OnlinePay API
V2
V1
V2
V1
  1. Notify
  • Introduction
    • Introduction
    • How to Start
    • Country Code
    • Country Info
    • Currency Code
    • Error Code
    • Transfer Order Info Type
    • Transfer Order File Type
    • Per Bank
    • Spei Bank
    • Vietnam Bank
    • V2 Signature Specification
  • Payin
    • Credit Card API
      POST
    • Alipay API
      POST
    • GCash API
      POST
    • WeChat API
      POST
    • PIX API
      POST
    • Crypto API
      POST
    • Union Pay API
      POST
    • SPEI API
      POST
    • SEPA API
      POST
    • Per Transfer API
      POST
    • Cash App API
      POST
    • Google Pay API
      POST
    • Apple Pay API
      POST
    • MONO API
      POST
    • Vietnam Bank API
      POST
    • CheckOut API
      POST
    • CheckOut Payment API
      POST
    • OnRamps API
      GET
  • Payout
    • PER Transfer Payout API
    • Checkout Payout API
    • Card Payout API
    • Bank Account Payout API
    • PIX Payout API
    • PER Transfer Payout API
    • SPEI Payout API
    • CashApp Payout API
    • Checkout Payout API
    • Query Payout Order API
    • Upload SEPA File API
  • Refund
    • Refund API
  • Card
    • Create Cardholder API
    • Create Card API
    • Active Card API
    • Freeze Card API
    • UnFreeze Card API
    • Cancel Card API
    • TopUp Card API
    • Card Withdraw API
    • Query Card Balance API
    • Query Card Info API
    • Query Card Transaction API
    • Add VPA Scene API
    • UploadFile API
  • Query
    • Query Payout Order API
    • Query Order API
    • QueryOrderList API
    • QueryBalance API
    • QueryOrderAmount API
  • Notify
    • Pay Notify WebHook API
      POST
    • Card Notify WebHook API
      POST
    • Refund Notify WebHook API
      POST
    • Chargeback Notify WebHook API
      POST
  • Schemas
    • UserArray
    • CheckStandV2Request
    • ApiResponse
    • PayoutCheckStandV2Request
    • QueryPayOutV2Request
    • V2EncryptedEnvelope
    • V2EncryptedNotification
    • PaymentNotificationPayload
    • ProductParams
    • Category
    • PayoutCheckStandV2Response
    • PaymentNotification
    • QueryPayOutV2Response
    • PayoutQueryResult
    • Pet
    • OrderQueryV2Data
    • PayoutCheckStandV2Data
    • CheckStandV2Response
    • RefundNotificationPayload
    • CheckStandV2Data
    • ChargebackNotificationPayload
    • Tag
    • OrderQueryV2Request
    • OrderQueryV2Response
    • Order
    • User
  1. Notify

Refund Notify WebHook API

Testing Env
https://testpay.onlinepay.ai
Testing Env
https://testpay.onlinepay.ai
POST
/notify/v2/refund
NOTE
If the notifyurl parameter is passed, onlinepay will notify the address of the refund result

Overview#

This document describes the interface specification for OnlinePay to send refund notifications to merchants, including parameter descriptions, signature verification methods, and other detailed information.

Interface Information#

Request Method: POST
Content-Type: application/json; charset=UTF-8
Notification URL: Merchant configured refund notification URL
Success Indicator: Merchant returns HTTP 200

What You Receive#

POST your notifyUrl
Content-Type: application/json

{
  "encryptedData": "U2FsdGVkX1+def456...=",
  "encryptedKey": "xHJK9sVtBqz+mNprY1...=",
  "signType": "MD5"
}

Step 1: Decrypt#

// 1. RSA decrypt encryptedKey with OnlinePay Public Key → get AES key
// 2. AES decrypt encryptedData with AES key → get plaintext JSON below

Step 2: Decrypted Fields#

Basic Parameters#

ParameterTypeRequiredDescription
stateStringYesRefund status: 0-Success, 1-Failed
tradeNoStringYesPlatform transaction number
merOrderNoStringYesMerchant order number
refundNoStringYesRefund order number
messageStringNoRefund result description
refundAmountStringYesRefund amount
refundCurrencyStringYesRefund currency
signTypeStringYesMD5 or RSA256
signStringYesSignature value

Decrypted JSON Example#

{
  "state": "0",
  "tradeNo": "T202309011234567890",
  "merOrderNo": "MER20230901001",
  "refundNo": "R202309011234567890",
  "message": "Refund successful",
  "refundAmount": "100.00",
  "refundCurrency": "USD",
  "signType": "MD5",
  "sign": "abc123def456..."
}

Step 3: Verify Signature#

1.
Sort all fields by key (exclude sign, signType, skip null/empty)
2.
Join as key1=value1&key2=value2
3.
Verify by signType:
MD5: MD5(signString + md5Key).toUpperCase() == sign
RSA256: RSA-SHA256-Verify(signString, sign, OnlinePay_PublicKey)

Example#

Fields: state, tradeNo, merOrderNo, refundNo, message, refundAmount, refundCurrency
Sign string: merOrderNo=MER20230901001&message=Refund successful&refundAmount=100.00&refundCurrency=USD&refundNo=R202309011234567890&state=0&tradeNo=T202309011234567890

Step 4: Respond#

Return HTTP 200 to acknowledge receipt.
HTTP/1.1 200 OK
Content-Type: text/plain

success

Security Recommendations#

1.
Verify Signature: Always verify the signature of each notification to ensure the authenticity of the notification source
2.
Idempotent Processing: Due to the retry mechanism, merchants should implement idempotent processing to avoid duplicate processing
3.
HTTPS: It is recommended to use HTTPS protocol to receive notifications to ensure data transmission security
4.
IP Whitelist: Configure IP whitelist to allow only specific IPs to send notifications

Request

Body Params application/jsonRequired

Example
{
    "encryptedData": "U2FsdGVkX1+def456...=",
    "encryptedKey": "xHJK9sVtBqz+mNprY1...=",
    "signType": "MD5"
}

Request Code Samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location 'https://testpay.onlinepay.ai/notify/v2/refund' \
--header 'Content-Type: application/json' \
--data '{
    "encryptedData": "U2FsdGVkX1+def456...=",
    "encryptedKey": "xHJK9sVtBqz+mNprY1...=",
    "signType": "MD5"
}'

Responses

🟢200
Return HTTP 200 to acknowledge receipt
This response does not have a body.
Modified at 2026-05-20 02:29:55
Previous
Card Notify WebHook API
Next
Chargeback Notify WebHook API
Built with