post
https://api.edfapay.com/payment/initiate
Initiate Hosted Checkout Session(Tamara)
This endpoint allows you to initiate a Hosted Checkout Session with Tamara Buy Now, Pay Later enabled. The customer will be redirected to a secure EdfaPay checkout page where Tamara appears as a payment option, subject to eligibility and merchant activation.
Tamara uses the same Hosted Checkout initiate API — no separate endpoint is required.
Endpoint
POST https://api.edfapay.com/payment/initiate
Content-Type: multipart/form-data
Authentication
All requests to this endpoint require a valid edfa_merchant_id and a secure hash for request validation. The hash must be generated server-side using the provided algorithm, detailed in the Hash Generation section.
Prerequisites
Before using Tamara:
- Tamara must be activated on your merchant account by EdfaPay.
- Your integration must include itemized product details.
If Tamara is not enabled, it will not appear on the checkout page.
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| action | String | Yes | Transaction type. Use "SALE" for standard sale transactions. |
| edfa_merchant_id | String | Yes | Your unique merchant identifier issued by Edfapay. |
| order_id | String | Yes | Unique identifier for the transaction/order. |
| order_amount | Decimal | Yes | Amount to be charged (e.g., 0.11). |
| order_currency | String | Yes | Currency code in ISO 4217 format (e.g., SAR). |
| order_description | String | Yes | Description of the order. |
| req_token | String | Optional | "Y" to request a tokenized transaction; "N" otherwise. |
| payer_first_name | String | Yes | First name of the customer. |
| payer_last_name | String | Yes | Last name of the customer. |
| payer_address | String | Yes | Email or address of the customer. |
| payer_country | String | Yes | Country code (ISO 3166-1 alpha-2), e.g., "SA". |
| payer_city | String | Yes | City of the payer. |
| payer_zip | String | Yes | ZIP or postal code of the payer. Max length: 5 digits. |
| payer_email | String | Yes | Email address of the customer. |
| payer_phone | String | Yes | Customer’s phone number with country code. |
| payer_ip | String | Yes | IP address of the customer. Must follow the format of IPv4. Example: XXX.XXX.XXX.XXX |
| term_url_3ds | String | Yes | URL that the customer is redirected to after completing 3D Secure authentication. |
| auth | String | Optional | "Y" to authorize only, "N" for authorize + capture (default). |
| recurring_init | String | Optional | "Y" if this transaction is a recurring initiation. |
| hash | String | Yes | Secure hash for request authentication. |
| product_details | JSON Array | Optional | List of products or invoice items included in the transaction. Each item contains reference ID, name, quantity, amount, and currency. |
| tax_amount | Decimal | Optional | Total tax amount applied to the invoice. |
| tax_currency | String | Optional | Currency of the tax amount. |
| shipping_amount | Decimal | Optional | Shipping cost applied to the invoice. |
| shipping_currency | String | Optional | Currency of the shipping amount. |
| shipping_first_name | String | Optional | First name of the shipping recipient. |
| shipping_last_name | String | Optional | Last name of the shipping recipient. |
| shipping_address | String | Optional | Shipping address. |
| shipping_city | String | Optional | Shipping city. |
| shipping_country_code | String | Optional | Shipping country code (ISO 3166-1 alpha-2). |
| merchant_success_url | String | Optional | URL the customer is redirected to after a successful payment. |
| merchant_failure_url | String | Optional | URL the customer is redirected to after a failed payment. |
| merchant_cancel_url | String | Optional | URL the customer is redirected to if the payment is canceled. |
| merchant_notification_url | String | Optional | Server-to-server notification URL for payment status updates. |
product_details Field Overview
The product_details field allows you to include itemized details of the products or services in an order.
It is a JSON array of one or more product objects — each representing a single item in the purchase.
This field helps to:
- Provide a clear breakdown of the total order amount.
- Enhance clarity in payment records and invoices.
- Improve reporting, refunds, and reconciliation processes.
Structure of Each Product Object
| Field | Description | Example |
|---|---|---|
| reference_id | Unique identifier for the product or item. Can be your internal product ID or any unique number. | 150319445744795 |
| type | Type of the item — usually "invoice_product" or "service". | invoice_product |
| name | The product or service name. | HP Printer High Advanced |
| sku | Stock Keeping Unit — optional internal product code. | HP-PRT-01 |
| quantity | Number of units of this item. | 1 |
| amount | Price per unit or total item price (depending on implementation). | 100.00 |
| currency | Currency code (must match the order currency). | SAR |
Example of Product Details Field
"product_details": [
{
"reference_id": 150319445744795,
"type": "invoice_product",
"name": "HP Printer High Advanced",
"sku": "HP-PRT-01",
"quantity": 1,
"amount": "100.00",
"currency": "SAR"
}
]"product_details": [
{
"reference_id": 150319445744795,
"type": "invoice_product",
"name": "HP Printer",
"sku": "HP-PRT-01",
"quantity": 1,
"amount": "100.00",
"currency": "SAR"
},
{
"reference_id": 150319445744796,
"type": "invoice_product",
"name": "Printer Ink Cartridge",
"sku": "INK-01",
"quantity": 2,
"amount": "25.00",
"currency": "SAR"
}
]Example cURL Request
curl --location 'https://apidev.edfapay.com/payment/initiate' \
--header 'Accept: application/json' \
--form 'edfa_merchant_id="TEST_MERCHANT_ID"' \
--form 'edfa_status="active"' \
--form 'payer_country="SA"' \
--form 'payer_address="Test Address"' \
--form 'order_amount="1250.00"' \
--form 'action="SALE"' \
--form 'sendBy="email"' \
--form 'payer_zip="12345"' \
--form 'order_id="TEST_ORDER_001"' \
--form 'payer_ip="127.0.0.1"' \
--form 'order_currency="SAR"' \
--form 'payer_first_name="Test"' \
--form 'payer_city="Riyadh"' \
--form 'auth="N"' \
--form 'payer_last_name="User"' \
--form 'payer_phone="+966500000000"' \
--form 'order_description="Test Invoice"' \
--form 'payer_email="[email protected]"' \
--form 'term_url_3ds="https://sandbox.edfapay.com/test/3ds"' \
--form 'client_key="TEST_CLIENT_KEY"' \
--form 'recurring_init="N"' \
--form 'req_token="N"' \
--form 'hash="TEST_HASH_VALUE"' \
--form 'product_details="[
{\"reference_id\":\"TEST_REF_001\",\"type\":\"invoice_product\",\"name\":\"Test Item\",\"sku\":\"SKU001\",\"quantity\":1,\"amount\":\"1250.00\",\"currency\":\"SAR\"}
]"' \
--form 'locale="en"' \
--form 'shipping_first_name="Test"' \
--form 'shipping_last_name="User"' \
--form 'shipping_address="Test Shipping Address"' \
--form 'shipping_city="Riyadh"' \
--form 'shipping_country_code="SA"' \
--form 'tax_amount="0.00"' \
--form 'tax_currency="SAR"' \
--form 'shipping_amount="0.00"' \
--form 'shipping_currency="SAR"' \
--form 'merchant_success_url="https://sandbox.edfapay.com/test/success"' \
--form 'merchant_failure_url="https://sandbox.edfapay.com/test/failure"' \
--form 'merchant_cancel_url="https://sandbox.edfapay.com/test/cancel"' \
--form 'merchant_notification_url="https://sandbox.edfapay.com/test/notification"' \
--form 'expires_in_minutes="240"'Important Note — Hash Generation
The hash parameter included in the request body is dynamically generated for each request and must not be hardcoded.
The hash value is calculated using specific request parameters combined with your merchant secret key. Any change in the request data requires regenerating the hash before sending the request.
🔗 For detailed steps and the exact formula used to generate the hash, refer to the Hash Generation Section.
Successful Response
{
"redirect_url": "https://pay.edfapay.com/merchant/checkout/Test-Number/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}redirect_url: Redirect your customer to this URL to complete the payment.
Hash Generation (Request Authentication)
To secure your API request, you must generate a hash using the request data and your secret merchant password. This hash ensures that the request is authentic and hasn’t been tampered with.
This hash is used solely to ensure the integrity of the request and is not related to the hash included in callback notifications.
Formula
hash = SHA1(MD5(UPPERCASE(order_id + order_amount + order_currency + order_description + merchant_password)))Where Each Value Comes From:
order_id: The same value used in your request body.order_amount: The same value used in your request body.order_currency: The same value used in your request body.order_description: The same value used in your request body.merchant_password: This is your secret merchant password (shared securely via email).
Notes on Hash Generation:
- The final result should be a lowercase hexadecimal string.
- The size of the hash must be equal to 40 characters.
- If any value differs between the hash and the request body (even a space or case change), the system will return an "Invalid Hash Value" error.
JavaScript Example
// Required: CryptoJS library
var order = {
id: "Test-Number",
amount: "0.11",
currency: "SAR",
description: "Test order"
};
var merchant = {
pass: "YOUR_SECRET_MERCHANT_PASSWORD"
};
var to_md5 = (order.id + order.amount + order.currency + order.description + merchant.pass).toUpperCase();
var hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5).toString());
var result = CryptoJS.enc.Hex.stringify(hash);
console.log("Generated Hash:", result);Callback Response
| Field Name | Value |
|---|---|
| id | 12345678-1234-1234-1234-123456789012 |
| order_amount | 1.00 |
| order_currency | SAR |
| order_description | Tax invoice |
| order_number | 1234567890 |
| source | tamara |
| status | success |
| type | sale |
Important Notes
- Ensure product_details totals match order_amount.
- Tamara availability depends on merchant activation and customer eligibility.
- Refunds are processed only via the Merchant Dashboard.