DuitNow QR
Topics covered on this page
Accept online payments from DuitNow users through your website using the DuitNow QR payment method. This guide walks you through the payment flow and details on how to implement.
How to enable
- Supported Countries: Malaysia
- Minimum API version:
2017-11-02
To enable DuitNow QR, send an email requesting this feature to support@opn.ooo. You will need to review and accept new terms and conditions.
Payment flow
Customers paying via DuitNow QR go through a redirect payment flow. This means they are redirected from your website to DuitNow QR's secure checkout page where they authorize and confirm the payment. Upon completion, the customer is redirected to the receipt page, then back to your website.
Using a mobile
❶ The customer chooses the wallet they want to pay with. ❷ After that a QR code will be shown. To scan the QR code, the customer takes a screenshot of the QR code ❸ and logs into their bank using their mobile phone. ❹ The customer loads the screenshot containing the QR code using their bank app. ❺ The customer confirms the purchase using the bank app. ❻ Once you receive a webhook completion event, confirm the payment with the user.
Using a desktop browser
❶ The customer chooses the wallet they want to pay with. ❷ After that a QR code will be shown. ❸ The customer opens the corresponding wallet app and then uses the QR scanner. ❹ The customer scans the QR code. ❺ The customer is shown the summary page before confirming their payment. ❻ The payment confirmation slip is shown. The customer can choose to be redirected to the merchant's payment confirmation page. ❼ Once you receive a webhook completion event, confirm the payment with the customer.
Implementation
To create a charge using DuitNow QR, make the following API requests.
- Create a new payment source (
type:duitnow_qr) using Omise.js or one of the mobile SDKs (iOS and Android) - Create a new charge using the identifier of the source created in Step 1.
- After receiving the charge completion webhook event, retrieve the charge to verify its status (optional, but recommended).
Use your public key to create the DuitNow QR source on the client (a customer's browser or mobile phone). Use your secret key to create the DuitNow QR charge on the server.
If both the creation and charge of a source must happen server-side, you can create and charge the source in a single API request using your secret key.
Creating a source
When the customer confirms that they wish to pay with this payment method, create a new source specifying the amount, currency, platform_type, and type.
| Parameter | Type | Description |
|---|---|---|
amount |
integer | (required) See Limits |
currency |
string | (required) MYR |
platform_type |
string | (optional) IOS,ANDROID (example: IOS) |
type |
string | (required) duitnow_qr |
The following examples demonstrate the creation of a new DuitNow QR source for RM1500. Replace the omise_public_key and $OMISE_PUBLIC_KEY variables with the test public key found on your dashboard.
Using Omise.js, the
typeparameter is supplied as the first argument to thecreateSourcemethod.
Omise.setPublicKey(omise_public_key);
Omise.createSource('duitnow_qr', {
"amount": 150000,
"currency": "MYR"
}, function(statusCode, response) {
console.log(response)
});
For testing, you can create the same request using curl.
curl https://api.omise.co/sources \
-u $OMISE_PUBLIC_KEY: \
-d "amount=150000" \
-d "currency=MYR" \
-d "type=duitnow_qr"
{
"object": "source",
"id": "src_test_5xsj463pfkf9cstmtbf",
"livemode": false,
"location": "/sources/src_test_5xsj463pfkf9cstmtbf",
"amount": 150000,
"barcode": null,
"bank": null,
"created_at": "2023-11-16T13:45:02Z",
"currency": "MYR",
"email": null,
"flow": "redirect",
"installment_term": null,
"ip": null,
"absorption_type": null,
"name": null,
"mobile_number": null,
"phone_number": null,
"platform_type": null,
"scannable_code": null,
"billing": null,
"shipping": null,
"items": [],
"references": null,
"provider_references": null,
"store_id": null,
"store_name": null,
"terminal_id": null,
"type": "duitnow_qr",
"zero_interest_installments": null,
"charge_status": "unknown",
"receipt_amount": null,
"discounts": []
}
The id attribute is the source identifier (begins with src).
Creating a charge
Create a charge specifying the parameters return_uri, source, amount, and currency.
return_urispecifies the location on your website to which the customer should be redirected after completing the payment authorization step.URL must be in HTTPS format.
sourcespecifies the source identifier.amountandcurrencymust matchamountandcurrencyof the source.
Can support both manual and automatic capture.
The following example demonstrates how to create a new charge using curl.
Replace $OMISE_SECRET_KEY with your test secret key found on your dashboard.
Replace $SOURCE_ID with the id of the source.
curl https://api.omise.co/charges \
-u $OMISE_SECRET_KEY: \
-d "amount=1000" \
-d "currency=JPY" \
-d "return_uri=http://example.com/orders/345678/complete" \
-d "source=$SOURCE_ID"
curl https://api.omise.co/charges \
-u $OMISE_SECRET_KEY: \
-d "amount=150000" \
-d "currency=MYR" \
-d "return_uri=http://example.com/orders/345678/complete" \
-d "source=$SOURCE_ID"
{
"object": "charge",
"id": "chrg_test_5xsj466h4gojpxwc864",
"location": "/charges/chrg_test_5xsj466h4gojpxwc864",
"amount": 150000,
"net": 148200,
"fee": 1800,
"fee_vat": 0,
"interest": 0,
"interest_vat": 0,
"funding_amount": 150000,
"refunded_amount": 0,
"transaction_fees": {
"fee_flat": "0.0",
"fee_rate": "1.2",
"vat_rate": "0.0"
},
"platform_fee": {
"fixed": null,
"amount": null,
"percentage": null
},
"currency": "MYR",
"funding_currency": "MYR",
"ip": null,
"refunds": {
"object": "list",
"data": [],
"limit": 20,
"offset": 0,
"total": 0,
"location": "/charges/chrg_test_5xsj466h4gojpxwc864/refunds",
"order": "chronological",
"from": "1970-01-01T00:00:00Z",
"to": "2023-11-16T13:45:02Z"
},
"link": null,
"description": null,
"metadata": {},
"card": null,
"source": {
"object": "source",
"id": "src_test_5xsj45vlo6ns9txpi1n",
"livemode": false,
"location": "/sources/src_test_5xsj45vlo6ns9txpi1n",
"amount": 150000,
"barcode": null,
"bank": null,
"created_at": "2023-11-16T13:45:01Z",
"currency": "MYR",
"email": null,
"flow": "redirect",
"installment_term": null,
"ip": null,
"absorption_type": null,
"name": null,
"mobile_number": null,
"phone_number": null,
"platform_type": null,
"scannable_code": null,
"billing": null,
"shipping": null,
"items": [],
"references": null,
"provider_references": null,
"store_id": null,
"store_name": null,
"terminal_id": null,
"type": "duitnow_qr",
"zero_interest_installments": null,
"charge_status": "pending",
"receipt_amount": null,
"discounts": []
},
"schedule": null,
"customer": null,
"dispute": null,
"transaction": null,
"failure_code": null,
"failure_message": null,
"status": "pending",
"authorize_uri": "https://pay.omise.co/payments/pay2_test_5xsj466ihvy78yb4krj/authorize",
"return_uri": "http://example.com/orders/345678/complete",
"created_at": "2023-11-16T13:45:02Z",
"paid_at": null,
"expires_at": "2023-11-23T13:45:02Z",
"expired_at": null,
"reversed_at": null,
"zero_interest_installments": false,
"branch": null,
"terminal": null,
"device": null,
"authorized": false,
"capturable": false,
"capture": true,
"disputable": false,
"livemode": false,
"refundable": false,
"partially_refundable": false,
"reversed": false,
"reversible": false,
"voided": false,
"paid": false,
"expired": false
}
Creating a source and charge
Alternatively, you can create and charge a source in a single API request.
curl https://api.omise.co/charges \
-u $OMISE_SECRET_KEY: \
-d "amount=150000" \
-d "currency=MYR" \
-d "return_uri=http://example.com/orders/345678/complete" \
-d "source[type]=duitnow_qr"
Completing the charge
At this point, you have created a new charge with its status set to pending.
Other possible values for charge status are successful, failed, and expired.
The following sections detail how to authorize a charge, receive its completion webhook event, and update its status.
Authorizing the charge
Redirect the customer to the location specified in authorize_uri so that they can authorize the charge.
The merchant can simulate this authorization phase in test mode by visiting authorize_uri to manually mark the charge as Successful
or Failed
.
After the customer has completed the authorization phase, they will be redirected to the location specified in return_uri.
Receiving the charge completion event
The best way to be notified about the completion of a charge is using webhook events.
Set up a location on the merchant server to receive webhook events, and add this location as a webhook endpoint on the dashboard.
Checking the charge status
After receiving this event, retrieve the charge using its id and confirm that its status matches the status of the charge contained in the event.
If the value of status is successful, you got paid.
If the value of status is failed, check the failure_code and failure_message in the charge object for an explanation.
Possible failure codes are as follows.
| Failure Code | Description |
|---|---|
payment_expired |
Payment expired. |
payment_rejected |
Payment rejected by issuer. |
failed_processing |
General payment processing failure. |
invalid_account |
Valid account for payment method not found. |
insufficient_fund |
Insufficient funds in the account or the payment method has reached its limit. |
Voids and Refunds
DuitNow QR charges can be partially or fully refunded within 180 days of the transaction date.
Limits
- Minimum:
100(MYR1.00) - Maximum:
2000000(MYR20,000.00)
Related API documentation
How to check the public key and secret key
For information on how to obtain and check the public and secret keys, please refer to this document.
