Malaysia FPX

Topics covered on this page

Enable your customers to make purchases directly from their bank accounts using FPX. This guide walks you through the payment flow and details on how to implement.

How to enable

  • Supported Countries: Malaysia
  • Minimum API version: 2017-11-02

To enable FPX, send an email requesting this feature to support@opn.ooo. You will need to review and accept new terms and conditions.

Payment flow

Customers paying via FPX go through a redirect payment flow. This means they are redirected from your website to FPX’s secure checkout page where they authorize and confirm the payment. Upon completion, the customer is redirected to the receipt page, then back to your website. The following screenshots demonstrate this flow. First, the customer selects FPX as their preferred payment method.

After choosing the bank with which they would like to pay, the customer is redirected to the external page operated by the bank. FPX- login The customer reviews the payment amount and confirms the payment. Upon confirmation, the customer is redirected to the receipt page. Opn Payments will send a webhook event (if enabled) indicating that the charge is complete. The customer can choose to return to your website via the back button on the receipt page. FPX- confirm

Implementation

To create a charge using FPX, make the following API requests.

  1. Fetch the current available list of banks for FPX via the capabilities API, see here.

  2. Create a new payment source (type: fpx) using Omise.js or one of the mobile SDKs (iOS and Android)

  3. Create a new charge using the identifier of the source created in Step 1.

  4. After receiving the charge completion webhook event, retrieve the charge to verify its status (optional, but recommended).

Use your public key to create the FPX source on the client (a customer's browser or mobile phone). Use your secret key to create the FPX charge on the server.

If both the creation and charge of a source must happen server-side, you can create and charge the source in a single API request using your secret key.

For direct API integration, it's required by PayNet to display FPX logo on merchant's payment page according to FPX branding guideline. For more information, please contact support@opn..ooo.

Fetching the list of available banks

  1. Use the capabilities API to get the list of available banks for FPX
  2. After receiving the response, refer to the banks array within the FPX payment method within the payment_methods array

Note: the top-level banks array is specifically for transfers, not FPX

{
  "object": "capability",
  "location": "/capability",
  "banks": [...],
  "payment_methods": [
    {
      "object": "payment_method",
      "name": "fpx",
      "currencies": [
          "MYR"
      ],
      "card_brands": null,
      "installment_terms": null,
      "banks": [
          {
            "code": "affin",
            "name": "Affin Bank",
            "active": true
          },
          ...
      ]
    }
  ] 
}

Creating a source

When the customer confirms that they wish to pay with this payment method, create a new source specifying the amount, bank, currency, and type.

Parameter Type Description
amount integer (required) See Limits
currency string (required) MYR
bank string (required) Bank code selected by customer*
email string (optional) A minimum of 6 and maximum of 50 characters in length

*All available bank codes are listed below.

Bank Code Bank Name
affin Affin Bank
alliance Alliance Bank (Personal)
agro AGRONet
ambank AmBank
islam Bank Islam
muamalat Bank Muamalat
rakyat Bank Rakyat
bocm Bank Of China
bsn BSN
cimb CIMB Clicks
hongleong Hong Leong Bank
hsbc HSBC Bank
kfh KFH
maybank2e Maybank2E
maybank2u Maybank2U
ocbc OCBC Bank
public Public Bank
rhb RHB Bank
sc Standard Chartered
uob UOB Bank

The following examples demonstrate the creation of a new FPX source for RM4,000. Replace the omise_public_key and $OMISE_PUBLIC_KEY variables with the test public key found on your dashboard.

Using Omise.js, the type parameter is supplied as the first argument to the createSource method.

Omise.setPublicKey(omise_public_key);

Omise.createSource('fpx', {
  "amount": 400000,
  "currency": "MYR",
  "bank": "affin"
}, function(statusCode, response) {
  console.log(response)
});

For testing, you can create the same request using curl.

curl https://api.omise.co/sources \
  -u $OMISE_PUBLIC_KEY: \
  -d "amount=400000" \
  -d "currency=MYR" \
  -d "type=fpx" \
  -d "bank=affin"
{
  "object": "source",
  "id": "src_test_5xsjiipa6l3cfmfgahy",
  "livemode": false,
  "location": "/sources/src_test_5xsjiipa6l3cfmfgahy",
  "amount": 400000,
  "barcode": null,
  "bank": "affin",
  "created_at": "2023-11-16T14:25:48Z",
  "currency": "MYR",
  "email": null,
  "flow": "redirect",
  "installment_term": null,
  "ip": null,
  "absorption_type": null,
  "name": null,
  "mobile_number": null,
  "phone_number": null,
  "platform_type": null,
  "scannable_code": null,
  "billing": null,
  "shipping": null,
  "items": [],
  "references": null,
  "provider_references": null,
  "store_id": null,
  "store_name": null,
  "terminal_id": null,
  "type": "fpx",
  "zero_interest_installments": null,
  "charge_status": "unknown",
  "receipt_amount": null,
  "discounts": []
}

The id attribute is the source identifier (begins with src).

Creating a charge

Create a charge specifying the parameters return_uri, source, amount, and currency.

  • return_uri specifies the location on your website to which the customer should be redirected after completing the payment authorization step.
  • source specifies the source identifier.
  • amount and currency must match amount and currency of the source.

The following example demonstrates how to create a new charge using curl. Replace $OMISE_SECRET_KEY with your test secret key found on your dashboard. Replace $SOURCE_ID with the id of the source.

curl https://api.omise.co/charges \
  -u $OMISE_SECRET_KEY: \
  -d "amount=400000" \
  -d "currency=MYR" \
  -d "return_uri=http://example.com/orders/345678/complete" \
  -d "source=$SOURCE_ID"
{
  "object": "charge",
  "id": "chrg_test_5xsjiis1jqjo93f6wj0",
  "location": "/charges/chrg_test_5xsjiis1jqjo93f6wj0",
  "amount": 400000,
  "net": 399850,
  "fee": 150,
  "fee_vat": 0,
  "interest": 0,
  "interest_vat": 0,
  "funding_amount": 400000,
  "refunded_amount": 0,
  "transaction_fees": {
    "fee_flat": "1.5",
    "fee_rate": "0.0",
    "vat_rate": "0.0"
  },
  "platform_fee": {
    "fixed": null,
    "amount": null,
    "percentage": null
  },
  "currency": "MYR",
  "funding_currency": "MYR",
  "ip": null,
  "refunds": {
    "object": "list",
    "data": [],
    "limit": 20,
    "offset": 0,
    "total": 0,
    "location": "/charges/chrg_test_5xsjiis1jqjo93f6wj0/refunds",
    "order": "chronological",
    "from": "1970-01-01T00:00:00Z",
    "to": "2023-11-16T14:25:48Z"
  },
  "link": null,
  "description": null,
  "metadata": {},
  "card": null,
  "source": {
    "object": "source",
    "id": "src_test_5xsjiierbypwogsxxjk",
    "livemode": false,
    "location": "/sources/src_test_5xsjiierbypwogsxxjk",
    "amount": 400000,
    "barcode": null,
    "bank": "affin",
    "created_at": "2023-11-16T14:25:46Z",
    "currency": "MYR",
    "email": null,
    "flow": "redirect",
    "installment_term": null,
    "ip": null,
    "absorption_type": null,
    "name": null,
    "mobile_number": null,
    "phone_number": null,
    "platform_type": null,
    "scannable_code": null,
    "billing": null,
    "shipping": null,
    "items": [],
    "references": null,
    "provider_references": null,
    "store_id": null,
    "store_name": null,
    "terminal_id": null,
    "type": "fpx",
    "zero_interest_installments": null,
    "charge_status": "pending",
    "receipt_amount": null,
    "discounts": []
  },
  "schedule": null,
  "customer": null,
  "dispute": null,
  "transaction": null,
  "failure_code": null,
  "failure_message": null,
  "status": "pending",
  "authorize_uri": "https://pay.omise.co/payments/pay2_test_5xsjiis2xgdol1lwjf1/authorize",
  "return_uri": "http://example.com/orders/345678/complete",
  "created_at": "2023-11-16T14:25:48Z",
  "paid_at": null,
  "expires_at": "2023-11-23T14:25:48Z",
  "expired_at": null,
  "reversed_at": null,
  "zero_interest_installments": false,
  "branch": null,
  "terminal": null,
  "device": null,
  "authorized": false,
  "capturable": false,
  "capture": true,
  "disputable": false,
  "livemode": false,
  "refundable": false,
  "partially_refundable": false,
  "reversed": false,
  "reversible": false,
  "voided": false,
  "paid": false,
  "expired": false
}

Creating a source and charge

Alternatively, you can create and charge a source in a single API request.

curl https://api.omise.co/charges \
  -u $OMISE_SECRET_KEY: \
  -d "amount=400000" \
  -d "currency=MYR" \
  -d "return_uri=http://example.com/orders/345678/complete" \
  -d "source[type]=fpx" \
  -d "source[bank]=affin"

Completing the charge

At this point, you have created a new charge with its status set to pending. Other possible values for charge status are successful, failed, and expired.

The following sections detail how to authorize a charge, receive its completion webhook event, and update its status.

sequenceDiagram participant customer participant omise.js participant merchant participant api.omise.co customer->>omise.js: Send payment details for purchase omise.js->>api.omise.co: Request source using payment details api.omise.co-->>omise.js: Return source omise.js->>merchant: Merchant gets returned source merchant->>api.omise.co: Request charge using source and purchase details api.omise.co-xmerchant: Send "charge.create" webhook api.omise.co-->>merchant: Return charge merchant->>customer: Redirect to "authorize_uri" for pending charge customer->>api.omise.co: Provide charge authorization details at "authorize_uri" api.omise.co-->>customer: Redirect to "return_uri" api.omise.co-xmerchant: Send "charge.complete" webhook merchant-xcustomer: Send charge result (e.g. via email)

Authorizing the charge

Redirect the customer to the location specified in authorize_uri so that they can authorize the charge.

The merchant can simulate this authorization phase in test mode by visiting authorize_uri to manually mark the charge as Successful or Failed.

After the customer has completed the authorization phase, they will be redirected to the location specified in return_uri.

Receiving the charge completion event

The best way to be notified about the completion of a charge is using webhook events.

Set up a location on the merchant server to receive webhook events, and add this location as a webhook endpoint on the dashboard.

Checking the charge status

After receiving this event, retrieve the charge using its id and confirm that its status matches the status of the charge contained in the event.

If the value of status is successful, you got paid.

If the value of status is failed, check the failure_code and failure_message in the charge object for an explanation.

Possible failure codes are as follows.

Failure Code Description
payment_rejected Payment rejected by issuer.
failed_processing General payment processing failure.
invalid_account Valid account for payment method not found.
insufficient_fund Insufficient funds in the account or the payment method has reached its limit.

Voids and refunds

Charges can be partially or fully refunded within six months of the transaction date using the API.

Limits

  • Minimum: 100 (MYR1.00)
  • Maximum: 3000000 (MYR30,000.00)

How to check the public key and secret key

For information on how to obtain and check the public and secret keys, please refer to this document.

Omise uses cookies to improve your overall site experience and collect information on your visits and browsing behavior. By continuing to browse our website, you agree to our Privacy Policy. Learn more