OnlinePay API
V2
V1
V2
V1
  1. Notify
  • Introduction
    • Introduction
    • How to Start
    • Country Code
    • Country Info
    • Currency Code
    • Error Code
    • Transfer Order Info Type
    • Transfer Order File Type
    • Per Bank
    • Spei Bank
    • Vietnam Bank
    • V2 Signature Specification
  • Payin
    • Credit Card API
      POST
    • Alipay API
      POST
    • GCash API
      POST
    • WeChat API
      POST
    • PIX API
      POST
    • Crypto API
      POST
    • Union Pay API
      POST
    • SPEI API
      POST
    • SEPA API
      POST
    • Per Transfer API
      POST
    • Cash App API
      POST
    • Google Pay API
      POST
    • Apple Pay API
      POST
    • MONO API
      POST
    • Vietnam Bank API
      POST
    • CheckOut API
      POST
    • CheckOut Payment API
      POST
    • OnRamps API
      GET
  • Payout
    • PER Transfer Payout API
    • Checkout Payout API
    • Card Payout API
    • Bank Account Payout API
    • PIX Payout API
    • PER Transfer Payout API
    • SPEI Payout API
    • CashApp Payout API
    • Checkout Payout API
    • Query Payout Order API
    • Upload SEPA File API
  • Refund
    • Refund API
  • Card
    • Create Cardholder API
    • Create Card API
    • Active Card API
    • Freeze Card API
    • UnFreeze Card API
    • Cancel Card API
    • TopUp Card API
    • Card Withdraw API
    • Query Card Balance API
    • Query Card Info API
    • Query Card Transaction API
    • Add VPA Scene API
    • UploadFile API
  • Query
    • Query Payout Order API
    • Query Order API
    • QueryOrderList API
    • QueryBalance API
    • QueryOrderAmount API
  • Notify
    • Pay Notify WebHook API
      POST
    • Card Notify WebHook API
      POST
    • Refund Notify WebHook API
      POST
    • Chargeback Notify WebHook API
      POST
  • Schemas
    • UserArray
    • CheckStandV2Request
    • ApiResponse
    • PayoutCheckStandV2Request
    • QueryPayOutV2Request
    • V2EncryptedEnvelope
    • V2EncryptedNotification
    • PaymentNotificationPayload
    • ProductParams
    • Category
    • PayoutCheckStandV2Response
    • PaymentNotification
    • QueryPayOutV2Response
    • PayoutQueryResult
    • Pet
    • OrderQueryV2Data
    • PayoutCheckStandV2Data
    • CheckStandV2Response
    • RefundNotificationPayload
    • CheckStandV2Data
    • ChargebackNotificationPayload
    • Tag
    • OrderQueryV2Request
    • OrderQueryV2Response
    • Order
    • User
  1. Notify

Pay Notify WebHook API

Testing Env
https://testpay.onlinepay.ai
Testing Env
https://testpay.onlinepay.ai
POST
/notify/v2/payment
NOTE
If the notifyurl parameter is passed, onlinepay will notify the address of the payment result

What You Receive#

POST your notifyUrl
Content-Type: application/json

{
  "encryptedData": "SFOs0qSAGLs6kHLfWi3nmhczH4T+zwv...",
  "encryptedKey": "Vfn2M+u4uG7nWklk2UuZLEC9RL9YqU7s...",
  "signType": "RSA256"
}

Step 1: Decrypt#

// 1. RSA decrypt encryptedKey with OnlinePay Public Key → get AES key
// 2. AES decrypt encryptedData with AES key → get plaintext JSON below

Step 2: Decrypted Fields#

ParameterTypeRequiredDescription
tradeNostringYesThe flow number generated after each order payment (unique marker)
merOrderNostringYesCorresponds to the [OrderNo] parameter of the order submission parameter
codestringNoPayment result (0: payment successful 1: payment failed 2: pending 3: waiting for suppling information)
messagestringYesDescription of Payment Result
cardNostringNoMasked card number
receiveAmountstringNoReceive amount for payment (used for CryptoPay and SEPA)
txHashstringNoTransaction hash (used for CryptoPay)
counterpartyAccountNamestringNoThe account name of transferor (used for SEPA)
counterpartyAccountNumstringNoThe account number of transferor (used for SEPA)
signTypestringYesMD5 or RSA256
signstringYesSignature value

Decrypted JSON Example#

{
  "tradeNo": "T202309011234567890",
  "merOrderNo": "MER20230901001",
  "code": "0",
  "message": "success",
  "cardNo": "411111****1111",
  "signType": "RSA256",
  "sign": "a3f8e2d1..."
}

Step 3: Verify Signature#

1.
Sort all fields by key (exclude sign, signType, skip null/empty)
2.
Join as key1=value1&key2=value2
3.
Verify by signType:
MD5: MD5(signString + md5Key).toUpperCase() == sign
RSA256: RSA-SHA256-Verify(signString, sign, OnlinePay_PublicKey)

Example#

Fields: tradeNo, merOrderNo, code, message, cardNo
Sign string: cardNo=411111****1111&code=0&merOrderNo=MER20230901001&message=success&tradeNo=T202309011234567890

Step 4: Respond#

Return HTTP 200 to acknowledge receipt.
HTTP/1.1 200 OK
Content-Type: text/plain

success

Request

Body Params application/jsonRequired

Example
{
    "encryptedData": "SFOs0qSAGLs6kHLfWi3nmhczH4T+zwv...",
    "encryptedKey": "Vfn2M+u4uG7nWklk2UuZLEC9RL9YqU7s...",
    "signType": "RSA256"
}

Request Code Samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location 'https://testpay.onlinepay.ai/notify/v2/payment' \
--header 'Content-Type: application/json' \
--data '{
    "encryptedData": "SFOs0qSAGLs6kHLfWi3nmhczH4T+zwv...",
    "encryptedKey": "Vfn2M+u4uG7nWklk2UuZLEC9RL9YqU7s...",
    "signType": "RSA256"
}'

Responses

🟢200
Return HTTP 200 to acknowledge receipt
This response does not have a body.
Modified at 2026-05-20 02:29:55
Previous
QueryOrderAmount API
Next
Card Notify WebHook API
Built with