OnePayBD API Documentation

Introduction

The OnePayBD API enables seamless integration with the bKash payment gateway, supporting token generation, payment creation, execution, and status checking. This documentation provides detailed instructions for API key users to interact with the API endpoints.

Base URL: https://api.onepaybd.com

Authentication

All endpoints require a valid apikey header for authentication. The API key is validated against the OnePayBD database, and each successful request increments the user's request counter.

General Request Headers

Header Name	Value	Description
Content-Type	`application/json`	Specifies that the request body is in JSON format.
Accept	`application/json`	Indicates that the client expects a JSON response.
apikey	`<Your-API-Key>`	The API key provided by OnePayBD for authentication.

Grant Token

Generates an access token for bKash payment APIs, used as the Authorization header in subsequent requests.

Request URL: {base_URL}/token

HTTP Method: POST

Request Headers

Header Name	Value	Description
Content-Type	`application/json`	Specifies that the request body is in JSON format.
Accept	`application/json`	Indicates that the client expects a JSON response.
apikey	`<Your-API-Key>`	The API key provided by OnePayBD.

Request Parameters

No request body is required.

Example Request


curl -X POST https://api.onepaybd.com/token \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "apikey: puqknyhi8cNx2LVdU5vAG0s6tlIoFSE9D3MeTZHfrJBb"

Example Response


{
  "statusCode": "0000",
  "statusMessage": "Successful",
  "id_token": "eyJraWQiOiJEWXd6RU9Fd3h5Q3lkRVwvUnJZU1BOcGk5MENBQkVBeHZ0bUs1QXQ4XC9oaVk9IiwiYWxnIjoiUlMyNTYifQ...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ..."
}

Notes

Use the id_token as Bearer <id_token> in other endpoints.
Token expires after expires_in seconds (e.g., 3600). Use refresh_token with the Refresh Token API (not covered).

Create Payment

Initiates a payment request with bKash, returning a payment ID and details for execution.

Request URL: {base_URL}/create

HTTP Method: POST

Request Headers

Header Name	Value	Description
Content-Type	`application/json`	Specifies that the request body is in JSON format.
Accept	`application/json`	Indicates that the client expects a JSON response.
apikey	`<Your-API-Key>`	The API key provided by OnePayBD.
Authorization	`Bearer <id_token>`	Token from Grant Token API.

Request Parameters

Property	Presence	Type	Description
mode	Mandatory	String	Payment mode (e.g., `0011`).
amount	Mandatory	String	Payment amount (e.g., `50`).
currency	Mandatory	String	Currency code (e.g., `BDT`).
intent	Mandatory	String	Payment intent (e.g., `sale`).
merchantInvoiceNumber	Mandatory	String	Unique invoice number (e.g., `Inv0124`).
payerReference	Mandatory	String	Payer reference (e.g., `0011`).
callbackURL	Mandatory	String	Callback URL (e.g., `http://yourdomain.com`).
merchantAssociationInfo	Optional	String	Merchant association info (e.g., `MI05MID54RF09123456One`).

Example Request


curl -X POST https://api.onepaybd.com/create \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "apikey: puqknyhi8cNx2LVdU5vAG0s6tlIoFSE9D3MeTZHfrJBb" \
-H "Authorization: Bearer eyJraWQiOiJEWXd6RU9Fd3h5Q3lkRVwvUnJZU1BOcGk5MENBQkVBeHZ0bUs1QXQ4XC9oaVk9IiwiYWxnIjoiUlMyNTYifQ..." \
-d '{
  "mode": "0011",
  "payerReference": "0011",
  "callbackURL": "http://yourdomain.com",
  "merchantAssociationInfo": "MI05MID54RF09123456One",
  "amount": "50",
  "currency": "BDT",
  "intent": "sale",
  "merchantInvoiceNumber": "Inv0124"
}'

Example Response


{
  "paymentID": "TR0011hBohNSq1745392922876",
  "bkashURL": "https://payment.bkash.com/?paymentId=TR0011hBohNSq1745392922876&hash=ZRKA0HXBW8DP!YOn.oNZaX9sZh3dhM5Iu)TMBsJ)rH(x1xahZt2E5uupGuT32V0B_ewIOe4fX1WBRd9AXR9u71(5Tuftibt5!2681745392922876&mode=0011&apiVersion=v1.2.0-beta/",
  "callbackURL": "http://yourdomain.com",
  "successCallbackURL": "http://yourdomain.com?paymentID=TR0011hBohNSq1745392922876&status=success&signature=zMQ5cPs4Yi",
  "failureCallbackURL": "http://yourdomain.com?paymentID=TR0011hBohNSq1745392922876&status=failure&signature=zMQ5cPs4Yi",
  "cancelledCallbackURL": "http://yourdomain.com?paymentID=TR0011hBohNSq1745392922876&status=cancel&signature=zMQ5cPs4Yi",
  "amount": "50",
  "intent": "sale",
  "currency": "BDT",
  "paymentCreateTime": "2025-04-23T13:22:02:876 GMT+0600",
  "transactionStatus": "Initiated",
  "merchantInvoiceNumber": "Inv0124",
  "statusCode": "0000",
  "statusMessage": "Successful"
}

Notes

Use paymentID for Execute Payment and Payment Status APIs.
Redirect users to bkashURL for payment.
merchantAssociationInfo is optional but may be required by bKash.

Execute Payment

Completes a payment transaction using the paymentID from the Create Payment API.

Request URL: {base_URL}/execute

HTTP Method: POST

Request Headers

Header Name	Value	Description
Content-Type	`application/json`	Specifies that the request body is in JSON format.
Accept	`application/json`	Indicates that the client expects a JSON response.
apikey	`<Your-API-Key>`	The API key provided by OnePayBD.
Authorization	`Bearer <id_token>`	Token from Grant Token API.

Request Parameters

Property	Presence	Type	Description
paymentID	Mandatory	String	Payment ID from Create Payment API (e.g., `TR0011URZu3Fn1745393195826`).

Example Request


curl -X POST https://api.onepaybd.com/execute \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "apikey: puqknyhi8cNx2LVdU5vAG0s6tlIoFSE9D3MeTZHfrJBb" \
-H "Authorization: Bearer eyJraWQiOiJEWXd6RU9Fd3h5Q3lkRVwvUnJZU1BOcGk5MENBQkVBeHZ0bUs1QXQ4XC9oaVk9IiwiYWxnIjoiUlMyNTYifQ..." \
-d '{
  "paymentID": "TR0011URZu3Fn1745393195826"
}'

Example Response


{
  "paymentID": "TR0011URZu3Fn1745393195826",
  "trxID": "CDN8KOCXZO",
  "transactionStatus": "Completed",
  "amount": "1",
  "currency": "BDT",
  "intent": "sale",
  "paymentExecuteTime": "2025-04-23T13:27:57:841 GMT+0600",
  "merchantInvoiceNumber": "Inv0124",
  "payerType": "Customer",
  "payerReference": "0011",
  "customerMsisdn": "01608488194",
  "payerAccount": "01608488194",
  "maxRefundableAmount": "1",
  "statusCode": "0000",
  "statusMessage": "Successful"
}

Notes

On transactionStatus: Completed, user balance and transaction count are updated.

Payment Status

Retrieves the current status of a payment using the paymentID.

Request URL: {base_URL}/status

HTTP Method: POST

Request Headers

Header Name	Value	Description
Content-Type	`application/json`	Specifies that the request body is in JSON format.
Accept	`application/json`	Indicates that the client expects a JSON response.
apikey	`<Your-API-Key>`	The API key provided by OnePayBD.
Authorization	`Bearer <id_token>`	Token from Grant Token API.

Request Parameters

Property	Presence	Type	Description
paymentID	Mandatory	String	Payment ID from Create Payment API (e.g., `TR0011URZu3Fn1745393195826`).

Example Request


curl -X POST https://api.onepaybd.com/status \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "apikey: puqknyhi8cNx2LVdU5vAG0s6tlIoFSE9D3MeTZHfrJBb" \
-H "Authorization: Bearer eyJraWQiOiJEWXd6RU9Fd3h5Q3lkRVwvUnJZU1BOcGk5MENBQkVBeHZ0bUs1QXQ4XC9oaVk9IiwiYWxnIjoiUlMyNTYifQ..." \
-d '{
  "paymentID": "TR0011URZu3Fn1745393195826"
}'

Example Response


{
  "paymentID": "TR0011URZu3Fn1745393195826",
  "trxID": "CDN8KOCXZO",
  "mode": "0011",
  "paymentCreateTime": "2025-04-23T13:26:35:826 GMT+0600",
  "paymentExecuteTime": "2025-04-23T13:27:57:841 GMT+0600",
  "amount": "1.00",
  "currency": "BDT",
  "intent": "sale",
  "merchantInvoice": "Inv0124",
  "transactionStatus": "Completed",
  "serviceFee": "0.00",
  "maxRefundableAmount": "1.00",
  "verificationStatus": "Complete",
  "payerReference": "0011",
  "payerType": "Customer",
  "statusCode": "0000",
  "statusMessage": "Successful"
}

Notes

Provides payment status (e.g., Initiated, Completed) and details like serviceFee.

Demo PHP Code

Below is a sample PHP script demonstrating how to use the OnePayBD API to generate a token, create a payment, and execute it.


<?php
// OnePayBD API Demo
$base_url = "https://api.onepaybd.com";
$api_key = "puqknyhi8cNx2LVdU5vAG0s6tlIoFSE9D3MeTZHfrJBb";

// Function to make API requests
function makeApiRequest($url, $headers, $data = null, $method = "POST") {
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    
    if ($method === "POST" && $data) {
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
    }
    
    $response = curl_exec($ch);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);
    
    return [
        'http_code' => $http_code,
        'response' => json_decode($response, true)
    ];
}

// Step 1: Get Token
$token_headers = [
    "Content-Type: application/json",
    "Accept: application/json",
    "apikey: $api_key"
];
$token_result = makeApiRequest("$base_url/token", $token_headers);

if ($token_result['http_code'] !== 200 || $token_result['response']['statusCode'] !== "0000") {
    die("Token Error: " . ($token_result['response']['error'] ?? "Failed to get token"));
}

$id_token = $token_result['response']['id_token'];
echo "Token Obtained: $id_token\n";

// Step 2: Create Payment
$create_headers = [
    "Content-Type: application/json",
    "Accept: application/json",
    "apikey: $api_key",
    "Authorization: Bearer $id_token"
];
$create_data = [
    "mode" => "0011",
    "payerReference" => "0011",
    "callbackURL" => "http://yourdomain.com",
    "merchantAssociationInfo" => "MI05MID54RF09123456One",
    "amount" => "50",
    "currency" => "BDT",
    "intent" => "sale",
    "merchantInvoiceNumber" => "Inv0124"
];
$create_result = makeApiRequest("$base_url/create", $create_headers, $create_data);

if ($create_result['http_code'] !== 200 || $create_result['response']['statusCode'] !== "0000") {
    die("Create Payment Error: " . ($create_result['response']['error'] ?? "Failed to create payment"));
}

$payment_id = $create_result['response']['paymentID'];
$bkash_url = $create_result['response']['bkashURL'];
echo "Payment Created: $payment_id\nRedirect to: $bkash_url\n";

// Step 3: Execute Payment (after user completes payment)
$execute_headers = [
    "Content-Type: application/json",
    "Accept: application/json",
    "apikey: $api_key",
    "Authorization: Bearer $id_token"
];
$execute_data = [
    "paymentID" => $payment_id
];
$execute_result = makeApiRequest("$base_url/execute", $execute_headers, $execute_data);

if ($execute_result['http_code'] !== 200 || $execute_result['response']['statusCode'] !== "0000") {
    die("Execute Payment Error: " . ($execute_result['response']['error'] ?? "Failed to execute payment"));
}

echo "Payment Executed: Transaction Status - " . $execute_result['response']['transactionStatus'] . "\n";
?>

Notes

Replace puqknyhi8cNx2LVdU5vAG0s6tlIoFSE9D3MeTZHfrJBb with your actual API key.
Redirect users to $bkash_url after creating the payment.
Handle errors appropriately in production code.

Error Handling

The API returns HTTP status codes and JSON error messages for various scenarios.

HTTP Code	Description	Example Response
200	Success	Varies by endpoint
400	Bad Request (missing/invalid parameters)	`{"error": "Missing required field: amount"}`
403	Forbidden (invalid API key)	`{"error": "Invalid API key"}`
500	Server Error	`{"error": "Database connection failed"}`

Security Considerations

API Key: Keep your API key confidential. Do not expose it in client-side code or public repositories.
HTTPS: Use HTTPS for all requests to ensure data security.
Authorization Token: Include the id_token in the Authorization header for /create, /execute, and /status.
Input Validation: Ensure all required fields are provided and correctly formatted.

Contact Support

For assistance with integration or API issues, contact OnePayBD support:

Email: support@onepaybd.com
Website: https://onepaybd.com