Learn about the Full Refund S2S API, including rules, guidelines, and conditions for processing refunds through Edfapay.
The Full Refund API allows merchants to reverse the entire amount of a previously successful and settled transaction through the Edfapay payment gateway, returning the full charged amount back to the customer’s original payment method.
Endpoint
POST https://api.edfapay.com/payment/refund
Content-Type: application/json
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| gwayId | string | Yes | Unique transaction ID returned by Edfapay (payment gateway transaction ID) |
| order_id | string | Yes | Order ID from the merchant's system |
| edfa_merchant_id | string | Yes | Merchant key provided by Edfapay |
| hash | string | Yes | Security hash generated to authorize the request |
| payer_ip | string | Yes | IP address of the payer in IPv4 format. |
| amount | string | Yes | The full amount of the original transaction |
Example Request
curl --location 'https://api.edfapay.com/payment/refund' \
--header 'Content-Type: application/json' \
--data '{
"gwayId": "XXXXXXXXXXXXXXXXXXX",
"order_id": "1000",
"edfa_merchant_id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"hash": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"payer_ip": "176.44.76.222",
"amount": "10.00"
}'Important Note — Hash Generation
The hash parameter included in the request body is dynamically generated for each request and must not be hardcoded.
The hash value is calculated using specific request parameters combined with your merchant secret key. Any change in the request data requires regenerating the hash before sending the request.
🔗 For detailed steps and the exact formula used to generate the hash, refer to the Hash Generation Section.
Hash Calculation
To secure the API call from unauthorized access, the hash parameter must be computed using the following formula:
Formula:
hash = SHA1(MD5(UPPERCASE(gwayId+ amount+ merchant_password)))JavaScript Example using CryptoJS
var to_md5 = gwayId + amount + merchant.pass;
var hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
var result = CryptoJS.enc.Hex.stringify(hash);Note
merchant.pass is the shared secret provided by Edfapay for secure communication.
You can obtain the gwayId from the Dashboard on the Transaction page, where it appears as Payment ID.
Alternatively, it can be retrieved from the Webhook (callback) response using the trans_id parameter.
Sample Responses
{
"statusCode": 200,
"responseBody": {
"result": "accepted",
"payment_id": "XXXXXXXXXXXXXXXXXXX"
}
}{
"statusCode": 400,
"responseBody": {
"message": "Refund is already initiated."
}
}The payment_id received for successful full refund must be the same payment_id from the original sale transaction.
Full Refund Rules and Guidelines
- A full refund can only be initiated if the original transaction was successful and captured.
- The refund amount must be equal to the full amount of the original transaction.
- A transaction can be fully refunded only once.
Important Considerations
- Full refunds must be handled carefully, as multiple failed refund attempts or technical issues may trigger the cardholder’s bank fraud detection system, potentially temporarily blocking the card.
- Ensure each full refund is properly logged and tracked to prevent conflicts or duplicate refund attempts.
- Always verify that the transaction is captured before initiating a full refund.