{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"8a500ddf-2aae-4900-b76f-c0099b21b9c4","name":"OPEN API","description":"## OPEN API Collection\n\nBase URL: `{{xepengUrl}}`\n\nThis collection exposes Xepeng's Open API endpoints for managing **orders** and **payment links**. All requests are configured to use the `{{xepengUrl}}` variable from the **Staging** environment so you can easily switch between environments without changing each request.\n\n### Authentication\n\nAll endpoints are protected and expect one of the following authentication mechanisms:\n\n- **Bearer token** using an API key or access token:\n    \n    - Header:`   X-Signature: HMAC-SHA256(client_secret, METHOD + PATH + TIMESTAMP + BODY)   X-Client-ID: client_id from dashboard   X-Timestamp: DateNow()`\n        \n\nSet these values either in:\n\n- The **Staging environment** variables, or\n    \n- Your **Postman Vault** for sensitive secrets.\n    \n\n---\n\n## Getting started\n\n### 1\\. Import and open the collection\n\n1. Open the **Team Workspace**.\n    \n2. Locate the collection named **\"OPEN API\"**.\n    \n3. Expand the collection to see the folders:\n    - **Order**\n        \n    - **Payment Link**\n        \n\n### 2\\. Select the Staging environment\n\n1. In the top-right of Postman, open the environment dropdown.\n    \n2. Select the environment named **\"Staging\"**.\n    \n3. Ensure the following variables exist in the Staging environment:\n    - `xepengUrl` – base URL for the Xepeng API (e.g. `https://staging-api.xepeng.com`)\n        \n    - `client_id` – your client identifier\n        \n    - `client_secret` – your client secret\n        \n    - (optional) `api_key` – if you use Bearer token authentication\n        \n\n### 3\\. Configure secrets (Vault vs Environment)\n\nFor production or real credentials:\n\n- Prefer using the **Postman Vault** to store `client_id`, `client_secret`, and `api_key`.\n    \n- Reference them in the environment as variables so requests continue to work using `{{client_id}}`, `{{client_secret}}`, and `{{api_key}}`.\n    \n\nFor quick local testing on Staging:\n\n- You may set `client_id`, `client_secret`, and `api_key` directly in the **Staging** environment.\n    \n\n### 4\\. Running the collection\n\nYou can:\n\n- Run individual requests from the **Order** or **Payment Link** folders.\n    \n- Use the **Collection Runner** or **Monitor** (if configured) to run multiple requests in sequence for regression or smoke tests.\n    \n\n---\n\n## Request reference\n\nBelow is a high-level description of each request. Each individual request in the collection also contains a detailed description and example payloads.\n\n### Order\n\n1. **Create** (`POST {{xepengUrl}}/openapi/orders`)\n    \n    - Create a new order with amount, currency, customer information, and metadata.\n        \n    - Requires authentication via Bearer token or client credentials.\n        \n2. **Update** (`PUT {{xepengUrl}}/openapi/orders/:order_uid`)\n    \n    - Update an existing order by its UID (path parameter).\n        \n3. **Get by UID** (`GET {{xepengUrl}}/openapi/orders/:order_uid`)\n    \n    - Retrieve a single order by its UID.\n        \n4. **Gets** (`GET {{xepengUrl}}/openapi/orders`)\n    \n    - List orders with pagination support via `page` and `limit` query parameters.\n        \n\n### Payment Link\n\n1. **Generate** (`POST {{xepengUrl}}/openapi/payment-links/generate`)\n    \n    - Generate a new payment link for a given amount and order reference.\n        \n2. **Gets** (`GET {{xepengUrl}}/openapi/payment-links`)\n    \n    - List payment links with pagination.\n        \n3. **Get** (`GET {{xepengUrl}}/openapi/payment-links/:payment_link_uid`)\n    \n    - Retrieve a single payment link by its UID.\n        \n4. **Inactive** (`PUT {{xepengUrl}}/openapi/payment-links/:payment_link_uid/inactivate`)\n    \n    - Inactivate (disable) an existing payment link so it can no longer be used.\n        \n\n---\n\n## Representative request examples\n\n### Example: Create Order (POST {{xepengUrl}}/openapi/orders)\n\n#### cURL\n\n``` bash\ncurl --request POST \"{{xepengUrl}}/openapi/orders\" \\\n  --header \"Content-Type: application/json\" \\\n  --header \"Authorization: Bearer {{api_key}}\" \\\n  --data-raw '{\n    \"amount\": 100000,\n    \"currency\": \"IDR\",\n    \"description\": \"Order for product X\",\n    \"customer\": {\n      \"name\": \"John Doe\",\n      \"email\": \"john.doe@example.com\",\n      \"phone\": \"+6281234567890\"\n    },\n    \"metadata\": {\n      \"order_ref\": \"ORDER-12345\"\n    }\n  }'\n\n ```\n\n#### JavaScript (fetch)\n\n``` javascript\nconst url = `${xepengUrl}/openapi/orders`; // Substitute your actual base URL or use an environment variable in Postman\nconst payload = {\n  amount: 100000,\n  currency: \"IDR\",\n  description: \"Order for product X\",\n  customer: {\n    name: \"John Doe\",\n    email: \"john.doe@example.com\",\n    phone: \"+6281234567890\"\n  },\n  metadata: {\n    order_ref: \"ORDER-12345\"\n  }\n};\nfetch(url, {\n  method: \"POST\",\n  headers: {\n    \"Content-Type\": \"application/json\",\n    \"Authorization\": `Bearer ${process.env.XEPENG_API_KEY}` // or your stored secret\n  },\n  body: JSON.stringify(payload)\n})\n  .then(async (response) => {\n    const data = await response.json();\n    console.log(\"Status:\", response.status);\n    console.log(\"Response:\", data);\n  })\n  .catch((error) => {\n    console.error(\"Error calling Create Order API:\", error);\n  });\n\n ```","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"48242615","team":10000325,"collectionId":"8a500ddf-2aae-4900-b76f-c0099b21b9c4","publishedId":"2sBXqFMhEf","public":true,"publicUrl":"https://documenter-api.postman.tech/view/48242615/2sBXqFMhEf","privateUrl":"https://go.postman.co/documentation/48242615-8a500ddf-2aae-4900-b76f-c0099b21b9c4","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":"Xepeng Open Api Documentation"}],"appearance":{"default":"light","themes":[{"name":"dark","logo":"https://content.pstmn.io/08e2c3e0-8fec-48dc-bbf1-220eefcc65ff/bG9nbyB4ZXBlbmcgYmFydS0xMC5wbmc=","colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":"https://content.pstmn.io/b723d6c2-e5c7-439d-93e7-a8299a9c722a/bG9nbyB4ZXBlbmcgYmFydS0wOS5wbmc=","colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.11.6","publishDate":"2026-04-22T06:27:11.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"Xepeng Open Api Documentation","description":""},"logos":{"logoLight":"https://content.pstmn.io/b723d6c2-e5c7-439d-93e7-a8299a9c722a/bG9nbyB4ZXBlbmcgYmFydS0wOS5wbmc=","logoDark":"https://content.pstmn.io/08e2c3e0-8fec-48dc-bbf1-220eefcc65ff/bG9nbyB4ZXBlbmcgYmFydS0xMC5wbmc="}},"statusCode":200},"environments":[{"name":"Staging","id":"7f06a56b-9a5d-432a-a27e-6f6fac005475","owner":"48242615","values":[{"key":"xepengUrl","value":"https://staging-api.xepeng.com","enabled":true,"type":"default"},{"key":"client_id","value":"xxxxx","enabled":true,"type":"default"},{"key":"client_secret","value":"yyyyyy","enabled":true,"type":"default"}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/6d9b24a303b0f5d68a0a4d0bdf3bea1ce5c39005bec619ffcb1f580d03bda612","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"Staging","value":"48242615-7f06a56b-9a5d-432a-a27e-6f6fac005475"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2sBXqFMhEf"}