post https://api.edfapay.com/payment/post
this API allows you to check the current status of a payment initiated through the EdfaPay platform.
Endpoint
POST https://api.edfapay.com/payment/post
Content-Type: application/x-www-form-urlencoded
Example cURL Request
curl --location 'https://api.edfapay.com/payment/post' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'action=GET_TRANS_DETAILS' \
--data-urlencode 'client_key=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' \
--data-urlencode 'trans_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
--data-urlencode 'hash=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | API action type. For status checking, this must be GET_TRANS_DETAILS. |
| client_key | string | Yes | Your EdfaPay merchant identifier (UUID format). |
| trans_id | string | Yes | Unique transaction ID from EdfaPay. |
| hash | string | Yes | Hashed string to authenticate the request. |
Important NoteYou can get the trans_id from
Dashboard in the transaction page with name Payment ID. Webhook(callback) response with value of parameter trans_id and also in the Successful Response
Hash Generation (Request Authentication)
To ensure the request is secure, you must generate a hash using the following logic:
Formula
hash = MD5(UPPERCASE(Reverse(email) + password + trans_id + Reverse(cardBIN + cardLast4)))JavaScript Example (Postman)
var password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
var payment_id = "XXXXXXXXXXXXXXXXXXXX";
var card_number="XXXXXXXXXXXXXXXX"
var email = "[email protected]"
const ReverseString = str => [...str].reverse().join('');
let reversedEmail = ReverseString(email);
let reversedCard = ReverseString(card_number.substr(0, 6) + card_number.substr(-4));
let result = (reversedEmail + PASSWORD + trans_id + reversedCard).toUpperCase();
let finalResult = CryptoJS.MD5(result).toString()
postman.setEnvironmentVariable('operation_hash', finalResult);
Notes
- Reverse() → A function that reverses the input string.
- email → Customer’s email used during the SALE request.
- password → Merchant’s backend password (secure, not public).
- trans_id → Unique transaction ID returned in SALE response.
- cardBIN → First 6 digits of the card number.
- cardLast4 → Last 4 digits of the card number.
- Final output hash must be a lowercase hexadecimal string (e.g., a1b2c3...).
Successful Response (Example)
{
"action": "GET_TRANS_DETAILS",
"status": "SUCCESS",
"order_id": "TEST-XXXXX",
"trans_id": "XXXXXXXXXXXXXX",
"name": "Cardholder Name",
"mail": "[email protected]",
"ip": "XXX.XXX.XXX.XXX",
"amount": "0.11",
"currency": "SAR",
"card": "512345******0008",
"transactions": [
{
"type": "REDIRECT",
"status": "success",
"date": "01-01-2025 00:00:00",
"amount": "0.11"
},
{
"type": "SALE",
"status": "success",
"date": "01-01-2025 00:00:01",
"amount": "0.11"
}
]
}Failed Response (Example)
{
"action": "GET_TRANS_DETAILS",
"result": "DECLINED",
"status": "DECLINED",
"order_id": "TEST-XXXXX",
"trans_id": "XXXXXXXXXXXXXX",
"name": "Cardholder Name",
"mail": "[email protected]",
"ip": "XXX.XXX.XXX.XXX",
"amount": "0.11",
"currency": "SAR",
"card": "512345******0008",
"transactions": [
{
"type": "SALE",
"status": "fail",
"date": "01-01-2025 00:00:00",
"amount": "0.11"
}
]
}Notes
- The transactions array may include multiple steps like REDIRECT, SALE, or REFUND, depending on the flow.
- If no matching transaction ID is found, you will receive Request data is invalid error.