PandaPay API Documentation

We provide a payment API for Merchants where Users pay with their Internet Banking credentials.
API Endpoint

https://api.{domain}.com

PandaPay API v1.3

This API is organized around REST,
it is designed to have predictable, resource-oriented URLs and to use HTTP
response codes to indicate API errors.

We use built-in HTTP features, like HTTP authentication and HTTP verbs, which can be understood by off-the-shelf
HTTP clients, and we support cross-origin resource sharing to allow you to interact securely with our API from a
client-side web application (though you should remember that you should never expose your secret API key in any
public website’s client-side code).

JSON will be returned in all responses from the API, including errors.

Authentication
You authenticate to this API by providing your Contract Name and API key in the request.

Authorization: {Contract}{Space}{APIKey} (Example: ABCTEST XXXXXXXX)

Error List
Status
Name Description
Code

Success
NO_ERROR 0
Request

Element Not
ERR_ELEMENT_NOT_FOUND 504
Found

Invalid
ERR_INVALID_CREDENTIALS 401
Credentials

Widget
ERR_WIDGET_TIMEOUT 402
Timeout

Expired
ERR_EXPIRED_TX 403
Transaction

Insufficient
ERR_INSUFFICIENT_FUNDS 404
Funds

Reached Max
ERR_REACHED_MAX_TRIALS 405
Trials

Transaction
ERR_STEP_FAILED 406
Step Failed

ERR_INVALID_OTP 407 Invalid OTP

Widget closed
ERR_WIDGET_CLOSED 408 during
Transaction

Already
ERR_ALREADY_PROCESSING 409
Processing

Reached max
daily volume
ERR_REACHED_MAX_DAILY_VOL 410
allowed by the
bank

No phone
number
ERR_MISSING_OTP_PHONE 411
registered with
Bank for OTP

Unsupported
ERR_UNSUPPORTED_AUTH 412 Authentication
Method

Incompatible
ERR_INCOMPATIBLE_ACCOUNT 311 Receiver
Account

Insufficient
ERR_INSUFFICIENT_BALANCE 310 Merchant
Balance

Forbidden
ERR_FORBIDDEN 309
Action

Invalid
ERR_INVALID_PARAM 308
Parameter

Unauthorized
ERR_UNAUTHORIZED_DOMAIN 307
Domain

Duplicate
ERR_DUPLICATE_ID 306
Identifier

Insufficient
ERR_INSUFFICIENT_PERMISSIONS 305 API Key
Permissions

Resource Not
ERR_RESOURCE_NOT_FOUND 304
Found

ERR_INVALID_TOKEN 303 Invalid Token

Invalid Secret
ERR_INVALID_SECRETKEY 302
Key

Unauthorized
ERR_UNAUTHORIZED_IP 301
IP Address

Bank Account
ERR_BANK_ACCOUNT_LOCKED 204
Locked

Payment
Gateway
ERR_PG_MAINTENANCE 205
under
Maintenance

Bank under
ERR_BANK_MAINTENANCE 203
Maintenance

ERR_BANK_DOWN 201 Bank Down

Can Not Start

ERR_CANT_SPAWN_CONTAINER 106
Robot

Transaction
ERR_FAILED_JOB 102
Job Failed

Server
ERR_SERVER_OVERLOAD 101
Overload

Invalid Min
ERR_MIN_DEPOSIT 701 Deposit
Amount

Invalid Max
ERR_MAX_DEPOSIT 702 Deposit
Amount

Invalid
Request
ERR_AMOUNT_CANT_ZERO 703
Transaction
Amount

Invalid Bank
ERR_BANK_CODE 704
Code

Invalid Min
ERR_MIN_WITHDRAW 705 Withdraw
Amount

Invalid Max
ERR_MAX_WITHDRAW 706 Withdraw
Amount

No Bank
NO_BANK_ACC_SETTLEMENT 707 Account for
Settlement

Transaction Status List

Name Code

Initiated 1

Processing 2

Complete 8

Rejected -1

Error -2

Pending -3

Withdraw Status List

Name Code

Requested 0

Authorized 1

Processing 2

Complete 8

Rejected -1

Error -2

Canceled -9

Transaction
This is the API for initiating a transaction, and checking the status

QRDEPOSIT
Initiate a transaction.

The field ‘remark’ is optional.

The field ‘http_post_url’,‘return_url’,‘failed_return_url’ is Optional, if blank will get the default.

POST /Api/QRDeposit QRDeposit POST 

https://api.{domain}.com/Api/QRDeposit

Content-Type : application/json

BODY { "depositer" : "USER123", "amount" : 100, "tran_id" : "56", "remark" : 123 }

URI Parameters

http_post_url string (TEXT)  (optional) Example: http://{domain}.com/postback Requests example 1

a URL on the merchant’s website where we will automatically POST the transaction
status, default get from backend setting Headers
return_url string (VARCHAR(255))  (optional) Example: http://{domain}.com/success
the URL of the page where you want the client to be redirected after a successful Authorization: YOURGAMING 02amavhyivrab144rp4zphok
transaction

failed_return_url string (VARCHAR(255))  (optional) Example: http://{domain}.com/fail

status 0 701 308
the URL of the page where you want the client to be redirected after a failed
transaction
Reponse & Body
depositer string (VARCHAR(50))  (required) Example: lionking
The depositer username
Content-Type: application/json
amount Integer  (required) Example: 500
Amount to debit from the client’s bank account

tran_id string (VARCHAR(100))  (required) Example: inv-3422 Body

merchant provided transaction identifier, cannot be duplicated {
"status": 0,
"status_message": "NO_ERROR",
"tran_id": "inv-3422",
"pg_tran_id": "D0000000001",
remark string (VARCHAR(255))  (required) Example: top up for account #1234 "token": 1ae3ebc1-41ab-4a4e-9ef2-0a34ec05a039,
"amount": 45.99,
"total_fees": 1.15,
merchant provided description of the transaction "currency": "INR",
"redirect_to": "https://api.{domain}.com/Api/StartWidget/1ae3ebc1-41ab-
4a4e-9ef2-0a34ec05a039"
}

DEPOSITSTATUS
Get Transaction processing status

GET /Api/DepositStatus{?token} DepositStatus GET https://api.{domain}.com/Api/DepositStatus{token=1ae3ebc1-41ab-4a4e-9ef2-0a34ec05

a039}

URI Parameters Requests example 1

token string  (required) Example: 1ae3ebc1-41ab-4a4e-9ef2-0a34ec05a039 Headers

the unique token given in transaction response

Authorization: YOURGAMING 02amavhyivrab144rp4zphok

Responses 0 401 404

Response & Body

Content-Type: application/json

Body

{
"contract": "YOURGAMING",
"status": 404,
"status_message": "ERR_INSUFFICIENT_FUNDS",
"tran_status": 1,
"tran_message": "Pending",
"tran_id": "inv-3422",
"pg_tran_id": "D0000000001",
"token": "1ae3ebc1-41ab-4a4e-9ef2-0a34ec05a039",
"amount": "45.99",
"total_fees": 1.15,
"currency": "INR",
"remark": "Topup for account #123456",
"decline_reason": "bank account
insufficient balance",
"from_bank_code": KOTAK,
"from_bank_account": 157175154086,
"created_at": "2020-01-26 14:51:55"
}

CALLBACK
Automatic callback to Merchant’s provided endpoint (http_post_url) with transaction status.

Our servers will make an HTTP POST request to the http_post_url provided by the merchant during a transaction

POST
HTTP_POST_URL Callback POST 
HTTP_POST_URL

Content-Type : application/json

BODY {"contract":"ABCTEST","token":"111dca20-b140-4051-96fb-2f733123d54","tran_id":"W202
URI Parameters 201234512TLVST","payout_tran_id":"D0000000001","status":0,"status_message":"NO_ERROR","p
ayout_status":"0","payout_message":"Error","decline_reason":"","remark":"nn","amount":"90","total_f
contract string (VARCHAR(50))  (required) Example: YOURGAMING ees":"3.8000","currency":"INR","to_bank_code":"FEDERAL","to_bank_account":"5020000000007
a unique identifier for the contract involved 0","created_at":"9/14/2022 3:59:41 PM","payment_date":"9/14/2022 3:59:41 PM","signature":"fcd
0d587000053baccebe72a3fe6630b99af8672d3b4eed2a7a0000000000000"}

token string (VARCHAR(100))  (required) Example: 123456789-789456123..

a unique identier for the payment gateway transaction involved Please response with plain text OK
tran_id string (VARCHAR(100))  (required) Example: inv-3422
merchant provided transaction identifier Responses 200

pg_tran_id string (VARCHAR(11))  (required) Example: D0000000001

SecurePayment provided transaction identifier This response has no content.

status int (MediumInt(4))  (required) Example: 404

Refer Error List

status_message string (VARCHAR(100))  (required) Example: 1

[“ERR_INSUFFICIENT_FUNDS”, “ERR_WIDGET_TIMEOUT”]

tran_status int (TinyInt(1))  (required) Example: 3

Refer Transaction Status List

tran_message string (Varchar(20))  (required) Example: 1

[“Initiated”, “Pending”, “Complete”, “Fail”]

decline_reason string (Varchar(500))  (optional) Example: widget timeout

[“widget time out”, “reached max login trials”, “bank in maintenance”, “…”]

remark string (Varchar(255))  (required) Example: top up for account #1234

merchant provided description of the transaction

amount float  (required) Example: 45.99

Amount to debit from the client’s bank account

total_fees float  (required) Example: 1.15

Total Processing fees

currency string (Varchar(5))  (required) Example: INR

the transaction’s currency

depositer string (Varchar(50))  (required) Example: Jon Doe

the client’s display name

from_bank_code string (Varchar(10))  (optional) Example: KOTAK

the name code of the transfer’s originating bank

from_bank_account string (Varchar(128))  (optional) Example: 112233445566

the bank account number where the funds were transfered

bank_reference string (Varchar(100))  (optional) Example: 56c7e1f.....

bank transaction success reference number

signature string (Varchar(500))  (required) Example: 653472

hash_hmac() with sha256 of token+tran_id+from_bank_code+amount signed with
your API Key

created_at Y-m-d H:i:s Timezone  (required) Example: 2017-01-01 16:38:28 Asia\Singapore

creation date at the timezone of the API key’s owner

updated_at Y-m-d H:i:s Timezone  (required) Example: 2017-01-01 16:39:12 Asia\Singapore

last update at the timezone of the API key’s owner

reference string (Varchar(100))  (optional) Example: System Down

payment gateway message

Withdraw
This is the API for initiating a Withdraw, and checking the status

WITHDRAW
Initiate a payout.

The field ‘remark’ is optional.

The field ‘http_post_url’ is Optional, if blank will get the default.

The field ‘to_bank_code’ is "HDFC","IDFC","SBI","FEDERAL",'BARODA','KVB','AXIS','KOTAK','IDBI','YES',"TEST".

The field ‘to_bank_code’ "TEST" purpose for staging use which come with test contract only. The others bank code
for real contract use only.

POST /Api/Withdraw Withdraw POST 

https://api.{domain}.com/Api/Withdraw

Content-Type : application/json

BODY { "to_bank_code" : "KOTAK", "amount" : 100, "to_bank_account" : "11111111", "to_account_

URI Parameters name" : "AccountName", "ifsc_code" : "11111111", "tran_id" : "14", "remark" : "W"}

http_post_url string (TEXT)  (optional) Example: http://{domain}.com/postback

a URL on the merchant’s website where we will automatically POST the transaction Requests example 1
status, default get from backend setting

amount float  (required) Example: 45.99 Headers

Amount to credit to the client’s bank account
Authorization: YOURGAMING 02amavhyivrab144rp4zphok
to_bank_code string (Varchar(10))  (required) Example: KOTAK
the bank code

to_bank_account string (Varchar(128))  (required) Example: 1122334455 Responses 0 705 706

Bank account number of your client

to_account_name string (Varchar(128))  (required) Example: Thomas Response & Body

Bank account number of your client
Content-Type: application/json
ifsc_code string (Varchar(50))  (required) Example: 1122334455
Bank IFSC Code of your client, require for add beneficiary

tran_id string (Varchar(100))  (required) Example: inv-3422 Body

merchant provided payout identifier
{
"status": 0,
"status_message": "NO_ERROR",
"tran_id": inv-3422,
"payout_tran_id":
remark string (Varchar(255))  (required) Example: top up for account #1234
C00000000013422,
"token": f0375599-b077-47aa-b39a-6267a8bca571,
"remark": "payout for
merchant provided description for the payout player PokerGod666",
"amount": 50,
"total_fees": 1.15,
"currency": "INR",
"to_bank_code":
"KOTAK",
"to_bank_account": "123455778980",
"ifsc_code": "123455778980",
"phone_number":
"123455778980"
}

WITHDRAWSTATUS
Get a withdraw’s status

GET /Api/WithdrawStatus{token} WithdrawStatus GET 

https://api.{domain}.com/Api/WithdrawStatus?token=
f0375599-b077-47aa-b39a-6267a
8bca571

URI Parameters Requests example 1

token string  (required) Example: f0375599-b077-47aa-b39a-6267a8bca571 Headers

the unique token given in the withdraw response

Authorization: YOURGAMING 02amavhyivrab144rp4zphok

Responses 0 303 203 705

Response & Body

Content-Type: application/json

Body

{
"contract": "YOURGAMING",
"status": 0,
"status_message": "NO_ERROR",
"payout_status": 1,
"payout_message": "Pending",
"tran_id": "inv-3422",
"payout_tran_id": "C0000000001",
"token":
"f0375599-b077-47aa-b39a-6267a8bca571",
"amount": "40554.00",
"total_fees": 6084.6,
"remark": "Topup for account #123456",
"decline_reason": ,
"currency": "INR",
"to_bank_code":
"KOTAK",
"to_bank_account": "0011223344556677",
"ifsc_code": "0011223344556677",
"phone_number": "0011223344556677",
"created_at": "2019-09-26 01:25:55",
"payment_date":
"2019-09-26 02:32:02"
}

CALLBACK
Automatic callback to Merchant’s provided endpoint (http_post_url) with withdraw status.

Our servers will make an HTTP POST request to the http_post_url provided by the merchant during a withdraw
request

POST Callback POST 

HTTP_POST_URL/

{
contract=
YOURGAMING&
tran_id=
inv-3422&
payout_tran_id=
C0000000001&
status=
411&
HTTP_POST_URL/{contract,tran_id,payout_tran_id,status,status_message,payout_status,p
status_message=
ERR_MISSING_OTP_PHONE&
payout_status=
3&
payout_message=
Fail&
re
ayout_message,decline_reason,remark,amount,total_fees,currency,to_bank_code,to_bank_
mark=
top up for account #1234&
amount=45.99&
total_fees=
4.22&
currency=
INR&
to_bank_
account,created_at,payment_date,signature}
code=
KOTAK&
to_bank_account=
111222333&
created_at=
2017-01-01 16:41:21&
payment_d
ate=
2017-01-01 16:48:22&
signature=
56c7e1f...}

URI Parameters Hide

Please response with plain text OK

contract string (Varchar(50))  (required) Example: ABC123

a unique identifier for the contract involved Responses 200

token string (Varchar(100))  (required) Example: 123456789-789456123.....

This response has no content.
a unique identifi er for the transaction involved

tran_id string (Varchar(100))  (required) Example: inv-3422

merchant provided transaction identifier

payout_tran_id string Varchar(11)  (required) Example: W0000000001

SecurePayment provided transaction identifier

status integer (MediumInt(4))  (required) Example: 404

Refer Error List

status_message string (Varchar(100))  (required) 

[“ERR_INSUFFICIENT_FUNDS”, “ERR_WIDGET_TIMEOUT”]

payout_status integer (TinyInt(1))  (required) Example: 3

Refer Transaction Status List

payout_message string (Varchar(20))  (required) 

[“Initiated”, “Pending”, “Complete”, “Fail”]

decline_reason string (Varchar(500))  (optional) Example: widget timeout

[“widget time out”, “reached max login trials”, “bank in maintenance”, “…”]

remark string (Varchar(255))  (required) Example: top up for account #1234

merchant provided description of the transaction

amount float  (required) Example: 45.99

Amount to credit to the client’s bank account

total_fees float  (required) Example: 4.22

Total Processing fees

currency string (Varchar(5))  (required) Example: INR

currency

to_bank_code string (Varchar(10))  (required) Example: BARODA

the bank code (as provided in the backofice)

to_bank_account string (Varchar(128))  (required) Example: 1122334455

Bank account number of your client

to_account_name string (Varchar(128))  (required) Example: Thomas

Bank account number of your client

ifsc_code string (Varchar(50))  (required) Example: 1122334455

IFSC code of your client

phone_number string (Varchar(50))  (optional) Example: 1122334455

phone number of your client

signature string (Varchar(500))  (required) Example: 56c7e1f...

hash_hmac() with sha256 of tran_id+amount+currency+payout_status+created_at
signed with your API Key

created_at Y-m-d H:i:s P  (required) Example: 2017-01-01 16:41:21

creation date

payment_date Y-m-d H:i:s P  (required) Example: 2017-01-01 16:48:22

payment date

Report
This API is for getting reports on balance and merchant volumes.

BALANCE
Get the balance of the contract associated with the API Key in use.

GET /Api/GetBalance Balance GET https://api.{domain}.com/Api/GetBalance

Requests example 1

Headers

Authorization: YOURGAMING 02amavhyivrab144rp4zphok

Responses 200

Response & Body

Content-Type: application/json

Body

{
"contract": "YOURGAMING",
"status": 0,
"status_message": "NO_ERROR",
"currency": "MYR",
"balance": 12842.34
}

Misc
This API is for getting others.

GETBANK
Get the list of Bank Code which available to use.

GET /Api/GetBank GetBank GET https://api.{domain}.com/Api/GetBank

Requests example 1

Headers

Authorization: YOURGAMING 02amavhyivrab144rp4zphok

Responses 200

Headers

Content-Type: application/json

Body

{
"contract": "YOURGAMING",
"status": 0,
"status_message": "NO_ERROR",
"BankList":
[{\"Code\":\"FEDERAL\",\"Name\":\"Federal Bank\"},{\"Code\":\"IDFC\",\"Name\":\"Idfc Bank\"},
{\"Code\":\"KOTAK\",\"Name\":\"Kotak Bank\"},{\"Code\":\"BARODA\",\"Name\":\"Bank Of
Baroda\"},{\"Code\":\"KVB\",\"Name\":\"Karur Vysya Bank\"},{\"Code\":\"IDBI\",\"Name\":\"Idbi
Bank\"},{\"Code\":\"SBI\",\"Name\":\"State Bank Of India\"}]}