The Recurring API allows merchants to charge customers on a recurring basis (e.g., monthly, weekly) for subscription-based services. This is an unscheduled recurring API, giving merchants the flexibility to manage their own billing cycles and call the recurring API as needed.

Endpoint

POST https://api.edfapay.com/payment/post

Content-Type: application/json

Request Body (JSON)

Field	Type	Required	Description
order_id	string	Yes	New unique order ID for this recurring transaction
client_key	string	Yes	Merchant key provided by Edfapay
hash	string	Yes	Security hash generated to authorize the request
action	string	Yes	Action type: must be `RECURRING_SALE`
order_amount	number	Yes	The amount to be charged must be entered in whole digits only
recurring_first_trans_id	string	Yes	The trans ID of the original transaction (first payment)
order_description	string	Yes	Description of the order
payer_ip	string	No	IP address of the payer used in original transaction (first payment)
recurring_token	string	Yes	Token received after the initial transaction with `recurring_init=Y`

Example Request

curl --location 'https://api.edfapay.com/payment/post' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'order_id=reccurring1' \
--data-urlencode 'client_key=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX' \
--data-urlencode 'hash=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
--data-urlencode 'action=RECURRING_SALE' \
--data-urlencode 'order_amount=10' \
--data-urlencode 'recurring_first_trans_id=Trans_ID' \
--data-urlencode 'order_description=Test' \
--data-urlencode 'payer_ip=192.1.1.1' \
--data-urlencode 'recurring_token=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXXXXXX'

❗️
Important Note — Hash Generation
The hash parameter included in the request body is dynamically generated for each request and must not be hardcoded.
The hash value is calculated using specific request parameters combined with your merchant secret key. Any change in the request data requires regenerating the hash before sending the request.
🔗 For detailed steps and the exact formula used to generate the hash, refer to the Hash Generation Section.

How to Get `recurring_token`

To use the Recurring API, the recurring_token must be obtained in advance. This token is provided to the merchant’s notification endpoint under the following conditions:

The initial Initiate API call must include "recurring_init": "Y"
The merchant must be enabled for recurring payments
The initial payment must be successful

Please contact Edfapay onboarding team to enable recurring payments for your merchant account.

Hash Calculation

The hash parameter must be calculated to secure the request. It is based on a combination of order details and your merchant password.

Formula:

hash = SHA1(MD5(to_md5.toUpperCase()))

String to hash:

var to_md5 = recurring_init_trans_id + recurring_token + order_number + order_amount + order_description + merchant_pass;

JavaScript Example using CryptoJS

var to_md5 = recurring_init_trans_id + recurring_token + order_number + order_amount + order_description + merchant_pass;
var hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
var result = CryptoJS.enc.Hex.stringify(hash);

🚧
Note
merchant_pass is the shared secret provided by Edfapay for secure communication.
recurring_init_trans_id is the Payment ID of original transaction (first payment).
recurring_tokenis the Token returned in the Webhook response.

Response Example

{
  "result": "SUCCESS",
  "message": "Recurring payment processed successfully",
  "transaction_id": "txn_00"
}

{
    "statusCode": 400,
    "responseBody": "Invalid Hash value"
}

Authentication

Authentication is handled via the hash parameter, using a SHA1-of-MD5 encoding scheme to validate request integrity.