletSpecificOptions);

const resp = await ew.createEWalletCharge({
  referenceID: 'test-reference-id',
  currency: 'IDR',
  amount: 1000,
  checkoutMethod: 'ONE_TIME_PAYMENT',
  channelCode: 'ID_SHOPEEPAY',
  channelProperties: {
    successRedirectURL: 'https://dashboard.xendit.co/register/1',
  },
  metadata: {
    branch_code: 'tree_branch'
  }
});
console.log(resp);

string apiKey = "xnd_development_P4qDfOss0OCpl8RtKrROHjaQYNCk9dN5lSfk+R1l9Wbe+rSiCwZ3jw==";

XenditClient xendit = new XenditClient(apiKey);
EWalletChargeClient eWalletCharge = xendit.EWalletCharge;

EWalletChargeParameter parameter = new EWalletChargeParameter
{
  ReferenceId = "demo-reference-id",
  Currency = Currency.IDR,
  Amount = 1000,
  CheckoutMethod = EWalletEnum.CheckoutMethod.OneTimePayment,
  ChannelCode = EWalletEnum.ChannelCode.IdOvo,
  ChannelProperties = new EWalletChargeProperties
  {
    MobileNumber = "+628123123123",
  },
};

EWalletChargeResponse eWalletChargeResponse = await eWalletCharge.Create(parameter);

Header Parameter	Type	Description
for-user-id optional	string	The sub-account user-id that you want to make this transaction for. This header is only used if you have access to xenPlatform. See xenPlatform for more information
with-fee-rule optional	string	Fee Rule ID that you would like to apply to this eWallet payment Please note: If you include this parameter, we will return the fee_rule_id in the header of the API response. If for-user-id header is not present, Fee Rule will still be routed from master account to the specified destination account

This header is only used if you have access to xenPlatform. See xenPlatform for more information

Body Parameter	Type	Description
reference_id required	string	Reference ID provided by merchant (255 characters)
currency required	string	Currency used for the transaction in ISO4217 format - IDR, PHP
amount required	number	Transaction amount to be paid Min - 1,000 for ID_JENIUSPAY and 100 IDR for all other eWallets or 1 PHP Max - based on eWallet holding limit
checkout_method required	string	Checkout method determines the payment flow used to process the transaction ONE_TIME_PAYMENT is used for single guest checkouts TOKENIZED_PAYMENT can be used for recurring payment
channel_code required if checkout_method = ONE_TIME_PAYMENT, optional if checkout_method = TOKENIZED_PAYMENT	string	Channel Code specifies which eWallet will be used to process the transaction - ID_OVO, ID_DANA, ID_LINKAJA, ID_SHOPEEPAY, ID_ASTRAPAY, ID_JENIUSPAY, ID_SAKUKU, PH_PAYMAYA, PH_GCASH, PH_GRABPAY, PH_SHOPEEPAY
channel_properties required based on checkout_method and channel_code pairing	object	Channel specific information required for the transaction to be initiated OVO - one time payment required fields Key Value mobile_number required string Mobile number of customer in E.164 format (e.g. +628123123123) JENIUS PAY required fields Key Value cashtag required string Unique identifier for each Jenius account, similar to username. Always start with the “$” sign. 3-15 characters excluding the “$” sign. Alphanumeric and the “_" sign OVO - tokenized payment required fields Key Value success_redirect_url required string URL where the end-customer is redirected if the authorization is successful failure_redirect_url required string URL where the end-customer is redirected if the authorization has failed redeem_points optional enum, default = "REDEEM_NONE" "REDEEM_NONE" - no points will be used or "REDEEM_ALL" - points will be used to offset payment amount before cash balance is used. REDEEM_ALL can only be used when approved by OVO for promotions. DANA, LINKAJA - one time payment, SHOPEEPAY (ID & PH) - one time payment, SAKUKU required fields Key Value success_redirect_url required string URL where the end-customer is redirected if the authorization is successful SHOPEEPAY (ID & PH) - tokenized payment required fields Key Value success_redirect_url required string URL where the end-customer is redirected if the authorization is successful redeem_points optional enum, default = "REDEEM_NONE" "REDEEM_NONE" - no points will be used or "REDEEM_ALL" - points will be used to offset payment amount before cash balance is used. Only 50% of transaction amount (rounded down) can paid using SHOPEEPAY coins. Not applicable for PH_SHOPEEPAY currently. GCASH, GRABPAY, ASTRAPAY, LINKAJA - tokenized payment required fields Key Value success_redirect_url required string URL where the end-customer is redirected if the authorization is successful failure_redirect_url required string URL where the end-customer is redirected if the authorization has failed MAYA (PAYMAYA) required fields Key Value success_redirect_url required string URL where the end-customer is redirected if the authorization is successful failure_redirect_url required string URL where the end-customer is redirected if the authorization has failed cancel_redirect_url required string URL where the end-customer is redirected if the authorization has been cancelled. End-customer can retry payment on the same link within 15 minutes.
payment_method_id required if checkout_method = TOKENIZED_PAYMENT, optional if checkout_method = ONE_TIME_PAYMENT	string	ID of the payment method. Payment method is being used for tokenized payment to abstract your customer's ewallet as payment method
customer_id optional	string	ID of the customer object to which the payment method will be linked to. Use Create Customer API to create your customer
basket optional	array	Array of objects describing the item(s) purchased Object parameters details Key Value reference_id required string Merchant's identifer for specific product <= 255 characters name required string Name of product category required string Merchant category for item - e.g. Electronics currency required string Currency used for the transaction in ISO4217 format - IDR, PHP price required number Price per unit in basket currency quantity required number Number of units of this item in the basket type required string Type of product - PRODUCT or SERVICE url optional string URL to e-commerce page of the item description optional string Description of product sub_category optional string Merchant sub-category for item - e.g. Mobile Phone metadata optional object Object of additional information the user may use. Users define the JSON properties and values. You can specify up to 50 keys, with key names up to 40 characters long and values up to 500 characters long. This will only be used by the user and not Xendit.
metadata optional	object	Object of additional information the user may use. Users define the JSON properties and values. You can specify up to 50 keys, with key names up to 40 characters long and values up to 500 characters long. This will only be used by the user and not Xendit.

Response Parameters

Example: Create eWallet Charge Request API Success Response

{
  "id": "ewc_bb8c3po-c3po-r2d2-c3po-r2d2c3por2d2",
  "business_id": "5f218745736e619164dc8608",
  "reference_id": "test-reference-id",
  "status": "PENDING",
  "currency": "IDR",
  "charge_amount": 1000,
  "capture_amount": 1000,
  "refunded_amount": null,
  "checkout_method": "ONE_TIME_PAYMENT",
  "channel_code": "ID_SHOPEEPAY",
  "channel_properties": {
    "success_redirect_url": "https://dashboard.xendit.co/register/1"
  },
  "actions": {
    "desktop_web_checkout_url": null,
    "mobile_web_checkout_url": null,
    "mobile_deeplink_checkout_url": "https://deeplinkcheckout.this/",
    "qr_checkout_string": "ID123XenditQRTest321DI"
  },
  "is_redirect_required": true,
  "callback_url": "https://calling-back.com/xendit/shopeepay",
  "created": "2017-07-21T17:32:28Z",
  "updated": "2017-07-21T17:32:28Z",
  "void_status": null,
  "voided_at": null,
  "capture_now": true,
  "customer_id": null,
  "payment_method_id": null,
  "failure_code": null,
  "basket": null,
  "metadata": {
    "branch_code": "tree_branch"
  }
}

Body Parameter	Type	Description
id required	string	Unique identifier for charge request transaction. It will always have the prefix of 'ewc_', followed by a UUIDv4
business_id required	string	Business ID of the merchant
reference_id required	string	Reference ID provided by merchant
status required	string	Status of charge request Key Value SUCCEEDED Payment transaction for specified charge_id is successfully PENDING Payment transaction for specified charge_id is awaiting payment attempt by end user FAILED Payment transaction for specified charge_id has failed, check failure codes for reasons VOIDED Payment transaction for specified charge_id has been voided REFUNDED Payment transaction for specified charge_id has been either partially or fully refunded
currency required	string	Currency used for the transaction in ISO4217 format - IDR, PHP
charge_amount required	number	Requested charge amount from merchant
capture_amount optional	number	Requested capture amount from merchant. At the moment, capture_amount will always be the same as charge_amount
refunded_amount optional	number	Total amount refunded by merchant to end user
checkout_method required	string	Checkout method determines the payment flow used to process the transaction ONE_TIME_PAYMENT is used for single guest checkouts
channel_code required	string	Channel Code specifies which eWallet will be used to process the transaction - ID_OVO, ID_DANA, ID_LINKAJA, ID_SHOPEEPAY, ID_ASTRAPAY, ID_JENIUSPAY, ID_SAKUKU, PH_PAYMAYA, PH_GCASH, PH_GRABPAY, PH_SHOPEEPAY
channel_properties optional	object	Channel specific information required for the transaction to be initiated OVO - one time payment required fields Key Value mobile_number required string Mobile number of customer in E.164 format (e.g. +628123123123) JENIUS PAY required fields Key Value