Skip to main content

API Overview

Welcome to the EFundFlow API! This documentation will help you quickly get started with our payment services.

Quick Start

1. Get API Keys

First, you need to obtain your API keys from the EFundFlow console:

  • Test Environment Keys: For development and testing, starting with sk_test_
  • Production Environment Keys: For live environment, starting with sk_live_

2. Set Request Headers

All API requests must include the following headers:

Authorization: Bearer YOUR_SECRET_KEY
X-MERCHANT-ACCOUNT-ID: YOUR_ACCOUNT_ID
Content-Type: application/json

3. Base URLs

  • Test Environment: https://sandbox.efundpay.com/v4
  • Production Environment: https://api.efundpay.com/v4

3. Sandbox Environment Account

Direct API Integration Account

  • API Key: sk_test_1020250713347001
  • X-MERCHANT-ACCOUNT-ID: 202507131000347001
  • RSA-PRIVATE-KEY:
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCQjinsvBosrudcBZg7hfKVd6ZjkIB0KCDsKUtnNuYAi6JiA6MdohJjoumFcorXGthHbak5ObQzPy/KLXMQN+NDUadGYHx7JyJBWteCojQtXe64WhpXg/Fp6iWgzWq/xL/EDmkCCmMjdNjLc8S9JPz8CKI5VUgRMtgiOq1NoUtWHqdWXDL716K9bfq168UjB7CUWap4vVDxWGs3yyCxRdtKVUpZ7iLT1kJsen1otHX40BSXn/eUKM/Gu4onTVeS5Vv0wYyTGTOcLG99jcknP80zLYQ/RGv6iw7AncUTz2evKXTWkELknkfIq92Tewd4tM7F4LhOpVLhhyrSf1YC7//3AgMBAAECggEAbTBlLKN85emLaq/zKGrqLMp/DU/WJ2c0Tw52HVWTcDAJDR4QNM76MvaYi6tUglyNp46Gt2oF2nvM/ltMQaDlcjEYOAmjnWaW8mTKyqr43JfKPMgag6ZvUQCDQa5IBuh3rYDxApCUB/E33J3qqrBow3tGBiaL1CnipiBKTYwbGsXMtGk1nIwCdy7hXBqyP/AIPVTI2idpy1j2FwkHKbQA8fB81dKqIa4Ro2DLafAhZg5n8pF+w9ri4iI7SC7Nll7BMagdCSShruUWgN60aeou1lwf3ukjHBxY0iwj/Q9BZv7RDOi7SdhB1IEam70IWV24oqyH4+37BnpOF4SEFk0WKQKBgQDxGUrY6gucm0FqDcpWixG09RNuuv73Mm2bkiL6i6eDAKXduTkS1xSMMEh1cXPtf1B4bZss6+0oq/ccpQk5Ra0w+kjoEnjzX6y8PYDwesU53KlqbqlAIRn3WulUYclHmPXkA99jx/UpYI/kE33R9UGEtl8IoSpWZfVxIxCFQtTkEwKBgQCZfVf2Sd4GioFfjz2Gwu8MELrKalUmIur9Z1iSB2v+I+VD1Ykm/Op8mkrEWzUTothIt+9tRSfo4SmVXNsP/yPI0rJHi44MaTTwuQ9ZDkmjy7SU4OqtJL7RZPx4zEcjSVnEQluv6NnF5OfrLmA4ZFLELmT/Xyz50n0NYqeyn21JDQKBgQC4lbOfFLjlIlxXlM1HqttYnpVNHm9b1EjkZWLQTSFng5R5h3hxuycpGUIwYDbwKpvyR4AZSVtd2yKq1JOWPIkXSVeODa56LdKyn6fa9TOQVCeEq8p6pZ0aqoifKOqQHUSMWIar/wfssNgZNu8KUunhcDqcAb/HO/JItx7L19nj7wKBgBN7IzTxPyrZXX5Bce+uwiRn4y1ZvaDvgZ/UBBvUsVI6QBkR+yxloWVbN+4gHWZ2nrjsD4lw45XdLif09yDaozIT++i0v7y3ha6f7mDBPXt6mVrkCSUcqtNs29aBJu5Fmw0b1wNGrI0/dmgVJMVDhnW75bm73LuAibqvMNWtAnPpAoGBAMVZ4i1W9x6SGC3xHeLIj3TtzGf65tox1VyHb1SctI8I5XmSR9tmutO6PKcGLOLWLAVBn5rqkjMzdCZ0Uswx12b/0tPJdtUnk4kUWM+T9+AMytu90AvEYN0n/q9Voanct6qYERdas2o2enOMOV7qBdTZij9YWHornb10mUGu5Rp8

Checkout Integration Account

  • API Key: sk_test_1020250722356001
  • X-MERCHANT-ACCOUNT-ID: 202406080000459001
  • RSA-PRIVATE-KEY:
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC27lhqunZAYgyNa6LOITio9ObWek5MPAGdJS5zEHg6pdwZ+2VxryFO9dItIPR19KOEL53YuP6vMYg1XR9MDMmGHzKVskcpjU4vejZ3EP12cTD2QhERFGqytaphH5v2rrMF1eIGsZXAkxefMenE2yIVyDHjexhXDVlxzSwLQaeF5dRf649d0KvDK7Dvx60Ib5zJWYIm648+5fdc54KpktJLi+pDpCbUtZSLr+WHJtsuoJfGNdtQfXXsF7dj/lppHAiXIdQ99P7gwrzjSrI7eZML8wQ4tEvvsrCQ51DZ7uh/TA/W+mJH6pUowoRJ9sr9N/3DWTK/tYM4RWQd4tVbyoU5AgMBAAECggEBAJ+/LmktofyBYzLQjyDw8/jfvQIJVnzOXh5sDM8gz81vb/Ekj6ciZ7T7iGougCzN0UmrB23tx0MYvzjStHUGKao9bkA5qllH88IUOKHrrVwUZsx2T08aBD9B06LzJpDaaK2s5LAxvnOoQBWeUeW981sQMzjTEyNaHgT6Rf8ie3e6DZ1BJ/rAwWH3n/urVGObO/yw4AUAtxrqJZigPUphGuybOOtHksvbC8Ov+yOXb7Gu/7hD6CgMfUHXdzZ/XEbHoav/8If3UEYgwmvBpVDKIYwIJ/FN8CpLnj6wqKuls6ijVZp/D6ff3IivDUJHSBfuLs0ARpGGQQsPOzHcIS7eMQECgYEA3OFh07G62bXNiHdGrh2xTksE6foUBx+dXWk7Hb1ZruF54aGW/YHUfQucKxA4WhqFFqRDIExGFY93irztqKVgafiUTQnteQwnyN0b/mH7SNpqn5lEe1pXWAhZwCgU3yHgb6+9sHqcAE+zgyPUmTngeM80VuQdkCvOpE2Zyz6/yKECgYEA1ARKCiF7odQ3CDflwtNcFWh5uhhg8L7FVybOYHJmqONyhmxc8XvvICgtZC4tt39sRyIaF4inKYwGHbsCGYR70ViQYS2GtJKJlhB6rYXN2My3BCv3/L2mxxyODRlm/dYSyMY1ReJeVFNQlJSzo9peP4MwXHAdXI8LvPfjgSEVfZkCgYAZw0ABzQ0aL5ZVgHQCAvyXQTDFiaGkYw+bwZZflaJMP4hTxOEzmF0MaLpCW5X3DHjRdz9NGRhjk2RCDl85+HASbCgABFRqdfx99Sw6s3r3uGIPU3UlXhgp8G9ndkVY8T6YSEs7tlFTx/gMJ7W4WYPRE3nrWJgKJNHpYBO8HQmJgQKBgEKgUnAak5KIcP7ZKg/ugcqMeWxcyuH84WEA5evzJ4W9bDkIBrEwhDXzykfoJx+6IFm+QrrQi8+HnEhtgzxnoM1p6n1PZDyMrEYHSbYMDWMq+fyKoLTBGI8LzywYpn/wbRjBCO68M26GfBUlIcrFDcchv+ncpa13mnW45LqonetJAoGBAIJEYAoyr7MgJyXwGY7+MWlKW5Cra+mo4J04WgRrAoxNWL6oTcbp7hzb5L/nsXr5fAtJjFHXwv018VZYyojGlsfHRlpD/oQ69OQDKhcbMdNWuoZbZAWZQx6p/4PGTi1Twov6yM3HpKXYsaG43ptLp/sBljE6tnbK9FKwejEWHd96
  • WEBHOOKS-PUBLIC-RSA-KEY:
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzt0PhRwRWIbPdmuj0lTj8MEn+U2RxtL1nbkAxDfxMsIVtQOQXO3yhLUm/y0BhazPrKYj1jKm7E7NHDxd+q/cjqgBOSjdwX/yu+2VPbftdFRBQtyXPorKniZO1FIU5PQh3rZnbp5PlTrACa1b3NzMvv0i53eYVXF/2B0JKuRyTjvWu4578teJRwqLJOh9xwQmj52T5PWBVdjj/gopamwLOa0ZncL4T+KN9dBDmHFMj5jQbWvkMuGvPcb6onuD7+oqfUyzIAVkOjuhkq86EX9DrUVmkf10VcgTaguA0nilIXeWuClC0OHArLdHtu/gnwVVZLqQdrESFejVFs658PZsjwIDAQAB

Core Concepts

Transaction Flow

  1. Create Transaction: Use POST /transactions to create a new payment transaction
  2. Process Payment: Customer completes payment on the payment page
  3. Receive Webhook: We send payment status updates to your server
  4. Query Status: You can query transaction status at any time

Amount Handling

  • All amounts are in cents (e.g., 100 cents = 1 yuan)
  • Supported currencies: CNY (Chinese Yuan), USD (US Dollar), EUR (Euro), etc.

Idempotency

To prevent duplicate processing, it's recommended to include an Idempotency-Key header in requests:

Idempotency-Key: unique-request-id-12345

Sample Code

Create Payment Transaction

curl -X POST https://sandbox.efundpay.com/v4/transactions \
  -H "Authorization: Bearer sk_test_..." \
  -H "x-merchant-account-id: <x-merchant-account-id>" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 10000,
    "currency": "CNY",
    "description": "Product Purchase",
    "customer": {
      "email": "customer@example.com",
      "name": "John Doe"
    },
    "return_url": "https://yoursite.com/success",
    "cancel_url": "https://yoursite.com/cancel"
  }'

Query Transaction Status

curl -X GET https://api.efundpay.com/v4/transactions/txn_123456 \
  -H "Authorization: Bearer sk_test_..." \
  -H "x-merchant-account-id: <x-merchant-account-id>"

Webhook Handling

// Express.js Example
app.post('/webhook/efundpay', (req, res) => {
  const event = req.body;
  
  switch (event.type) {
    case 'transaction.completed':
      // Handle successful payment
      console.log('Payment successful:', event.data.transaction);
      break;
    case 'transaction.failed':
      // Handle failed payment
      console.log('Payment failed:', event.data.transaction);
      break;
  }
  
  res.json({ received: true });
});

Security Best Practices

API Key Security

  • ✅ Store API keys in environment variables
  • ✅ Rotate API keys regularly
  • ❌ Don't expose keys in client-side code
  • ❌ Don't commit keys to version control systems

Webhook Verification

Each webhook request includes a signature to verify the request source:

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

Supported Payment Methods

Payment MethodSupported RegionsProcessing Time
Visa/MasterCardGlobalInstant
PromptPayThailandInstant
TrueMoney e-walletThailandInstant
Rabbit LINE PayThailandInstant
ShopeePay Thailand e-walletThailandInstant
KPlus mobile bankingThailandInstant
SCB EASY mobile bankingThailandInstant
Krungsri mobile bankingThailandInstant
KTB mobile bankingThailandInstant
Paotang mobile bankingThailandInstant
PixBrazilInstant
Wechat PayChinaInstant
AlipayChinaInstant

Multi-language SDKs

We provide SDKs for multiple programming languages to make integration easier:

Technical Support

If you encounter any issues during integration, please contact us:

Ready to get started? Visit the Authentication page to learn how to configure your first API request.

Powered by Docusaurus