This API allows you to check the current status of a payment initiated through the EdfaPay platform.
Endpoint
POST https://apidev.edfapay.com/payment/status
Content-Type: application/json
Example cURL Request
curl --location 'https://apidev.edfapay.com/payment/status' \
--header 'Content-Type: application/json' \
--data '{
"order_id": "1001",
"merchant_id": "12345678-abcd-fedc-1234-abcdef123456",
"gway_Payment_id": "XXXXXXXXXXXXXXXXXXXX",
"hash": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}'Important Note — Hash Generation
The hash parameter included in the request body is dynamically generated for each request and must not be hardcoded.
The hash value is calculated using specific request parameters combined with your merchant secret key. Any change in the request data requires regenerating the hash before sending the request.
🔗 For detailed steps and the exact formula used to generate the hash, refer to the Hash Generation Section.
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| order_id | string | Yes | Unique order ID |
| merchant_id` | string | Yes | Your EdfaPay merchant identifier (UUID format) |
| gway_Payment_id | string | Yes | Unique transaction ID from EdfaPay |
| hash | string | Yes | Hashed string to authenticate the request. |
Important NoteYou can get the gway_Payment_id from Dashboard in the transaction page with name Payment ID. Webhook(callback) response with value of parameter trans_id.
Hash Generation (Request Authentication)
To ensure the request is secure, you must generate a hash using the following logic:
Formula
hash = SHA1(MD5(UPPERCASE(gway_Payment_id + merchant_password)))- Ensure you convert the string to uppercase before hashing.
- The final result should be a lowercase hexadecimal string.
JavaScript Example (Postman)
var password = pm.variables.get("merchant_password");
var payment_id = "XXXXXXXXXXXXXXXXXXXX";
var to_md5 = (payment_id + password).toUpperCase();
var hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5).toString());
var result = CryptoJS.enc.Hex.stringify(hash);
postman.setEnvironmentVariable('hash', result);Successful Response (Example)
{
"statusCode": 200,
"responseBody": {
"date": "01-01-2025 00:00",
"status": "settled",
"brand": "MADA",
"order": {
"number": "Order_ID",
"amount": "1.00",
"currency": "SAR",
"description": "Payment for order #1000"
},
"customer": {
"name": "Example",
"email": "[email protected]"
},
"rrn": "XXXXXXXXXXXX",
"payment_id": "XXXXXXXXXXXX"
}
}Failed Response (Example)
{
"statusCode": 200,
"responseBody": {
"date": "01-01-2025 00:00,
"status": "TXN_FAILURE",
"brand": "MADA",
"reason": "FAILURE",
"order": {
"number": "Order_ID",
"amount": "1.00",
"currency": "SAR",
"description": "Payment for order #1000"
},
"customer": {
"name": "Example",
"email": "[email protected]"
},
"rrn": "XXXXXXXXXXXX",
"payment_id": "XXXXXXXXXXXX"
}
}Notes
- Always generate the
hashon the server-side in production environments. - This API is used for post-transaction validation or reconciliation.
- Ensure the
gway_Payment_idis the same as returned in the original transaction response.