this API allows you to check the current status of a payment initiated through the EdfaPay platform.
Endpoint
POST https://api.edfapay.com/payment/post
Content-Type: application/x-www-form-urlencoded
Example cURL Request
curl --location 'https://api.edfapay.com/payment/post' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'action=GET_TRANS_DETAILS' \
--data-urlencode 'client_key=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' \
--data-urlencode 'trans_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
--data-urlencode 'hash=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | API action type. For status checking, this must be GET_TRANS_DETAILS. |
| client_key | string | Yes | Your EdfaPay merchant identifier (UUID format). |
| trans_id | string | Yes | Unique transaction ID from EdfaPay. |
| hash | string | Yes | Hashed string to authenticate the request. |
Important NoteYou can get the trans_id from
Dashboard in the transaction page with name Payment ID. Webhook(callback) response with value of parameter trans_id and also in the Successful Response
Important Note — Hash Generation
The hash parameter included in the request body is dynamically generated for each request and must not be hardcoded.
The hash value is calculated using specific request parameters combined with your merchant secret key. Any change in the request data requires regenerating the hash before sending the request.
🔗 For detailed steps and the exact formula used to generate the hash, refer to the Hash Generation Section.
Hash Generation (Request Authentication)
To ensure the request is secure, you must generate a hash using the following logic:
Formula
hash = MD5(UPPERCASE(Reverse(email) + password + trans_id + Reverse(cardBIN + cardLast4)))JavaScript Example (Postman)
var password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
var payment_id = "XXXXXXXXXXXXXXXXXXXX";
var card_number="XXXXXXXXXXXXXXXX"
var email = "[email protected]"
const ReverseString = str => [...str].reverse().join('');
let reversedEmail = ReverseString(email);
let reversedCard = ReverseString(card_number.substr(0, 6) + card_number.substr(-4));
let result = (reversedEmail + PASSWORD + trans_id + reversedCard).toUpperCase();
let finalResult = CryptoJS.MD5(result).toString()
postman.setEnvironmentVariable('operation_hash', finalResult);
Notes
- Reverse() → A function that reverses the input string.
- email → Customer’s email used during the SALE request.
- password → Merchant’s backend password (secure, not public).
- trans_id → Unique transaction ID returned in SALE response.
- cardBIN → First 6 digits of the card number.
- cardLast4 → Last 4 digits of the card number.
- Final output hash must be a lowercase hexadecimal string (e.g., a1b2c3...).
Successful Response (Example)
{
"action": "GET_TRANS_DETAILS",
"status": "SUCCESS",
"order_id": "TEST-XXXXX",
"trans_id": "XXXXXXXXXXXXXX",
"name": "Cardholder Name",
"mail": "[email protected]",
"ip": "XXX.XXX.XXX.XXX",
"amount": "0.11",
"currency": "SAR",
"card": "512345******0008",
"transactions": [
{
"type": "REDIRECT",
"status": "success",
"date": "01-01-2025 00:00:00",
"amount": "0.11"
},
{
"type": "SALE",
"status": "success",
"date": "01-01-2025 00:00:01",
"amount": "0.11"
}
]
}Failed Response (Example)
{
"action": "GET_TRANS_DETAILS",
"result": "DECLINED",
"status": "DECLINED",
"order_id": "TEST-XXXXX",
"trans_id": "XXXXXXXXXXXXXX",
"name": "Cardholder Name",
"mail": "[email protected]",
"ip": "XXX.XXX.XXX.XXX",
"amount": "0.11",
"currency": "SAR",
"card": "512345******0008",
"transactions": [
{
"type": "SALE",
"status": "fail",
"date": "01-01-2025 00:00:00",
"amount": "0.11"
}
]
}Notes
- The transactions array may include multiple steps like REDIRECT, SALE, or REFUND, depending on the flow.
- If no matching transaction ID is found, you will receive Request data is invalid error.