Features & Capabilities

Guides › Features & Capabilities

EdfaPay is built to give merchants and developers a complete, flexible, and secure payment infrastructure. This page provides a structured overview of all core features available across the EdfaPay platform — from payment methods and security to integrations and developer tools.

For technical implementation details, refer to the API Reference Overview.

Payment Methods
Integration Modes
Security & Authentication
3D Secure (3DS) Support
Tokenization & Recurring Payments
Refunds & Captures
Webhooks
International Payments
E-Invoice System
Apple Pay
SDKs & Plugins
Compliance & Security

1. Payment Methods

EdfaPay supports a wide range of local and international payment methods to help you serve customers across the GCC and beyond.

Payment Method	Description
VISA	Globally accepted credit and debit card network.
MASTER	Major global payment network for credit and debit cards.
MADA	Local Saudi debit card network issued by Saudi banks.
Apple Pay	Apple's mobile wallet and digital payment service.
AMEX	American Express credit and charge cards.
Tamara	Buy Now, Pay Later (BNPL) — customers split payments over time.

Default Availability: Core methods (credit/debit cards, Apple Pay, Mada) are enabled by default for all approved accounts. Additional methods such as Tamara may require activation by the Operations Team.

📘 Note: EdfaPay is continuously expanding its payment method offerings. New options are planned for future rollouts. Contact [email protected] for the latest availability.

📄 Payment Methods Guide

2. Integration Modes

EdfaPay supports two primary integration approaches, giving you full flexibility over the checkout experience.

Hosted Checkout

A pre-built, secure payment page hosted by EdfaPay. Ideal for merchants who want a fast setup with minimal development effort. EdfaPay handles the UI, 3D Secure flow, and PCI compliance automatically.

Quick to deploy — no frontend card-handling code required.
Fully PCI-DSS compliant out of the box.
Supports all payment methods enabled on your account.

Server-to-Server (S2S) — Embedded Integration

Full backend integration where your server communicates directly with EdfaPay's API endpoint (https://api.edfapay.com/payment/post). Ideal for merchants who need complete control over the checkout UI and customer journey.

Custom checkout UI — no external redirects.
Supports SALE, AUTH, CAPTURE, REFUND, and RECURRING operations.
Requires server-side hash generation and secure card data handling.
3D Secure handled via WebView or iframe using the redirect_url provided in EdfaPay's API response.

📄 Integration Overview

3. Security & Authentication

EdfaPay uses a hash-based authentication mechanism on every API request to ensure data integrity and prevent unauthorized access.

How It Works

A unique hash is generated server-side using the payer's email, masked card PAN (first 6 + last 4 digits), and your merchant secret password.

Hash Formula:

HASH = MD5( UPPERCASE( Reverse(payer_email) + password + Reverse(first6PAN + last4PAN) ) )

JavaScript Example:

const password = "YOUR_SECRET_HASH_PASSWORD";
const email = "[email protected]";
const cardNumber = "5123456789012346";

const reverse = str => [...str].reverse().join('');

const baseString = reverse(email) + password + reverse(cardNumber.slice(0, 6) + cardNumber.slice(-4));
const finalHash = CryptoJS.MD5(baseString.toUpperCase()).toString();

The hash is sent with every request as the hash field. Requests with a missing or invalid hash are rejected immediately.

Security Best Practices

Practice	Description
Hash Server-side	Always generate the hash on the server, never in the browser.
Use HTTPS	All API endpoints require HTTPS. HTTP requests are blocked.
Keep Secret Password Safe	Store it in environment variables — never hardcode it.
Secure Webhooks	Validate incoming hashes on webhook responses to confirm authenticity.
Monitor Activity	Track unusual transaction volume or failed hash verifications.

❗ Important: If the hash does not match on the server, the request will be rejected immediately. The full card number is used only during hash generation — it is not included in the final request payload.

📄 Authentication Guide

4. 3D Secure (3DS) Support

EdfaPay supports 3D Secure authentication to protect merchants and customers from unauthorized card use.

How it works:

When 3DS is triggered, the API returns a redirect_url and a Base64-encoded redirect_params.body.
Your application must POST the redirect_params.body to the redirect_url and display the returned HTML challenge page inside a WebView or iframe.
After successful authentication, EdfaPay sends the transaction result to your term_url_3ds and dispatches a webhook notification.

POST body structure:

{
  "body": "BASE64_ENCODED_STRING"
}

🚧 Critical: Do NOT decode or modify the Base64-encoded body. It is cryptographically signed and must be passed exactly as received.

📄 3D Secure Guide

5. Tokenization & Recurring Payments

EdfaPay supports secure card tokenization and recurring billing, enabling subscription-based and installment payment models.

Tokenization: Card details are stored securely by EdfaPay and returned as a token. Use this token for future transactions without re-entering card data.
Recurring Payments: Schedule automated charges at defined intervals using the RECURRING operation via the S2S API.
Suitable for SaaS subscriptions, installment plans, and membership fees.

📄 Recurring API Reference

6. Refunds & Captures

EdfaPay supports flexible post-transaction operations to manage the full payment lifecycle.

Refunds

Initiate full or partial refunds for any successfully processed transaction.
Submitted via POST to the EdfaPay S2S endpoint using the REFUND action.

📄 Refund API Reference | Refund Integration Guide

Captures

For authorized (AUTH) transactions, use the CAPTURE operation to finalize and collect the pre-approved funds.

📄 Capture API Reference

Extra Amount Feature

EdfaPay supports adding extra charges (e.g., fees, tips) on top of the base transaction amount.

📄 Extra Amount Feature Guide

7. Webhooks

Webhooks are a required component of any EdfaPay integration. They deliver real-time payment status updates directly to your backend server.

EdfaPay dispatches webhook notifications for all key transaction events: successful payments, declines, refunds, and recurring charges.
Configure your webhook endpoint in the EdfaPay Dashboard.
Validate every incoming webhook by verifying its hash against your secret password before acting on the payload.
During development, use Webhook.site to inspect incoming payloads before pointing to your production endpoint.

Resource	Link
Webhook Overview	docs/webhook
Configuration	docs/webhook-information
Operation Types	docs/webhook-operation-types
Payloads	docs/webhook-payloads
Validation	docs/webhook-validation
Testing	docs/testing-webhooks

8. International Payments

EdfaPay supports card payments from merchants and customers beyond the GCC region, subject to account approval.

Default Supported Countries: Saudi Arabia, United Arab Emirates, Kuwait, Oman, Qatar, Bahrain, and Egypt.

Requesting International Access: Merchants requiring payment acceptance from outside the default countries must contact the onboarding team to request activation.

📘 Notes:

Contact [email protected] to request international access.

The platform supports merchants in 150+ countries, subject to account approval.

Multi-currency pricing and settlement terms vary by region.

Fraud protection tools and 3DS authentication may be applied based on card issuer and regional regulations.

📄 International Payments Guide

9. E-Invoice System

EdfaPay provides an E-Invoice (Pay by Link) system that allows merchants to generate and send payment links to customers — no checkout integration required.

Create invoices directly from the EdfaPay Dashboard.
Share payment links via email, SMS, or WhatsApp.
Customers pay through a secure, EdfaPay-hosted page.
Ideal for service-based businesses, freelancers, and remote transactions.

📄 E-Invoice System Guide

10. Apple Pay

EdfaPay offers both standard and embedded Apple Pay integration for web and mobile checkout experiences.

Embedded Apple Pay: Integrate Apple Pay directly into your custom checkout UI with full control over button placement and UX.
Standard Integration: Use EdfaPay's hosted Apple Pay flow for a faster setup with minimal configuration.
Requires Apple Pay merchant registration and domain verification.

Resource	Link
Overview	docs/overview-2
Configuration	docs/apple-pay-configuration
Embedded Integration	docs/embedded-apple-pay-integration
Troubleshooting	docs/apple-paytroubleshooting-error-codes

11. SDKs & Plugins

EdfaPay provides ready-made SDKs and plugins to accelerate integration across popular platforms and mobile frameworks. All SDKs include pre-built hash generation, 3DS handling, and webhook support out of the box.

Mobile SDKs

Platform	Link
Flutter	docs/flutter
iOS	docs/ios
Android	docs/android

📄 Mobile SDKs Overview

E-Commerce Plugins

Platform	Link
WooCommerce	docs/copy-of-woocommerce
CS-Cart	docs/cs-cart

📄 Plugins Overview

12. Compliance & Security

EdfaPay is built on a PCI-DSS certified infrastructure, ensuring every transaction meets the highest security standards.

PCI-DSS Level 1 certified payment processing.
Server-side hash authentication on every API call.
3D Secure (3DS) authentication to reduce fraud.
Fraud detection and risk management tools available on request.
All card data transmitted exclusively server-to-server — never via the browser.

Resource	Link
Fraud Plan	docs/fraud-plan
Transaction Decline Codes	docs/transaction-decline-codes
3D Secure	docs/3d-secure

Page	Link
API Reference Overview	reference/overview
Integration Overview	docs/overview
Authentication	docs/authentication
Payment Methods	docs/payment-methods
Webhooks	docs/webhook
Testing Guide	docs/testing-guide
Go Live Checklist	docs/go-live-checklist
FAQs	docs/faqs

EdfaPay — Powering secure payments for modern businesses.

Features