Introducing Xuperma, the cutting-edge payment gateway aggregator designed to transform the way you handle transactions. With its unmatched flexibility and advanced technology, Xuperma revolutionizes payment processing.
\nRouting transactions seamlessly to multiple banks, Xuperma ensures uninterrupted service with its automatic failover mechanism. Say goodbye to downtime and lost revenue as Xuperma swiftly detects and resolves potential bottlenecks, ensuring a smooth payment flow.
\nVelocity is the key to success in the fast-paced world of transactions, and Xuperma delivers. Leveraging real-time data analysis and intelligent algorithms, it optimizes transaction routing for lightning-fast processing. Every payment is handled swiftly and securely, empowering your business to stay ahead.
\nExperience unparalleled flexibility, automatic failover, and velocity optimization in one comprehensive solution. Embrace the future of payment gateway aggregation with Xuperma, and take your business to new heights. Streamline your payment processes and unlock new levels of efficiency and success with Xuperma by your side.
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"2577485","collectionId":"fbf83401-d368-4fca-a3ae-8651fd2eaa7a","publishedId":"2sBXVkAotK","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2026-01-22T08:20:48.000Z"},"item":[{"name":"Authentication","item":[],"id":"80c08435-93ae-4bc6-81fd-70a2faf1a8a9","description":"To authenticate your requests to the Payment Gateway API, you need to include the following headers:
\nPlease ensure that you include these headers in every API request to properly authenticate your application.
\nTo generate the signature, you can use the following code snippet in your preferred programming language:
\ncodesignature = hash_hmac('sha512', key + json_encode(body), token)\n\nIn this code, replace the following variables with the appropriate values:
\nkey: Your API key.
body: The JSON-encoded request body.
token: Your secret token.
In this guide, we will demonstrate how to generate a signature for the \"Fund Acceptance Virtual Account\" parameters. This signature will be used to authenticate a request on our end. Generating this signature is essential for ensuring the security and integrity of your API requests.
\nYou'll need to encode and format your code to be looks like this before hashing
\nV-KRW9ESNZUUKQXOOX{\"reference\":\"12345678\",\"bank_code\":\"014\",\"view_name\":\"Zhan Sui\",\"type\":\"ClosedAmount\",\"amount\":10000,\"additional_info\":{\"callback\":\"https:\\/\\/google.com\"}}\n\nuse the Secret Key to hashing the string above. if you obtain the same result, then you've successfully generated the signature, and it can be used to make a request on our end without any problem.
e6efe7e27393cd30f1cbdf248c4630916d024a3bb12bac6505a16a0994d15da21d6132dd828613920a5f9a127f77e60792c2968553de54490539150babc27b3c\n\nWe currently offer two environments that you can utilize for your application:
\nSandbox - https://api.sandbox.xuperma.com/api
\nProduction - https://api.xuperma.com/api
\nPlease note that the above information is subject to change, and we recommend referring to the latest documentation for accurate details.
\n","_postman_id":"80c08435-93ae-4bc6-81fd-70a2faf1a8a9"},{"name":"Fund Acceptance","item":[{"name":"Virtual Account","event":[{"listen":"prerequest","script":{"id":"be6333df-1bbd-4503-b0f7-ba55423cb56e","exec":["// Extract the required variables from headers","// const key = pm.request.headers.get(\"KEY\");","// const token = pm.request.headers.get(\"TOKEN\");","","// Extract the required variables from environment","const key = pm.environment.get(\"KEY\");","const token = pm.environment.get(\"TOKEN\");","","// Convert the request body to a JSON string without pretty formatting","const bodyJson = JSON.stringify(JSON.parse(pm.request.body.raw));","","// Concatenate the key and body JSON","const message = key + bodyJson.replace(/\\//g, '\\\\/');","","// Calculate the hash using HMAC-SHA512","const hash = CryptoJS.HmacSHA512(message, token).toString();","","// Set the 'On-Signature' header in the request","pm.request.headers.add({ key: 'X-Signature', value: hash });","","// Log a message to the console","console.log(\"Pre-request script executed successfully!\");",""],"type":"text/javascript","packages":{}}}],"id":"84024232-5e3e-422a-8411-c162d024aaf8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-Key","value":"{{KEY}}","description":"Project Key
\n","type":"text"},{"key":"X-Token","value":"{{TOKEN}}","description":"Project Secret Key
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"bank_code\": \"002\",\n \"single_use\": true,\n \"type\": \"ClosedAmount\",\n \"reference\": \"OP092823212\",\n \"amount\": 215000,\n \"expiry_minutes\": 1440,\n \"view_name\": \"zhan\",\n \"additional_info\": {\n \"callback\": \"http://merchant.com/notify\"\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{HOST}}/transaction/virtual-account","description":"Generate Virtual Accounts from Multiple Banks with Our API. Simplify fund acceptance with our efficient API solution. Streamline your payment processes and expand your options for accepting funds seamlessly.
\nProject Key
\n","type":"text"},{"key":"X-Token","value":"yctcTA7zeZvxoqZOa3WoAlPH76ogKEA0","description":"Project Secret Key
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"reference\": \"OP092823-0009\",\n \"amount\": 500000,\n \"expiry_minutes\": 30,\n \"view_name\": \"zhan\",\n \"additional_info\": {\n \"callback\": \"https://merchant.com/notify\"\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{HOST}}/transaction/qris","description":"Accept QR Code Payments Effortlessly with our API Integration. Simplify the process of accepting QR code-based payments using our API. Streamline your payment operations and provide a secure, convenient, and contactless payment option for your customers. Seamlessly integrate QRIS technology to expand your payment capabilities and stay ahead of the trend.
\nProject Key
\n","type":"text"},{"key":"X-Token","value":"{{TOKEN}}","description":"Project Secret Key
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"reference\": \"OP092823\",\n \"phone_number\":\"0821953959\",\n \"channel\":\"gopay\",\n \"amount\": 330000,\n \"expiry_minutes\": 30,\n \"view_name\": \"zhan\",\n \"additional_info\": {\n \"callback\": \"http://merchant.com/notify\",\n \"success_redirect_url\":\"http://redirect-merchant.com\"\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{HOST}}/transaction/e-wallet","description":"Streamline Payment Acceptance from Leading E-Wallets with our Seamless API Integration. Simplify your payment processes by seamlessly integrating our API with popular e-wallet providers. Enable hassle-free transactions with leading e-wallets, offering your customers a convenient and secure payment option. Expand your payment options and cater to the growing market of cashless transactions. With our API's seamless e-wallet integration, accepting payments from various e-wallets has never been easier, providing a seamless and convenient payment experience for your users.
\nProject Key
\n","type":"text"},{"key":"X-Token","value":"{{TOKEN}}","description":"Project Secret Key
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"reference\": \"OP092823\",\n \"phone_number\":\"082195395779\",\n \"channel\":\"alfamart\",\n \"amount\": 75000,\n \"expiry_minutes\": 30,\n \"view_name\": \"zhan\",\n \"additional_info\": {\n \"callback\": \"http://merchant.com/notify\"\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{HOST}}/transaction/retail","description":"Streamline Retail Payments at Alfamart, Indomaret, and More with our API. Effortlessly integrate our API with popular retail chains to simplify payment processes. Enable seamless payment acceptance at Alfamart, Indomaret, and other supported retailers, providing convenient options for your customers. Expand your reach and tap into a vast network of retail locations, delivering a seamless payment experience across multiple channels. Enhance customer satisfaction and streamline transactions with our API's retail integration capabilities.
\nProject Key
\n","type":"text"},{"key":"X-Token","value":"{{TOKEN}}","description":"Project Secret Key
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"reference\": \"OP092823115-002\",\n \"phone_number\": \"081929300092\",\n \"amount\": 88000,\n \"expiry_minutes\": 1440,\n \"view_name\": \"zhan\",\n \"additional_info\": {\n \"callback\": \"https://merchant.com/notify\"\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{HOST}}/transaction/credit-card","description":"Simplify Credit Card Payments with Our Seamless API Integration. Enhance your payment acceptance capabilities by integrating our API for seamless credit card transactions. Streamline the checkout process for your customers, offering a convenient and widely accepted payment method. Expand your customer base, boost conversion rates, and provide a secure and efficient credit card payment option. Experience the ease of accepting credit card payments with our user-friendly API.
\nStreamline Fund Acceptance with Our Versatile API. Accept funds effortlessly from virtual accounts, QRIS codes, credit cards, popular retail options like Alfamart and Indomaret, and various e-wallets. Our comprehensive solution simplifies payment processes, expands your customer base, and offers convenience and flexibility for accepting funds from diverse platforms.
\n","_postman_id":"f3eda3cc-304c-436b-8201-94d5d0019c99"},{"name":"Fund Disbursement","item":[{"name":"Disburse","event":[{"listen":"prerequest","script":{"exec":["// Extract the required variables from headers","// const key = pm.request.headers.get(\"KEY\");","// const token = pm.request.headers.get(\"TOKEN\");","","// Extract the required variables from environment","const key = pm.environment.get(\"KEY\");","const token = pm.environment.get(\"TOKEN\");","","// Convert the request body to a JSON string without pretty formatting","const bodyJson = JSON.stringify(JSON.parse(pm.request.body.raw));","","// Concatenate the key and body JSON","const message = key + bodyJson.replace(/\\//g, '\\\\/');","","// Calculate the hash using HMAC-SHA512","const hash = CryptoJS.HmacSHA512(message, token).toString();","","// Set the 'On-Signature' header in the request","pm.request.headers.add({ key: 'X-Signature', value: hash });","","// Log a message to the console","console.log(\"Pre-request script executed successfully!\");",""],"type":"text/javascript","packages":{},"id":"cd8e4d68-2624-46fd-a959-77d2e27274da"}}],"id":"4ccb59ad-3333-4fbf-ba09-08b6ce88700e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"POST","header":[{"key":"X-Key","value":"{{KEY}}","type":"text"},{"key":"X-Token","value":"{{TOKEN}}","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"reference\": \"OP09282043-0001\",\n \"bank_code\": \"008\",\n \"recipient_account\":\"123098456\",\n \"amount\": 15000,\n \"additional_info\": {\n \"callback\": \"https://merchant.com/notify\"\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{HOST}}/transaction/disburse","description":"Efficient Fund Disbursement Made Simple. Simplify the process of fund disbursement with our comprehensive API solution. Seamlessly transfer funds to recipients with ease and efficiency. Streamline your disbursement operations, whether it's for vendor payments, employee salaries, or other financial transactions. Our API empowers you to securely and accurately distribute funds, reducing manual effort and saving valuable time. Experience hassle-free fund disbursement and enhance the efficiency of your financial operations with our reliable API solution.
\nProject Key
\n","type":"text"},{"key":"X-Token","value":"{{TOKEN}}","description":"Project Secret Key
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"bank_code\": \"014\",\n \"account_number\":\"0821837182312831\",\n \"reference\": \"OP09282003\",\n \"additional_info\": {\n \"callback\": \"https://merchant.com/notify\"\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{HOST}}/transaction/account-inquiry","description":"Efficiently Check Bank Account Information with our API. Simplify the process of verifying bank account details using our comprehensive API solution.
\nWhen the user completes a transaction, we will send you a notification regarding the status changes to your defined callback URL.
\nThe format of the callback will be identical to the response you receive when creating the transaction through our API.
\nThis seamless integration allows you to stay updated on payment status and other relevant information in real-time. Simply provide us with your callback URL during the order creation process, and we will ensure that you receive accurate and timely notifications to enhance your operational efficiency.
\n","_postman_id":"6e19320d-b43a-4cf9-80bd-335a25546300"},{"name":"Extras","item":[{"name":"Projects","item":[{"name":"Create","event":[{"listen":"prerequest","script":{"exec":["// Get token from environment variable","const plainToken = pm.request.headers.get(\"merchant_token\");","","// Remove the merchant_token header from the request","pm.request.headers.remove(\"merchant_token\");","","// Convert to base64","const base64Token = btoa(plainToken);","","// Set the Authorization header","pm.request.headers.add({"," key: 'Authorization',"," value: `Bearer ${base64Token}`","});","",""],"type":"text/javascript","packages":{},"id":"b3c842ee-41b9-45ec-afd6-69c5004515b7"}}],"id":"a3bef690-5555-492f-a7a3-c3a55aeedda7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{},"isInherited":false},"method":"POST","header":[{"key":"Accept","value":"application/json","type":"text"},{"key":"merchant_token","value":"Wd23CQs8AYEK2NoWuoyun5qfN","type":"text"}],"body":{"mode":"raw","raw":"{\n \"name\": \"Project A\",\n \"domain\": \"https://yourdomain.com\",\n \"ip\": [\n \"0.0.0.0/0\"\n ]\n}","options":{"raw":{"language":"json"}}},"url":"{{HOST}}/projects","description":"Allows Merchants to create new project from the Vansoncash
\nAllows Merchants to create new project from the Xuperma
\nProject Key
\n","type":"text"},{"key":"X-Token","value":"{{TOKEN}}","description":"Project Secret Key
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"url":"{{HOST}}/balance","description":"This is especially true when there's no message body to include. Hashing only the Project Key ensures a level of authentication between the client and the server.
\n$signature = hash_hmac('sha512', $key, $token);\n\nAllows Merchants to check the project's balance from the Xuperma system
\nOur API project is designed to serve as an integrated platform for grouping merchant businesses within our application. By centralizing various merchant operations, this robust API allows for streamlined management, enhanced data analytics, and optimized user experience, all while simplifying administrative tasks for the merchants. The objective is to create a cohesive ecosystem that benefits both the merchants and end-users.
\nThis API is exclusively accessible to a select group of merchants for enhanced security and customization. If you're interested in accessing this feature to streamline your business operations within our application, please contact our support team for eligibility and activation.
\n","_postman_id":"d0fea240-197c-41f7-bfe4-b41b10a2ff0c"},{"name":"Transactions","item":[{"name":"Check Single Transaction","event":[{"listen":"prerequest","script":{"exec":["const key = pm.environment.get(\"KEY\");","const token = pm.environment.get(\"TOKEN\");","","// Initialize bodyJson to an empty string if there's no body","let bodyJson = \"\";","","if (pm.request.body && pm.request.body.raw) {"," try {"," bodyJson = JSON.stringify(JSON.parse(pm.request.body.raw));"," } catch (e) {"," console.error(\"Error parsing request body:\", e);"," }","}","","// Escape forward slashes in body JSON","const message = key + bodyJson.replace(/\\//g, '\\\\/');","","// Calculate the hash using HMAC-SHA512","const hash = CryptoJS.HmacSHA512(message, token).toString();","","// Set the 'On-Signature' header in the request","pm.request.headers.add({ key: 'X-Signature', value: hash });","","console.log(\"Pre-request script executed successfully!\");",""],"type":"text/javascript","packages":{},"id":"d37c6f64-6712-462d-a89b-5a913f80b8dd"}}],"id":"bf5af1f9-dae2-432b-8b29-f38f39accf16","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"X-Key","value":"{{KEY}}","description":"Project Key
\n","type":"text"},{"key":"X-Token","value":"{{TOKEN}}","description":"Project Secret Key
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"url":"{{HOST}}/transactions/check/{trxId}","description":"This is especially true when there's no message body to include. Hashing only the Project Key ensures a level of authentication between the client and the server.
\n$signature = hash_hmac('sha512', $key, $token);\n\nEffortlessly Track and Verify Transactions with our API. Simplify the process of checking transaction details with our comprehensive API solution. Easily retrieve and verify transaction information, including payment status, amounts, and timestamps.
\n","_postman_id":"ff19ca62-2fb2-4821-ba78-d88a6c8116c6"}],"id":"d22a9955-239c-439f-8e5c-3aa873a9eac6","_postman_id":"d22a9955-239c-439f-8e5c-3aa873a9eac6","description":""},{"name":"Error Codes","item":[],"id":"79ef56f1-33b1-4b4d-8e2c-eaa2da117c80","description":"When integrating our API, it's essential to be aware of common error codes that may occur during the process. Understanding these error codes will help you troubleshoot and resolve any issues effectively. Here is a brief description of some common error codes you may encounter:
\n","_postman_id":"79ef56f1-33b1-4b4d-8e2c-eaa2da117c80"},{"name":"Change Logs","item":[],"id":"8ac6be2c-a155-43cf-99d5-f1a43dd48b28","_postman_id":"8ac6be2c-a155-43cf-99d5-f1a43dd48b28","description":""}]}