API Documentation for Fundout
Chapter 1 Overview
This document is the Payment Gateway Interface Specification for Quomo payment System.
It describes the interface details between online merchant and Quomo payment gateway. Interested Reader of this document would be developers and testers of Merchant System.
HTTP protocol and JSON format are adopted for data interaction between merchant and Quomo payment gateway. Details of API specification shall be shown as below
Chapter 2 Digital Signature
To ensure the integrity and authenticity of request parameter transmitted to Quomo payment gateway, RSA algorithm are adopted to sign the plaintext of the request message and the signed data will be set as a field of request message for verification purpose of Quomo payment gateway. RSA private key to sign request message shall be agreed and set during merchant registration with Quomo payment gateway.
Both private key and public key are necessary for RSA signature. Both private key and public key are generated with OPENSSL by merchant. Merchant and Quomo need to exchange their own public key. Therefore, Merchant uses Quomo public key and Merchant private key.
During the merchant sending the pre-sign string when requesting, the merchant private key and the pre-sign string are used in the RSA signature algorithm by the RSA signature function to get the result string.
After receiving the pre-sign string during responding from Quomo system, the Quomo public key, the pre-sign string and the parameter “signData” are used in the RSA signature asymmetric algorithm by the RSA signature function to accomplish the signature verification.
Chapter 3 Interface Specification
3.1 Query Account Balance
By calling to this API URL, merchant can query their account balance. Merchant system shall send the query message with correct parameters, Quomo digital will then reply with a response code and along with merchant’s current balance amount.
Payment Gateway API URL
https://www.quomo.digital/Payapi_Index_PBalance.html
Request parameters for Merchant to send to Quomo
| Parameter | Description |
| merchantId | merchantId assigned by Quomo System |
| requestTime | current time, format: “2015-01-23 14:27:30 ” |
| signData | The correct signed data |
Response parameters from Quomo
| Parameter | Description | Length | Data Type |
| responseCode | Kindly refer appendix for more details | 3 | Int |
| responseMessage | Kindly refer appendix for more details | 200 | String |
| merchantId | same value as the merchantId from request parameter | 12 | String |
| balanceAmount | current available amount | 12 | Decimal |
| UbalanceAmount | current available amount | 12 | Decimal |
3.2 Submit Payout Transaction
Payment Gateway API URL
https://quomo.digital/Payapi_Index_TransdfUser.html
Request parameter for merchant to send to Quomo (Excel file format follow below sequence)
| Parameter | Description | Length | Data Type | Required |
| merchantId | merchantId assigned by Quomo | 12 | String | Yes |
| merchantTransactionId | unique reference to each transaction | 100 | String | Yes |
| currencyCode | value example “VND”, “THB” etc ( Pls refer to Appendix D) | 3 | String | Yes |
| accountName | The card holder name | 30 | String | Yes |
| accountNum | The card number to receive the fund | 30 | Int | Yes |
| transactionAmount | The transaction amount | 12 | Decimal | Yes |
| bankName | The bank name “DAB” “CIMB” | 100 | String | Yes |
| requestTime | current time, format: “2015-01-23 14:27:30 ” | 15 | Int | Yes |
| bankProv | The bank location for province | 10 | String | Yes |
| bankCity | The bank location for city | 10 | String | Yes |
| callback | To notify merchant’s application when a transaction has been made | 100 | String | Yes |
| signData | RSA, Please refer appendix A | 200 | String | Yes |
Response parameters from Quomo
| Parameter | Description | Length | Data Type |
| responseCode | Kindly refer appendix for more details | 3 | Int |
| responseMessage | Kindly refer appendix for more details | 200 | String |
| merchantId | same value as the merchantId from request parameter | 12 | String |
| merchantTransactionId | same value as the merchantTransactionId from request parameter | 100 | String |
3.3 Query Order Status
By calling to this API URL, merchant can query their payout order status. Merchant system shall send the query message with correct parameters, Quomo will then reply with a response code and along with merchant’s current order status.
Payment Gateway API URL
https://quomo.digital/Payapi_Orderenquiry_payout.html
Request parameters for Merchant to send to Quomo
| Parameter | Description |
| merchantId | merchantId assigned by Quomo |
| merchantTransactionId | same value as the merchantTransactionId from request parameter |
| signData | The correct signed data |
Response parameters from Quomo
| Parameter | Description | Length | Data Type |
| merchantId | The unique parameter to verify the merchant’s Identify in the Quomo system | 5 | Int |
| merchantTransactionId | Order ID that sent by merchant | 100 | String |
| OrderNo | Transaction ID, generated by the Quomo system for merchant’s reference | 100 | String |
| orderAmount | The actual exact amount for each transaction | 12 | Decimal |
| tradecompdate | Order completion time, format: “2015-01-23 14:27:30” | 15 | Int |
| orderStatus | Value – 100 : Success,101: Fail , 102:In Progress , 10081003: 3 Incorrect Hash Value , 10091008: Incorrect Order ID | 3 | Int |
| signData | RSA, Please refer appendix A | 200 | String |
3.4 Query Order History
Payment Gateway API URL
http://quomo.digital/Payapi_Orderenquiry_orderhistory.html
Request parameters for Merchant to send to Quomo
| Parameter | Description | Sample |
| merchantId | The unique parameter to verify the merchant’s Identity during the whole payment procedure | “20067” |
| ordertype | Detailed order type needed to be specified | “1001” |
| startdate | “2018-12-19 00:53:43” | |
| enddate | “2018-12-19 00:53:43” | |
| hmac | RSA, Please refer appendix A |
Response parameters from Quomo
| Parameter | Description | Length | Data Type |
| merchantId | The unique parameter to verify the merchant’s Identify in the Quomo system | 5 | Int |
| merchantTransactionId | Generated by the Quomo system for merchant’s reference | 100 | String |
| transactionAmount | The actual exact amount for each transaction | 100 | String |
| fee | The transaction fee for each transaction | 12 | Decimal |
| requestTime | Order request time, format: “2015-01-23 14:27:30” | 15 | Int |
| transactionResult | Value – 100 : Success,101: Fail , 102:In Progress | 3 | Int |
| completeTime | Order Completion time, format: “2015-01-23 14:27:30” | 200 | String |
| signData | RSA, Please refer appendix A | 200 | String |
Chapter 4 Callback Mechanism
Callback URL shall be registered during merchant transaction send to Quomo system. After the business process of transaction uploaded by the Merchant System, transaction result will be sent to merchant by calling to the previously setup callback URL. And response of acknowledgement should be sent to Quomo payment gateway once merchant received transaction result. If above mentioned acknowledgement response are not sent by merchant, Quomo payment gateway shall send transaction result with certain time interval and max retry limit. If resend exceeds max retry limit, then transaction result will no longer being sent to merchant.
Parameters for callback request from Quomo System to Merchant
| Parameter | Description | Length | Data Type |
| responseCode | Kindly refer appendix for more details | 3 | Int |
| merchantId | merchantId assigned by Quomo System | 12 | String |
| merchantTransactionId | unique reference to each transaction | 100 | String |
| currencyCode | value example “VND” “THB” etc | 3 | String |
| accountName | The card holder name, must be Simplified Chinese | 30 | String |
| accountNum | The card number to receive the fund | 30 | Int |
| transactionAmount | The transaction amount | 10,3 | Decimal |
| bankName | The bank name, must be Simplified Chinese | 100 | String |
| transactionResult | Kindly refer appendix for more details | 10 | Int |
| failedReason | reason for transaction failure based on different transactionResult | 255 | String |
| completeTime | current time, format: “1421994450032” | 15 | Int |
| signData | RSA, Please refer appendix A | 200 | String |
Parameters for callback response from Merchant
| Parameter | Description | Length | Data Type |
| merchantTransactionId | Must be same value for merchantTransactionId in callback | 100 | String |
| merchantId | merchantId assigned by Quomo System | 12 | String |
| received | Return 100 to QUOMO, if other value, Quomo will consider callback failed and resend again | 3 | Int |
Appendix A
When the merchant signs with Quomo, it will be granted access right for the APIs. The API call that the merchant makes normally should contains MID and signature information. The digital signature used for the digital signature for this System supports RSA. Merchant and Quomo will exchange the public key for each side.
The typical use cases for the merchant’s private key during requests are:
- Payout
- Order Enquiry
Please make sure combine the parameters in a correct declared order in the interface when generation the original signaturestring, otherwise wrong sign data will be generated.
1. Constructing Pre-sign String
- Choosing the parameters
Get all the parameters. The parameters are converted into a set of name-value pairs. Keep those with no value. The “signData” key should not be included. - Sorting
The name-value pairs are sorted in the order of the sequence in requested parameters list. - Concatenating
Construct the string by concatenating the name value pair(‘name=value’) with the ampersand ‘&’• - Signature Generation
After the pre-signed string is constructed, it would be signed by the applicable signature method (e.g. RSA). The result is the digital signature that would be put into the parameter ‘signData’ . The parameter of ‘signData’ would be appended to the string. Append the previous result string to base address of Quomo API, then change It to json format and we will get the final string for the API call. - Example Code (PHP):
$requestData = array(
"merchantId" => $merchantId,
"merchantTransactionId" => $merchantTransactionId,
"currencyCode" => $currencyCode,
"accountName" => $accountName,
"accountNum" => $accountNum,
"transactionAmount" => $transactionAmount,
"bankName" => $bankName,
"requestTime" => $requestTime,
"bankProv" => $val['bankProv,
"bankCity" => $bankCity,
"callback" => $callback
);
function signMsg($array){
$msg = "";
$i = 0;
foreach ($array as $key => $val) {
if($i == 0 ){
$msg = $msg."$key=$val"; }
else {$msg = $msg."&$key=$val"; }
$i++; }
return $msg; }
$preSignString = signMsg($requestData);
function rsaSign($data, $private_key) {
//formatting
$private_key=str_replace("-----BEGIN PRIVATE KEY-----","",$private_key);
$private_key=str_replace("-----END PRIVATE KEY-----","",$private_key);
$private_key=str_replace("\n","",$private_key);
$private_key="-----BEGIN RSA PRIVATE KEY-----".PHP_EOL .wordwrap($private_key, 64, "\n", true). PHP_EOL."-----END RSA PRIVATE KEY-----";
$res = openssl_pkey_get_private ( $private_key );
if ($res) {
openssl_sign($data, $sign, $res, OPENSSL_ALGO_SHA1); }
else {
"The format of your private_key is incorrect!";
exit ();
}
openssl_free_key ( $res );
$sign = base64_encode ( $sign );
return $sign; }
$signData = rsaSign($preSignString, $privateKey); //Merchant’s Private Key
$finalrequest = array(
"merchantId" => $merchantId,
"merchantTransactionId" => $merchantTransactionId,
"currencyCode" => $currencyCode,
"accountName" => $accountName,
"accountNum" => $accountNum,
"transactionAmount" => $transactionAmount,
"bankName" => $bankName,
"requestTime" => $requestTime,
"bankProv" => $val['bankProv,
"bankCity" => $bankCity,
"callback" => $callback,
"signData" => $signData
);
$finalrequestData = json_encode(finalrequest);- Example of the pre sign String:
merchantId=99999&merchantTransactionId=15667877471566787747¤cyCode=RMB&accountName=XiaoMing& accountNum=9879988778868687687&transactionAmount=10&bankName=ICBC&requestTime=2015-01-23 14:27:30&bankProv=Guangzhou&bankCity=Guangzhou&callback=callback.comExample Response from Quomo: (No Verification required)
{"responseCode":100,"responseMessage":"The order has been received successfully","merchantId":"10002","merchantTransactionId":"15667877471566787747"}2. Verifying the Signature
Construct the string for signature verification
Only take the string from the response in JSON. Normally the values are already sorted by requested orders by the keys of all the JSON nodes. The JSON content should include the beginning and ending braces “{” and “}”, the quotation mark, etc.
Call the verification function
Call the verification function, passing in the string to be verified, Quomo public key, and signature. Decide if it will pass by the return value.
Example Code:
function verify($strData, $signature, $publicKey) {
if (!openssl_get_publickey($publicKey)) {
echo 'verifyTaiping openssl_get_publickey failed.';
return false; }
$base64Signature = base64_decode($signature);
if (!openssl_verify($strData, $base64Signature, $publicKey, OPENSSL_ALGO_SHA1)) {
echo 'openssl_verify failed.'; return false; }
return true; }
function signMsg($array){
$msg = "";
$i = 0;
foreach ($array as $key => $val) {
if($i == 0 ){
$msg = $msg."$key=$val";
}else {
$msg = $msg."&$key=$val";}
$i++;}
return $msg; }
$respdata= array(
'responseCode' => $responseCode,
'merchantId' => merchantId,
'merchantTransactionId' => $merchantTransactionId,
'currencyCode' => "RMB",
'accountName' => $accountName,
'accountNum' => $accountNum,
'transactionAmount' => $transactionAmount,
'bankName' => $bankName,
'transactionResult' => $transactionResult,
'failedReason' => $failedReason'
'completeTime' => $completeTime
);
$respdataFinal = signMsg($respdata);
$res = verify($respdataFinal, $signData,$pubkey); // Verify if the signData match, uses Quomo public keyExample Response to Quomo: (No Verification required)
{"received":"100",""merchantId":"1234567","merchantTransactionId":"778899887 05ac80"}Notes:
For Java developers, we need to removed the header, footer, , and space from the pkcs8 private key outout in the console. For.NET and PHP developer, there is no need for the pkcs8 operation.
Appendix B
Response Code Table
| Response Code | Response Description |
| 0 | Connection time out |
| 4 | Server unavailable |
| 100 | Request sent/Order status Successful |
| 101 | Request sent/Order status Failed |
| 102 | In progress |
| 103 | Cancelled |
| 10091001 | Insufficient amount in the account |
| 10091002 | Account details can not be null |
| 10091003 | Merchant ID can not be null |
| 10091004 | Account name can not be null |
| 10091005 | Account number can not be null |
| 10091006 | Account city can not be null |
| 10091007 | Amount should be between 1 to 49999 RMB |
| 10091008 | Incorrect merchant transaction ID |
| 10081002 | User account incorrect |
| 10081003 | Hash value incorrect |
| 10081004 | Merchant ID incorrect |
| 10081005 | Service is under maintenance |
| 10081006 | Format incorrect |
| 10081007 | Transaction number incorrect |
| 10081008 | Exceeds max allowed transaction times |
| 10081009 | Merchant transaction number exist |
| 10081012 | Transaction time incorrect |
Appendix C
MYR Bank Name List
| No. | Bank ID | Bank Name |
| 1 | CIMB | CIMB Bank |
| 2 | MBB | May Bank |
| 3 | HLB | Hong Leong Bank |
| 4 | PBB | Public Bank |
| 5 | RHB | RHB Bank |
| 6 | AFB.MY | Affin Bank Berhad |
| 7 | ALB.MY | Alliance Bank |
| 8 | ARB.MY | Ambank |
| 9 | BIMB.MY | Bank Islam Malaysia |
| 10 | BKR.MY | Bank Rakyat Malaysia Berhad |
| 11 | BSN.MY | Bank Simpanan Nasional Berhad |
| 12 | CITI.MY | CITI Bank |
| 13 | HSBC.MY | HSBC Bank Malaysia Berhad |
| 14 | OCBC.MY | OCBC Bank (Malaysia) BHD |
| 15 | SCB.MY | Standard Chartered Bank |
| 16 | UOB.MY | UOB Bank |
| 17 | HSBC | HSBC Bank |
| 18 | ABMB | Alliance Bank |
| 19 | SCB | Standard Chartered |
| 20 | OCBC | OCBC Bank |
| 21 | BSN | Bank Simpanan National |
| 22 | AMBB | AmBank |
| 23 | UOB | UOB Bank |
THB Bank Name List
| No. | Bank ID | Bank Name |
| 1 | BAY | Krungsri Bank |
| 2 | BBL | Bangkok Bank |
| 3 | KBANK | Kasikorn Bank |
| 4 | KTB | Krung Thai Bank |
| 5 | SCB | Siam Commercial Bank |
| 6 | TMB | Thai Military Bank |
| 7 | GSB.TH | Government Savings Bank |
VND Bank Name List
| No. | Bank ID | Bank Name |
| 1 | VBARD.VN | Agri Bank |
| 2 | ACB | Asia Commercial Bank |
| 3 | ACB.QR.VN | Asia Commercial Bank (QR Services) |
| 4 | BIDV | BIDV Bank |
| 5 | BIDV.OR.VN | BIDV Bank (QR Services) |
| 6 | DAB | DongA Bank |
| 7 | EXIM | Exim Bank |
| 8 | MM.QR.VN | Momo QR Payment (QR Services) |
| 9 | SCM | Sacom Bank |
| 10 | TCB | Techcom Bank |
| 11 | VCB | Vietcom Bank |
| 12 | VCB.QR.VN | Vietcom Bank (QR Services) |
| 13 | VTB | Vietin Bank |
| 14 | ZL.H5.VN | Zalo H5 Payment (H5 service) |
| 15 | ZL.QR.VN | Zalo QR Payment (QR service) |
IDR Bank Name List
| No. | Bank ID | Bank Name |
| 1 | BCA.ID | Bank Central Asia |
| 2 | BNI.ID | Bank Negara Indoneisa |
| 3 | MDR.ID | Bank Mandiri |
| 4 | BRI.ID | Bank Rakyat |
| 5 | BAG.VA.ID | Bank Artha Graha (VA) |
| 6 | BNI.VA.ID | Bank Negara Indonesia (VA) |
| 7 | MDR.VA.ID | Bank Mandiri (VA) |
| 8 | BRI.VA.ID | Bank Rakyat Indonesia (VA) |
| 9 | MBBI.VA.ID | Maybank Indonesia (VA) |
| 10 | BSS.VA.ID | Bank Sahabat Sampoerna (VA) |
| 11 | BSM.VA.ID | Bank Sinarmas (VA) |
| 12 | CIMN.VA.ID | CIMB Niaga (VA) |
| 13 | PTB.VA.ID | Bank Permata (VA) |
Appendix D
Currency Code
| Currency | Code |
| Vietnamese đồng | VND |
| Thai baht | THB |
| Malaysia ringgit | MYR |
| Indonesian rupiah | IDR |
| Korean won | KRW |
| Philippine peso | PHP |