This API allows you to check the current status of a payment initiated through the EdfaPay platform.

Endpoint

POST https://api.edfapay.com/payment/status

Content-Type: application/json

Example cURL Request

curl --location 'https://api.edfapay.com/payment/status' \
--header 'Content-Type: application/json' \
--data '{
    "order_id": "1001",
    "merchant_id": "12345678-abcd-fedc-1234-abcdef123456",
    "gway_Payment_id": "XXXXXXXXXXXXXXXXXXXX",
    "hash": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}'

❗️
Important Note — Hash Generation
The hash parameter included in the request body is dynamically generated for each request and must not be hardcoded.
The hash value is calculated using specific request parameters combined with your merchant secret key. Any change in the request data requires regenerating the hash before sending the request.
🔗 For detailed steps and the exact formula used to generate the hash, refer to the Hash Generation Section.

Request Parameters

Field	Type	Required	Description
order_id	string	Yes	Unique order ID
merchant_id`	string	Yes	Your EdfaPay merchant identifier (UUID format)
gway_Payment_id	string	Yes	Unique transaction ID from EdfaPay
hash	string	Yes	Hashed string to authenticate the request.

📘
Important Note
You can get the gway_Payment_id from Dashboard in the transaction page with name Payment ID. Webhook(callback) response with value of parameter trans_id.

Hash Generation (Request Authentication)

To ensure the request is secure, you must generate a hash using the following logic:

Formula

hash = SHA1(MD5(UPPERCASE(gway_Payment_id + merchant_password)))

Ensure you convert the string to uppercase before hashing.
The final result should be a lowercase hexadecimal string.

JavaScript Example (Postman)

var password = pm.variables.get("merchant_password");
var payment_id = "XXXXXXXXXXXXXXXXXXXX";
var to_md5 = (payment_id + password).toUpperCase();

var hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5).toString());
var result = CryptoJS.enc.Hex.stringify(hash);

postman.setEnvironmentVariable('hash', result);

Successful Response (Example)

{
    "statusCode": 200,
    "responseBody": {
        "date": "01-01-2025 00:00",
        "status": "settled",
        "brand": "MADA",
        "order": {
            "number": "Order_ID",
            "amount": "1.00",
            "currency": "SAR",
            "description": "Payment for order #1000"
        },
        "customer": {
            "name": "Example",
            "email": "[email protected]"
        },
        "rrn": "XXXXXXXXXXXX",
        "payment_id": "XXXXXXXXXXXX"
    }
}

Failed Response (Example)

{
    "statusCode": 200,
    "responseBody": {
        "date": "01-01-2025 00:00,
        "status": "TXN_FAILURE",
        "brand": "MADA",
        "reason": "FAILURE",
        "order": {
            "number": "Order_ID",
            "amount": "1.00",
            "currency": "SAR",
            "description": "Payment for order #1000"
        },
        "customer": {
            "name": "Example",
            "email": "[email protected]"
        },
        "rrn": "XXXXXXXXXXXX",
        "payment_id": "XXXXXXXXXXXX"
    }
}

Notes

Always generate the hash on the server-side in production environments.
This API is used for post-transaction validation or reconciliation.
Ensure the gway_Payment_id is the same as returned in the original transaction response.