The Full Refund API allows merchants to reverse the entire amount of a previously successful and settled transaction through the Edfapay payment gateway, returning the full charged amount back to the customer’s original payment method.
This API is responsible for returning funds after the capture stage, in contrast to the VOID API, which only releases funds before capture.
Endpoint
POST https://apidev.edfapay.com/payment/post
Content-Type: application/x-www-form-urlencoded
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | API action type. For status checking, this must be CREDITVOID. |
| trans_id | string | Yes | Unique transaction ID from EdfaPay. |
| client_key | string | Yes | Your EdfaPay merchant identifier (UUID format). |
| hash | string | Yes | Security hash generated to authorize the request |
| amount | string | Yes | The full amount of the original transaction |
Important NoteYou can get the trans_id from Dashboard in the transaction page with name Payment ID. Webhook(callback) response with value of parameter trans_id and also in the Successful Response
Example Request
curl --location 'https://apidev.edfapay.com/payment/post' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
--data-urlencode 'trans_id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' \
--data-urlencode 'amount=X.XX' \
--data-urlencode 'action=CREDITVOID' \
--data-urlencode 'hash=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'Important Note — Hash Generation
The hash parameter included in the request body is dynamically generated for each request and must not be hardcoded.
The hash value is calculated using specific request parameters combined with your merchant secret key. Any change in the request data requires regenerating the hash before sending the request.
🔗 For detailed steps and the exact formula used to generate the hash, refer to the Hash Generation Section.
Hash Calculation
To secure the API call from unauthorized access, the hash parameter must be computed using the following formula:
Formula:
Hash = SHA1( MD5( UPPERCASE(payment_id + amount + merchant_pass) ) )JavaScript Example using CryptoJS
var payment_id = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX";
var amount = "X.XX";
var merchant_pass = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
var to_md5 = payment_id + amount + merchant_pass;
var hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
var result = CryptoJS.enc.Hex.stringify(hash);
console.log(result);
postman.setEnvironmentVariable('operation_hash', result);
Notes
- payment_id: This is the trans_id of the original SALE transaction you want to refund.
- amount: It should be equal to the amount of the original transaction.
- merchant_pass: Your merchant secret key. Keep this secure and do not expose it publicly.
- The concatenated string is first converted to uppercase before applying MD5.
- The final expected hash output is in lowercase hexadecimal format
Success Response
{
"result": "accepted",
"payment_id": "xxxxxxxxxxxxxxxx"
}Error Response
{
"result": "ERROR",
"error_code": 100000,
"error_message": "Request data is invalid.",
"errors": [
{
"error_code": 100001,
"error_message": "Refund amount cannot be greater than order amount"
}
]
}Full Refund Rules and Guidelines
- A full refund can only be initiated if the original transaction was successful and captured.
- The refund amount must be equal to the full amount of the original transaction.
- A transaction can be fully refunded only once.
Important Considerations
- Full refunds must be handled carefully, as multiple failed refund attempts or technical issues may trigger the cardholder’s bank fraud detection system, potentially temporarily blocking the card.
- Ensure each full refund is properly logged and tracked to prevent conflicts or duplicate refund attempts.
- Always verify that the transaction is captured before initiating a full refund.