API Reference

Resources

Introduction

Welcome to the PayGateway API. Our API allows you to accept payments and process withdrawals programmatically. All API endpoints are RESTful and return JSON responses.

Base URL

https://yourdomain.com/web/

API Format

All requests and responses are in JSON format. Make sure to set the Content-Type header to application/json for POST requests.

Authentication

Authentication is handled via Merchant ID and API Key. You can find these credentials in your dashboard.

Headers

{
    "merchant_id": "your_merchant_id",
    "api_key": "your_api_key"
}
Note: Never expose your API key in client-side code. Always make API calls from your server.

Payment API

Initiate a payment by redirecting users to our payment page.

GET /pay.php

Parameters

Parameter Type Required Description
merchant_id string Yes Your merchant ID
api_key string Yes Your API key
product string Yes Product ID or description
amount float Yes Payment amount (PHP)
bank_code string No GCASH or PMP (default: GCASH)

Example Request

GET /web/pay.php?merchant_id=MCH123456&api_key=abc123&product=PROD001&amount=1000.00&bank_code=GCASH

Response

The API will redirect the user to the payment page. After completion, the user will be redirected back to your site.

Withdrawal API

Process automated withdrawals to GCash or Maya accounts.

POST /transfer.php

Parameters

Parameter Type Required Description
merchant_id string Yes Your merchant ID
api_key string Yes Your API key
amount float Yes Withdrawal amount
bank_code string Yes GCASH or PMP
account_number string Yes Recipient account number
account_name string Yes Recipient account name

Example Request

POST /web/transfer.php
Content-Type: application/json

{
    "merchant_id": "MCH123456",
    "api_key": "abc123",
    "amount": 500.00,
    "bank_code": "GCASH",
    "account_number": "09123456789",
    "account_name": "John Doe"
}

Success Response

{
    "status": "success",
    "message": "Withdrawal processed successfully",
    "reference": "WDR123456789",
    "amount": 500.00,
    "bank_code": "GCASH",
    "balance": 1500.00
}

Error Response

{
    "status": "error",
    "message": "Insufficient balance",
    "code": "INSUFFICIENT_BALANCE"
}

Webhooks

We'll send POST requests to your webhook URL when payment status changes.

Webhook Payload

{
    "order_id": "ORD123456789",
    "status": "success",
    "amount": "1000.00",
    "bank_code": "GCASH",
    "signature": "md5_hash_signature"
}

Signature Verification

Always verify the signature to ensure the webhook is from PayGateway:

<?php
$secret_key = 'your_secret_key';
$data = json_decode(file_get_contents('php://input'), true);
$received_sign = $data['signature'];
unset($data['signature']);

ksort($data);
$sign_string = '';
foreach ($data as $key => $value) {
    $sign_string .= $key . '=' . $value . '&';
}
$sign_string .= 'key=' . $secret_key;
$calculated_sign = md5($sign_string);

if ($received_sign === $calculated_sign) {
    // Valid webhook
}
?>

Bank Codes

Bank Code Description
GCASH GCash Wallet
PMP Maya (formerly PayMaya)

Status Codes

Code Description
200 Success
400 Bad Request - Missing parameters
401 Unauthorized - Invalid credentials
403 Forbidden - Account suspended
404 Not Found - Invalid endpoint
429 Too Many Requests - Rate limit exceeded
500 Internal Server Error

Testing

Use our test payment page to verify your integration:

Go to Test Payment Page →

Test Credentials

Use these test accounts for sandbox testing:

Bank Test Account
GCASH 09123456789 / OTP: 123456
MAYA 09876543210 / OTP: 123456