NAV Navbar
shell ruby php

Introduction

API Endpoint:

https://www.billplz.com/api/

Welcome to the Billplz API! You can use our API to access Billplz API endpoints to start sending bills and collecting payment.

Our API is organized around REST. JSON will be returned in all responses from the API, including errors. The API will accept both application/x-www-form-urlencoded and application/json.

Sandbox Mode

API Endpoint:

https://www.billplz-sandbox.com/api/

The Billplz Sandbox mirrors the features found on the real production server, while some of the features do not apply to the Sandbox.

You should test your integrations and know they will behave the same on the production server as they do in the Sandbox environment.

API Flow

In Billplz, you are interacting with Bill and Collection.

A Collection is a set of Bills. The relationship is, Collection has many Bills. You can choose to create a Collection either from API or within your Billplz's dashboard.

An example of Collection would be something like Tuition Fee for June 2015, Donation for Earthquake, Ticket Payment, and many more.

A Bill represents the promise made to you by your customer. It's an invoice for your customer. A Bill must belong to a Collection.

To start using the API, you would have to create a Collection. Then the payment flow will kick in as per below:

NORMAL COMPLETION FLOW
  1. Customer visits your site.
  2. Customer chooses to make payment.
  3. Your site creates a Bill via API call.
  4. Billplz API returns Bill's URL.
  5. Your site redirects the customer to Bill's URL.
  6. The customer makes payment via payment option of choice.
  7. Billplz sends a server-side update to your site upon payment failure or success. (Basic Callback URL / X Signature Callback URL depending on your configuration) [your backend server should capture the transaction update at this point] refer to X Signature Callback Url.
  8. Billplz redirects (Payment Completion) the customer back to your site if redirect_url is not empty (Basic Redirect URL / X Signature Redirect URL depending on your configuration) [your server should capture the transaction update at this point and give your user an instant reflection on the page loaded] refer to X Signature Redirect Url or, The customer will see Billplz receipt if redirect_url is not present.
COMPLETION FLOW WITHOUT REDIRECT_URL
  1. Customer visits your site.
  2. Customer chooses to make payment.
  3. Your site creates a Bill via API call.
  4. Billplz API returns Bill's URL.
  5. Your site redirects the customer to Bill's URL.
  6. The customer makes payment via payment option of choice.
  7. Billplz sends a server-side update to your site upon payment failure or success. (Basic Callback URL / X Signature Callback URL depending on your configuration) [your backend server should capture the transaction update at this point] refer to X Signature Callback Url. Billplz does not redirects (Payment Completion) the customer back to your site, redirect_url (due to many possibilities, app hang, browser closed, disconnected, etc)

Authentication

To test authentication, use this code:

# With shell, you can just pass the correct HTTP Basic Auth credential with each request.
curl https://www.billplz.com/api/v4/webhook_rank \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

# Alternatively, you may use header with base64 encoded API Secret Key
curl https://www.billplz.com/api/v4/webhook_rank \
  -H "Authorization: Basic NzNlYjU3ZjAtN2Q0ZS00MmI5LWE1NDQtYWVhYzZlNGIwZjgxOg=="

<?php
$host = 'https://www.billplz.com/api/v4/webhook_rank';
$api_key = '73eb57f0-7d4e-42b9-a544-aeac6e4b0f81';
$process = curl_init($host);
curl_setopt($process, CURLOPT_USERPWD, $api_key . ":");
$return = curl_exec($process);
echo $return;

If authenticated, you should not see Unauthorized response type.

curl uses the -u flag to pass basic auth credentials (adding a colon after your API key will prevent it from asking you for a password).

You authenticate to the Billplz API by providing your API Secret Keys in the request. You can get your API keys from your account's settings page.

Authentication to the API occurs via HTTP Basic Auth. Provide your API key as the basic auth username. You do not need to provide a password.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate all requests.

Integration

GitHub:

https://github.com/billplz

Knowledgebase:

https://help.billplz.com/article/53-list-of-system-with-production-ready-integration

Billplz has been integrated with many systems available in the market and always working to integrate with more platforms.

For a self-hosted system, you may download a production-ready module to integrate with your e-commerce system. Please refer to our GitHub or Knowledgebase for the list of the available module.

Xero

Billplz integration with XERO has been deprecated and pending removal.

OAuth 2.0

Billplz provides a solution for a platform owner to connect merchants with Billplz easily. With OAuth integration, a merchant can easily integrate with Billplz by Signing In using their Billplz account. That's means; they don't have to manually copy API Secret Key, Collection ID, and X Signature Key to your platform.

Direct Payment Gateway

Bypass Billplz Bill Page

Example request:

# Creates a bill for RM 2.00 with reference_1_label and reference_1
curl https://www.billplz.com/api/v3/bills \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d collection_id="inbmmepb" \
  -d description="Maecenas eu placerat ante." \
  -d email="api@billplz.com" \
  -d name="Sara" \
  -d amount="200" \
  -d reference_1_label="Bank Code" \
  -d reference_1="BP-FKR01" \
  -d callback_url="http://example.com/webhook/"

Response:

{
  "id": "8X0Iyzaw",
  "collection_id": "inbmmepb",
  "paid": false,
  "state": "due",
  "amount": 200 ,
  "paid_amount": 0,
  "due_at": "2015-3-9",
  "email" :"api@billplz.com",
  "mobile": null,
  "name": "SARA",
  "url": "https://www.billplz.com/bills/8X0Iyzaw",
  "reference_1_label": "Bank Code",
  "reference_1": "BP-FKR01",
  "reference_2_label": null,
  "reference_2": null,
  "redirect_url": null,
  "callback_url": "http://example.com/webhook/",
  "description": "Maecenas eu placerat ante.",
  "paid_at": null
}

Use this feature if you would like to bypass Billplz bill page, and direct payers straight from bill URL to the selected payment gateway seamlessly.

  1. Create bills through Billplz API with a present of reference_1_label and reference_1.
    • Always set reference_1_label as Bank Code
    • Always set a bank code to reference_1. Please refer to section Get Payment Gateways for more details on how to get the bank codes.
  2. Always append parameter, auto_submit=true to the bill's URL return from API Create a Bill.

Direct Payment Gateway feature will fallback to Billplz bill page for invalid reference_1, reference_1_label, or the selected payment gateway is not enabled or active.

STANDARD PAYMENT FLOW
  1. Merchant creates bill through API.
  2. Merchant redirects payer from merchant's page to bill URL (returned from #1).
  3. Payer lands at Billplz page to select payment option.
  4. Payer redirected from Billplz to selected payment gateway to pay.
  5. Payer redirected from payment gateway to redirect_url / receipt page (refer to API Flow).
DIRECT PAYMENT GATEWAY PAYMENT FLOW
  1. Merchant creates bill through API with a valid bank code
  2. Merchant redirects payer from merchant's page to bill URL (returned from #1) with extra parameter, auto_submit=true
  3. Payer lands at selected payment gateway to pay
  4. Payer redirected from payment gateway to redirect_url / receipt page (refer to API Flow)
INVALID DIRECT PAYMENT GATEWAY PAYMENT FLOW
  1. Merchant creates bill through API with invalid / inactive bank code
  2. Merchant redirects payer from merchant's page to bill URL (returned from #1) with extra parameter, auto_submit=true
  3. Payer lands at Billplz page to payment option
  4. Payer redirected from Billplz to selected payment gateway to pay
  5. Payer redirected from payment gateway to redirect_url / receipt page (refer to API Flow)

V3

This version is not in active development state. No new feature will be introduced in this version.

Collections

Collections are where all of your Bills are belongs to. Collections can be useful to categorize your bill payment. As an example, you may use Collection to separate a Tuition Fee Collection for September and November collection.

Create a Collection

Billplz API now supports the creation of collection with a split rule feature. The response will contain the collection's ID that is needed in Bill API, split rule info and fields.

Example request:

# Creates a collection
curl https://www.billplz.com/api/v3/collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -F title="My First API Collection"

Response:

{
  "id": "inbmmepb",
  "title": "My First API Collection",
  "logo":
  {
    "thumb_url": null,
    "avatar_url": null
  },
  "split_payment":
  {
    "email": null,
    "fixed_cut": null,
    "variable_cut": null,
    "split_header": false
  }
}

Example request with optional arguments:

curl https://www.billplz.com/api/v3/collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -F title="My First API Collection" \
  -F logo=@/Users/Billplz/Documents/uploadPhoto.png \
  -F split_payment[email]="verified@account.com" \
  -F split_payment[fixed_cut]=100 \
  -F split_payment[split_header]=true

Response:

{
  "id": "inbmmepb",
  "title": "My First API Collection",
  "logo":
  {
    "thumb_url": "https://sample.net/assets/uploadPhoto.png",
    "avatar_url": "https://sample.net/assets/uploadPhoto.png"
  },
  "split_payment":
  {
    "email": "verified@account.com",
    "fixed_cut": 100,
    "variable_cut": null,
    "split_header": true
  }
}
HTTP Request

POST https://www.billplz.com/api/v3/collections

REQUIRED ARGUMENTS
Parameter Description
title The collection title. Will be displayed on bill template. String format.
OPTIONAL ARGUMENTS
Parameter Description
logo This image will be resized to avatar (40x40) and thumb (180x180) dimensions. Whitelisted formats are jpg, jpeg, gif and png.
split_payment[email] The email address of the split rule's recipient. (The account must be a verified account.)
split_payment[fixed_cut] A positive integer in the smallest currency unit that is going in your account (e.g 100 cents to charge RM 1.00)
This field is required if split_payment[variable_cut] is not present.
split_payment[variable_cut] Percentage in positive integer format that is going in your account.
This field is required if split_payment[fixed_cut] is not present.
split_payment[split_header] Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
RESPONSE PARAMETER
Parameter Description
id ID that represents a collection.
title The collection's title in string format.
logo[thumb_url] The thumb dimension's (180x180) URL.
logo[avatar_url] The avatar dimension's (40x40) URL.
split_payment[email] The 1st recipient's email. It only returns the 1st recipient eventhough there is multiple recipients being set. If you wish to have 2 recipients, please refer to V4 Create a Collection.
split_payment[fixed_cut] The 1st recipient's fixed cut in smallest and positive currency unit.
split_payment[variable_cut] The 1st recipient's percentage cut in positive integer format.
split_payment[split_header] Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.

Get a Collection

Use this API to query your collection record.

Example request:

# Get a collection
curl https://www.billplz.com/api/v3/collections/inbmmepb \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "id": "inbmmepb",
  "title": "My First API Collection",
  "logo":
  {
    "thumb_url": null,
    "avatar_url": null
  },
  "split_payment":
  {
    "email": null,
    "fixed_cut": null,
    "variable_cut": null,
    "split_header": false
  },
  "status": "active"
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/collections/{COLLECTION_ID}

URL PARAMETER
Parameter Description
COLLECTION_ID Collection ID returned in Collection object.
RESPONSE PARAMETER
Parameter Description
id ID that represents a collection.
title The collection's title in string format.
logo[thumb_url] The thumb dimension's (180x180) URL.
logo[avatar_url] The avatar dimension's (40x40) URL.
split_payment[email] The 1st recipient's email. It only returns the 1st recipient eventhough there is multiple recipients being set. If you wish to have 2 recipients, please refer to V4 Create a Collection.
split_payment[fixed_cut] The 1st recipient's fixed cut in smallest and positive currency unit.
split_payment[variable_cut] The 1st recipient's percentage cut in positive integer format.
split_payment[split_header] Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
status Collection's status, it is either active and inactive.

Get Collection Index

Use this API to retrieve your collections list. To utilise paging, append a page parameter to the URL e.g. ?page=1. If there are 15 records in the response, you will need to check if there is any more data by fetching the next page, e.g. ?page=2 and continuing this process until no more results are returned.

Example request:

# Get collection index
curl https://www.billplz.com/api/v3/collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "collections":
  [{
    "id": "inbmmepb",
    "title": "My First API Collection",
    "logo":
    {
      "thumb_url": null,
      "avatar_url": null
    },
    "split_payment":
    {
      "email": null,
      "fixed_cut": null,
      "variable_cut": null,
      "split_header": false
    },
    "status": "active"
  }],
  "page": 1
}

Example request with optional arguments:

# Get collection index
curl https://www.billplz.com/api/v3/collections?page=2&status=active \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "collections":
  [{
    "id": "inbmmepb",
    "title": "My First API Collection",
    "logo":
    {
      "thumb_url": null,
      "avatar_url": null
    },
    "split_payment":
    {
      "email": null,
      "fixed_cut": null,
      "variable_cut": null,
      "split_header": false
    },
    "status": "active"
  }],
  "page": 2
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/collections

OPTIONAL ARGUMENTS
Parameter Description
page Up to 15 collections will be returned in a single API call per specified page. Default to 1 if not present.
status Parameter to filter collection's status, valid value are active and inactive.

Create an Open Collection

Billplz API now supports the creation of open collections (Payment Form) with a split rule feature. The response contains the collection's attributes, including the payment form URL.

Example request:

# Creates an open collection
curl https://www.billplz.com/api/v3/open_collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d title="My First API Open Collection" \
  -d description="Maecenas eu placerat ante." \
  -d amount=299

Response:

{
  "id": "0pp87t_6",
  "title": "MY FIRST API OPEN COLLECTION",
  "description": "Maecenas eu placerat ante.",
  "reference_1_label": null,
  "reference_2_label": null,
  "email_link": null,
  "amount": 299,
  "fixed_amount": true,
  "tax": null,
  "fixed_quantity": true,
  "payment_button": "pay",
  "photo":
  {
    "retina_url":  null,
    "avatar_url":  null
  },
  "split_payment":
  {
    "email": null,
    "fixed_cut": null,
    "variable_cut": null,
    "split_header": false
  },
  "url": "https://www.billplz.com/0pp87t_6"
}

Example request with optional arguments:

# Creates a collection
curl https://www.billplz.com/api/v3/open_collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -F title="My First API Open Collection" \
  -F description="Maecenas eu placerat ante." \
  -F fixed_amount=false \
  -F fixed_quantity=false \
  -F payment_button="buy" \
  -F reference_1_label="ID No" \
  -F reference_2_label="First Name" \
  -F email_link="http://www.test.com" \
  -F tax=1 \
  -F photo=@/Users/Billplz/Documents/uploadPhoto.png \
  -F split_payment[email]="verified@account.com" \
  -F split_payment[variable_cut]=20 \
  -F split_payment[split_header]=true

Response:

{
  "id": "0pp87t_6",
  "title": "MY FIRST API OPEN COLLECTION",
  "description": "Maecenas eu placerat ante.",
  "reference_1_label": "ID No",
  "reference_2_label": "First Name",
  "email_link": "http://www.test.com",
  "amount": null,
  "fixed_amount": false,
  "tax": 1,
  "fixed_quantity": false,
  "payment_button": "buy",
  "photo":
  {
    "retina_url":  "https://sample.net/assets/uploadPhoto.png",
    "avatar_url":  "https://sample.net/assets/uploadPhoto.png"
  },
  "split_payment":
  {
    "email": "verified@account.com",
    "fixed_cut": null,
    "variable_cut": 20,
    "split_header": true
  },
  "url": "https://www.billplz.com/0pp87t_6"
}
HTTP REQUEST

POST https://www.billplz.com/api/v3/open_collections

REQUIRED ARGUMENTS
Parameter Description
title The collection title. It's showing up on the payment form. String format. (Max of 50 characters)
description The collection description. Will be displayed on payment form. String format. (Max of 200 characters)
amount A positive integer in the smallest currency unit (e.g 100 cents to charge RM 1.00)
Required if fixed_amount is true; Ignored if fixed_amount is false
OPTIONAL ARGUMENTS
Parameter Description
fixed_amount Boolean value. Set this to false for Open Amount. Default value is true
fixed_quantity Boolean value. Set this to false for Open Quantity. Default value is true
payment_button Payment button's text. Available options are buy and pay. Default value is pay
reference_1_label Label #1 to reconcile payments (Max of 20 characters).
Default value is Reference 1.
reference_2_label Label #2 to reconcile payments. (Max of 20 characters).
Default value is Reference 2.
email_link A URL that email to customer after payment is successful.
tax Tax rate in positive integer format.
photo This image will be resized to retina (Yx960) and avatar (180x180) dimensions. Whitelisted formats are jpg, jpeg, gif and png.
split_payment[email] The email address of the split rule's recipient. (The account must be a verified account.)
split_payment[fixed_cut] A positive integer in the smallest currency unit that is going in your account (e.g 100 cents to charge RM 1.00).
This field is required if split_payment[variable_cut] is not present
split_payment[variable_cut] Percentage in positive integer format that is going in your account.
This field is required if split_payment[fixed_cut] is not present
split_payment[split_header] Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
RESPONSE PARAMETER
Parameter Description
id The collection ID.
title The collection's title.
description The collection description.
reference_1_label Label #1 to reconcile payments.
reference_2_label Label #2 to reconcile payments.
email_link A URL that email to customer after payment is successful.
amount The collection's fixed amount to create bill in the smallest currency unit (cents).
fixed_amount Boolean value. It returns to false if Open Amount.
tax Tax rate in positive integer format.
fixed_quantity Boolean value. It returns false if Open Quantity.
payment_button Payment button's text.
photo[retina_url] The retina dimension's (960x960) URL.
photo[avatar_url] The avatar dimension's (180x180) URL.
split_payment[email] The 1st recipient's email. It only returns the 1st recipient eventhough there is multiple recipients being set. If you wish to have 2 recipients, please refer to API#v4-create-an-open-collection.
split_payment[fixed_cut] The 1st recipient's fixed cut in smallest and positive currency unit (cents).
split_payment[variable_cut] The 1st recipient's percentage cut in positive integer format.
split_payment[split_header] Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
url URL to the collection.

Get an Open Collection

Use this API to query your open collection record.

Example request:

# Get an open collection
curl https://www.billplz.com/api/v3/open_collections/0pp87t_6 \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "id": "0pp87t_6",
  "title": "MY FIRST API OPEN COLLECTION",
  "description": "Maecenas eu placerat ante.",
  "reference_1_label": null,
  "reference_2_label": null,
  "email_link": null,
  "amount": 299,
  "fixed_amount": true,
  "tax": null,
  "fixed_quantity": true,
  "payment_button": "pay",
  "photo":
  {
    "retina_url":  null,
    "avatar_url":  null
  },
  "split_payment":
  {
    "email": null,
    "fixed_cut": null,
    "variable_cut": null,
    "split_header": false
  },
  "url": "https://www.billplz.com/0pp87t_6",
  "status": "active"
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/open_collections/{COLLECTION_ID}

URL PARAMETER
Parameter Description
COLLECTION_ID Collection ID returned in Collection object.
RESPONSE PARAMETER
Parameter Description
id The collection ID.
title The collection's title.
description The collection description.
reference_1_label Label #1 to reconcile payments.
reference_2_label Label #2 to reconcile payments.
email_link A URL that email to customer after payment is successful.
amount The collection's fixed amount to create bill in the smallest currency unit (cents).
fixed_amount Boolean value. It returns to false if Open Amount.
tax Tax rate in positive integer format.
fixed_quantity Boolean value. It returns false if Open Quantity.
payment_button Payment button's text.
photo[retina_url] The retina dimension's (960x960) URL.
photo[avatar_url] The avatar dimension's (180x180) URL.
split_payment[email] The 1st recipient's email. It only returns the 1st recipient eventhough there is multiple recipients being set. If you wish to have 2 recipients, please refer to API#v4-create-an-open-collection.
split_payment[fixed_cut] The 1st recipient's fixed cut in smallest and positive currency unit.
split_payment[variable_cut] The 1st recipient's percentage cut in positive integer format.
split_payment[split_header] Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
url URL to the collection.
status Collection's status, it is either active or inactive.

Get an Open Collection Index

Use this API to retrieve your open collections list. To utilise paging, append a page parameter to the URL e.g. ?page=1. If there are 15 records in the response you will need to check if there is any more data by fetching the next page e.g. ?page=2 and continuing this process until no more results are returned.

Example request:

# Get an open collection index
curl https://www.billplz.com/api/v3/open_collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "open_collections":
  [{
    "id": "0pp87t_6",
    "title": "MY FIRST API OPEN COLLECTION",
    "description": "Maecenas eu placerat ante.",
    "reference_1_label": "ID No",
    "reference_2_label": "First Name",
    "email_link": "http://www.test.com",
    "amount": null,
    "fixed_amount": false,
    "tax": 1,
    "fixed_quantity": false,
    "payment_button": "buy",
    "photo":
    {
      "retina_url":  "https://sample.net/assets/uploadPhoto.png",
      "avatar_url":  "https://sample.net/assets/uploadPhoto.png"
    },
    "split_payment":
    {
      "email": "verified@account.com",
      "fixed_cut": null,
      "variable_cut": 20,
      "split_header": false
    },
    "url": "https://www.billplz.com/0pp87t_6",
    "status": "active"
  }],
  "page": 1
}

Example request with optional arguments:

# Get an open collection index
curl https://www.billplz.com/api/v3/open_collections?page=2&status=active \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "open_collections":
  [{
    "id": "0pp87t_6",
    "title": "MY FIRST API OPEN COLLECTION",
    "description": "Maecenas eu placerat ante. Fusce ut neque justo, et aliquet enim. In hac habitasse platea dictumst.",
    "reference_1_label": "ID No",
    "reference_2_label": "First Name",
    "email_link": "http://www.test.com",
    "amount": null,
    "fixed_amount": false,
    "tax": 1,
    "fixed_quantity": false,
    "payment_button": "buy",
    "photo":
    {
      "retina_url":  "https://sample.net/assets/uploadPhoto.png",
      "avatar_url":  "https://sample.net/assets/uploadPhoto.png"
    },
    "split_payment":
    {
      "email": "verified@account.com",
      "fixed_cut": null,
      "variable_cut": 20,
      "split_header": false
    },
    "url": "https://www.billplz.com/0pp87t_6",
    "status": "active"
  }],
  "page": 2
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/open_collections

OPTIONAL ARGUMENTS
Parameter Description
page Up to 15 open collections will be returned in a single API call per specified page. Default to 1 if not present.
status Parameter to filter open collection's status, valid value are active and inactive.

Deactivate a Collection

Both Collection and Open Collection can be deactivated via this API. The API will respond with error messages if the collection cannot be deactivated.

Example request:

# Deactivate a collection or open collection
curl -X POST \
https://www.billplz.com/api/v3/collections/qag4fe_o6/deactivate \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{}
HTTP REQUEST

https://www.billplz.com/api/v3/collections/{COLLECTION_ID}/deactivate

URL PARAMETER
Parameter Description
COLLECTION_ID Collection ID returned in Collection object.

Activate a Collection

Both Collection and Open Collection can be activated via this API. The API will respond with error messages if the collection cannot be activated.

Example request:

# Activate a collection or open collection
curl -X POST \
https://www.billplz.com/api/v3/collections/qag4fe_o6/activate \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{}
HTTP REQUEST

https://www.billplz.com/api/v3/collections/{COLLECTION_ID}/activate

URL PARAMETER
Parameter Description
COLLECTION_ID Collection ID returned in Collection object.

Bills

Bills need to be created inside a collection. It must be either Collection or Open Collection. However, only Collection can be used to create a bill via API and Open Collection cannot be used to create a bill via API.

Create a Bill

To create a bill, you would need the collection's ID. Each bill must be created within a collection. To get your collection ID, visit the collection page on your Billplz account.

The bill's collection will be set to active automatically.

Example request:

# Creates a bill for RM 2.00
curl https://www.billplz.com/api/v3/bills \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d collection_id=inbmmepb \
  -d description="Maecenas eu placerat ante." \
  -d email=api@billplz.com \
  -d name="Sara" \
  -d amount=200 \
  -d callback_url="http://example.com/webhook/"

Response:

{
  "id": "8X0Iyzaw",
  "collection_id": "inbmmepb",
  "paid": false,
  "state": "due",
  "amount": 200 ,
  "paid_amount": 0,
  "due_at": "2015-3-9",
  "email" :"api@billplz.com",
  "mobile": null,
  "name": "Sara",
  "url": "https://www.billplz.com/bills/8X0Iyzaw",
  "reference_1_label": "Reference 1",
  "reference_1": null,
  "reference_2_label": "Reference 2",
  "reference_2": null,
  "redirect_url": null,
  "callback_url": "http://example.com/webhook/",
  "description": "Maecenas eu placerat ante."
}

Example request with optional arguments:

# Creates a bill for RM 2.00
curl https://www.billplz.com/api/v3/bills \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d collection_id=inbmmepb \
  -d email=api@billplz.com \
  -d name="Sara" \
  -d amount=200 \
  -d callback_url="http://example.com/webhook/" \
  -d description="Maecenas eu placerat ante." \
  -d due_at="2020-12-31" \
  --data-urlencode mobile="+60112223333" \
  -d reference_1_label="First Name" \
  -d reference_2_label="Last Name" \
  -d reference_1="Sara" \
  -d reference_2="Dila" \
  -d deliver=false \
  -d redirect_url="http://example.com/redirect/"

Response:

{
  "id": "8X0Iyzaw",
  "collection_id": "inbmmepb",
  "paid": false,
  "state": "due",
  "amount": 200 ,
  "paid_amount": 0,
  "due_at": "2020-12-31",
  "email" :"api@billplz.com",
  "mobile": "+60112223333",
  "name": "Sara",
  "url": "https://www.billplz.com/bills/8X0Iyzaw",
  "reference_1_label": "First Name",
  "reference_1": "Sara",
  "reference_2_label": "Last Name",
  "reference_2": "Dila",
  "redirect_url": "http://example.com/redirect/",
  "callback_url": "http://example.com/webhook/",
  "description": "Maecenas eu placerat ante."
}
HTTP REQUEST

POST https://www.billplz.com/api/v3/bills

REQUIRED ARGUMENTS
Parameter Description
collection_id The collection ID. A string.
email The email address of the bill's recipient (Email is required if mobile is not present).
mobile Recipient's mobile number. Be sure that all mobile numbers include country code, area code and number without spaces or dashes. (e.g., +60122345678 or 60122345678). Use Google libphonenumber library to help. Mobile is required if email is not present.
name Bill's recipient name. Useful for identification on recipient part. (Max of 255 characters).
amount A positive integer in the smallest currency unit (e.g 100 cents to charge RM 1.00).
callback_url Web hook URL to be called after payment's transaction completed. It will POST a Bill object.
description The bill's description. Will be displayed on bill template. String format (Max of 200 characters).
OPTIONAL ARGUMENTS
Parameter Description
due_at Due date for the bill. The format YYYY-MM-DD, default value is today. Year range is 19xx to 2xxx
redirect_url URL to redirect the customer after payment completed. It will do a GET to redirect_url together with bill's status and ID.
deliver Boolean value to set email and SMS (if mobile is present) delivery. Default value is false. SMS is subjected to charges depending on subscribed plan.
reference_1_label Label #1 to reconcile payments (Max of 20 characters).
Default value is Reference 1.
reference_1 Value for reference_1_label (Max of 120 characters).
reference_2_label Label #2 to reconcile payments (Max of 20 characters).
Default value is Reference 2.
reference_2 Value for reference_2_label (Max of 120 characters).
RESPONSE PARAMETER
Parameter Description
id Bill ID that represents a bill.
url URL to the bill.

Get a Bill

At any given time, you can request a bill to check on the status. It will return the bill object.

Example request:

# Get a bill
curl https://www.billplz.com/api/v3/bills/8X0Iyzaw \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "id": "8X0Iyzaw",
  "collection_id": "inbmmepb",
  "paid": false,
  "state": "due",
  "amount": 200 ,
  "paid_amount": 0,
  "due_at": "2020-12-31",
  "email" :"api@billplz.com",
  "mobile": "+60112223333",
  "name": "SARA",
  "url": "https://www.billplz.com/bills/8X0Iyzaw",
  "reference_1_label": "First Name",
  "reference_1": "Sara",
  "reference_2_label": "Last Name",
  "reference_2": "Dila",
  "redirect_url": "http://example.com/redirect/",
  "callback_url": "http://example.com/webhook/",
  "description": "Maecenas eu placerat ante."
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/bills/{BILL_ID}

URL PARAMETER
Parameter Description
BILL_ID Bill ID returned in Bill object.
RESPONSE PARAMETER
Parameter Description
paid Boolean value to tell if a bill has paid. It will return false for due bills; true for paid bills.
state State that representing the bill's status, possible states are due, paid and deleted.

Delete a Bill

Only due bill can be deleted. Paid bill can't be deleted. Deleting a bill is useful in a scenario where there's a time limitation to payment.

Example usage would be to show a timer for customer to complete payment within 10 minutes with a grace period of 5 minutes. After 15 minutes of bill creation, get bill status and delete if bill is still due.

Example Request:

# Delete a Bill
curl -X DELETE https://www.billplz.com/api/v3/bills/8X0Iyzaw \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{}
HTTP REQUEST

DELETE https://www.billplz.com/api/v3/bills/{BILL_ID}

URL PARAMETER
Parameter Description
BILL_ID Bill ID returned in Bill object.

Registration Check

By Bank Account Number

At any given time, you can request to check on a registration status by bank account number.

Example Request:

curl https://www.billplz.com/api/v3/check/bank_account_number/1234567890 \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "name": "verified"
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/check/bank_account_number/{BANKcurl https://www.billplz.com/api/v3/check/bank_account_number/1234567890 \ -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:_ACCOUNT_NUMBER}

URL PARAMETER
Parameter Description
BANK_ACCOUNT_NUMBER Bank account number to check.
RESPONSE PARAMETER
Parameter Description
name State that representing the bank account number's status, possible states are verified, unverified and not found.

Transactions

Get Transaction Index

Use this API to retrieve your bill's transactions. To utilise paging, append a page parameter to the URL e.g. ?page=1. If there are 15 records in the response you will need to check if there is any more data by fetching the next page e.g. ?page=2 and continuing this process until no more results are returned.

Example Request:

# Get transaction index
curl https://www.billplz.com/api/v3/bills/inbmmepb/transactions \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "bill_id": "inbmmepb",
  "transactions":
  [{
    "id": "60793D4707CD",
    "status": "completed",
    "completed_at": "2017-02-23T12:49:23.612+08:00",
    "payment_channel": "FPX"
  },{
    "id": "28F3D3194138",
    "status": "failed",
    "completed_at": null,
    "payment_channel": "FPX"
  }],
  "page": 1
}

Example request with optional arguments:

curl https://www.billplz.com/api/v3/bills/inbmmepb/transactions?page=1&status=completed \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "bill_id": "inbmmepb",
  "transactions":
  [{
    "id": "60793D4707CD",
    "status": "completed",
    "completed_at": "2017-02-23T12:49:23.612+08:00",
    "payment_channel": "FPX"
  }],
  "page": 1
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/bills/{BILL_ID}/transactions

URL PARAMETER
Parameter Description
page Up to 15 transactions will be returned in a single API call per specified page. Default to 1 if not present.
status Parameter to filter transaction's status.
Valid values are pending, completed and failed.
RESPONSE PARAMETER
Parameter Description
bill_id ID that represent the bill.
id ID that represent the transaction.
status Status that representing the transaction's status, possible statuses are pending, completed and failed.
completed_at Datetime format when the transaction is completed. ISO 8601 format is used.
payment_channel Payment channel that the transaction is made.
Possible values are FPX, CIMB, TWOCTWOP, OCBC, BOOST, SENANGPAY, ISUPAYPAL, and PAYPAL.

Payment Methods

Get Payment Method Index

The get payment methods index API allows to retrieve all available payment methods that you can enable / disable to a collection.

Example Request:

# Get payment method index
curl https://www.billplz.com/api/v3/collections/0idsxnh5/payment_methods \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "payment_methods":
  [{
    "code": "paypal",
    "name": "PAYPAL",
    "active": true
  },{
    "code": "fpx",
    "name": "Online Banking",
    "active": false
  }]
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/collections/{COLLECTION_ID}/payment_methods

URL PARAMETER
Parameter Description
COLLECTION_ID ID that represents the collection where the payment methods belong to.
RESPONSE PARAMETER
Parameter Description
code Unique payment method's specific code, in string value.
name Payment method's general name, in string value.
active The API will return payment method's status for a collection, in boolean value. It returns true if this payment method has enabled for the collection.

Update Payment Methods

Pass the payment method's code to the API to update your collection's payment methods.

Invalid payment method code will be ignored.

Example Request:

# Update payment methods
curl -X PUT -d payment_methods[][code]='fpx' -d payment_methods[][code]='paypal' https://www.billplz.com/api/v3/collections/0idsxnh5/payment_methods \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "payment_methods":
  [{
    "code": "paypal",
    "name": "PAYPAL",
    "active": true
  },{
    "code": "fpx",
    "name": "Online Banking",
    "active": true
  }]
}
HTTP REQUEST

PUT https://www.billplz.com/api/v3/collections/{COLLECTION_ID}/payment_methods

URL PARAMETER
Parameter Description
COLLECTION_ID ID that represents the collection where the payment methods belong to.
payment_methods Array that contains all codes in hash format.
code in hash represents the unique payment method's code that you would like to enable.
Do not pass the code if you would like to disable a payment method.
Ex, "payment_methods"=>[{"code"=>"fpx"}] would enable fpx (Online Banking) and disable paypal (PAYPAL).
Possible values are billplz, twoctwop, fpx, boost, ocbc, senangpay, and isupaypal.
RESPONSE PARAMETER
Parameter Description
code Unique payment method's specific code, in string value.
name Payment method's general name, in string value.
active Payment method current's status for the collection, in boolean value. It is true if this payment method has enabled for the collection.

Bank Account Direct Verification

Get Bank Account Index

Query Billplz Bank Account Direct Verification Service by passing list of account numbers arguement. This API will only return latest, matched bank accounts.

Example Request:

# Get bank account index
curl 'https://www.billplz.com/api/v3/bank_verification_services?account_numbers\[\]=1234567890&account_numbers\[\]=2234567890&account_numbers\[\]=3234567890' \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "bank_verification_services":
  [{
    "name": "sara",
    "id_no": "820909101001",
    "acc_no": "1234567890",
    "code": "MBBEMYKL",
    "organization": false,
    "authorization_date": "2015-12-03",
    "status": "pending",
    "processed_at": null,
    "rejected_desc": null
  },{
    "name": "dila",
    "id_no": "820909101002",
    "acc_no": "2234567890",
    "code": "MBBEMYKL",
    "organization": true,
    "authorization_date": "2015-12-03",
    "status": "verified",
    "processed_at": "2015-12-05",
    "rejected_desc": null
  }]
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/bank_verification_services?account_numbers=[]

URL PARAMETER
Parameter Description
account_numbers Up to 10 bank accounts found will be returned in a single API call. In array format.
RESPONSE PARAMETER
Parameter Description
name Bank account holder's name, in string value.
id_no Bank account's IC Number/SSM Registration Number, in string value.
acc_no Bank account number, in string value.
code Bank Code that represents bank, in string value.
organization Boolean value that tell if the bank account is registered as organization.
authorization_date Request date for authorization, in format YYYY-MM-DD. Example, 2012-12-30.
status Status that representing the authorization status, possible statuses are pending, verified and rejected.
processed_at Date format when the authorization is performed. In format YYYY-MM-DD. Example, 2012-12-30. It returns null if authorization has not been made.
reject_desc Reason why the authorization was rejected, in string value.

Get a Bank Account

Query Billplz Bank Account Direct Verification Service by passing single account number arguement. This API will only return latest, single matched bank account.

Example Request:

# Get a bank account
curl https://www.billplz.com/api/v3/bank_verification_services/1234567890 \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "name": "sara",
  "id_no": "820909101001",
  "acc_no": "1234567890",
  "code": "MBBEMYKL",
  "organization": false,
  "authorization_date": "2015-12-03",
  "status": "pending",
  "processed_at": null,
  "rejected_desc": null
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/bank_verification_services/{BANK_ACCOUNT_NUMBER}

URL PARAMETER
Parameter Description
BANK_ACCOUNT_NUMBER Bank account number to query.
RESPONSE PARAMETER
Parameter Description
name Bank account holder's name, in string value.
id_no Bank account's IC Number/SSM Registration Number, in string value.
acc_no Bank account number, in string value.
code Bank Code that represents bank, in string value.
organization Boolean value that tell if the bank account is registered as organization.
authorization_date Request date for authorization, in format YYYY-MM-DD. Example: 2012-12-30.
status Status that representing the authorization status, possible statuses are pending, verified and rejected.
processed_at Date format when the authorization is performed. In format YYYY-MM-DD. Example, 2012-12-30 It returns null if authorization has not been made.
reject_desc Reason why the authorization was rejected, in string value.

Create a Bank Account

Request Bank Account Direct Verification Service by creating bank records through this API. You need to wait for 3 working days after this request for the account to be verified.

Example Request:

# Create a bank account
curl https://www.billplz.com/api/v3/bank_verification_services \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d name="Insan Jaya" \
  -d id_no="91234567890" \
  -d acc_no="999988887777" \
  -d code="MBBEMYKL" \
  -d organization=true

Response:

{
  "name": "Insan Jaya",
  "id_no": "91234567890",
  "acc_no": "999988887777",
  "code": "MBBEMYKL",
  "organization": true,
  "authorization_date": "2017-07-03",
  "status": "pending",
  "processed_at": null,
  "rejected_desc": null
}
HTTP REQUEST

POST https://www.billplz.com/api/v3/bank_verification_services

REQUIRED ARGUMENTS
Parameter Description
name Bank account holder's name, in string value.
id_no Bank account's IC Number/SSM Registration Number, in string value.
acc_no Bank account number, in string value.
code Bank Code that represents bank, in string value and case sensitive.
Please refer to the Bank Code table below.
organization Boolean value that tell if the bank account is registered as organization. Default to false if this parameter is missing.
RESPONSE PARAMETER
Parameter Description
name Bank account holder's name, in string value.
id_no Bank account's IC Number/SSM Registration Number, in string value.
acc_no Bank account number, in string value.
code Bank Code that represents bank, in string value.
organization Boolean value that tell if the bank account is registered as organization.
authorization_date Request date for authorization, in format YYYY-MM-DD. Example: 2012-12-30
status Status that representing the authorization status, possible statuses are pending, verified and rejected.
processed_at Date format when the authorization is performed. In format YYYY-MM-DD. Example: 2012-12-30. It returns null if authorization has not been made.
reject_desc Reason why the authorization was rejected, in string value.

Bank Code Table

Bank Code
Affin Bank Berhad PHBMMYKL
AGROBANK / BANK PERTANIAN MALAYSIA BERHAD BPMBMYKL
Alliance Bank Malaysia Berhad MFBBMYKL
AL RAJHI BANKING & INVESTMENT CORPORATION (MALAYSIA) BERHAD RJHIMYKL
AmBank (M) Berhad ARBKMYKL
Bank Islam Malaysia Berhad BIMBMYKL
Bank Kerjasama Rakyat Malaysia Berhad BKRMMYKL
Bank Muamalat (Malaysia) Berhad BMMBMYKL
Bank Simpanan Nasional Berhad BSNAMYK1
CIMB Bank Berhad CIBBMYKL
Citibank Berhad CITIMYKL
Hong Leong Bank Berhad HLBBMYKL
HSBC Bank Malaysia Berhad HBMBMYKL
Kuwait Finance House KFHOMYKL
Maybank / Malayan Banking Berhad MBBEMYKL
OCBC Bank (Malaysia) Berhad OCBCMYKL
Public Bank Berhad PBBEMYKL
RHB Bank Berhad RHBBMYKL
Standard Chartered Bank (Malaysia) Berhad SCBLMYKX
United Overseas Bank (Malaysia) Berhad UOVBMYKL

Get FPX Banks

Use this API to get a list of bank codes that need for setting reference_1 in API#bypass-billplz-bill-page.

This API only return list of bank codes for online banking, if you looking for a complete payment gateways' bank code, please use API#get-payment-gateways instead.

Example Request:

# Get FPX Banks
curl https://www.billplz.com/api/v3/fpx_banks \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "banks":
  [{
    "name": "MBU0227",
    "active": true
    },{
    "name": "OCBC0229",
    "active": false
    },{
    "name": "MB2U0227",
    "active": true
  }]
}
HTTP REQUEST

GET https://www.billplz.com/api/v3/fpx_banks

RESPONSE PARAMETER
Parameter Description
name This is the bank code that need to set to reference_1. Case sensitive.
active true or false boolean that represents bank's availability. If an inactive bank was set to reference_1, the payment process will show Billplz page for payer to choose another bank from the list.

Fpx Bank Abbreviations

Bank Code Bank Name
ABMB0212 allianceonline
ABB0233 affinOnline
ABB0234* Affin Bank
AMBB0209 AmOnline
BCBB0235 CIMB Clicks
BIMB0340 Bank Islam Internet Banking
BKRM0602 i-Rakyat
BMMB0341 i-Muamalat
BSN0601 myBSN
CIT0219 Citibank Online
HLB0224 HLB Connect
HSBC0223 HSBC Online Banking
KFH0346 KFH Online
MB2U0227 Maybank2u
MBB0227 Maybank2E
MBB0228 Maybank2E
OCBC0229 OCBC Online Banking
PBB0233 PBe
RHB0218 RHB Now
SCB0216 SC Online Banking
UOB0226 UOB Internet Banking
UOB0229* UOB Bank
TEST0001* Test 0001
TEST0002* Test 0002
TEST0003* Test 0003
TEST0004* Test 0004
TEST0021* Test 0021
TEST0022* Test 0022
TEST0023* Test 0023

* Only applicable in staging environment.

V4

This version is in active development state. New feature will be introduced in this version.

Collections

Collections are where all of your Bills are belongs to. Collections can be useful to categorize your bill payment. As an example, you may use Collection to separate a Tuition Fee Collection for September and November collection.

Create a Collection

Billplz API now support creation of collection with 2 split rules feature, the response will contain the collection's ID that is needed in Bill API, split rules info and fields

Example Request:

# Creates a collection
curl https://www.billplz.com/api/v4/collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -F title="My First V4 API Collection"

Response:

{
  "id": "inbmmepb",
  "title": "My First V4 API Collection",
  "logo":
  {
    "thumb_url": null,
    "avatar_url": null
  },
  "split_header": false,
  "split_payments": []
}

Example request with optional arguments:

curl https://www.billplz.com/api/v4/collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -F title="My First V4 API Collection"\
  -F split_payments[][email]="verified@account.com" \
  -F split_payments[][fixed_cut]=100 \
  -F split_payments[][variable_cut]=2\
  -F split_payments[][stack_order]=0\
  -F split_payments[][email]="verified2@account.com" \
  -F split_payments[][fixed_cut]=200 \
  -F split_payments[][variable_cut]=3\
  -F split_payments[][stack_order]=1

Response:

{
  "id": "inbmmepb",
  "title": "My First V4 API Collection",
  "logo":
  {
    "thumb_url": null,
    "avatar_url": null
  },
  "split_header": false,
  "split_payments": [
    {
      "email": "verified@account.com",
      "fixed_cut": 100,
      "variable_cut": 2,
      "stack_order": 0
    },
    {
      "email": "verified2@account.com",
      "fixed_cut": 200,
      "variable_cut": 3,
      "stack_order": 1
    }
   ]
}
HTTP REQUEST

POST https://www.billplz.com/api/v4/collections

REQUIRED ARGUMENTS
Parameter Description
title The collection title. Will be displayed on bill template. String format.
OPTIONAL ARGUMENTS
Parameter Description
split_payments[][email] The email address of the split rule's recipient (The account must be a verified account).
split_payments[][fixed_cut] A positive integer in the smallest currency unit that is going in your account (e.g 100 cents to charge RM 1.00).
This field is required if split_payment[variable_cut] is not present.
split_payments[][variable_cut] Percentage in positive integer format that is going in your account.
This field is required if split_payment[fixed_cut] is not present.
split_payments[][stack_order] Integer format that defines the sequence of the split rule recipients.
This field is required and must be in correct order starts from 0 and increment by 1 subsequently if you want to set a split rule.
This input is crucial to determine a precise recipient's order.
split_header Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
RESPONSE PARAMETER
Parameter Description
id ID that represents a collection.
title The collection's title in string format.
logo[thumb_url] The thumb dimension's (180x180) URL.
logo[avatar_url] The avatar dimension's (40x40) URL.
split_header Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
split_payments Array that contains all split rule recipients in hash format.
email in hash represents the recipient's email.
fixed_cut in hash represents the recipient's fixed cut in smallest and positive currency unit.
variable_cut The recipient's percentage cut in positive integer format.
stack_order The order of the recipient defined in split rules.

Get a Collection

Use this API to query your collection record.

Example request:

# Get a collection
curl https://www.billplz.com/api/v4/collections/inbmmepb \
-u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "id": "inbmmepb",
  "title": "My First API Collection",
  "logo":
  {
    "thumb_url": null,
    "avatar_url": null
  },
  "split_header": false,
  "split_payments": [
    {
      "email": "verified@account.com",
      "fixed_cut": 100,
      "variable_cut": 2,
      "stack_order": 0
    },
    {
      "email": "verified2@account.com",
      "fixed_cut": 200,
      "variable_cut": 3,
      "stack_order": 1
    }
   ],
  "status": "active"
}
HTTP REQUEST

GET https://www.billplz.com/api/v4/collections/{COLLECTION_ID}

RESPONSE PARAMETER
Parameter Description
id ID that represents a collection.
title The collection's title in string format.
logo[thumb_url] The thumb dimension's (180x180) URL.
logo[avatar_url] The avatar dimension's (40x40) URL.
split_header Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
split_payments Array that contains all split rule recipients in hash format.
email in hash represents the recipient's email.
fixed_cut in hash represents the recipient's fixed cut in smallest and positive currency unit.
variable_cut is the recipient's percentage cut in positive integer format.
stack_order is the order of the recipient defined in split rules.
status Collection's status, it is either active and inactive.

Get Collection Index

Use this API to retrieve your collections list. To utilise paging, append a page parameter to the URL e.g. ?page=1. If there are 15 records in the response you will need to check if there is any more data by fetching the next page e.g. ?page=2 and continuing this process until no more results are returned.

Example request:

# Get collection index
curl https://www.billplz.com/api/v4/collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "collections":
  [{
    "id": "inbmmepb",
    "title": "My First API Collection",
    "logo":
    {
      "thumb_url": null,
      "avatar_url": null
    },
    "split_header": false,
    "split_payments": [],
    "status": "active"
  }],
  "page": 1
}

Example request with optional arguments:

# Get collection index
curl https://www.billplz.com/api/v4/collections?page=2&status=active \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "collections":
  [{
    "id": "inbmmepb",
    "title": "My First API Collection",
    "logo":
    {
      "thumb_url": null,
      "avatar_url": null
    },
    "split_header": false,
    "split_payments": [],
    "status": "active"
  }],
  "page": 2
}
HTTP REQUEST

GET https://www.billplz.com/api/v4/collections

OPTIONAL ARGUMENTS
Parameter Description
page Up to 15 collections will be returned in a single API call per specified page. Default to 1 if not present.
status Parameter to filter collection's status, valid value are active and inactive.

Create an Open Collection

Billplz API now support creation of open collections (Payment Form) with 2 split rule recipients feature, the response will contain the collection's attributes, including the payment form URL.

Example request:

# Creates an open collection
curl https://www.billplz.com/api/v4/open_collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d title="My First API Open Collection" \
  -d description="Maecenas eu placerat ante." \
  -d amount=299

Response:

{
  "id": "0pp87t_6",
  "title": "MY FIRST API OPEN COLLECTION",
  "description": "Maecenas eu placerat ante.",
  "reference_1_label": null,
  "reference_2_label": null,
  "email_link": null,
  "amount": 299,
  "fixed_amount": true,
  "tax": null,
  "fixed_quantity": true,
  "payment_button": "pay",
  "photo":
  {
    "retina_url":  null,
    "avatar_url":  null
  },
  "split_header": false,
  "split_payments": [],
  "url": "https://www.billplz.com/0pp87t_6",
  "redirect_uri": null
}

Example request with optional arguments:

# Creates a collection
curl https://www.billplz.com/api/v4/open_collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -F title="My First API Open Collection" \
  -F description="Maecenas eu placerat ante." \
  -F fixed_amount=false \
  -F fixed_quantity=false \
  -F payment_button="buy" \
  -F reference_1_label="ID No" \
  -F reference_2_label="First Name" \
  -F email_link="http://www.test.com" \
  -F tax=1 \
  -F photo=@/Users/Billplz/Documents/uploadPhoto.png \
  -F split_header=true \
  -F split_payments[][email]="verified@account.com" \
  -F split_payments[][variable_cut]=20 \
  -F split_payments[][stack_order]=0 \
  -F redirect_uri="http://www.test.com"

Response:

{
  "id": "0pp87t_6",
  "title": "MY FIRST API OPEN COLLECTION",
  "description": "Maecenas eu placerat ante.",
  "reference_1_label": "ID No",
  "reference_2_label": "First Name",
  "email_link": "http://www.test.com",
  "amount": null,
  "fixed_amount": false,
  "tax": 1,
  "fixed_quantity": false,
  "payment_button": "buy",
  "photo":
  {
    "retina_url":  "https://sample.net/assets/uploadPhoto.png",
    "avatar_url":  "https://sample.net/assets/uploadPhoto.png"
  },
  "split_header": true,
  "split_payments": [
    {
      "email": "verified@account.com",
      "fixed_cut": null,
      "variable_cut": 20,
      "stack_order": 0
    }
  ],
  "url": "https://www.billplz.com/0pp87t_6",
  "redirect_uri": "http://www.test.com"
}
HTTP REQUEST

POST https://www.billplz.com/api/v4/open_collections

REQUIRED ARGUMENTS
Parameter Description
title The collection title. Will be displayed on payment form. String format (Max of 50 characters).
description The collection description. Will be displayed on payment form. String format (Max of 200 characters).
amount A positive integer in the smallest currency unit (e.g 100 cents to charge RM 1.00).
Required if fixed_amount is true; Ignored if fixed_amount is false.
OPTIONAL ARGUMENTS
Parameter Description
fixed_amount Boolean value. Set fixed_amount to false for Open Amount. Default value is true.
fixed_quantity Boolean value. Set fixed_quantity to false for Open Quantity. Default value is true.
payment_button Payment button's text. Available options are buy and pay. Default value is pay.
reference_1_label Label #1 to reconcile payments (Max of 20 characters).
Default value is Reference 1.
reference_2_label Label #2 to reconcile payments (Max of 20 characters).
Default value is Reference 2.
email_link A URL that email to customer after payment is successful.
tax Tax rate in positive integer format.
photo This image will be resized to retina (960x960) and avatar (180x180) dimensions. Whitelisted formats are jpg, jpeg, gif and png.
split_payments[][email] The email address of the split rule's recipient (The account must be a verified account).
split_payments[][fixed_cut] A positive integer in the smallest currency unit that is going in your account (e.g 100 cents to charge RM 1.00)
This field is required if split_payment[variable_cut] is not present.
split_payments[][variable_cut] Percentage in positive integer format that is going in your account.
This field is required if split_payment[fixed_cut] is not present.
split_payments[][stack_order] Integer format that defines the sequence of the split rule recipients.
This field is required and must be in correct order starts from 0 and increment by 1 subsequently if you want to set a split rule.
This input is crucial to determine a precise recipient's order.
split_header Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
redirect_uri URL to redirect the customer after payment (completed or failed). Billplz will do a GET to redirect_uri, with bill's ID appended to the URL (additional paid, paid_at and x_signature if x_signature is enabled).
RESPONSE PARAMETER
Parameter Description
id The collection ID.
title The collection's title.
description The collection description.
reference_1_label Label #1 to reconcile payments.
reference_2_label Label #2 to reconcile payments.
email_link A URL that email to customer after payment is successful.
amount The collection's fixed amount to create bill in the smallest currency unit.
fixed_amount Boolean value. It returns to false if Open Amount.
tax Tax rate in positive integer format.
fixed_quantity Boolean value. It returns false if Open Quantity.
payment_button Payment button's text.
photo[retina_url] The retina dimension's (960x960) URL.
photo[avatar_url] The avatar dimension's (180x180) URL.
split_header Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
split_payments Array that contains all split rule recipients in hash format.
email in hash represents the recipient's email.
fixed_cut in hash represents the recipient's fixed cut in smallest and positive currency unit.
variable_cut is the recipient's percentage cut in positive integer format.
stack_order is the order of the recipient defined in split rules.
url URL to the collection.
redirect_uri URL to redirect the customer after payment (completed or failed). Billplz will do a GET to redirect_uri, with bill's ID appended to the URL (additional paid, paid_at and x_signature if x_signature is enabled).

Get an Open Collection

Use this API to query your open collection record.

Example request:

# Get an open collection
curl https://www.billplz.com/api/v4/open_collections/0pp87t_6 \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "id": "0pp87t_6",
  "title": "MY FIRST API OPEN COLLECTION",
  "description": "Maecenas eu placerat ante. Fusce ut neque justo, et aliquet enim. In hac habitasse platea dictumst.",
  "reference_1_label": null,
  "reference_2_label": null,
  "email_link": null,
  "amount": 299,
  "fixed_amount": true,
  "tax": null,
  "fixed_quantity": true,
  "payment_button": "pay",
  "photo":
  {
    "retina_url":  null,
    "avatar_url":  null
  },
  "split_header": false,
  "split_payments": [],
  "url": "https://www.billplz.com/0pp87t_6",
  "status": "active",
  "redirect_uri": null
}
HTTP REQUEST

GET https://www.billplz.com/api/v4/open_collections/{COLLECTION_ID}

RESPONSE PARAMETER
Parameter Description
id The collection ID.
title The collection's title.
description The collection description.
reference_1_label Label #1 to reconcile payments.
reference_2_label Label #2 to reconcile payments.
email_link A URL that email to customer after payment is successful.
amount The collection's fixed amount to create bill in the smallest currency unit.
fixed_amount Boolean value. It returns to false if Open Amount.
tax Tax rate in positive integer format.
fixed_quantity Boolean value. It returns false if Open Quantity.
payment_button Payment button's text.
photo[retina_url] The retina dimension's (960x960) URL.
photo[avatar_url] The avatar dimension's (180x180) URL.
split_header Boolean value. All bill and receipt templates will show split rule recipient's infographic if this was set to true.
split_payments Array that contains all split rule recipients in hash format.
email in hash represents the recipient's email.
fixed_cut in hash represents the recipient's fixed cut in smallest and positive currency unit.
variable_cut is the recipient's percentage cut in positive integer format.
stack_order is the order of the recipient defined in split rules.
url URL to the collection.
status Collection's status, it is either active and inactive.
redirect_uri URL to redirect the customer after payment (completed or failed). Billplz will do a GET to redirect_uri, with bill's ID appended to the URL (additional paid, paid_at and x_signature if x_signature is enabled).

Get Open Collection Index

Use this API to retrieve your open collections list. To utilise paging, append a page parameter to the URL e.g. ?page=1. If there are 15 records in the response you will need to check if there is any more data by fetching the next page e.g. ?page=2 and continuing this process until no more results are returned.

Example request:

# Get open collection index
curl https://www.billplz.com/api/v4/open_collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "open_collections":
  [{
    "id": "0pp87t_6",
    "title": "MY FIRST API OPEN COLLECTION",
    "description": "Maecenas eu placerat ante. Fusce ut neque justo, et aliquet enim. In hac habitasse platea dictumst.",
    "reference_1_label": "ID No",
    "reference_2_label": "First Name",
    "email_link": "http://www.test.com",
    "amount": null,
    "fixed_amount": false,
    "tax": 1,
    "fixed_quantity": false,
    "payment_button": "buy",
    "photo":
    {
      "retina_url":  "https://sample.net/assets/uploadPhoto.png",
      "avatar_url":  "https://sample.net/assets/uploadPhoto.png"
    },
    "split_header": false,
    "split_payments": [
      {
        "email": "verified@account.com",
        "fixed_cut": null,
        "variable_cut": 20,
        "stack_order": 0
      }
    ],
    "url": "https://www.billplz.com/0pp87t_6",
    "status": "active",
    "redirect_uri": null
  }],
  "page": 1
}

Example request with optional arguments:

# Get collection index
curl https://www.billplz.com/api/v4/open_collections?page=2&status=active \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "open_collections":
  [{
    "id": "0pp87t_6",
    "title": "MY FIRST API OPEN COLLECTION",
    "description": "Maecenas eu placerat ante. Fusce ut neque justo, et aliquet enim. In hac habitasse platea dictumst.",
    "reference_1_label": "ID No",
    "reference_2_label": "First Name",
    "email_link": "http://www.test.com",
    "amount": null,
    "fixed_amount": false,
    "tax": 1,
    "fixed_quantity": false,
    "payment_button": "buy",
    "photo":
    {
      "retina_url":  "https://sample.net/assets/uploadPhoto.png",
      "avatar_url":  "https://sample.net/assets/uploadPhoto.png"
    },
    "split_header": false,
    "split_payments": [
      {
        "email": "verified@account.com",
        "fixed_cut": null,
        "variable_cut": 20,
        "stack_order": 0
      }
    ],
    "url": "https://www.billplz.com/0pp87t_6",
    "status": "active",
    "redirect_uri": null
  }],
  "page": 2
}
HTTP REQUEST

GET https://www.billplz.com/api/v4/open_collections

OPTIONAL ARGUMENTS
Parameter Description
page Up to 15 open collections will be returned in a single API call per specified page. Default to 1 if not present.
status Parameter to filter open collection's status, valid value are active and inactive.

Customer Receipt Delivery

By default, all collections follow the Global Customer Receipt Notification configuration in your Account settings.

You can override the Global configuration on individual collections by calling activate and deactivate.

Activate

If you wish to ignore the Global configuration and always send a receipt email to your customers, you may activate it per individual collection by calling to this API.

Example request:

# Activate a collection's customer receipt delivery
curl -X POST \
https://www.billplz.com/api/v4/collections/qag4fe_o6/customer_receipt_delivery/activate \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{}
HTTP REQUEST

POST https://www.billplz.com/api/v4/collections/{COLLECTION_ID}/customer_receipt_delivery/activate

URL PARAMETER
Parameter Description
COLLECTION_ID Collection ID returned in Collection object.

Deactivate

If you wish to ignore the Global configuration and always not to send a receipt email to your customers, you may deactivate it per individual collection by calling to this API.

Example request:

# Deactivate a collection's customer receipt delivery
curl -X POST \
https://www.billplz.com/api/v4/collections/qag4fe_o6/customer_receipt_delivery/deactivate \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{}
HTTP REQUEST

POST https://www.billplz.com/api/v4/collections/{COLLECTION_ID}/customer_receipt_delivery/deactivate

URL PARAMETER
Parameter Description
COLLECTION_ID Collection ID returned in Collection object.

Set Global

Use this API to set your individual collections to follow Global Customer Receipt Notification configuration if you want your collection to send the email base on Global configuration. By default, all collections are following Global configuration.

Example request:

# Set a collection's customer receipt delivery to Global
curl -X POST \
https://www.billplz.com/api/v4/collections/qag4fe_o6/customer_receipt_delivery/global \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{}
HTTP REQUEST

POST https://www.billplz.com/api/v4/collections/{COLLECTION_ID}/customer_receipt_delivery/global

URL PARAMETER
Parameter Description
COLLECTION_ID Collection ID returned in Collection object.

Get Status

Use this API to get a Collection's Customer Receipt Notification status.

Example request:

# Get a collection's customer receipt delivery
curl https://www.billplz.com/api/v4/collections/qag4fe_o6/customer_receipt_delivery \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "id": "qag4fe_o6",
  "customer_receipt_delivery": "global"
}
HTTP REQUEST

GET https://www.billplz.com/api/v4/collections/{COLLECTION_ID}/customer_receipt_delivery

URL PARAMETER
Parameter Description
COLLECTION_ID Collection ID returned in Collection object.
RESPONSE PARAMETER
Parameter Description
id ID that represents a collection.
customer_receipt_delivery Collection's Customer Receipt Notification status, it is either active, inactive or global.

Payout Flow

Payout allows you to make payment to any account bank registered in Malaysia. Since Bank doesn't provide way to programatically make payment to bank account, you can achieve that by using our Payout API.

Payout implements the same collection concept as per API Flow. You will have collection that consists of multiple payouts.

Before proceeding further, you need to ensure that you have enough payout limit to perform Payout. To increase payout limit, navigate to Payout tab and you will notice the Payout Limit at the top.

Payout Limit Interface Screenshot.

To start using the API, you would have to create a Payout Collection. Then the payout will kicks in as per below:

  1. Get bank information from the recipient.
  2. Execute Create a Payout API.
  3. If failed, perform one-time bank account registration using Create a Bank Account;
  4. Then, execute Create a Payout API again after three working days.
  5. The payment will be settled to the receipient in one (1) working day except Thursday and public holidays.

Payout Collections

Create a Payout Collection

New Payout Collection used to group all your Payouts to make payout transfers.

Example request:

# Creates a Payout collection
curl https://www.billplz.com/api/v4/mass_payment_instruction_collections \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d title="My First API Payout Collection"

Response:

{
  "id": "4po8no8h",
  "title": "My First API Payout Collection",
  "mass_payment_instructions_count": "0",
  "paid_amount": "0",
  "status": "active"
}
HTTP REQUEST

POST https://www.billplz.com/api/v4/mass_payment_instruction_collections

REQUIRED ARGUMENTS
Parameter Description
title The collection title. Will be displayed on bill template. String format.
RESPONSE PARAMETER
Parameter Description
id ID that represents a collection.
title The collection's title in string format.
mass_payment_instructions_count The number of payout belongs to this collection.
paid_amount Total paid amount for payouts in this collection.
A positive integer in the smallest currency unit (e.g 100 cents to charge RM 1.00).
status Collection's status, it is either active and inactive.

Get a Payout Collection

Use this API to query your Payout Collection record.

Example request:

# Get a Payout collection
curl https://www.billplz.com/api/v4/mass_payment_instruction_collections/4po8no8h \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "id": "4po8no8h",
  "title": "My First API Payout Collection",
  "mass_payment_instructions_count": "0",
  "paid_amount": "0",
  "status": "active"
}
HTTP REQUEST

GET https://www.billplz.com/api/v4/mass_payment_instruction_collections/{PAYOUT_COLLECTION_ID}

REQUIRED ARGUMENTS
Parameter Description
PAYOUT_COLLECTION_ID Collection ID returned in Payout Collection object.
RESPONSE PARAMETER
Parameter Description
id ID that represents a collection.
title The collection's title in string format.
mass_payment_instructions_count The number of payout belongs to this collection.
paid_amount Total paid amount for payouts in this collection.
A positive integer in the smallest currency unit (e.g 100 cents to charge RM 1.00).
status Collection's status, it is either active and inactive.

Payout

Create a Payout

To make a payment transfer to another bank account, simply create a Payout.

To create a Payout, you would need the Payout collection's ID. Each Payout must be created within a Payout Collection.

Example request:

# Creates a Payout for RM 20.00
curl https://www.billplz.com/api/v4/mass_payment_instructions \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d mass_payment_instruction_collection_id="4po8no8h" \
  -d bank_code="MBBEMYKL" \
  -d bank_account_number="820808062202123" \
  -d identity_number="820808062202" \
  -d name="Michael Yap" \
  -d description="Maecenas eu placerat ante." \
  -d total=2000

Response:

{
  "id": "afae4bqf",
  "mass_payment_instruction_collection_id": "4po8no8h",
  "bank_code": "MBBEMYKL",
  "bank_account_number": "820808062202123",
  "identity_number": 820808062202 ,
  "name": "Michael Yap",
  "description": "Maecenas eu placerat ante.",
  "email" :"hello@billplz.com",
  "status": "processing",
  "notification": false,
  "recipient_notification": true,
  "total": "2000",
  "reference_id": null
}

Example request with optional arguments:

# Creates a Payout for RM 20.00
curl https://www.billplz.com/api/v4/mass_payment_instructions \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d mass_payment_instruction_collection_id="4po8no8h" \
  -d bank_code="MBBEMYKL" \
  -d bank_account_number="820808062202123" \
  -d identity_number="820808062202" \
  -d name="Michael Yap" \
  -d description="Maecenas eu placerat ante." \
  -d total=2000 \
  -d email="recipient@email.com" \
  -d notification=true \
  -d recipient_notification=false \
  -d reference_id="payout123123"

Response:

{
  "id": "57iofla8",
  "mass_payment_instruction_collection_id": "4po8no8h",
  "bank_code": "MBBEMYKL",
  "bank_account_number": "820808062202123",
  "identity_number": 820808062202 ,
  "name": "Michael Yap",
  "description": "Maecenas eu placerat ante.",
  "email":"recipient@email.com",
  "status": "processing",
  "notification": true,
  "recipient_notification": false,
  "total": "2000",
  "reference_id": "payout123123"
}
HTTP REQUEST

POST https://www.billplz.com/api/v4/mass_payment_instructions

REQUIRED ARGUMENTS
Parameter Description
mass_payment_instruction_collection_id The Payout Collection ID. A string.
bank_code Bank Code that represents bank, in string value. Case sensitive.

Status code of 422 with Bank account not found message will be returned if no bank accounts matched.

So, please make sure all bank_code, bank_account_number and identity_number are all correct.

Please refer to API#get-a-bank-account.
bank_account_number Bank account number, in string value.

Status code of 422 with Bank account not found message will be returned if no bank accounts matched.

So, please make sure all bank_code, bank_account_number and identity_number are all correct.

Please refer to API#get-a-bank-account.
identity_number Bank account's IC Number/SSM Registration Number, in string value.

Status code of 422 with Bank account not found message will be returned if no bank accounts matched.

So, please make sure all bank_code, bank_account_number and identity_number are all correct.

Please refer to API#get-a-bank-account.
name Payout's recipient name. Useful for identification on recipient part.
description The Payout's description. Will be displayed on bill template. String format (Max of 200 characters).
total Total amount you would like to transfer to the recipient.
A positive integer in the smallest currency unit (e.g 100 cents to charge RM 1.00).
OPTIONAL ARGUMENTS
Parameter Description
email The email address of recipient (it default to sender's email if not present).
A receipt will be sent to this email once the Payout has been processed.
notification Boolean value. As a sender, you can opt-in for email notification by setting this to true. Sender will receive email once a Payout has been processed. Default value is false.
recipient_notification Boolean value. If this is set to true, recipient of the Payout will receive email notification once the Payout has been processed. Default value is true. Set to false if you do not like the recipient to receive any email notifications.
reference_id Payout's unique reference ID scoped by Payout Collection. This helps maintain data integrity by ensuring that no two rows of data in a payout collection have identical reference_id value. Useful to prevent unintentional payout creation. (Max of 255 characters).
RESPONSE PARAMETER
Parameter Description
id ID that represents a Payout.
mass_payment_instruction_collection_id The Payout collection's title in string format.
bank_code Bank Code that represents bank, in string value. Case sensitive.
bank_account_number Bank account number, in string value.
identity_number Bank account's IC Number/SSM Registration Number, in string value.
name Payout's recipient name.
description The Payout's description.
email The email address of recipient (it default to sender's email if not present).
status Payout status. It is either processing or completed or refunded.
notification Boolean value. Sender will receive email notification if this is true.
recipient_notification Boolean value. Recipient will receive email notification if this is true.
total Total amount transfer to the recipient. A positive integer in the smallest currency unit (e.g 100 cents to charge RM 1.00).

A standard RM1.50 or RM0.50 or RM0.00 fee would be charged from your credits when you successfully created a Payout request;
while the total of each Payout will be deducted from your Payout limit.

Status code of 422 with Bank account not verified message will be returned if the matching bank account is pending for verification.

Status code of 422 with Bank account rejected message will be returned if the matching bank account is rejected.
reference_id Payout's reference ID. Useful for identification on recipient part.

Get a Payout

Use this API to query your Payout record.

Example request:

# Get a Payout
curl https://www.billplz.com/api/v4/mass_payment_instructions/afae4bqf \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "id": "afae4bqf",
  "mass_payment_instruction_collection_id": "4po8no8h",
  "bank_code": "MBBEMYKL",
  "bank_account_number": "820808062202123",
  "identity_number": 820808062202 ,
  "name": "Michael Yap",
  "description": "Maecenas eu placerat ante.",
  "email" :"hello@billplz.com",
  "status": "processing",
  "notification": false,
  "recipient_notification": true,
  "total": "2000",
  "reference_id": null
}
HTTP REQUEST

GET https://www.billplz.com/api/v4/mass_payment_instructions/{PAYOUT_ID}

REQUIRED ARGUMENTS
Parameter Description
PAYOUT_ID The Payout ID. A string.
RESPONSE PARAMETER
Parameter Description
id ID that represents a Payout.
mass_payment_instruction_collection_id The Payout collection's title in string format.
bank_code Bank Code that represents bank, in string value. Case sensitive.
bank_account_number Bank account number, in string value.
identity_number Bank account's IC Number/ROC/ROB/ROS Number, in string value.
name Payout's recipient name.
description The Payout's description.
email The email address of recipient (it default to sender's email if not present).
status Payout status. It is either processing or completed or refunded.
notification Boolean value. Sender will receive email notification if this is true.
recipient_notification Boolean value. Recipient will receive email notification if this is true.
total Total amount transfer to the recipient. A positive integer in the smallest currency unit (e.g 100 cents to charge RM 1.00).
reference_id Payout's reference ID. Useful for identification on recipient part.

Webhook Rank

Webhook Rank has been introduced to ensure callback is running at it's best. The higher the ranking, the higher priority for the callback to be executed. Use this API to query your current Account Ranking. 0.0 indicate highest ranking (default) and 10.0 lowest ranking.

Example request:

# Webhook Rank
curl https://www.billplz.com/api/v4/webhook_rank \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "rank": 0.0
}
HTTP REQUEST

GET https://www.billplz.com/api/v4/webhook_rank

RESPONSE PARAMETER
Parameter Description
rank Ranking Number (0.0 - 10.0)

Get Payment Gateways

Use this API to get a complete list of supported payment gateways' bank code that need for setting reference_1 in API#bypass-billplz-bill-page.

This API returns not only online banking, but also all other payment gateways' bank code that are supported in API#bypass-billplz-bill-page.

Example request:

curl https://www.billplz.com/api/v4/payment_gateways \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Response:

{
  "payment_gateways":
  [{
    "code": "MBU0227",
    "active": true,
    "category": "fpx"
    },{
    "code": "OCBC0229",
    "active": false,
    "category": "fpx"
    },{
    "code": "BP-FKR01",
    "active": true,
    "category": "billplz"
    },{
    "code": "BP-PPL01",
    "active": true,
    "category": "paypal"
    },{
    "code": "BP-2C2P1",
    "active": false,
    "category": "2c2p"
    },{
    "code": "BP-OCBC1",
    "active": true,
    "category": "ocbc"
  }]
}
HTTP REQUEST

GET https://www.billplz.com/api/v4/payment_gateways

RESPONSE PARAMETER
Parameter Description
code This is the bank code that need to set to reference_1. Case sensitive.
active true or false boolean that represents payment gateway's availability. If an inactive / invalid payment gateway was set to reference_1, the payment process will show Billplz page for payer to choose another payment option from the list.
category Category this payment gateway belongs to.

Payment Gateway Abbreviations

Code Name
ABMB0212 allianceonline
ABB0233 affinOnline
ABB0234* Affin Bank
AMBB0209 AmOnline
BCBB0235 CIMB Clicks
BIMB0340 Bank Islam Internet Banking
BKRM0602 i-Rakyat
BMMB0341 i-Muamalat
BSN0601 myBSN
CIT0219 Citibank Online
HLB0224 HLB Connect
HSBC0223 HSBC Online Banking
KFH0346 KFH Online
MB2U0227 Maybank2u
MBB0227 Maybank2E
MBB0228 Maybank2E
OCBC0229 OCBC Online Banking
PBB0233 PBe
RHB0218 RHB Now
SCB0216 SC Online Banking
UOB0226 UOB Internet Banking
UOB0229* UOB Bank
TEST0001* Test 0001
TEST0002* Test 0002
TEST0003* Test 0003
TEST0004* Test 0004
TEST0021* Test 0021
TEST0022* Test 0022
TEST0023* Test 0023
BP-FKR01* Billplz Simulator
BP-PPL01 PayPal
BP-2C2P1 e-pay
BP-2C2PC Visa / Mastercard
BP-2C2PU UnionPay
BP-OCBC1 Visa / Mastercard
BP-2C2PGRB Grab
BP-2C2PBST Boost
BP-2C2PTNG TnG
BP-BST01 Boost
BP-SGP01 Senangpay
B2B1-ABB0232 affinOnline
B2B1-ABB0235 AFFINMAX
B2B1-ABMB0213 Alliance BizSmart
B2B1-AGRO02* Agro Bank
B2B1-AMBB0208 AmAccess Biz
B2B1-BCBB0235 BizChannel@CIMB
B2B1-BIMB0340 Bank Islam eBanker
B2B1-BKRM0602 i-bizRAKYAT
B2B1-BMMB0342 iBiz Muamalat
B2B1-BNP003 BNP Paribas
B2B1-CIT0218 CitiDirect BE
B2B1-DBB0199 Deutsche Bank Autobahn
B2B1-HLB0224 HLB ConnectFirst
B2B1-HSBC0223 HSBCnet
B2B1-KFH0346 KFH Online
B2B1-MBB0228 Maybank2E
B2B1-OCBC0229 Velocity@ocbc
B2B1-PBB0233 PBe
B2B1-PBB0234 PB enterprise
B2B1-RHB0218 RHB Reflex
B2B1-SCB0215 SC Straight2Bank
B2B1-TEST0021* SBI Bank A
B2B1-TEST0022* SBI Bank B
B2B1-TEST0023* SBI Bank C
B2B1-UOB0228 UOB BIBPlus

* Only applicable in staging environment.

Tokenization

This feature allows you to exchange for a card's tokenization from our provider's PCI DSS certified vault, and use the token to charge your customer later.

Providers
Provider Type Eligibility
Senangpay 3DS Any paid membership plan
OCBC 3DS Any paid membership plan

Senangpay

This feature enables you to tokenize 3DS Visa / Mastercard cards to be charged later, which will be stored in Senangpay's PCI DSS certified servers.

Card Tokenization Flow
  1. Create card & token using this Create Card API.
  2. Merchant redirects card holder to Senangpay's 3DS authentication page.
  3. Card holder inputs credit/debit card details and submits the form.
  4. Billplz will send a POST request to merchant's callback_url containing masked card details together with CARD_ID and TOKEN.
  5. Merchant compares the checksum sent, and store card details if they match.

Create Card

Use this API to create a card token for 3DS Visa / Mastercard cards. Remember to store the response, as no card details nor tokens will be stored in Billplz's servers.

To charge a card with the token generated, refer to this API.

Example request:

# Creates a card token
curl https://www.billplz.com/api/v4/cards \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d name="Michael" \
  -d email="api@billplz.com" \
  -d phone="60122345678" \
  -d callback_url="https://example.com/callback_url"

Response:

  {
    "id": "8727fc3a-c04c-4c2b-9b67-947b5cfc2fb6",
    "card_number": null,
    "provider": null,
    "token": null,
    "status": "pending",
    "authentication_redirect_url": "https://senangpay.my/some_link",
    "callback_url": "https://example.com/callback_url"
  }
HTTP REQUEST

POST https://www.billplz.com/api/v4/cards

REQUIRED ARGUMENTS
Parameter Description
name Name on the card / name of the card owner.
email Email of the card owner.
phone Contact number of card owner.
callback_url Web hook URL to be called after card token is created. It will POST a Card object.

Delete Card

Use this API to delete a card.

Example request:

# Delete an active card token
curl -X DELETE https://www.billplz.com/api/v4/cards/8727fc3a-c04c-4c2b-9b67-947b5cfc2fb6 \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d token="77d62ad5a3ae56aafc8e3529b89d0268afa205303f6017afbd9826afb8394740"

Response:

{
  "id": "8727fc3a-c04c-4c2b-9b67-947b5cfc2fb6",
  "card_number": "1118",
  "provider": "mastercard",
  "token": "77d62ad5a3ae56aafc8e3529b89d0268afa205303f6017afbd9826afb8394740",
  "status": "deleted"
}
HTTP REQUEST

DELETE https://www.billplz.com/api/v4/cards/{CARD_ID}

REQUIRED ARGUMENTS
Parameter Description
token Card's token.

3D Secure Update

Billplz will send a POST request to callback_url provided within an hour, regardless the card holder has completed the 3DSecure verification or not. This callback_url will also serve as redirect_url on the client's side. You are required to redirect every time the 3D secure update is being given regardless of callback or redirect.

Example request to callback_url:

# POST request sent to callback_url
curl https://www.example.com/callback \
  -d id="a35296ad-b50c-4179-8024-036da00c1aee" \
  -d card_number="1118" \
  -d provider="mastercard" \
  -d token="77d62ad5a3ae56aafc8e3529b89d0268afa205303f6017afbd9826afb8394740" \
  -d status="active" \
  -d checksum="ef5e54a22af0925cba88fab467119742e90262e3646eea1dee3949938daf3a38"
HTTP REQUEST

POST {CALLBACK_URL}

POST PARAMETER
Parameter Description
id ID that represents card.
card_number Last 4 digits of card's number.
token Card's token.
status Status that represents the card's status, possible values are pending, active, failed, and deleted.
checksum Digital signature computed with posted data and shared XSignature Key.
CHECKSUM

Checksum is a digital signature computed with posted data and shared XSignature Key, similar to the X Signature received on Payment Completion.

For security purposes, checksum is inserted into this POST request so that merchants can verify this request comes from Billplz. To learn more on how to calculate this checksum, click here.

Charge Card

Use this API to make bill payment by charging a Visa / Mastercard card with token generated.

REQUIREMENTS
  1. Collection without split recipients (split payment).
  2. Bill. Email and Mobile number are required during bill creation. Card Token & ID.

Example request:

# Make bill payment with token
curl https://www.billplz.com/api/v4/bills/awyzmy0m/charge \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d token="77d62ad5a3ae56aafc8e3529b89d0268afa205303f6017afbd9826afb8394740" \
  -d card_id="8727fc3a-c04c-4c2b-9b67-947b5cfc2fb6"

Response:

{
  "amount": 10000,
  "status": "success",
  "reference_id": "15681981586116610",
  "hash_value": "1b66606732d846192b0b6aa4b754b3c8addd59072fce4bdd066b5d631c31d5e8",
  "message": "Payment was successful",
}
HTTP REQUEST

POST https://www.billplz.com/api/v4/bills/{BILL_ID}/charge

REQUIRED ARGUMENTS
Parameter Description
card_id ID that represents a card.
token Card token.

OCBC

This feature enables merchants with OCBC business account to tokenize 3DS Visa / Mastercard cards to be charged later, which will be stored in OCBC's PCI DSS certified servers.

CARD TOKENIZATION FLOW
  1. Merchant to collect card details from card holder. Card number, expiry date and CVV.
  2. Create card & token using this API.
  3. Upon receiving the response, redirect card holder to the URL (authentication_redirect_url) given.
  4. Card holder is required to complete 3DSecure verification process within an hour.
  5. Billplz updates card status based on verification result.
  6. Billplz sends POST request to callback_url specified by merchant. If card holder fails to complete the verification process within an hour, Billplz will send a POST request with failed Card object. Merchants are expected to set up this callback_url to get and update the result of card's 3DSecure verification.

Create Card

Use this API to create a card token for 3DS Visa / Mastercard. Remember to store the responses for future use.

After creating a card, the token can not be used yet as it is not active. To activate the token, redirect card holder to the authentication_redirect_url provided in the response, where the card holder will have to go through acquiring bank's 3DSecure authentication process.

To charge a card with the token generated, refer to this API.

Example request:

# Creates a card token
curl https://www.billplz.com/api/v4/ocbc_cards \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d card_number="5123450000000008" \
  -d expiry_month="05" \
  -d expiry_year="21" \
  -d cvv="100" \
  -d callback_url="https://www.example.com/callback"

Response:

{
  "id": "a35296ad-b50c-4179-8024-036da00c1aee",
  "card_number": "512345xxxxxx0008",
  "expiry": "0521",
  "provider": "MASTERCARD",
  "token": "9887706765197232",
  "status": "active",
  "authentication_redirect_url": "https://www.billplz.com/banks/ocbc/cards/a35296ad-b50c-4179-8024-036da00c1aee/authenticate",
  "callback_url": "https://www.example.com/callback"
}

Callback request:

{
  "id": "a35296ad-b50c-4179-8024-036da00c1aee",
  "card_number": "512345xxxxxx0008",
  "expiry": "0521",
  "provider": "MASTERCARD",
  "token": "9887706765197232",
  "status": "active",
  "authentication_redirect_url": "https://www.billplz.com/banks/ocbc/cards/a35296ad-b50c-4179-8024-036da00c1aee/authenticate",
  "callback_url": "https://www.example.com/callback"
}
HTTP REQUEST

POST https://www.billplz.com/api/v4/ocbc_cards

REQUIRED ARGUMENTS
Parameter Description
card_number Card number, only numbers.
expiry_month 2 character string. May should be written as 05.
expiry_year 2 character string. 2021 should be written as 21.
cvv Card CVV number (3 digits).
callback_url Web hook URL to be called after 3DSecure verification/authorization completed. It will POST a Card object.

Delete Card

Use this API to delete a tokenized card.

Example request:

# Deletes a card token
curl https://www.billplz.com/api/v4/ocbc_cards/8727fc3a-c04c-4c2b-9b67-947b5cfc2fb6 \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d token="9887706765197232"

Response:

{
  "id": "8727fc3a-c04c-4c2b-9b67-947b5cfc2fb6",
  "status": "deleted"
}
HTTP REQUEST

DELETE https://www.billplz.com/api/v4/ocbc_cards/{CARD_ID}

REQUIRED ARGUMENTS
Parameter Description
token Card token.

3D Secure Update

Billplz will send a POST request to callback_url provided within an hour, regardless the card holder has completed the 3DSecure verification or not. This callback_url will also serve as redirect_url on the client's side. You are required to redirect every time the 3D secure update is being given regardless of callback or redirect.

Example request to callback_url:

# POST request sent to callback_url
curl https://www.example.com/callback \
  -d id="a35296ad-b50c-4179-8024-036da00c1aee" \
  -d status="active" \
  -d checksum="ef5e54a22af0925cba88fab467119742e90262e3646eea1dee3949938daf3a38"
HTTP REQUEST

POST {CALLBACK_URL}

POST PARAMETER
Parameter Description
id ID that represents card.
status Status that represents the card's status, possible values are pending, active, failed, and deleted.
checksum Digital signature computed with posted data and shared XSignature Key.
CHECKSUM

Checksum is a digital signature computed with posted data and shared XSignature Key, similar to the X Signature received on Payment Completion.

For security purposes, checksum is inserted into this POST request so that merchants can verify this request comes from Billplz. To learn more on how to calculate this checksum, click here.

Charge Card

Use this API to make bill payment by charging a 3DS Visa / Mastercard card with token generated.

REQUIREMENTS
  1. Collection without split recipients (split payment).
  2. Bill.
  3. Card Token & ID.

Example request:

# Make bill payment with token
curl https://www.billplz.com/api/v4/bills/awyzmy0m/ocbc_charge \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81: \
  -d token="77d62ad5a3ae56aafc8e3529b89d0268afa205303f6017afbd9826afb8394740" \
  -d card_id="8727fc3a-c04c-4c2b-9b67-947b5cfc2fb6"

Response:

{
  "amount": 10000,
  "status": "success",
  "reference_id": "926611194776",
  "message": "Approved",
}
HTTP REQUEST

POST https://www.billplz.com/api/v4/bills/{BILL_ID}/ocbc_charge

REQUIRED ARGUMENTS
Parameter Description
card_id ID that represents a card.
token Card token.

X Signature

X SIGNATURE CALCULATION

The message level security is implemented by using signing and verification of the message.

STEP 1 - CONSTRUCT SOURCE STRING

collection_id: 'inbmmepb', description: 'testing', email: 'api@billplz.com', name: 'Michael', amount: '200', callback_url: 'https://example.com/webhook'

amount200|callback_urlhttps://example.com/webhook|collection_idinbmmepb|descriptiontesting|emailapi@billplz.com|nameMichael

collections: [{id: 'inbmmepb', title: 'testing'}, {id: 'xyzabc', title: 'testing x 2'}], page: 1

collectionsidinbmmepb|collectionsidxyzabc|collectionstitletesting|collectionstitletesting x 2|page1

STEP 2 - SIGN THE SOURCE STRING

Below is a sample of constructed source string:

amount200|callback_urlhttps://example.com/webhook|collection_idinbmmepb|descriptiontesting|emailapi@billplz.com|nameMichael

Below is the final x_signature value using above source string with 'abc123cde456' as XSignature Key:

ef5e54a22af0925cba88fab467119742e90262e3646eea1dee3949938daf3a38

Extra Payment Completion Information

To get transaction_id and transaction_status, enable Extra Payment Completion Information.

Activate the extra payment completion information.

Payment Completion

Basic Callback Url

callback_url feature does not give your users the same instant bill update experience as of redirect_url feature, however it does guarantee you 100% execution backend to backend update.

callback_url feature integration is compulsory but redirect_url feature is optional.

**you are strongly advised to integrate both redirect_url feature (for better user experience) and callback_url feature (for 100% transaction update)

Example Server Side Request from Billplz:

POST /webhook/ HTTP/1.1
Connection: close
Host: 127.0.0.1
Content-Length: 346
Content-Type: application/x-www-form-urlencoded

  id="W_79pJDk"
  &collection_id="599"
  &paid="true"
  &state="paid"
  &amount="200"
  &paid_amount="0"
  &due_at="2020-12-31"
  &email="api@billplz.com"
  &mobile="+60112223333"
  &name="MICHAEL API"
  &metadata[id]="9999"
  &metadata[description]="This is to test bill creation"
  &url="http://billplz.dev/bills/W_79pJDk"
  &paid_at="2015-03-09 16:23:59 +0800"

Body formatted for readability.

SERVER SIDE REQUEST

Billplz will make a POST request to callback_url with Bill object upon payment completion (failure or success).

A bill that catched payment failure will be in due state.

By default, Basic Callback URL feature is disabled due to security reason.

HTTP REQUEST

POST {CALLBACK_URL}

POST PARAMETER
Parameter Description
id ID that represents bill.
collection_id ID that represents the collection where the bill belongs to.
paid Boolean value to tell if a bill has paid. It will return false for due and deleted bills; true for paid bills.
state State that representing the bill's status, possible states are due, deleted, and paid.
amount Bill's amount in positive integer, smallest currency unit (e.g 100 cents to charge RM 1.00).
paid_amount Bill's paid amount in positive integer, smallest currency unit (e.g 100 cents to charge RM 1.00).
due_at Due date for the bill, in format YYYY-MM-DD. Example, 2020-12-31.
email The email address of the bill's recipient.
mobile Recipient's mobile number, in format +601XXXXXXXX
name Recipient's name.
metadata Deprecated hash value data.
URL URL to the bill page.
paid_at Date time when the bill was paid, in format YYYY-MM-DD HH:MM:SS TimeZone. Example, 2017-02-13 05:43:43 +0800

Callback request will be timeout at 20 seconds.

Billplz server also expecting the end point server responds with status code of 200.

In a case of either the end point server does not able to respond within the limit seconds (20 secs) or does not respond with 200 status code, the callback will consider as failure.

On failure, the job is scheduled again in 15 minutes * N + (random 0-300 seconds), where N is the number of attempts with maximum of 4. The 5th (last) attempt will be 24 hours + random (0-300 seconds) after 4th attempt.

Assuming the first callback is initiated at 13:00:00. The second attempt will be at 13:15:00 + N seconds. The third attempt will be at 13:30:02 + N seconds. The fourth attempt will be at 13:45:05 + N seconds. The fifth attempt will be at 13:45:07+ N seconds next day.

Billplz will attempt for maximum of 5 times and the callback will be removed from the system queue permanently after that.

Basic Redirect Url

redirect_url feature is just a front-end redirection to redirect_url specified, it does not guaranteed the execution, due to many factors (user disconnected, browser closed, app hang, etc).

But it is good to have, to provide better user experience (front-end instant bill status update)

callback_url feature integration is compulsory but redirect_url feature is optional.

**you are strongly advised to integrate both redirect_url feature (for better user experience) and callback_url feature (for 100% transaction update)

CLIENT SIDE REQUEST

If redirect_url exists, Billplz will redirect the browser to redirect_url

By default, Basic Redirect URL feature is disabled due to security reason.

HTTP REQUEST

GET {REDIRECT_URL}?billplz[id]=W_79pJDk

URL PARAMETER
Parameter Description
billplz[id] ID that represents bill.

X Signature Callback Url

callback_url feature does not give you the same instant bill update experience as of redirect_url feature, however it does guarantee you 100% execution backend to backend update.

callback_url feature integration is compulsory but redirect_url feature is optional.

**you are strongly advised to integrate both redirect_url feature (for better user experience) and callback_url feature (for 100% transaction update)

SERVER SIDE REQUEST

Billplz will make a POST request to callback_url with Bill object upon payment completion (failure or success).

X Signature Callback URL request created through the API by Billplz can be verified by calculating a digital signature - x_signature.

Each callback request includes a x_signature which is generated using HMAC-SHA256 algorithm and shared XSignature Key, along with the data sent in the request.

To verify that the request came from Billplz, compute the HMAC-SHA256 digest according to the X Signature section and compare it to the value in the x_signature parameter. If they match, you can be sure that the callback was sent from Billplz and the data has not been compromised.

A bill that catched payment failure will be in due state.

Example Server Side Request from Billplz:

POST /webhook/ HTTP/1.1
Connection: close
Host: 127.0.0.1
Content-Length: 346
Content-Type: application/x-www-form-urlencoded

  id="W_79pJDk"
  &collection_id="599"
  &paid="true"
  &state="paid"
  &amount="200"
  &paid_amount="0"
  &due_at="2020-12-31"
  &email="api@billplz.com"
  &mobile="+60112223333"
  &name="MICHAEL API"
  &url="http://billplz.dev/bills/W_79pJDk"
  &paid_at="2015-03-09 16:23:59 +0800"
  &x_signature="f0ff6c564f98d5403e2b26fbd3d45309c76eb68d8c5bcda0d48b541c3502a396"

Body formatted for readability.

Example Server Side Request with transaction from Billplz:

POST /webhook/ HTTP/1.1
Connection: close
Host: 127.0.0.1
Content-Length: 376
Content-Type: application/x-www-form-urlencoded

  id="pjpetpdy"
  &collection_id="bvgo7ueb"
  &paid="true"
  &state="paid"
  &amount="100"
  &paid_amount="100"
  &due_at="2020-8-7"
  &email="api@billplz.com"
  &mobile=""
  &name="WILL"
  &url="http://www.billplz.test:3000/bills/pjpetpdy"
  &paid_at="2020-08-07 15:08:19 +0800"
  &transaction_id="711044E05418"
  &transaction_status="completed"
  &x_signature="b5ca81d0f1b87ab3b17580236735c68af92936de9aaa588751a4371ac4944a56"

Body formatted for readability.

HTTP REQUEST

POST {CALLBACK_URL}

POST PARAMETER
Parameter Description
id ID that represents bill.
collection_id ID that represents the collection where the bill belongs to.
paid Boolean value to tell if a bill has paid. It will return false for due and deleted bills; true for paid bills.
state State that representing the bill's status, possible states are due, deleted and paid.
amount Bill's amount in positive integer, smallest currency unit (e.g 100 cents to charge RM 1.00).
paid_amount Bill's paid amount in positive integer, smallest currency unit (e.g 100 cents to charge RM 1.00).
due_at Due date for the bill, in format YYYY-MM-DD. Example, 2020-12-31.
email The email address of the bill's recipient.
mobile Recipient's mobile number.
name Recipient's name.
URL URL to the bill page.
paid_at Date time when the bill was paid, in format YYYY-MM-DD HH:MM:SS TimeZone. Example, 2015-03-09 16:23:59 +0800.
transaction_id ID that represent the transaction. (Enable Extra Payment Completion Information option to receive this parameter)
transaction_status Status that representing the transaction's status, possible statuses are pending, completed and failed. (Enable Extra Payment Completion Information option to receive this parameter)
x_signature Digital signature computed with posted data and shared XSignature Key.

Callback request will be timeout in 20 seconds.

Billplz server also expecting the end point server responds with status code of 200.

In a case of either the end point server does not able to respond within the limit seconds (20 secs) or does not respond with 200 status code, the callback will consider as failure.

On failure, the job is scheduled again in 15 minutes * N + (random 0-300 seconds), where N is the number of attempts with maximum of 4. The 5th (last) attempt will be 24 hours + random (0-300 seconds) after 4th attempt.

Assuming the first callback is initiated at 13:00:00. The second attempt will be at 13:15:00 + N seconds. The third attempt will be at 13:30:02 + N seconds. The fourth attempt will be at 13:45:05 + N seconds. The fifth attempt will be at 13:45:07+ N seconds next day.

Billplz will attempt for maximum of 5 times and the callback will be removed from the system queue permanently after that.

SAMPLE HTTP REQUEST FROM X SIGNATURE CALLBACK URL FEATURE

POST {CALLBACK_URL}

with POST body, {:id=>"zq0tm2wc", :collection_id=>"yhx5t1pp", :paid=>true, :state=>"paid", :amount=>100, :paid_amount=>100, :due_at=>"2018-9-27", :email=>"tester@test.com", :mobile=>nil, :name=>"TESTER", :url=>"http://www.billplz-sandbox.com/bills/zq0tm2wc", :paid_at=>"2018-09-27 15:15:09 +0800", :x_signature=>"0fe0a20b8d557eeae570377783d062a3816a9ea80f368860bacfa7ec3ca4d00e"}

#1 Extract all key-value pair parameters except x_signature.

id="zq0tm2wc"

collection_id="yhx5t1pp"

paid="true"

state="paid"

amount="100"

paid_amount="100"

due_at="2018-9-27"

email="tester@test.com"

mobile=""

name="TESTER"

url="http://www.billplz-sandbox.com/bills/zq0tm2wc"

paid_at="2018-09-27 15:15:09 +0800"

#2 Construct source string from each key-value pair parameters above.

idzq0tm2wc

collection_idyhx5t1pp

paidtrue

statepaid

amount100

paid_amount100

due_at2018-9-27

emailtester@test.com

mobile

nameTESTER

urlhttp://www.billplz-sandbox.com/bills/zq0tm2wc

paid_at2018-09-27 15:15:09 +0800

#3 Sort in ascending order, case-insensitive.

amount100

collection_idyhx5t1pp

due_at2018-9-27

emailtester@test.com

idzq0tm2wc

mobile

nameTESTER

paid_amount100

paid_at2018-09-27 15:15:09 +0800

paidtrue

statepaid

urlhttp://www.billplz-sandbox.com/bills/zq0tm2wc

#4 Combine sorted source strings with "|" (pipe) character in between.

amount100|collection_idyhx5t1pp|due_at2018-9-27|emailtester@test.com|idzq0tm2wc|mobile|nameTESTER|paid_amount100|paid_at2018-09-27 15:15:09 +0800|paidtrue|statepaid|urlhttp://www.billplz-sandbox.com/bills/zq0tm2wc

#5 Compute x_signature by signing the final source in #4 using HMAC_SHA256 and the sample XSignature Key.

S-s7b4yWpp9h7rrkNM1i3Z_g

0fe0a20b8d557eeae570377783d062a3816a9ea80f368860bacfa7ec3ca4d00e

#6 Compare the computed x_signature with the x_signature passed in the request.

If they match, you can be sure that the callback was sent from Billplz and the data has not been compromised, and you do not need to trigger additional Get a Bill API for primary status validation.

X Signature Redirect Url

redirect_url feature is just a front-end redirection to the redirect_url specified, it does not guaranteed the execution, due to many factors (user disconnected, browser closed, app hang, etc).

But it is good to have, to provide better user experience (front-end instant bill status update)

callback_url feature integration is compulsory but redirect_url feature is optional.

**you are strongly advised to integrate both redirect_url feature (for better user experience) and callback_url feature (for 100% transaction update)

CLIENT SIDE REQUEST

If redirect_url exists, Billplz will redirect the browser to redirect_url

X Signature Redirect URL request created by Billplz can be verified by calculating a digital signature - x_signature.

Each redirect request includes a x_signature which is generated using HMAC-SHA256 algorithm and shared XSignature Key, along with the parameters passed in the request.

To verify that the request came from Billplz, compute the HMAC-SHA256 digest according to the X Signature section and compare it to the value in the x_signature parameter. If they match, you can be sure that the redirection was sent from Billplz and the data has not been compromised.

HTTP REQUEST

GET {REDIRECT_URL}?billplz[id]=ifpgaa&billplz[paid]=true&billplz[paid_at]=2017-01-04%2013%3A10%3A45%20%2B0800&billplz[x_signature]=76de0ad8cc23706d694fd81c9027b8e3ae169e0880d75e1e123c5832c82bf707

URL PARAMETER
Parameter Description
billplz[id] ID that represents bill.
billplz[paid] Boolean value to tell if a bill has paid. It will return false for due and deleted bills; true for paid bills.
billplz[paid_at] Date time when the bill was paid, in format YYYY-MM-DD HH:MM:SS TimeZone. Example, 2017-01-04 13:10:45 +0800.
billplz[transaction_id] ID that represent the transaction. (Enable Extra Payment Completion Information option to receive this parameter)
billplz[transaction_status] Status that representing the transaction's status, possible statuses are pending, completed and failed. (Enable Extra Payment Completion Information option to receive this parameter)
billplz[x_signature] Digital signature computed with passing parameters and shared XSignature Key.
SAMPLE HTTP REQUEST FROM X SIGNATURE REDIRECT URL FEATURE

GET {REDIRECT_URL}?billplz[id]=zq0tm2wc&billplz[paid]=true&billplz[paid_at]=2018-09-27%2015%3A15%3A09%20%2B0800&billplz[x_signature]=4aab095fe5a39b1d534500988f9a0cb085cd1b6d5bbb55dd4e02ea6fa102b47b

#1 Extract all key-value pair parameters except x_signature.

billplz[id]="zq0tm2wc"

billplz[paid]="true"

billplz[paid_at]="2018-09-27 15:15:09 +0800"

#2 Construct source string from each key-value pair parameters above.

billplzidzq0tm2wc

billplzpaidtrue

billplzpaid_at2018-09-27 15:15:09 +0800

#3 Sort in ascending order, case-insensitive.

billplzidzq0tm2wc

billplzpaid_at2018-09-27 15:15:09 +0800

billplzpaidtrue

#4 Combine all source strings with "|" (pipe) character in between.

billplzidzq0tm2wc|billplzpaid_at2018-09-27 15:15:09 +0800|billplzpaidtrue

#5 Compute x_signature by signing the final source in #4 using HMAC_SHA256 and the sample XSignature Key.

S-s7b4yWpp9h7rrkNM1i3Z_g

4aab095fe5a39b1d534500988f9a0cb085cd1b6d5bbb55dd4e02ea6fa102b47b

#6 Compare parameter x_signature passed in the request with the computed x_signature in #5.

If they match, you can be sure that the redirection was sent from Billplz and the data has not been compromised, and you do not need to trigger additional Get a Bill API for primary status validation.

Rate Limit

Example request:

curl https://www.billplz.com/api/v3/bills/8X0Iyzaw \
  -u 73eb57f0-7d4e-42b9-a544-aeac6e4b0f81:

Example response header without rate limit:

RateLimit-Limit: unlimited
RateLimit-Remaining: unlimited
RateLimit-Reset: unlimited
Content-Type: application/json;

Example response header with rate limit:

RateLimit-Limit: 100
RateLimit-Remaining: 99
RateLimit-Reset: 299
Content-Type: application/json;

Example response after exceeding limit:

RateLimit-Limit: 100
RateLimit-Remaining: 0
RateLimit-Reset: 299
Content-Type: application/json;
{
  "error":
  {
    "type": "RateLimit",
    "message": "Too many requests"
  }
}

All API GET method Endpoints are subject to rate limit.

The limit can be either 100 requests per request window (5 minutes period) or 10 requests per request window (5 minutes period), depending on the level of abusion. The limit is cumulative either per IP address or account, and is not counted per API Endpoint Basis. Requesting for specific API Endpoint will reduce the limit for another API Endpoint within a request window.

RESPONSE HEADER
Parameter Description
RateLimit-Limit Total requests allowed per request window. It's either unlimited, or 100 or 10.
RateLimit-Remaining Total available requests allowed per request window. It's either unlimited, or less than or equal to RateLimit-Limit parameter.
RateLimit-Reset Time remaining (in seconds) for next request window restart. It's either unlimited, or less than or equal to 300.
RESPONSE PARAMETER

Response parameter will be as usual if didn't exceed the rate limit. Otherwise, the response parameters will be as follows:

Parameter Value
error[type] RateLimit
error[message] Too many requests

Errors

The Billplz API uses the following error codes:

Error Code Meaning
401 Unauthorized -- Your API key is wrong or you are requesting unauthorized data.
404 Not Found -- The specified resource could not be found.
422 Unprocessable Entity -- Your passed parameter is invalid or resource could not be found.
429 Too Many Requests -- Reached rate limit.
500 Internal Server Error -- We had a problem with our server. Try again later.
503 Service Unavailable -- We're temporarily offline for maintenance. Please try again later.