API v1.0

Dpay Payment Gateway API

Integrate deposits, payouts, and real-time webhooks into your platform with our simple REST API. Fast, secure, and reliable.

Base URL https://api.dpay.rest

🔒 Authentication

All API requests must include the following headers for authentication.

Header Value Description
X-API-Key your_api_key Your API key provided by Dpay
X-API-Secret your_api_secret Your API secret provided by Dpay
Keep your API credentials secure. Never expose them in client-side code or public repositories.

Deposit API

Create deposit requests to receive funds from customers via QR code or bank transfer.

POST /api/v1/deposit/create Create Deposit

Request Fields

Field Type Description
account_no Required string Customer bank account number (10-15 digits)
acc_name Required string Customer account name (2-100 characters)
bank_code Required string Bank code (e.g. KBANK, SCB, BBL)
amount Required number Amount in THB (1 - 2,000,000, max 2 decimal places)
callback_url Required string HTTPS URL for status callbacks
signature Required string JWT HMAC-SHA256 signature
timestamp Required number Unix timestamp in milliseconds (must be within 5 minutes)

Response Fields

Field Type Description
txn_id string Transaction ID (format: DEP{timestamp}{random})
status string Transaction status
pending expired cancelled
channel string Payment channel
amount number Deposit amount
fee number Transaction fee
fee_percent number Fee percentage
net_amount number Net amount after fee
expire_date string Expiration date (ISO 8601)
qrcode_url string QR code image URL
promptpay_number string PromptPay number
bank_data object Bank account information for transfer
cURL 
curl -X POST https://api.dpay.rest/api/v1/deposit/create \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "account_no": "1234567890",
    "acc_name": "John Doe",
    "bank_code": "KBANK",
    "amount": 1000.00,
    "callback_url": "https://your-domain.com/callback",
    "signature": "eyJhbGciOiJIUzI1NiIs...",
    "timestamp": 1709123456789
  }'
JSON 
{
  "success": true,
  "data": {
    "txn_id": "DEP1709123456ABC123",
    "status": "pending",
    "channel": "QR",
    "amount": 1000.00,
    "fee": 15.00,
    "fee_percent": 1.5,
    "net_amount": 985.00,
    "expire_date": "2024-01-01T12:10:00Z",
    "qrcode_url": "https://cdn.example.com/qr/DEP1709123456ABC123.png",
    "promptpay_number": "0812345678"
  }
}

Payout API

Create payout requests to transfer funds to customer bank accounts.

POST /api/v1/payout/create Create Payout

Request Fields

Field Type Description
account_no Required string Recipient bank account number
acc_name Required string Recipient account name
bank_code Required string Bank code (e.g. KBANK, SCB, BBL)
amount Required number Amount in THB (must have sufficient balance)
callback_url Required string HTTPS URL for status callbacks
signature Required string JWT HMAC-SHA256 signature
timestamp Required number Unix timestamp in milliseconds

Response Fields

Field Type Description
txn_id string Transaction ID (format: PAY{timestamp}{random})
status string Transaction status
pending processing completed failed cancelled
amount number Payout amount
fee number Transaction fee
fee_percent number Fee percentage
customer_data object Recipient bank account details
Ensure your account has sufficient balance before creating a payout. Insufficient balance will result in an error.
cURL 
curl -X POST https://api.dpay.rest/api/v1/payout/create \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret" \
  -d '{
    "account_no": "9876543210",
    "acc_name": "Jane Doe",
    "bank_code": "SCB",
    "amount": 5000.00,
    "callback_url": "https://your-domain.com/callback",
    "signature": "eyJhbGciOiJIUzI1NiIs...",
    "timestamp": 1709123456789
  }'
JSON 
{
  "success": true,
  "data": {
    "txn_id": "PAY1709123456XYZ789",
    "status": "pending",
    "amount": 5000.00,
    "fee": 75.00,
    "fee_percent": 1.5,
    "customer_data": {
      "account_no": "9876543210",
      "acc_name": "Jane Doe",
      "bank_code": "SCB"
    }
  }
}

🔔 Callback / Webhook

The system sends a POST request to your callback URL whenever a transaction status changes.

Your callback endpoint must respond with HTTP 200 within 10 seconds. Failed callbacks will be retried up to 3 times.
POST your_callback_url Deposit Callback
JSON 
{
  "event": "deposit.status_changed",
  "data": {
    "txn_id": "DEP1709123456ABC123",
    "status": "paid",
    "amount": 1000.00,
    "fee": 15.00,
    "net_amount": 985.00,
    "paid_at": "2024-01-01T12:05:30Z",
    "signature": "abc123..."
  }
}
POST your_callback_url Payout Callback
JSON 
{
  "event": "payout.status_changed",
  "data": {
    "txn_id": "PAY1709123456XYZ789",
    "status": "completed",
    "amount": 5000.00,
    "fee": 75.00,
    "bank_ref": "SCB20240101123456",
    "completed_at": "2024-01-01T12:30:00Z",
    "signature": "xyz789..."
  }
}
Verify Callback Signature
Always verify the callback signature by re-generating the HMAC-SHA256 hash from the callback data using your API Secret. This ensures the callback is genuinely from Dpay.

🔑 Signature Generation

All API requests require a signature for data integrity verification.

Steps

  1. Sort fields alphabetically (A-Z) Take all request fields (excluding signature itself) and sort them by key name.
  2. Create query string Join sorted key-value pairs with & separator: key1=value1&key2=value2&...
  3. Hash with HMAC-SHA256 Use your API Secret as the HMAC key to hash the query string.
  4. Convert to hex Convert the hash output to a lowercase hexadecimal string.
JavaScript 
const crypto = require('crypto');

function generateSignature(params, apiSecret) {
  const sorted = Object.keys(params).sort()
    .map(key => `${key}=${params[key]}`)
    .join('&');

  return crypto
    .createHmac('sha256', apiSecret)
    .update(sorted)
    .digest('hex');
}

// Usage
const signature = generateSignature({
  account_no: '1234567890',
  acc_name: 'John Doe',
  bank_code: 'KBANK',
  amount: '1000.00',
  callback_url: 'https://your-domain.com/callback',
  timestamp: '1709123456789'
}, 'your_api_secret');
Python 
import hmac
import hashlib

def generate_signature(params, api_secret):
    sorted_str = '&'.join(
        f'{k}={v}' for k, v in sorted(params.items())
    )
    return hmac.new(
        api_secret.encode(),
        sorted_str.encode(),
        hashlib.sha256
    ).hexdigest()

🏦 Banks API

Retrieve the list of supported banks.

GET /api/v1/client/banks Get Banks List

Query Parameters

Field Type Description
page Optional number Page number (default: 1)
limit Optional number Items per page (default: 100)
search Optional string Search by bank name or code

Response Fields

Field Type Description
id string Bank ID
bank_name string Bank name
bank_code string Bank code
int_code string Bank numeric code
bank_logo string Bank logo URL
cURL 
curl -X GET "https://api.dpay.rest/api/v1/client/banks?page=1&limit=100" \
  -H "X-API-Key: your_api_key" \
  -H "X-API-Secret: your_api_secret"

📄 Other Endpoints

Additional endpoints for managing deposits and payouts.

Deposit Endpoints

Method Endpoint Description
GET /api/v1/deposit/:requestId Get deposit details by ID
GET /api/v1/deposit/status/:requestId Get deposit status (public, no auth required)
GET /api/v1/deposits List all deposits with pagination
POST /api/v1/deposit/:requestId/cancel Cancel a pending deposit
POST /api/v1/deposit/:txnId/cancel

Cancel a pending deposit. Only deposits with pending status can be cancelled.

cURL

curl -X POST 'https://api.dpay.rest/api/v1/deposit/DEP1709123456ABC123/cancel' \
  -H 'X-API-Key: your_api_key' \
  -H 'X-API-Secret: your_api_secret'

Response

{
  "status": "success",
  "message": "Deposit cancelled successfully"
}

Payout Endpoints

Method Endpoint Description
GET /api/v1/payout/:requestId Get payout details by ID
GET /api/v1/payout/status/:requestId Get payout status (public, no auth required)
GET /api/v1/payouts List all payouts with pagination
POST /api/v1/payout/:requestId/cancel Cancel a pending payout
POST /api/v1/payout/:txnId/cancel

Cancel a pending payout. Only payouts with pending status can be cancelled. The amount will be refunded to the client balance.

cURL

curl -X POST 'https://api.dpay.rest/api/v1/payout/PAY1709123456XYZ789/cancel' \
  -H 'X-API-Key: your_api_key' \
  -H 'X-API-Secret: your_api_secret'

Response

{
  "status": "success",
  "message": "Payout cancelled successfully"
}

🏧 Bank Codes

Supported bank codes and their logos.

Bank logo URL pattern
https://white-lable.sgp1.cdn.digitaloceanspaces.com/banks-logos/{CODE}.png
KBANK
KBANK 004
SCB
SCB 014
BBL
BBL 002
KTB
KTB 006
BAY
BAY 025
TTB
TTB 011
GSB
GSB 030
CIMB
CIMB 022
UOB
UOB 024
TISCO
TISCO 067
KKP
KKP 069
CITI
CITI 017
HSBC
HSBC 031
ICBC
ICBC 070
GHB
GHB 033
IBANK
IBANK 066
BAAC
BAAC 034
LHB
LHB 073
TCRB
TCRB 071