Auth & Capture

Merchant Workflow

To initiate the payment in this scenario, the merchant needs to complete the following steps:

  1. Completed account linking request and store returned access token

  2. Optional: to retrieve user information or coin redemption using access token

  3. Initiate an auth request with an amount

  4. At a later time, initiate a capture request

  1. Customer uses their linked ShopeePay account as the payment method to place the order, and the merchant calls ShopeePay to hold the amount.
  2. The merchant calls ShopeePay to capture the final payment amount, based on the previous auth request.
  3. If the order was later cancelled, the merchant calls ShopeePay to release the held amount.
  4. ShopeePay will send an asynchronous message via Notify Transaction Status endpoint to inform merchants on the payment result.
  5. Merchants can also call the Check Transaction Status endpoint to query the status of the transaction.
    • If the response code is "Success", merchant can mark this transaction as successful.
    • If the response code is "Failed", merchant can mark this transaction as failed.
    • If the transaction is in a processing status, please retry the request at an incremental time range of every 5 seconds (e.g., 5 seconds, 10 seconds, 15 seconds, and so on) up to a maximum of 100 seconds. If there is no response after 100 seconds, please retry the request at an incremental time range of every 5 minutes up to 24 hours.
    • If the transaction has no response, please retry the request at an incremental time range of every 5 seconds (e.g., 5 seconds, 10 seconds, 15 seconds, and so on) up to a maximum of 100 seconds. If there is no response after 100 seconds,  please retry the request at an incremental time range of every 5 minutes up to 24 hours.
    • If customer can show evidence of payment success on their payment app, merchant may choose to consider payment as successful and wait for reconciliation process on T+1 to settle discrepancies with ShopeePay, if any.

API Documentation

Create Auth

Use this endpoint to create an auth with an access token.

  • URL: "/v3/merchant-host/transaction/auth/create"

Request Parameters

FieldTypeMandatoryDescription
request_idstringUnique identifier for request.
auth_reference_idstringUnique identifier of authorisation transaction generated by client.
merchant_ext_idstringUnique identifier of merchant in client system.
store_ext_idstringUnique identifier of store in client system.
access_tokenstringThe access token used to identify the user account.
amountint64Amount used for the payment as integer, inflated by a factor of 100. A positive integer in the smallest currency unit, with no decimal point.
currencystringRefers to the currency abbreviation for the transaction
return_urlstringIndicates the URL of the Client’s platform to redirect back to once payment verification on ShopeePay (if applicable) is done.
auth_expiry_timeuint32Unix timestamp. The value represents when this auth transaction will expire. Maximum expiry time is 14 days from the time the request is received by ShopeePay.

Sample API Request

REQUEST

{
"request_id": "input-unique-request-id-here",
"auth_reference_id": "ref-must-be-unique",
"merchant_ext_id": "external-merchant",
"store_ext_id":"external-store",
"access_token": "uXjWuhPGepSOtntoC8kTK5er6DlbUiGeSJDt53",
"amount": 100,
"currency": "IDR"
}
arrow-svg

Copy

Response Parameters

FieldTypeDescription
request_idstringThe same value as the request_id in the request.
errcodeint32Error code to specify the error returned.
debug_msgstringDebug message to provide more information.
redirect_urlstringThe URL for the Client’'s frontend to redirect to for PIN verification, valid for 30 mins. Only applicable if PIN verification is needed.
transactionobjectWill return empty if no such transaction.
  • reference_id
stringUnique identifier of auth transaction generated by client.
  • amount
int64Amount used for the payment as integer, inflated by a factor of 100. A positive integer in the smallest currency unit, with no decimal point.
  • status
uint32Refer to Transaction Status for specific transaction statuses.
  • transaction_type
uint321000 (Refer to Transaction Types for specific transaction types).
  • transaction_sn
stringTransaction identifier in ShopeePay system.
  • create_time
uint32Create time of the individual transaction.
  • update_time
uint32Update time of the individual transaction.
  • user_id_hash
stringIdentifier for user that made the payment.
  • merchant_ext_id
stringUnique identifier of merchant in Client system.
  • store_ext_id
stringUnique identifier of store in Client system.

Sample API Response (with PIN verification)

RESPONSE

{
"request_id": "input-unique-request-id-here",
"errcode": 0,
"debug_msg": "success",
"redirect_url": "http://shopeepay.com/user/auth-code/verify"
}
arrow-svg

Copy

Sample API Response (without PIN verification)

RESPONSE

{
"request_id": "input-unique-request-id-here",
"errcode": 0,
"debug_msg": "success",
"transaction": {
"reference_id": "input-payment-ref-id",
"amount": 100,
"create_time": 1716193693,
"update_time": 1716193693,
"transaction_sn": "4737856404311306",
"status": 3,
"transaction_type": 1000,
"merchant_ext_id": "external-merchant",
"store_ext_id": "external-store",
"user_id_hash": "697863f9295aeddcb3db598ecbc74c59a13335abf4d8c41b40e33b28a9d7d63c"
}
arrow-svg

Copy

Response Code

ValueDescription
-2A server dropped the connection
-1A server error occurred
0Success
1The request parameters is invalid or a mandatory parameter is empty
2Permission denied, often due to invalid status
4Not found, often due to merchant/store/user/transaction not found
5Transaction is in processing status, use Check Transaction Status endpoint to query the updated status of the payment
9Customer’s account is banned
11Duplicated request
14Customer’s account is deleted
24Customer's account is frozen
27Customer's account is not activated
42Insufficient balance
43Insufficient balance
50The request parameters is invalid due to payload sent is not a valid JSON
105Invalid auth code
140Customer’s wallet limit is reached
1001Customer is not allowed to make the transaction
1100ShopeePay internal payment module error
1101ShopeePay internal payment module error
1102Customer’s SPL credit limit is reached
1103Customer is required to link their bank account
1104Ineligible payment channel
1106Duplicated payment
1200ShopeePay internal payment module error
1201ShopeePay internal payment module error
1500ShopeePay internal payment module error
1800ShopeePay internal payment module error
1801ShopeePay internal payment module error
1907Ineligible payment channel
1908Service is temporarily down for scheduled maintenance
300088Customer is required to complete verification
300210ShopeePay scam warning error message

Capture

Use this API to create a full or partial capture transaction using funds reserved from the corresponding auth transaction. Capture must be requested before the auth transaction expires. Only one capture, full or partial, will be accepted for each auth transaction.

  • URL: "/v3/merchant-host/transaction/auth/capture"

Request Parameters

FieldTypeMandatoryDescription
request_idstringYUnique identifier for request. 
capture_reference_idstringYUnique identifier of capture transaction generated by client.
merchant_ext_idstringYUnique identifier of merchant in client system.
store_ext_idstringYUnique identifier of store in client system.
amountint64YThe amount to capture. Capture amount should be no greater than the original auth amount.
auth_reference_idstringYThe auth_reference_id of the auth transaction Client wants to capture.
use_coinbooleanNUsers may indicate their preference to use or not to use coins to offset their payment on the Client’s platform. Use this field to pass the user's preference. 
promo_idsstringNComma separated eligible promo_ids of 100 characters or less (up to 20), if any.

Sample API Request

REQUEST

{
"request_id": "input-unique-request-id-here",
"auth_reference_id": "input-auth-ref-id",
"capture_reference_id": "input-capture-ref-id",
"merchant_ext_id": "external-merchant",
"store_ext_id": "external-store",
"amount": 1000
}
arrow-svg

Copy

Response Parameters 

FieldTypeDescription
request_idstringThe same value as the request_id in the request.
errcodeint32Error code to specify the error returned.
debug_msgstringDebug message to provide more information.
transactionobjectWill return empty if no such transaction.
  • reference_id
stringUnique identifier of capture transaction generated by client.
  • amount
int64Amount used for the payment as integer, inflated by a factor of 100. A positive integer in the smallest currency unit, with no decimal point.
  • status
uint32Refer to Transaction Status for specific transaction statuses.
  • transaction_type
uint321000 (Refer to Transaction Types for specific transaction types).
  • transaction_sn
stringTransaction identifier in ShopeePay system.
  • create_time
uint32Create time of the individual transaction.
  • update_time
uint32Update time of the individual transaction.
  • user_id_hash
stringIdentifier for user that made the payment.
  • merchant_ext_id
stringUnique identifier of merchant in Client system.
  • store_ext_id
stringUnique identifier of store in Client system.
  • promo_id_applied
stringpromo_id applied to the payment transaction. This will be filled only if the user received a reward from a valid promotion with the promo_id specified.

Sample API Response

RESPONSE

{
"request_id": "input-unique-request-id-here",
"errcode": 0,
"debug_msg": "success",
"transaction": {
"reference_id": "input-capture-ref-id",
"amount": 100,
"create_time": 1716193693,
"update_time": 1716193693,
"transaction_sn": "4737856404311306",
"status": 3,
"transaction_type": 1001,
"merchant_ext_id": "external-merchant",
"store_ext_id": "external-store",
"user_id_hash": "697863f9295aeddcb3db598ecbc74c59a13335abf4d8c41b40e33b28a9d7d63c"
}
arrow-svg

Copy

Response Code

ValueDescription
-2A server dropped the connection
-1A server error occurred
0Success
1The request parameters is invalid or a mandatory parameter is empty
2Permission denied, often due to invalid status
4Not found, often due to merchant/store/user/transaction not found
5Transaction is in processing status, use Check Transaction Status endpoint to query the updated status of the payment
9Customer’s account is banned
11Duplicated request
14Customer’s account is deleted
24Customer's account is frozen
27Customer's account is not activated
42Insufficient balance
43Insufficient balance
50The request parameters is invalid due to payload sent is not a valid JSON
105Invalid auth code
140Customer’s wallet limit is reached
1001Customer is not allowed to make the transaction
1100ShopeePay internal payment module error
1101ShopeePay internal payment module error
1102Customer’s SPL credit limit is reached
1103Customer is required to link their bank account
1104Ineligible payment channel
1106Duplicated payment
1200ShopeePay internal payment module error
1201ShopeePay internal payment module error
1500ShopeePay internal payment module error
1800ShopeePay internal payment module error
1801ShopeePay internal payment module error
1907Ineligible payment channel
1908Service is temporarily down for scheduled maintenance
300088Customer is required to complete verification
300210ShopeePay scam warning error message

Reverse Auth

Use this API to reverse funds reserved previously using an auth request.

  • URL: "/v3/merchant-host/transaction/auth/reverse"

Request Parameters 

FieldTypeMandatoryDescription
request_idstringYUnique identifier for request. 
reverse_auth_reference_idstringYUnique identifier of authorisation reversal transaction generated by client.
merchant_ext_idstringYUnique identifier of merchant in client system.
store_ext_idstringYUnique identifier of store in client system.
auth_reference_idstringYThe reference_id of the auth transaction Client wants to reverse.

Sample API Request

REQUEST

{
"request_id": "input-unique-request-id-here",
"auth_reference_id": "input-auth-ref-id",
"reverse_auth_reference_id": "input-reverse-auth-ref-id",
"merchant_ext_id": "external-merchant",
"store_ext_id": "external-store"
}
arrow-svg

Copy

Response Parameters 

FieldTypeDescription
request_idstringThe same value as the request_id in the request.
errcodeint32Error code to specify the error returned.
debug_msgstringDebug message to provide more information.
transactionobjectWill return empty if no such transaction
  • reference_id
stringUnique identifier of auth reversal transaction generated by client.
  • amount
int64Amount used for the payment as integer, inflated by a factor of 100. A positive integer in the smallest currency unit, with no decimal point.
  • status
uint32Refer to Transaction Status for specific transaction statuses.
  • transaction_type
uint321002 (Refer to Transaction Types for specific transaction types).
  • transaction_sn
stringTransaction identifier in ShopeePay system.
  • create_time
uint32Create time of the individual transaction.
  • update_time
uint32Update time of the individual transaction.
  • user_id_hash
stringIdentifier for user that made the payment.
  • merchant_ext_id
stringUnique identifier of merchant in Client system.
  • store_ext_id
stringUnique identifier of store in Client system.

Sample API Response

RESPONSE

{
"request_id": "input-unique-request-id-here",
"errcode": 0,
"debug_msg": "success",
"transaction": {
"reference_id": "input-reverse-auth-ref-id",
"amount": 100,
"create_time": 1716193693,
"update_time": 1716193693,
"transaction_sn": "4737856404311306",
"status": 3,
"transaction_type": 1002,
"merchant_ext_id": "external-merchant",
"store_ext_id": "external-store",
"user_id_hash": "697863f9295aeddcb3db598ecbc74c59a13335abf4d8c41b40e33b28a9d7d63c"
}
arrow-svg

Copy

Response Code

ValueDescription
-2A server dropped the connection
-1A server error occurred
0Success
1The request parameters is invalid or a mandatory parameter is empty
2Permission denied, often due to invalid status
4Not found, often due to merchant/store/user/transaction not found
5Transaction is in processing status, use Check Transaction Status endpoint to query the updated status of the payment
9Customer’s account is banned
11Duplicated request
14Customer’s account is deleted
24Customer's account is frozen
27Customer's account is not activated
42Insufficient balance
43Insufficient balance
50The request parameters is invalid due to payload sent is not a valid JSON
105Invalid auth code
140Customer’s wallet limit is reached
1001Customer is not allowed to make the transaction
1100ShopeePay internal payment module error
1101ShopeePay internal payment module error
1102Customer’s SPL credit limit is reached
1103Customer is required to link their bank account
1104Ineligible payment channel
1106Duplicated payment
1200ShopeePay internal payment module error
1201ShopeePay internal payment module error
1500ShopeePay internal payment module error
1800ShopeePay internal payment module error
1801ShopeePay internal payment module error
1907Ineligible payment channel
1908Service is temporarily down for scheduled maintenance
300088Customer is required to complete verification
300210ShopeePay scam warning error message