The Credit Void API allows merchants to void (reverse) a transaction that has been authorized but not yet captured.
This operation releases the held amount from the customer’s bank before settlement.
The VOID API now applies only to transactions where:
- auth = Y (authorized), and
- no capture has been performed yet.
Once a transaction is captured (even partially), you must use the Refund API instead.
Endpoint
POST https://apidev.edfapay.com/payment/post
Content-Type: application/x-www-form-urlencoded
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | API action type. For status checking, this must be VOID. |
| trans_id | string | Yes | Unique transaction ID from EdfaPay. |
| client_key | string | Yes | Your EdfaPay merchant identifier (UUID format). |
| hash | string | Yes | Security hash generated to authorize the request |
Important NoteYou can get the trans_id from Dashboard in the transaction page with name Payment ID. Also you can trans_id in the Successful Response
Example Request
curl --location 'https://apidev.edfapay.com/payment/post' \
--form 'action="VOID"' \
--form 'client_key="XXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX"' \
--form 'trans_id="XXXXXXXXXXXXXXXX"' \
--form 'hash="XXXXXXXXXXXXXXXXXXXXXXXXX"'Important Note — Hash Generation
The hash parameter included in the request body is dynamically generated for each request and must not be hardcoded.
The hash value is calculated using specific request parameters combined with your merchant secret key. Any change in the request data requires regenerating the hash before sending the request.
🔗 For detailed steps and the exact formula used to generate the hash, refer to the Hash Generation Section.
Hash Calculation
To secure the API call from unauthorized access, the hash parameter must be computed using the following formula:
Formula:
Hash = MD5( UPPERCASE( Reverse(Email) + Merchant_Password + Transaction_ID + Reverse(First6(Card_Number) + Last4(Card_Number)) ) )JavaScript Example using CryptoJS
var trans_id = "XXXXXXXXXXXXXXXXXXX"; // Example transaction ID (Payment ID)
var PASSWORD = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; // Your merchant secret key
var card_number = "512345******0008"; // Masked card number for security
var email = "[email protected]"; // Example email address
// Helper function to reverse strings
const ReverseString = str => [...str].reverse().join('');
// Reverse email and masked card digits (first 6 + last 4)
let reversedEmail = ReverseString(email);
let reversedCard = ReverseString(card_number.replace(/\*/g, '').substr(0, 6) + card_number.replace(/\*/g, '').substr(-4));
// Combine reversed values + password + trans_id
let result = (reversedEmail + PASSWORD + trans_id + reversedCard).toUpperCase();
// Generate the final MD5 hash
let finalResult = CryptoJS.MD5(result).toString();
// Set the generated hash as an environment variable in Postman (optional)
postman.setEnvironmentVariable('hash', finalResult);
Notes
- email: The customer’s email address. It is reversed before being used in the hash generation.
- card_number: Only the first 6 and last 4 digits of the card are used. These digits are reversed before being concatenated.
- trans_id: The transaction ID (payment ID) of the related SALE or CAPTURE transaction.
- merchant_pass: Your merchant secret key — keep it confidential and never expose it publicly.
- The final concatenated string follows this order: Reverse(email) + merchant_pass + trans_id + Reverse(card_first6 + card_last4)
- The entire string is then converted to uppercase before applying MD5.
- The final hash is the MD5 output in lowercase hexadecimal format.
Sample Response
{
"action": "VOID",
"result": "SUCCESS",
"status": "VOID",
"order_id": "Test_order",
"trans_id": "XXXXXXXXXXXXXXXXX",
"trans_date": "01-01-2025 00:00:00",
"rrn": "XXXXXXXXXXXXXX",
"card_brand": "MASTER",
"merchant_name": "Edfapay"
}
{
"message": "Transection XXXXXXXXXXXXXXXXX has already been voided earlier.",
"status": "FAILED"
}Notes
- You cannot void an already voided or refunded transaction.
- The response status VOID confirms successful reversal of the transaction.
Sample Response After Capture
{
"action": "VOID",
"result": "Declined",
"status": "VOID",
"order_id": "Test_order1",
"trans_id": "XXXXXXXXXXXXXXXXX",
"trans_date": "01-01-2025 00:05:00",
"rrn": "XXXXXXXXXXXXXX",
"card_brand": "MASTER",
"merchant_name": "Edfapay"
}Notes
- You cannot Void after Capture
- Same Response will be shown when press send again