In Person Payments
Accept in-person card payments and QR payments using the wifi card reader
Example Use cases
These APIs are designed to enable a variety of use cases where in-person payments are necessary. Here are a few examples of how this API can be used:
- Self Server Kiosk
- Point of Sale
- Vending Machines
These APIs are only available in countires that support the wifi card reader
Overview
- Your client device (e.g., POS, Kiosk) sends a request to your backend server to initiate the payment process.
- Your backend server calls the Payment Request API with the payment method set as “wifi_card_reader”.
- HitPay initiates the payment process on the card reader that is already connected to the wifi.
- Your customer presents their card to the card reader and completes the payment process.
- HitPay sends a webhook to your backend server with the payment status information.
- Your backend server receives the webhook and updates the order status accordingly.
Setup Your Reader
Before you can use the In-Person Payments using Payment Requests API, you’ll need to order a card reader and complete the setup process. Here’s what you need to do:
Displaying Payments on the Terminal
After switching your terminal to Standalone mode:
- On the login screen, tap the button on the top left corner.
- Select In-Person Payment API from the menu.
- The terminal will now display the In-Person Payment API screen, allowing you to accept card and QR payments.
When in this mode:
- The display will show the HitPay logo.
- If a QR payment method is selected, the relevant QR code will be displayed for the customer to scan.
- If a card payment method is selected, the display will show instructions to tap, insert, or swipe the card.
07139
.Payment Methods
The in-person payment API supports two main payment methods:
1. Card Payments
Accept physical card payments (credit/debit cards) using the card reader.
2. QR Payments
Accept QR code payments where customers scan the QR code displayed on the card reader screen.
Create a Payment Request APIs
Once you have all the details from the client and are ready to collect payments, use this API to create a payment request.
Endpoint
Query Parameters
Mandatory fields are amount and currency
Parameter | Description | Example |
---|---|---|
amount | The amount related to the payment | 2500.00 |
payment_methods[] | Indicate that the request is for in-person payments using a wifi card reader | wifi_card_reader |
currency | In-Person payments only support the home currency of your business | SGD |
wifi_terminal_id | The reader ID can be found in your dashboard under “POS > Terminals” | tmr_123123123 |
webhook | URL, where the HitPay server will POST a request after payment is completed | https://example.com/webhook |
Initiating Card Payments
To initiate a card payment, follow these steps:
- Create Payment Request: Use the Payment Request API with
payment_methods[]
set towifi_card_reader
- Card Reader Activation: The card reader will automatically activate and display “Ready for Payment”
- Customer Interaction: Ask your customer to insert, tap, or swipe their card on the reader
- Payment Processing: The card reader will process the payment and display the result
- Webhook Notification: You’ll receive a webhook with the payment status
Initiating QR Payments
To initiate a QR payment, follow these steps:
- Create Payment Request: Use the Payment Request API with
payment_methods[]
set to any supported QR payment method andgenerate_qr
set totrue
- QR Code Display: The card reader will automatically display a QR code on its screen
- Customer Scanning: Ask your customer to scan the QR code using their mobile payment app (e.g., PayNow, GrabPay, etc.)
- Payment Processing: The customer completes the payment through their mobile app
- Webhook Notification: You’ll receive a webhook with the payment status
Supported QR Payment Methods
For QR payments, you need to use one of the supported QR payment methods. See the complete list of supported QR payment methods.
Required Parameters for QR Payments
Parameter | Description | Example |
---|---|---|
amount | The amount related to the payment | 2500.00 |
payment_methods[] | One of the supported QR payment methods (e.g., paynow_online) | paynow_online |
currency | In-Person payments only support the home currency of your business | SGD |
wifi_terminal_id | The reader ID can be found in your dashboard under “POS > Terminals” | tmr_123123123 |
generate_qr | Set to true to generate QR code data | true |
webhook | URL, where the HitPay server will POST a request after payment is completed | https://example.com/webhook |
Response
The response will include a qr_code_data
object, which contains the data to be converted into a scannable QR code (qr_code
).
Handling the webhook
- Create an endpoint (E.g. /payment-confirmation/webhook) in your server that accepts POST requests. This request is application/x-www-form-urlencoded.
- Validate the webhook data using your salt value
- Return HTTP status code 200 to Hitpay
- Mark your order as paid
- Sample webhook payload data
Sample Webhook Payload
Webhook fields
Following fields are sent with the webhook request:
Parameter | Description | |
---|---|---|
payment_id | Payment ID | |
payment_request_id | Payment request ID | |
phone | Buyer’s phone number | |
amount | Amount related to the payment | |
currency | Currency related to the payment | |
status | Payment status (completed / failed) | |
reference_number | Arbitrary reference number mapped during payment request creation | |
hmac | Message Authentication code of this webhook request |
Validating a Webhook
To validate a webhook payload from HitPay, follow these steps:
- Payload Extraction: Extract the key-value pairs from the webhook payload. For example:
-
Exclude HMAC and Values: Remove the "hmac" key and its corresponding value from the extracted payload. For example:
-
Concatenation and Sorting: Concatenate the keys and values from the remaining key-value pairs without using "&" and "=", and arrange them in alphabetical order of the keys. For example:
-
Signature Generation: Use the HMAC-SHA256 algorithm along with the secret salt from your dashboard to generate a signature for the concatenated string. This signature will be unique to this payload.
-
Comparison and Validation: Compare the generated signature with the HMAC value present in the original payload, both values must match.
By following these steps, you can ensure the authenticity and integrity of the webhook payload received from HitPay. This process guarantees that the payload can be trusted and processed securely.
Sample Code
Congrats! You have now successfully completed the in-person payment integration.