this API allows you to check the current status of a payment initiated through the EdfaPay platform.
Endpoint
POST https://api.edfapay.com/payment/post
Content-Type: application/x-www-form-urlencoded
Example cURL Request
curl --location 'https://api.edfapay.com/payment/post' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'action=GET_TRANS_STATUS' \
--data-urlencode 'client_key=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' \
--data-urlencode 'trans_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
--data-urlencode 'hash=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'Important Note — Hash Generation
The hash parameter included in the request body is dynamically generated for each request and must not be hardcoded.
The hash value is calculated using specific request parameters combined with your merchant secret key. Any change in the request data requires regenerating the hash before sending the request.
🔗 For detailed steps and the exact formula used to generate the hash, refer to the Hash Generation Section.
Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | API action type. For status checking, this must be GET_TRANS_STATUS. |
| client_key | string | Yes | Your EdfaPay merchant identifier (UUID format). |
| trans_id | string | Yes | Unique transaction ID from EdfaPay. |
| hash | string | Yes | Hashed string to authenticate the request. |
Important NoteYou can get the trans_id from Dashboard in the transaction page with name Payment ID. Webhook(callback) response with value of parameter trans_id and also in the Successful Response
Hash Generation (Request Authentication)
To ensure the request is secure, you must generate a hash using the following logic:
Formula
hash = SHA1(MD5(UPPERCASE(gway_Payment_id + merchant_password)))JavaScript Example (Postman)
var payment_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx";
var merchant_pass = "xxxxxxxx-xxxx-xxxx-xxxx-x";
//formula:
var to_md5 = payment_id + merchant_pass;
// Use the CryptoJS
var hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
var result = CryptoJS.enc.Hex.stringify(hash);
// Set the new environment variable
postman.setEnvironmentVariable('operation_hash', result);
console.log(hash);
Notes
- Payment_id → Unique payment identifier returned by the Webhook.
- Password → Merchant’s backend password (secure, not public).
- Final output hash must be a lowercase hexadecimal string (e.g., a1b2c3...).
Successful Response (Example)
{
"date": "01-01-2025 00:00",
"status": "settled",
"brand": "MADA",
"order": {
"number": "0000",
"amount": "1.00",
"currency": "SAR",
"description": "Payment Order # 0000"
},
"customer": {
"name": "Customer",
"email": "[email protected]"
},
"rrn": "xxxxxxxxxxxx",
"payment_id": "xxxxxxxxxxxxxxxxxxx"
}Failed Response (Example)
{
"date": "01-01-2025 00:00",
"status": "TXN_FAILURE",
"brand": "MADA",
"reason": "Not sufficient funds",
"order": {
"number": "xxxxx",
"amount": "10.00",
"currency": "SAR",
"description": "Payment Order # 32157"
},
"customer": {
"name": "Customer",
"email": "[email protected]"
},
"rrn": "xxxxxxxxxxxx",
"payment_id": "xxxxxxxxxxxxxxxxxxx"
}Notes
- The transactions array may include multiple steps like REDIRECT, SALE, or REFUND, depending on the flow.
- If no matching transaction ID is found, you will receive Request data is invalid error.