Skip to main content

API overview

The merchant API is a set of REST endpoints (GodaPay-compatible). Every request carries a signature field in the body, using MD5 sorted signature authentication.

Basics

Base URL

https://api.168tonpay.xyz/api/v1/compat/godapay      # collect
https://apply.168tonpay.xyz/api/v1/compat/godapay # payout

Authentication

All endpoints use the request-body MD5 sorted signature. See Authentication.

Request example

POST /api/v1/compat/godapay/pay/order/create HTTP/1.1
Host: api.168tonpay.xyz
Content-Type: application/json

{
"merchantId": "0b8a4f32-1c1e-4a1c-9b25-3a9c2e0f7d5b",
"orderNo": "ORD-001",
"returnUrl": "https://your-server.example/webhook",
"playerPhone": "01711000000",
"playerRef": "player_1",
"signature": "<md5-sorted>"
}

Response format

Success (code: 0):

{ "code": 0, "data": { /* endpoint fields */ } }

Error (non-zero code):

{ "code": 1103, "message": "Amount must be between 10 and 1000000" }

See Error codes.

Endpoints

Endpoint (relative to Base URL)MethodPurpose
/pay/order/createPOSTCreate a deposit
/pay/order/queryPOSTQuery an order
/pay/order/status/:platformOrderNoGEThosted-page status polling
/apply/createPOSTCreate a payout
/apply/queryPOSTquery a payout
/pay/balancePOSTCheck balance

Supported channels

CodeName
bkashbKash
nagadNagad
rocketRocket

Rate limits

60 requests / minute per merchant. See Rate limits.

HTTP status codes

CodeMeaning
200Success (business result in the code field)
400Bad request
401Unauthorized / invalid signature
404Not found
429Rate limited
500Server error

Webhook

When an order reaches a terminal state, the platform POSTs a form-urlencoded callback to your returnUrl (status "1"=paid / "0"=unpaid); respond with the literal SUCCESS. See Webhooks.

Next steps