Professional Documents
Culture Documents
Napas - TechSpec For QR Payment - API - Bank - v0.8
Napas - TechSpec For QR Payment - API - Bank - v0.8
- FOR QR PAYMENT -
Version 0.8
11/2020
1
Table of contents
1 Introduction ............................................................................................................................. 5
1.1 Audience........................................................................................................................... 5
1.2 Scope ................................................................................................................................ 5
1.3 Support ............................................................................................................................. 5
1.4 Terms and abbreviation .................................................................................................... 5
1.5 How to use this document ................................................................................................ 6
2 Services and Use Cases ........................................................................................................... 7
2.1 Originating Institution calls API Lookup QR to Napas ................................................... 7
2.1.1 For domestic QR Code the flow lookup QR is required ........................................... 7
2.1.2 For cross border QR Code the flow lookup QR is required ..................................... 7
2.2 Customer uses application of Originating Institution to make payment at merchant of
Receiving Institution ................................................................................................................... 8
2.2.1 Domestic QR: the flow lookup QR is required ......................................................... 8
2.2.2 Cross border QR: the flow lookup QR is required ................................................... 9
2.3 Originating Institution calls API payment enquiry to get the status of payment
transaction when the response of the payment transaction status is timeout ............................ 10
2.3.1 For domestic............................................................................................................ 10
2.3.2 For cross border ...................................................................................................... 10
2.4 Receiving Institution calls API Void to cancel the original payment transaction ......... 11
2.4.1 Domestic ................................................................................................................. 11
2.4.2 Crossborder ............................................................................................................. 12
3 Technical Specification ......................................................................................................... 13
3.1 API General Contract ..................................................................................................... 13
3.1.1 General Protocol Description .................................................................................. 13
3.1.2 API Request ............................................................................................................ 14
3.1.3 API Response .......................................................................................................... 16
3.1.4 API Response Codes ............................................................................................... 20
3.2 Message Format for INCOMING Request .................................................................... 22
3.2.1 Account Services .................................................................................................... 22
3.2.2 QR Switch Services ................................................................................................ 25
3.3 Message Format for OUTGOING Request .................................................................... 50
3.3.1 Create Transaction Inquiry ..................................................................................... 50
3.3.2 Create Proxy Lookup Request ................................................................................ 53
2
3.3.3 Create Merchant Payment ....................................................................................... 57
3.3.1 Create Merchant Void Payment .............................................................................. 67
4 Appendix A – Data Protection............................................................................................... 76
4.1 Certificate Scheme Exchange......................................................................................... 76
4.1.1 Key/certificates are provided by NAPAS to Partners ............................................. 77
4.1.2 Key/certificates are provided by Partners to NAPAS ............................................. 77
4.2 Message Signature.......................................................................................................... 77
4.2.1 Client to NAPAS..................................................................................................... 78
4.2.2 NAPAS to Client..................................................................................................... 78
4.3 Content Encryption ........................................................................................................ 78
4.3.1 account.data.profile ................................................................................................. 78
5 Appendix B – JWE/JWS standard ......................................................................................... 80
5.1 JWE Details .................................................................................................................... 80
5.2 JWS Details .................................................................................................................... 80
6 Appendix C - Reconciliation File Format. ............................................................................ 82
6.1 Successful transaction file and processed transaction file in a session .......................... 82
6.1.1 Header line format (Header) ................................................................................... 82
6.1.2 Detail line format (Detail) ....................................................................................... 83
6.1.3 Trailer line format (Trailer) .................................................................................... 92
6.2 Detail line format (Detail) .............................................................................................. 93
6.2.1 Header line format (Header) ................................................................................... 94
6.2.2 Detail line format (Details) ..................................................................................... 94
6.2.3 Trailer line format (Trailer) .................................................................................. 102
3
Document Control
Version Updated date Updated by Reviewed by Description
0.1 18-Jun-2019 Le Van Lang Create techspec for payment intermediary to cover
all services, including:
- QR Switch
- Query Service
4
1 Introduction
NAPAS QRcode Switching service provides technical supplement service to connect, transfer,
transmit and handle electronic data for payment transaction between payment intermediaries and
banks by using QR Code.
The service allows customer to use mobile banking application to make payment transaction by
scanning QR Code/ e-wallet to pay at merchants
1.1 Audience
The audience of this document is Payment Intermediary connecting QRcode switching service.
1.2 Scope
This document describes the general API contract, interfaces, data format, request and responses
of transactions to be used for integration between Napas and Payment Intermediary.
1.3 Support
For any assistance or information pertaining to existing or new QRcode switching services, kindly
contact Napas Support.
5
7 QRcode QRcode application is the mobile application provided by bank or bank
application intermediary to support payment transaction by QRcode at applicable
merchants.
Field indicator:
6
2 Services and Use Cases
2.1 Originating Institution calls API Lookup QR to Napas
Note: If the QR string contains the character set ‘5802VN’ then it is domestic QR Code and vice
versa the QR string contains other character set ‘5802VN’ then is is cross border QR Code.
Step 1: Customer purchases a product and selects pay by QR Code that initial request to
Originating Institution
Step 2: Originating Institution creates and sends Lookup request to Napas
Step 3: Napas sends Lookup request to Receiving Institution
Step 4: Receiving Institution creates and sends lookup response to Napas
Step 7: Napas sends lookup response to Originating Institution
Step 8: Originating Institution shows information QR on the screen mobile application
7
Step 1: Customer purchases a product and selects pay by QR Code that initial request to
Originating Institution
Step 2: Originating Institution creates and sends Lookup request to Napas
Step 3: Napas sends Lookup request to Foreign Payment Gateway
Step 4: Foreign Payment Gateway sends lookup request to Receiving Institution
Step 5: Receiving Institution creates and sends lookup response to Foreign Payment Gateway
Step 6: Foreign Payment Gateway sends lookup response to Napas
Step 7: Napas sends lookup response to Originating Institution
Step 8: Originating Institution shows information QR (plus exchange rate if it is cross border
QR) on the screen mobile application
Step 1: Customer purchases a product and selects pay by QR Code that initial request to
Originating Institution. Customer confirms payment on the mobile application
8
Step 2: Originating Institution debits customer’s account
Step 3: Originating Institution creates and sends payment request to Napas
Step 4: Napas sends payment request to Receiving Institution
Step 5: Receiving Institution credits merchant’s account
Step 6: Receiving Institution sends payment response to Napas
Step 7: Napas sends payment response to Originating Institution
Step 8: Originating Institution shows payment result for customer
9
2.3 Originating Institution calls API payment enquiry to get the
status of payment transaction when the response of the
payment transaction status is timeout
2.3.1 For domestic
Step 1: Originating Institution creates and sends request payment enquiry to Napas.
Step 2: Napas sends request payment enquiry to Receiving Institution.
Step 3: Receiving Institution sends response payment enquiry to Napas.
Step 4: Napas sends response payment enquiry to Origination Institution.
Step 1: Originating Institution creates and sends request payment enquiry to Napas.
Step 2: Napas sends request payment enquiry to Foreign Payment Gateway.
Step 3: Foreign Payment Gateway sends request payment enquiry to Receiving Institution.
Step 4: Receiving Institution creates and sends response payment enquiry to Foreign Payment
Gateway.
Step 5: Foreign Payment Gateway sends response payment enquiry to Napas.
Step 6: Napas sends response payment enquiry to Originating Institution.
10
2.4 Receiving Institution calls API Void to cancel the original
payment transaction
The cancellation must performed in the same session with the original payment transaction.
2.4.1 Domestic
11
Note: Originating Institution and Receiving Institution inform their customers themselves
through their applications or their devices.
2.4.2 Crossborder
3 Technical Specification
This section provide the detail technical specification for integrate between partners to Napas,
where the connecivity can be either client to Napas or vice-versa.
Napas’s APIs are based on JSON message format with JWE/JWS for securing confidential
information.
URL {NAPAS_API_BASE_URL}/{sub_system}/{version}/{resource/operation}/{id}
Example:
https://api.napas.com.vn/qrsw/v1/partners/45e04108-a022-11e4-89d3-
123b93faecba/merchant/payment/680AA78674514866887322859D8CEC9A
Transmission HTTPS
Messaging Restful-JSON
By default, NAPAS uses the same message format for both incoming request (where the client
calls NAPAS APIs) and also outgoing request (where NAPAS call partner APIs). For outgoing
request from NAPAS to partner, the APIs URL may be in different format with NAPAS APIs.
Any specific message format required by external partner will be supported as customization
during integration phase.
For security reason, all the sensitive data elements in API request and response messages are
protected by JWE/JWS security method. Service consumers and service provider should provide
each other the key set for using in encryption and signature verification.
Detail of key scheme exchange and data protection are described in Appendix A – Data
Protection.
13
Supported API
API Name Direction Domestic Cross border Description
Create Incoming/Outgoing Optional Optional Sent by Originating Institution
Transaction to Napas or sent by Napas to
Inquiry Receiving Institution
Create Proxy Incoming/Outgoing Optional Required Sent by Originating Institution
Lookup Request to Napas/ Sent by Napas to
Receiving Institution
Create Incoming/Outgoing Required Required Sent by Originating Institution
Merchant to Napas/ Sent by Napas to
Payment Receiving Institution
Create Incoming/Outgoing Optional Optional Sent by Receiving Institution of
Merchant Void original payment transaction to
Napas/ Sent by Napas to
Originating Institution of
payment transaction
14
The request message to NAPAS Service APIs must contain a header tag with the information
about service consumer. The header.requestor.id tag is required and will be provided to partner
by NAPAS during on-boarding process.
15
header.signature String O Signature of the request message, details of generating
signature are described in Appendix A – Data Protection,
part 3.1 Message Signature.
payload Object R API request payload data group. This can be any
business message.
16
The response HTTP body is constructed by 3 parts:
17
- header: The API response header data group. This part contains the general information
of response as well as a reference to requested message header.
- result: application specific error information data group.
- payload: contains the business message elements.
result.severity String O ERROR – Error that might cause the data loss or
corruption or system not responsive, if not fixed
soon.
ex) Database connection error. Alerts must be
generated if issue persists for a given period.
Immediate action must be taken to fix.
18
Contains the response business message object.
payload Object O
This can be any business message.
19
3.1.4 API Response Codes
The API result is determined by HTTP status code. Below table define the HTTP status codes to
indicate the response is success or failure:
HTTP Status Code Description
2xx Success
200 OK
201 Created. Normally use in create resource.
202 Accepted. Normally use in update resource
204 No Content
205 Reset Content
4xx Client Error
400 Bad request
401 Unauthorized
403 Forbidden
404 Not Found
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
409 Conflict
410 Gone
412 Precondition Fail
415 Unsupported Media Type
5xx Server Error
500 Internal Server Error
501 Not Implemented
503 Service Not Available
For more detail of application specific errors, the HTTP body contains a result tag to represent
an application error detail resource.
Code Description
404.01 Refer to card issuer
404.03 Invalid Merchant
400.04 Pick-up
500.05 Unable To Process
406.07 Finished payment
406.08 The bill expired
406.09 The bill not exists
400.12 Invalid transaction
400.13 Invalid amount
400.14 Invalid Card number
404.15 No such Issuer
20
400.21 Card not initialized
400.25 Unable to locate original transaction
400.30 Message Format Error
400.34 Suspected Fraud
400.39 No credit account
400.41 Lost Card
400.43 Stolen Card
400.51 Insufficient Balance
400.53 No saving account
400.54 Expire Card
400.55 Incorrect PIN
400.57 Transaction not permitted to cardholder
406.58 Transaction not permitted to terminal
400.59 Suspected Fraud
400.61 Exceeds withdrawal amount limit
406.62 Restricted Card
401.63 Security Violation
400.64 Original Amount Incorrect
403.65 Exceed withdrawal frequency limit
408.68 Response received too late (time-out)
400.75 Allowable number of PIN tries exceeded
400.76 Invalid Account
401.84 validation error
401.85 No CVM Threshold exceeded, enter PIN
503.90 Cut-off is in progress
501.91 Issuer or switch is in operation
501.92 Financial Institution or intermediate network facility cannot be found for routing
400.94 Duplicate transaction
500.96 System malfunction
403.31 Exceed payment limit
500.1 System Error
408.2 Timeout
400.25 Invalid bank code
500.08 Error connecting to destination gateway
500.24 Can connect, error no response from destination gateway
400.02 QR format does not support
400.10 QR data missing/Currency not support
406.06 Payment not found
400.16 Exceeds the allowed number of times
400.37 Destination Bank/Switch does not support this service
400.38 Enquiry request is not the same session as the original payment transaction
21
3.2 Message Format for INCOMING Request
This section describe the business message format for all incoming requests from client to
Napas APIs. The object models in this section are used in payload part of request and response
message follow by API General Contract.
NAPAS_API_BASE_URL https://<host>:<port>/qrsw/v1/partners
Create Transaction Inquiry
This API is provided by NAPAS to Originating Institutions for querying the payment
transaction status in case of unclear failure or timeout. Napas will route the payment inquiry
request to corresponding receivers through its payment network.
The current support of this API only include Napas Ecommerce Payment System.
Authentication Signature
Protocol REST-JSON
header.operation TRANSACTION_INQUIRY
ITMX Format:
MNYYYYMMDDHHmmssbbbnnnnnnnnnnnnnnnn
Pos. 01-01 - fixed value 'M'
R Pos. 02-02 - Node Identification (1 numeric
character)
Pos. 03-16 - System Date/Time in format
YYYYMMDDHHmmss (GMT+7)
Pos. 17-19 – sending bank code
Pos: 20 -35 - unique serial number (identical to the
number use in the BAH)
22
datetime String 1..25 Date and time of sending query transaction
R VD: 2019-03-25T10:32:24.634+07:00
type String 1..10 Valid value are:
QR_PUSH
CASHIN
R
CASHOUT
EFT
txId String 1..35 TxId of the transaction that inquiry the state.
23
Location A complete URL to check the status of the request
ITMX Format:
MNYYYYMMDDHHmmssbbbnnnnnnnnn
nnnnnnn
Pos. 01-01 - fixed value 'M'
Pos. 02-02 - Node Identification (1 numeric
character)
Pos. 03-16 - System Date/Time in format
YYYYMMDDHHmmss (GMT+7)
Pos. 17-19 – sending bank code
Pos: 20 -35 - unique serial number (identical
to the number use in the BAH)
datetime String 1..25 R The date and time of sending the query
transaction result response
VD: 2019-03-25T10:32:24.634+07:00
trace String 1..6 O System trace audit number of original
transaction
txId String 1..35 R TxId of the transaction that inquiry the state.
24
Field name Field type Length Mandatory Description
orig_ccy String 1..3 O Currency of the original payment
transaction
settle_date Date 1..25 O The settlement date of the original
transaction, if the original transaction is
settled
VNĐ
Ngân hàng
Khách hàng 1 Phát hành /
quét mã QR, Trung gian Ngân hàng Thanh toán / Trung
nhập PIN và thanh toán gian thanh toán gửi xác nhận
số tiền giao gửi xác nhận
5 thanh toán tới đại lý
dịch 8 thanh toán tới
khách hàng
25
Vietnam s customer scan QR Code at Merchant s foreign store
2 6
3 4 5
Transaction flow
Settlement flow
Cross border QR Code: Foreign’s cutomer scan QR code at Merchant’s VietNam store
2 6
3 4 5
Transaction flow
Settlement flow
26
Following the QRcode switching model, Payment Intermediary or bank plays a role as Receiving
Institution or Originating Institution .
QRcode Switching service technical specification document for Payment Intermediary describes
function, technical communication, data exchange between Napas and Payment Intermediary in
the context Payment Intermediary plays as Receiving Institution or Originating Institution.
This set of APIs is used for create the payment to merchant account, after fund has been
deducted from consumers at Originating Institution.
NAPAS_API_BASE_URL https://<host>:<port>/qrsw/v1/partners
(1) Create Proxy Lookup Request
This API is provided by NAPAS to Originating Institutions for QR Transformation for any
country including Vietnam. Napas will route the lookup request to corresponding receivers
through its payment network. The API proxy lookup will convert QR code string of any country
into a standard format that includes sufficient information that issuer bank can make cross border
payment.
The receiving Institution s can be either payment intermediaries or NAPAS’s member banks:
NAPAS will send an outbound API call to Payment Intermediary, follow current NAPAS API
general contract standard with payload message as described in 3.3.2 Create Proxy Lookup
Request.
Authentication Signature
Protocol REST-JSON
header.operation QRLOOKUP
27
System Enquiries) The uniqueness of an instruction is
determined by the Instruction Identification and is based on
the format below Switching system will use the Instruction
ID to perform a check for a duplicate transaction within the
duplicate checking period and as a reference to the payment
instruction in other non-payment messages.
Format:
MMDDHHMMSSxxxxxxFFFFFYDDDHHnnnnnn
Pos 1-10: 10 digits Date/Time with format (GMT+7)
MMDDHHMMSS
Pos 11-16: 6 digits System Trace Number
Pos 17-22: 6 chars sending gateway bin code
Pos 23-35: 12 chars Unique Id (YDDDHHnnnnnn)
For QR Domestic: unique reference generated by
sending participant for each request max length 12
qr_string String [1..unbounded] R String QR code payment
28
03 : Indicates that merchant
would charge a percentage
convenience fee
Fee fixed, tag 56
The convenience fee of a fixed
amount should be specified
here. This amount is expressed
as how the value appears,
amount “100.00” is defined as
payment.fee_fixed String 1..13 C
“100.00”, or amount “99.85” is
defined as “99.85”, or amount
“99.333” is defined as
“99.333” amount “99.3456” is
defined as “99.3456”
Note: 0 is not a valid value
Fee percentage, tag 57
The convenience percentage
should be specified here. This
amount is expressed as how the
value appears, amount “10.00”
payment.fee_percentage String 1..13 C
is defined as “10.00”, or
amount “9.85” is defined as
“9.85”
Note: 0 and 100 is not a valid
value.
Payment unique reference
generated by sending
participant for each request
29
Merchant category code
defined by Napas. Detail values
participant.merchant_category_code String 1..4 R are in Appendix B - list of
merchant category Merchant
category code. Tag 52
30
recipient.address Object O Address of the recipient
First line of the address of the
recipient.address.line1 String 1..50 O
recipient
Second line of the address of
recipient.address.line2 String 1..50 O
the recipient
recipient.address.city String 1..50 O City of the recipient
recipient.address.country_subdivision String 1..30 O State or province of the sender.
recipient.address.postal_code Number 1..10 O Postal code of the sender
Country of the sender as an
recipient.address.country String 1..2 R
ISO alpha country code
recipient.address.phone String 1..15 O Sender phone number
Authentication Signature
Protocol REST-JSON
header.operation QRPUSH
32
optional. Eg:
(21.0228161,105.801944)
Local date and time when the
transaction is submitted as in
ISO 8601 format with time
payment.transaction_local_date_time Date 1..25 R zone. The date and time should
exact to milliseconds.
Eg: 2019-03-
25T10:32:24.634+07:00
The amount of the payment is
in local currency, rounded to 2
decimal digits if payment
payment.interbank_amount String 1..12 C currency is not VND.
33
the value appears, amount
“10.00” is defined as “10.00”,
or amount “9.85” is defined as
“9.85”
Note: 0 and 100 is not a valid
value.
System trace audit number,
Numeric
payment.trace 1..6 R generated by sending
String
participant for each request
Payment unique reference
generated by sending
participant for each request
35
mapped to tag 38 sub tag 01
part "merchant id"
36
additional_info.instruction[i].value String 0..200 R Value of part or field
37
The amount of the payment is
in local currency, rounded to 2
decimal digits if payment
payment.interbank_amount String 1..12 C currency is not VND.
38
Payment unique reference
generated by sending
participant for each request
40
recipient.first_name String 1..30 O First name of the recipient
recipient.middle_name String 1..30 O Middle name of the recipient
recipient.last_name String 1..40 O Last name of the recipient
recipient.full_name String 1..100 R Full name of the recipient
Date of birth of the recipient as
recipient.date_of_birth String 1..25 O
in ISO 8601 format
recipient.address Object O Address of the recipient
First line of the address of the
recipient.address.line1 String 1..50 O
recipient
Second line of the address of
recipient.address.line2 String 1..50 O
the recipient
recipient.address.city String 1..50 O City of the recipient
recipient.address.country_subdivision String 1..30 O State or province of the sender.
recipient.address.postal_code Number 1..10 O Postal code of the sender
Country of the sender as an
recipient.address.country String 1..2 R
ISO alpha country code
recipient.address.phone String 1..15 O Sender phone number
recipient.address.email String 1..50 O Sender email address
Message a financial institution
additional_message String 1..999 O will associate to the transfer
and may display
order_info Object R Order information data group
Bill number by merchant or
order_info.bill_number String 1..25 R
consumer
order_info.mobile_number String 1..25 O Customer mobile number
Store specific information.
This field is conditional,
order_info.store_label String 1..25 C
required if presented in QR
message.
order_info.loyalty_number String 1..25 O Customer loyalty information
order_info.customer_label String 1..25 O Customer specific information
order_info.terminal_label String 1..25 O Terminal specific information
order_info.transaction_purpose String 1..25 O Transaction purpose
Customer additional data
request indicator
• "A" = Customer address
order_info.additional_data_request String 1..3 O
• "M" = Customer mobile
number
• "E" = Customer email
Additional information of
additional_info Object 0..1 O
transaction
Array of Detail information format
additional_info.instruction[i] 0..50 O
object key, value
additional_info.instruction[i].key String 0..200 R Part or field name info
Authentication Signature
Protocol REST-JSON
header.operation QRVOID
42
original.payment.location Location where the transaction is initiated in (latitude,
String 1..99 O longitude) in decimal format, optional. Eg:
(21.0228161,105.801944)
original.payment.transaction_local_date_time Local date and time when the transaction is submitted
as in ISO 8601 format with time zone. The date and
Date 1..25 R
time should exact to milliseconds.
Eg: 2019-03-25T10:32:24.634+07:00
original.payment.interbank_amount The amount of the payment is in local currency,
rounded to 2 decimal digits if payment currency is not
String 1..12 C VND.
43
original.sender_account Recipient account information, an encrypted format in
JWE/JWS of account.data.profile as detailed in
Appendix A - Data Protection.
String R
Values for QR push service:
account.data.profile.type is 'RAW'
account.data.profile.pan is mapped to customer account
which funding transaction.
original.sender Object R Sender information, optional
original.sender.first_name String 1..30 O First name of the sender
original.sender.middle_name String 1..30 O Middle name of the sender.
original.sender.last_name String 1..40 O Last name of the sender.
original.sender.full_name String 1..100 R Full name of the sender.
original.sender.date_of_birth String 1..25 O Date of birth of the sender as in ISO 8601 format
original.sender.address Object O Address of the sender
original.sender.address.line1 String 1..50 R First line of the address of the sender
original.sender.address.line2 String 1..50 O Second line of the address of the sender
original.sender.address.city String 1..50 O City of the sender
original.sender.address.country_subdivision String 1..30 O State or province of the sender.
original.sender.address.postal_code String 1..10 O Postal code of the sender
original.sender.address.country String 1..2 R Country of the sender as an ISO alpha country code
original.sender.address.phone String 1..15 O Sender phone number
original.sender.address.email String 1..50 O Sender email address
original.participant Object R Participant object information
original.participant.originating_institution_id String 1..15 R Id of originating institution
original.participant.receiving_institution_id Id of receiving institution, placed tag 38 sub tag 00 part
String 1..15 R
"acquirer id"
original.participant.merchant_id String 1..19 R Merchant id, placed in 38 sub tag 01 part "merchant id"
original.participant.merchant_category_code Merchant category code defined by Napas. Detail
String 1..4 R values are in Appendix B - list of merchant category
code
original.participant.card_acceptor_id String 1..8 R Card acceptor / terminal id / wallet id
original.participant.card_acceptor_name Card acceptor name, tag 59. This field is conditional,
String 1..22 C
required if presented in QR message.
original.participant.card_acceptor_city Card acceptor city, tag 60. This field is conditional,
String 1..13 C
required if presented in QR message.
original.participant.card_acceptor_country Card acceptor country, tag 58. This field is conditional,
String 1..3 C
required if presented in QR message.
original.participant.card_postal_code Card postal code, tag 61. This field is conditional,
String 1..10 C
required if presented in QR message.
original.participant.card_language_preference Card language preference, tag 64 sub tag 01. This field
String 1..2 C
is conditional, required if presented in QR message.
original.participant.card_name_alternate_language Card name alternate language, tag 64 sub tag 02. This
String 1..25 C field is conditional, required if presented in QR
message.
original.participant.card_city_alternate_language Card city alternate language, tag 64 sub tag 03. This
String 1..15 C field is conditional, required if presented in QR
message.
original.participant.card_payment_system_specific String 1..99 O System payment specific is addition info.
44
Recipient account information, an encrypted format in
JWE/JWS of account.data.profile as detailed in
Appendix A - Data Protection.
original.recipient_account String R
Values for QR push service:
account.data.profile.type is 'RAW'
account.data.profile.pan is mapped to tag 38 sub tag 01
part "merchant id"
original.recipient Object O Information about the recipient
original.recipient.first_name String 1..30 O First name of the recipient
original.recipient.middle_name String 1..30 O Middle name of the recipient
original.recipient.last_name String 1..40 O Last name of the recipient
original.recipient.full_name String 1..100 R Full name of the recipient
original.recipient.date_of_birth String 1..25 O Date of birth of the recipient as in ISO 8601 format
original.recipient.address Object O Address of the recipient
original.recipient.address.line1 String 1..50 O First line of the address of the recipient
original.recipient.address.line2 String 1..50 O Second line of the address of the recipient
original.recipient.address.city String 1..50 O City of the recipient
original.recipient.address.country_subdivision String 1..30 O State or province of the sender.
original.recipient.address.postal_code Number 1..10 O Postal code of the sender
original.recipient.address.country String 1..2 R Country of the sender as an ISO alpha country code
original.recipient.address.phone String 1..15 O Sender phone number
original.recipient.address.email String 1..50 O Sender email address
original.additional_message Message a financial institution will associate to the
String 1..999 O
transfer and may display
original.order_info Object R Order information data group
original.order_info.bill_number String 1..25 R Bill number by merchant or consumer
original.order_info.mobile_number String 1..25 O Customer mobile number
original.order_info.store_label String 1..25 O Store specific information
original.order_info.loyalty_number String 1..25 O Customer loyalty information
original.order_info.customer_label String 1..25 O Customer specific information
original.order_info.terminal_label String 1..25 O Terminal specific information
original.order_info.transaction_purpose String 1..25 O Transaction purpose
original.order_info.additional_data_request Customer additional data request indicator
• "A" = Customer address
String 1..3 O
• "M" = Customer mobile number
• "E" = Customer email
additional_info Object 0..1 O Additional information of transaction
Array of
additional_info.instruction[i] 0..50 O Detail information format key, value
object
additional_info.instruction[i].key String 0..200 R Part or field name info
additional_info.instruction[i].value String 0..200 R Value of part or field
45
Content-Type application/json
Location A complete URL to check the status of the request
46
decimal digits if payment
currency is not VND.
48
original.participant.originating_institution_id String 1..15 R Id of originating institution
original.participant.receiving_institution_id Id of receiving institution,
String 1..15 R placed in tag 38 sub tag 00 part
"acquirer id"
original.participant.merchant_id Merchant id, placed in 38 sub
String 1..19 R
tag 01 part "merchant id"
original.participant.merchant_category_code Merchant category code
defined by Napas. Detail
String 1..4 R
values are in Appendix B - list
of merchant category code
original.participant.card_acceptor_id Card acceptor / terminal id /
String 1..8 R
wallet id
original.participant.card_acceptor_name Card acceptor name, tag 59.
This field is conditional,
String 1..22 C
required if presented in QR
message.
original.participant.card_acceptor_city Card acceptor city, tag 60. This
String 1..13 C field is conditional, required if
presented in QR message.
original.participant.card_acceptor_country Card acceptor country, tag 58.
This field is conditional,
String 1..3 C
required if presented in QR
message.
original.participant.card_postal_code Card postal code, tag 61. This
String 1..10 C field is conditional, required if
presented in QR message.
original.participant.card_language_preference Card language preference, tag
64 sub tag 01. This field is
String 1..2 C
conditional, required if
presented in QR message.
original.participant.card_name_alternate_language Card name alternate language,
tag 64 sub tag 02. This field is
String 1..25 C
conditional, required if
presented in QR message.
original.participant.card_city_alternate_language Card city alternate language,
tag 64 sub tag 03. This field is
String 1..15 C
conditional, required if
presented in QR message.
original.participant.card_payment_system_specific System payment specific is
String 1..99 O
addition info.
Recipient account information,
an encrypted format in
JWE/JWS of
account.data.profile as detailed
in Appendix A - Data
Protection.
original.recipient_account String R
Values for QR push service:
account.data.profile.type is
'RAW'
account.data.profile.pan is
mapped to tag 38 sub tag 01
part "merchant id"
original.recipient Object O Information about the recipient
original.recipient.first_name String 1..30 O First name of the recipient
original.recipient.middle_name String 1..30 O Middle name of the recipient
original.recipient.last_name String 1..40 O Last name of the recipient
original.recipient.full_name String 1..100 R Full name of the recipient
original.recipient.date_of_birth Date of birth of the recipient as
String 1..25 O
in ISO 8601 format
49
original.recipient.address Object O Address of the recipient
original.recipient.address.line1 First line of the address of the
String 1..50 O
recipient
original.recipient.address.line2 Second line of the address of
String 1..50 O
the recipient
original.recipient.address.city String 1..50 O City of the recipient
original.recipient.address.country_subdivision String 1..30 O State or province of the sender.
original.recipient.address.postal_code Number 1..10 O Postal code of the sender
original.recipient.address.country Country of the sender as an
String 1..2 R
ISO alpha country code
original.recipient.address.phone String 1..15 O Sender phone number
original.recipient.address.email String 1..50 O Sender email address
original.additional_message Message a financial institution
String 1..999 O will associate to the transfer
and may display
original.order_info Object R Order information data group
original.order_info.bill_number Bill number by merchant or
String 1..25 R
consumer
original.order_info.mobile_number String 1..25 O Customer mobile number
original.order_info.store_label String 1..25 O Store specific information
original.order_info.loyalty_number String 1..25 O Customer loyalty information
original.order_info.customer_label String 1..25 O Customer specific information
original.order_info.terminal_label String 1..25 O Terminal specific information
original.order_info.transaction_purpose String 1..25 O Transaction purpose
original.order_info.additional_data_request Customer additional data
request indicator
• "A" = Customer address
String 1..3 O
• "M" = Customer mobile
number
• "E" = Customer email
Additional information of
additional_info Object 0..1 O
transaction
Array of Detail information format key,
additional_info.instruction[i] 0..50 O
object value
50
This API is provided by NAPAS to Originating Institutions for querying the payment
transaction status in case of unclear failure or timeout. Napas will route the payment inquiry
request to corresponding receivers through its payment network.
The current support of this API only include Napas Ecommerce Payment System.
Authentication Signature
Protocol REST-JSON
header.operation TRANSACTION_INQUIRY
ITMX Format:
MNYYYYMMDDHHmmssbbbnnnnnnnnnnnnnnnn
Pos. 01-01 - fixed value 'M'
R Pos. 02-02 - Node Identification (1 numeric
character)
Pos. 03-16 - System Date/Time in format
YYYYMMDDHHmmss (GMT+7)
Pos. 17-19 – sending bank code
Pos: 20 -35 - unique serial number (identical to the
number use in the BAH)
CASHIN
R
CASHOUT
EFT
txId String 1..35 TxId of the transaction that inquiry the state.
51
At the beginning of the ESB call request to ITMX,
this value should be included in the message
camt.005
ITMX Format:
MNYYYYMMDDHHmmssbbbnnnnnnnnn
nnnnnnn
Pos. 01-01 - fixed value 'M'
52
Field name Field type Length Mandatory Description
Pos. 02-02 - Node Identification (1 numeric
character)
Pos. 03-16 - System Date/Time in format
YYYYMMDDHHmmss (GMT+7)
Pos. 17-19 – sending bank code
Pos: 20 -35 - unique serial number (identical
to the number use in the BAH)
datetime String 1..25 R The date and time of sending the query
transaction result response
VD: 2019-03-25T10:32:24.634+07:00
trace String 1..6 O System trace audit number of original
transaction
txId String 1..35 R TxId of the transaction that inquiry the state.
Authentication Signature
Protocol REST-JSON
53
header.operation QRLOOKUP
Format:
YYYYMMDDHHmmss<GW_BIC>nnnnnnnnnnnnnnn
Ex: 20200819151320NAPASVNV0000000000001
Pos 1-8: Date with format YYYYMMDD
Pos 9-14: Time with format HHmmss
Pos 15-22: sending switch code
Pos 23-35: Unique Id
For QR Domestic: unique reference generated
by sending participant for each request max
length 12
qr_string String [1..unbounded] R String QR code payment
54
For example Thai inbound from
Singapore, SGD is base currency
1 VND = 0.00134614 THB, the
value is 0.00134614
Format: 11 digits with 10 fractions
55
participant.originating_institution_id String 1..15 R Id of originating institution
56
recipient.address Object O Address of the recipient
First line of the address of the
recipient.address.line1 String 1..50 O
recipient
Second line of the address of the
recipient.address.line2 String 1..50 O
recipient
recipient.address.city String 1..50 O City of the recipient
57
Operation URL {PARTNER_SERVICE_URL}
Authentication Signature
Protocol REST-JSON
header.operation QRPUSH
58
Currency code of the transfer amount
as an ISO 4217 alpha currency code
payment.interbank _currency String 1..3 C
For cross border payment QR is
required
Exchange rate calculated using
sending currency as the base
currency.
For example Thai inbound from
Singapore, SGD is base currency
1 VND = 0.00134614 THB, the
payment.exchange_rate String 1..12 C value is 0.00134614
Format: 11 digits with 10 fractions
59
conditional, required if presented in
QR message.
Receiving amount of the payment,
amount String 1..12 R rounded to 2 decimal digits if
payment currency is not VND
Receiving currency code of the
currency String 1..3 R transfer amount as an ISO 4217
alpha currency code Eg: VND
Amount of the settlement, rounded to
settlement_amount String 1..12 O 2 decimal digits if settlement
currency is not VND
Settlement currency as an ISO alpha
settlement_currency String 1..3 O
currency code
Date of settlement as in ISO 8601
settlement_date String R
format
Recipient account information, an
encrypted format in JWE/JWS of
account.data.profile as detailed in
Appendix A - Data Protection.
sender_account String R
Values for QR push service:
account.data.profile.type is 'RAW'
account.data.profile.pan is mapped to
customer account which funding
transaction.
sender Object R Sender information, optional
sender.first_name String 1..30 O First name of the sender
sender.middle_name String 1..30 O Middle name of the sender.
sender.last_name String 1..40 O Last name of the sender.
sender.full_name String 1..100 R Full name of the sender.
Date of birth of the sender as in ISO
sender.date_of_birth String 1..25 O
8601 format
sender.address Object O Address of the sender
sender.address.line1 String 1..50 R First line of the address of the sender
Second line of the address of the
sender.address.line2 String 1..50 O
sender
sender.address.city String 1..50 O City of the sender
sender.address.country_subdivision String 1..30 O State or province of the sender.
sender.address.postal_code String 1..10 O Postal code of the sender
Country of the sender as an ISO
sender.address.country String 1..2 R
alpha country code
sender.address.phone String 1..15 O Sender phone number
sender.address.email String 1..50 O Sender email address
participant Object R Participant object information
participant.originating_institution_id String 1..15 R Id of originating institution
Id of receiving institution, placed in
participant.receiving_institution_id String 1..15 R
tag 38 sub tag 00 part "acquirer id"
Merchant id, placed in 38 sub tag 01
participant.merchant_id String 1..19 R
part "merchant id"
Merchant category code defined by
participant.merchant_category_code String 1..4 R Napas. Detail values are in Appendix
B - list of merchant category code
Card acceptor / terminal id / wallet
participant.card_acceptor_id String 1..8 R
id
60
Card acceptor name, tag 59. This
participant.card_acceptor_name String 1..22 C field is conditional, required if
presented in QR message.
Card acceptor city, tag 60. This field
participant.card_acceptor_city String 1..13 C is conditional, required if presented
in QR message.
Card acceptor country, tag 58. This
participant.card_acceptor_country String 1..3 C field is conditional, required if
presented in QR message.
61
Message a financial institution will
additional_message String 1..999 O associate to the transfer and may
display
order_info Object R Order information data group
Bill number by merchant or
order_info.bill_number String 1..25 R
consumer
order_info.mobile_number String 1..25 O Customer mobile number
Store specific information. This field
order_info.store_label String 1..25 C is conditional, required if presented
in QR message.
62
Authorization Identification
payment.authorization_code String 1..6 C
Response, required if success
Provide a unique reference number
payment.funding_reference String 1..12 O of funding transaction from sending
participant, optional.
payment.type String 1..10 R Payment type, fixed to: QR_PUSH
Payment generation method at
device, optional, values: STATIC,
DYNAMIC. Default to STATIC.
payment.generation_method String 1..10 O
For QR push service, tag 01:
11=STATIC, 12=DYNAMIC
Initiation channel of the payment
request.
- 00: Unknown channel
- 01: ATM
- 02: Counter
- 03: POS
payment.channel String 1..2 R - 04: Internet Banking
- 05: Mobile Application
- 06: SMS Banking
- 07: Others
63
Mapping with exchange_rate in
response of API
proxy_lookup_request.
Indicator is fee indicator, tag 55
01 : Indicates Consumer should be
prompted to enter tip
02 : Indicates that merchant would
payment.indicator String 1..2 C
mandatorily charge a flat
convenience fee
03 : Indicates that merchant would
charge a percentage convenience fee
Fee fixed, tag 56
The convenience fee of a fixed
amount should be specified here.
This amount is expressed as how the
value appears, amount “100.00” is
payment.fee_fixed String 1..13 C defined as “100.00”, or amount
“99.85” is defined as “99.85”, or
amount “99.333” is defined as
“99.333” amount “99.3456” is
defined as “99.3456”
Note: 0 is not a valid value
Fee percentage, tag 57
The convenience percentage should
be specified here. This amount is
expressed as how the value appears,
payment.fee_percentage String 1..13 C
amount “10.00” is defined as
“10.00”, or amount “9.85” is defined
as “9.85”
Note: 0 and 100 is not a valid value.
System trace audit number,
Numeric
payment.trace 1..6 R generated by sending participant for
String
each request
Payment unique reference generated
by sending participant for each
request
66
Customer additional data request
indicator
order_info.additional_data_request String 1..3 O • "A" = Customer address
• "M" = Customer mobile number
• "E" = Customer email
Additional information of
additional_info Object 0..1 O
transaction
Array of
additional_info.instruction[i] 0..50 O Detail information format key, value
object
additional_info.instruction[i].key String 0..200 R Part or field name info
additional_info.instruction[i].value String 0..200 R Value of part or field
Authentication Signature
Protocol REST-JSON
header.operation QRVOID
Format:
YYYYMMDDHHmmss<GW_BIC>
nnnnnnnnnnnnnnn
Ex:
payment_reference String 1..35 R
20200819151320NAPASVNV00000
00000001
Pos 1-8: Date with format
YYYYMMDD
Pos 9-14: Time with format
HHmmss
Pos 15-22: sending switch code
Pos 23-35: Unique Id
original Object R Original payment information
original.payment Object R Payment information
original.payment.funding_reference Provide a unique reference number
String 1..12 O of funding transaction from sending
participant, optional.
original.payment.type String 1..10 R Payment type, fixed to: QR_PUSH
67
original.payment.generation_method Payment generation method at
device, optional, values: STATIC,
DYNAMIC. Default to STATIC.
String 1..10 O
For QR push service, tag 01:
11=STATIC, 12=DYNAMIC
original.payment.channel Initiation channel of the payment
request.
- 00: Unknown channel
- 01: ATM
- 02: Counter
- 03: POS
String 1..2 R - 04: Internet Banking
- 05: Mobile Application
- 06: SMS Banking
- 07: Others
68
03 : Indicates that merchant would
charge a percentage convenience fee
original.payment.fee_fixed Fee fixed, tag 56
The convenience fee of a fixed
amount should be specified here.
This amount is expressed as how the
value appears, amount “100.00” is
String 1..13 C defined as “100.00”, or amount
“99.85” is defined as “99.85”, or
amount “99.333” is defined as
“99.333” amount “99.3456” is
defined as “99.3456”
Note: 0 is not a valid value
original.payment.fee_percentage Fee percentage, tag 57
The convenience percentage should
be specified here. This amount is
expressed as how the value appears,
String 1..13 C
amount “10.00” is defined as
“10.00”, or amount “9.85” is defined
as “9.85”
Note: 0 and 100 is not a valid value.
original.payment.trace System trace audit number,
Numeric
1..6 R generated by sending participant for
String
each request
original.payment.payment_reference Payment unique reference generated
by sending participant for each
request
Numeric
1..35 R For cross border payment QR:
String
Mapping with
payment.payment_reference in
response of API
proxy_lookup_request.
original.payment.end_to_end_reference An end-to-end reference for tracing
String 1..25 O transaction between parties, QR tag
62 sub tab 05
original.amount Receiving amount of the payment,
String 1..12 R rounded to 2 decimal digits if
payment currency is not VND
original.currency Receiving currency code of the
String 1..3 R transfer amount as an ISO 4217
alpha currency code
original.sender_account Recipient account information, an
encrypted format in JWE/JWS of
account.data.profile as detailed in
Appendix A - Data Protection.
String R
Values for QR push service:
account.data.profile.type is 'RAW'
account.data.profile.pan is mapped to
customer account which funding
transaction.
original.sender Object R Sender information, optional
original.sender.first_name String 1..30 O First name of the sender
original.sender.middle_name
69
original.sender.full_name String 1..100 R Full name of the sender.
original.sender.date_of_birth Date of birth of the sender as in ISO
String 1..25 O
8601 format
original.sender.address Object O Address of the sender
original.sender.address.line1 String 1..50 R First line of the address of the sender
original.sender.address.line2 Second line of the address of the
String 1..50 O
sender
original.sender.address.city String 1..50 O City of the sender
original.sender.address.country_subdivision String 1..30 O State or province of the sender.
original.sender.address.postal_code String 1..10 O Postal code of the sender
original.sender.address.country Country of the sender as an ISO
String 1..2 R
alpha country code
original.sender.address.phone String 1..15 O Sender phone number
original.sender.address.email String 1..50 O Sender email address
original.participant Object R Participant object information
original.participant.originating_institution_id String 1..15 R Id of originating institution
original.participant.receiving_institution_id Id of receiving institution, placed in
String 1..15 R
tag 38 sub tag 00 part "acquirer id"
original.participant.merchant_id Merchant id, placed in 38 sub tag 01
String 1..19 R
part "merchant id"
original.participant.merchant_category_code Merchant category code defined by
String 1..4 R Napas. Detail values are in Appendix
B - list of merchant category code
original.participant.card_acceptor_id Card acceptor / terminal id / wallet
String 1..8 R
id
original.participant.card_acceptor_name Card acceptor name, tag 59. This
String 1..22 C field is conditional, required if
presented in QR message.
original.participant.card_acceptor_city Card acceptor city, tag 60. This field
String 1..13 C is conditional, required if presented
in QR message.
original.participant.card_acceptor_country Card acceptor country, tag 58. This
String 1..3 C field is conditional, required if
presented in QR message.
original.participant.card_postal_code Card postal code, tag 61. This field is
String 1..10 C conditional, required if presented in
QR message.
original.participant.card_language_preference Card language preference, tag 64 sub
String 1..2 C tag 01. This field is conditional,
required if presented in QR message.
original.participant.card_name_alternate_language Card name alternate language, tag 64
String 1..25 C sub tag 02. This field is conditional,
required if presented in QR message.
original.participant.card_city_alternate_language
70
Values for QR push service:
account.data.profile.type is 'RAW'
account.data.profile.pan is mapped to
tag 38 sub tag 01 part "merchant id"
original.recipient Object O Information about the recipient
original.recipient.first_name String 1..30 O First name of the recipient
original.recipient.middle_name String 1..30 O Middle name of the recipient
original.recipient.last_name String 1..40 O Last name of the recipient
original.recipient.full_name String 1..100 R Full name of the recipient
original.recipient.date_of_birth Date of birth of the recipient as in
String 1..25 O
ISO 8601 format
original.recipient.address Object O Address of the recipient
original.recipient.address.line1 First line of the address of the
String 1..50 O
recipient
original.recipient.address.line2 Second line of the address of the
String 1..50 O
recipient
original.recipient.address.city String 1..50 O City of the recipient
original.recipient.address.country_subdivision String 1..30 O State or province of the sender.
original.recipient.address.postal_code Number 1..10 O Postal code of the sender
original.recipient.address.country Country of the sender as an ISO
String 1..2 R
alpha country code
original.recipient.address.phone
String 1..15 O Sender phone number
original.recipient.address.email String 1..50 O Sender email address
original.additional_message Message a financial institution will
String 1..999 O associate to the transfer and may
display
original.order_info Object R Order information data group
original.order_info.bill_number Bill number by merchant or
String 1..25 R
consumer
original.order_info.mobile_number String 1..25 O Customer mobile number
original.order_info.store_label String 1..25 O Store specific information
original.order_info.loyalty_number String 1..25 O Customer loyalty information
original.order_info.customer_label String 1..25 O Customer specific information
original.order_info.terminal_label
original.order_info.transaction_purpose
71
Response HTTP Header
HTTP Header: HTTP/1.1 200 OK
Content-Type application/json
Location A complete URL to check the status of the request
72
original.payment.interbank_amount The amount of the payment is in
local currency, rounded to 2
decimal digits if payment currency
String 1..12 C is not VND.
73
Mapping with
payment.payment_reference in
response of API
proxy_lookup_request.
original.payment.end_to_end_reference An end-to-end reference for
String 1..25 O tracing transaction between parties,
QR tag 62 sub tab 05
original.amount Receiving amount of the payment,
String 1..12 R rounded to 2 decimal digits if
payment currency is not VND
original.currency Receiving currency code of the
String 1..3 R transfer amount as an ISO 4217
alpha currency code
original.settlement_amount Amount of the settlement, rounded
String 1..12 O to 2 decimal digits if settlement
currency is not VND
original.settlement_currency Settlement currency as an ISO
String 1..3 O
alpha currency code
original.settlement_date Date of settlement as in ISO 8601
String R
format
original.sender_account Recipient account information, an
encrypted format in JWE/JWS of
account.data.profile as detailed in
Appendix A - Data Protection.
String R
Values for QR push service:
account.data.profile.type is 'RAW'
account.data.profile.pan is mapped
to customer account which funding
transaction.
original.sender Object R Sender information, optional
original.sender.first_name String 1..30 O First name of the sender
original.sender.middle_name String 1..30 O Middle name of the sender.
original.sender.last_name String 1..40 O Last name of the sender.
original.sender.full_name String 1..100 R Full name of the sender.
original.sender.date_of_birth Date of birth of the sender as in
String 1..25 O
ISO 8601 format
original.sender.address Object O Address of the sender
original.sender.address.line1 First line of the address of the
String 1..50 R
sender
original.sender.address.line2 Second line of the address of the
String 1..50 O
sender
original.sender.address.city String 1..50 O City of the sender
original.sender.address.country_subdivision String 1..30 O State or province of the sender.
original.sender.address.postal_code String 1..10 O Postal code of the sender
original.sender.address.country Country of the sender as an ISO
String 1..2 R
alpha country code
original.sender.address.phone String 1..15 O Sender phone number
original.sender.address.email String 1..50 O Sender email address
original.participant Object R Participant object information
original.participant.originating_institution_id String 1..15 R Id of originating institution
original.participant.receiving_institution_id Id of receiving institution, placed
String 1..15 R in tag 38 sub tag 00 part "acquirer
id"
original.participant.merchant_id Merchant id, placed in 38 sub tag
String 1..19 R
01 part "merchant id"
74
original.participant.merchant_category_code Merchant category code defined by
Napas. Detail values are in
String 1..4 R
Appendix B - list of merchant
category code
original.participant.card_acceptor_id Card acceptor / terminal id /
String 1..8 R
wallet id
original.participant.card_acceptor_name Card acceptor name, tag 59. This
String 1..22 C field is conditional, required if
presented in QR message.
original.participant.card_acceptor_city Card acceptor city, tag 60. This
String 1..13 C field is conditional, required if
presented in QR message.
original.participant.card_acceptor_country Card acceptor country, tag 58. This
String 1..3 C field is conditional, required if
presented in QR message.
original.participant.card_postal_code Card postal code, tag 61. This field
String 1..10 C is conditional, required if
presented in QR message.
original.participant.card_language_preference Card language preference, tag 64
sub tag 01. This field is
String 1..2 C
conditional, required if presented
in QR message.
original.participant.card_name_alternate_language Card name alternate language, tag
64 sub tag 02. This field is
String 1..25 C
conditional, required if presented
in QR message.
original.participant.card_city_alternate_language Card city alternate language, tag
64 sub tag 03. This field is
String 1..15 C
conditional, required if presented
in QR message.
original.participant.card_payment_system_specific System payment specific is
String 1..99 O
addition info.
original.recipient_account Recipient account information, an
encrypted format in JWE/JWS of
account.data.profile as detailed in
Appendix A - Data Protection.
String R
Values for QR push service:
account.data.profile.type is 'RAW'
account.data.profile.pan is mapped
to tag 38 sub tag 01 part "merchant
id"
original.recipient Object O Information about the recipient
original.recipient.first_name String 1..30 O First name of the recipient
original.recipient.middle_name String 1..30 O Middle name of the recipient
original.recipient.last_name String 1..40 O Last name of the recipient
original.recipient.full_name String 1..100 R Full name of the recipient
original.recipient.date_of_birth Date of birth of the recipient as in
String 1..25 O
ISO 8601 format
original.recipient.address Object O Address of the recipient
original.recipient.address.line1 First line of the address of the
String 1..50 O
recipient
original.recipient.address.line2 Second line of the address of the
String 1..50 O
recipient
original.recipient.address.city String 1..50 O City of the recipient
original.recipient.address.country_subdivision String 1..30 O State or province of the sender.
original.recipient.address.postal_code Number 1..10 O Postal code of the sender
original.recipient.address.country Country of the sender as an ISO
String 1..2 R
alpha country code
75
original.recipient.address.phone String 1..15 O Sender phone number
original.recipient.address.email String 1..50 O Sender email address
original.additional_message Message a financial institution will
String 1..999 O associate to the transfer and may
display
original.order_info Object R Order information data group
original.order_info.bill_number Bill number by merchant or
String 1..25 R
consumer
original.order_info.mobile_number String 1..25 O Customer mobile number
original.order_info.store_label String 1..25 O Store specific information
original.order_info.loyalty_number String 1..25 O Customer loyalty information
original.order_info.customer_label String 1..25 O Customer specific information
original.order_info.terminal_label String 1..25 O Terminal specific information
original.order_info.transaction_purpose String 1..25 O Transaction purpose
original.order_info.additional_data_request Customer additional data request
indicator
String 1..3 O • "A" = Customer address
• "M" = Customer mobile number
• "E" = Customer email
Additional information of
additional_info Object 0..1 O
transaction
Array of Detail information format key,
additional_info.instruction[i] 0..50 O
object value
additional_info.instruction[i].key String 0..200 R Part or field name info
76
- SD: Security Domain - keys are used by trusted applications in the terminal or device where
the sensitive data is read.
All Content 128 bit symmetric keys used for AES- Content encryption keys – keys used to encrypt
Encryption Key (CEK) GCM sensitive content, generate on every usage.
PK/CA.OCE.CERT Public RSA 2048-bit key in X.509 Root OCE CA certificate that issues/signs leaf
certificate OCE certificates. This is Napas root CA.
PK/SIG.OCE.CERT Public RSA 2048-bit key in X.509 Message signature verification key, leaf OCE
certificate certificate. SIG.OCE.CERT is signed by
SK/CA.OCE.CERT
PK/JWS.OCE.CERT Public RSA 2048-bit key and X.509 JWS signature verification key, leaf OCE
certificate certificate. JWS.OCE.CERT signed by
SK/CA.OCE.CERT
PK/JWE.OCE.CERT Private/Public RSA 2048-bit key and JWE encryption key, leaf OCE certificate.
X.509 certificate JWE.OCE.CERT signed by SK/CA.OCE.CERT
77
HTTP body request (for PUT/POST verb) or in header.signature in HTTP header property
named header (for GET/DELETE).
- At server site, NAPAS will use client’s PK/SIG.OCE.CERT to verify the signature in the
requested message.
- At client site, client shall use NAPAS’s PK/SIG.OCE.CERT to verify the signature in the
response message.
4.3.1 account.data.profile
This data is encrypted in JWE/JWS format (see Appendix B). Data contains the following fields
(in JSON format before encryption):
Field
Field name Length Mandatory Description
type
Account type, currently supported values: PAN, RAW, TOKEN.
PAN: card primary account number
RAW: Specifies a deposit account or generic account number that is not a
type String 1..20 R PAN
TOKEN: digitized number of card/account by Napas Tokenization Service
iss String 4 C Account issuing date, in format MMYY. This field is conditional.
78
exp String 4 C Account expiration date, in format MMYY. This field is conditional.
cvv String 1..3 O Card verification code (for credit card), reserved
Account signature – Base64 encoding of account signature image data,
sig String 1..999 O
reserved
fid String 1..999 O Fingerprint id, reserved
aid String 1..999 O Account Authorization Id, reserved
pwd String 1..999 O Account password, reserved
name String 1..999 R Account name, reserved
address Object O Account billing address, optional
address.street1 String 1..999 R Billing street address
address.street2 String 1..999 O Billing street address
address.city String 1..999 R Billing city
address.state String 1..999 O Billing state
address.zip String 1..99 O Billing zip code
address.country String 1..3 R Billing country as ISO alpha country code
79
5 Appendix B – JWE/JWS standard
Sensitive data is secured by using JWE/JWS format from device or terminal where data is read.
This provide the end-to-end security solution which limit the risk of data is seen by any middle
entities during transmission.
From device to encrypt data to Napas:
- Create JWE data using Napas OCE JWE public key (JWE.OCE.CERT) with CEK generate
for every usage.
- Create JWS of JWE data using device JWS private key (which will be verified by device
JWS.SD.CERT).
JWE Payload
Tag Description
encrypted_key Contains the value BASE64URL (JWE Content Encrypted Key). The Content Encryption Key is
encrypted with the Public Key, provided to client during onboarding (JWE.SD.CERT)
Contain the value BASE64URL (JWE Initialization Vector). Initialization vector used in the
Iv
encryption algorithm
ciphertext Encrypted In-App payment payload (JSON object in JWE format)
tag Contains the value BASE64URL(JWE Authentication Tag). For integrity of cipher text.
80
JWE compact serialization contains the value BASE64URL(JWE).
JWS Signature
JWS Signature contains the value BASE64URL(Signature of (JWS header || ‘.’ || JWS
Payload)).
81
6 Appendix C - Reconciliation File Format.
6.1 Successful transaction file and processed transaction file in a
session
The detail file contains the successful transactions in a session created by Napas and sent to the
MO: MMDDYY_ZZZ_BBB_999999_X_TC_<ServiceCode>.dat
The detail file contains the processed transactions in a session created by Napas and sent to
the MO: MMDDYY_ZZZ_BBB_999999_X_XL_<ServiceCode >.dat
2. Character 5 [REV]
Identification code of “Receiver bank”
Field identification
field
code
(Receiver – REV)
82
3. Character 6 [DATE]
Field identification Identification code of “Transaction
code date (DATE)” field
DR = Detail Record
2. Field Character 5 [MTI] Identification code of MTI field
identification
code
Primary Account Character 19 Card number is right indented and The PAN field in the
Number (F2) padding space in the left if there account.data.profile object.
is less than 19 characters
Processing Code Number 6 Transaction processing code The TYPE tin the
(F3) account.data.profile object
83
If Type= “RAW” then value
is 912020
Real Transaction Number 12 Transaction amout is converted in RTA = F5 - Số tiền hoàn trả
Amount VND if the transaction performed
oversea.
84
Currency Number 3 The currency code with 03 currency
code(F49) numbers, padding left with zero if
it’s value is less than 03 digits.
10. Field Character 4 [F5] Identification code of F5 field
identification
code
85
15. Field Character 5 [F51] Identification code of
identification
code F51 field
86
Merchant Number 4 Merchant type recipient.merchant_category_
category code code
(F18)
22. Field Character 5 [F22] Identification code of F22 field
identification
code
Chế độ tại điểm Number 3 The entry mode at Point-of- Defaults is “000”
truy cập dịch vụ service
(F22) The code identifies how the PAN
and PIN is inputted at the Point-
of-service
23. Field Character 5 [F25] Identification code of F25 field
identification
code
87
27. Character 5 [MID] Identification code of card
Field acceptor identification code
identification field
code
(F42)
Source Account Character 28 Padding left with space if it’s The PAN field in the
Number(F102) value is less than 28 digits sender_account object
ISS Fee (service Number 12 Padding left with zero if it’s value Napas will fill in
fee of ISS for is less than 12 digits
NAPAS)
02 decimal digits.
Fill with zero if there is no value
88
32. Field Character 11 [IRFIS
Identification code of ISS
identification SACQ
interchange fee for ACQ field
code ]
ISS Fee Number 12 Padding left with zero if it’s value Napas will fill in
(interchange fee is less than 12 digits
of ISS for ACQ)
02 decimal digits,
Fill with zero if there is no value
ISS Fee Number 12 Padding left with zero if it’s value Napas will fill in
(interchange fee is less than 12 digits
of ISS for BNB)
02 decimal digits,
Fill with zero if there is no value
ACQ Fee Number 12 Padding left with zero if it’s value Napas will fill in
(service fee of is less than 12 digits
ACQ for NAPAS 02 decimal digits,
Fill with zero if there is no value
36. Field Character 11 [IRFA Identification code of ACQ
identification interchange fee for BNB field
code CQBN
B]
ACQ Fee Number 12 Padding left with zero if it’s Napas will fill in
(interchange fee value is less than 12 digits
of ACQ for BNB)
02 decimal digits,
Fill with zero if there is no value
89
BNB Fee Number 12 Padding left with zero if it’s value Napas will fill in
(service fee of is less than 12 digits
BNB for NAPAS
02 decimal digits,
Fill with zero if there is no value
38. Field Character 11 [IRFB Identification code of BNB
identification interchange fee for ISS field
code NBISS
]
BNB Fee Number 12 Padding left with zero if it’s value Napas will fill in
(interchange is less than 12 digits
BNB Fee Number 12 Padding left with zero if it’s Napas will fill in
(interchange value is less than 12 digits
90
Transaction Character 16 The transaction identification payment.reference
Reference number is generated by Napas
Number – TRN
(F63) when the transaction is processed
44. Field
[RSV1
identification Character 6 Reserve information field 1
]
code
91
Reserve Character 100 At present, it is not used. Napas will fill in
information field Reserved for future, filled with
3 space characters
47 Field Character 5 [CSR]
Identification code of
identification
Checksum field (CSR)
code
Checksum value Characte 32 To verify the integrity of data Napas will fill in
r line
Checksum is calculated using
MD5 hash
Creation time Number 6 The creation time on the system that exports
the file
in HHmmss format
HH : hour (24-hours format)
mm : minute
ss : second
92
5. Field Character 6 [DATE] Identification code of file creation date field
identification code (DATE)
- Detail lines: each transaction corresponds to a line in this file. Each transaction line ends with
a checksum field to verify the integrity of the data.
- Trailer end: contains information such as the number of transactions in the file, the creator
file, file creation date, file checksum value.
After receiving the file, the Napas has to check each line in the file and the line checksum value
to verify the integrity of the line, and check the file checksum value to verify the integrity of the
file.
93
6.2.1 Header line format (Header)
Index Field name Type Length Value Description
2. Field identification Character 5 [REV] Field identification code mã ngân hàng nhận
code (Receiver - REV)
Receiver Bank code Character 8 The receiver bank code must be same with the
bank code in filename
The code is right indented and padded space in
the left if there is less than 08
characters
Record type
1 Record type Character 2 DR
DR = Detail Record
Field
Identification code of MTI
identification Character 5 [MTI]
field
code
94
- If Issuer send MTI =
0210 then Napas return
MTI = 0210.
Field
Identification code of F2
identification Character 4 [F2]
field
code
3 The PAN field in the
account.data.profile object.
Card number is right
Primary
indented and padding
Account Character 19
space in the left if there is
Number (F2)
less than 19 characters
Field
Identification code of F3
identification Character 4 [F3]
field
code
Field Type in the
account.data.profile
4
- If Type=PAN then value
Processing Transaction
Number 6 is 910020
Code (F3) processingcode
- If Type= RAW then
value is 912020
Field
Identification code of
identification Character 5 [SVC]
Service Code (SVC) field
5 code
Service Service Code – specified
Character 10
Code (F62) by NAPAS payment.type
Field Identification code of
identification Character 5 [TCC] Transaction Channel Code
code (TCC) field (F60)
6
Identification code of
Transaction
Character 2 Transaction Channel field
Channel Code
(F60) payment.channel
Field
Identification code of F4
identification Character 4 [F4]
field
code
Transaction amount is
converted in VND if the
7
transaction performed
Transaction
Number 12 oversea. It has 02 decimal
Amount (F4)
digits, padding left with
zero if it’s value is less
than 12 digits amount
Field Identification code of of
8 identification Character 5 [RTA] Real Transaction Amount
code field
95
Transaction amount is
converted in VND if the
transaction performed
oversea. Transaction
Amount in VND currency,
with 02 decimal digits,
padding left with zero if
it’s value is less than 12
digits. If transaction is
Real
successful and is not
Transaction Number 12
reversed, then this amount
Amount
is equal to the transaction
amount (F4). If transaction
is successful and is
reversed, then this amount
is zero. If transaction is
successful and is reversed
partialy, then this amount
is less than the transaction
amount (F4).
Field
Identification code of F49
identification Character 5 [F49]
field.
code
9 The currency code with 03
Currency numbers, padding left with
Number 3
code (F49) zero if it’s value is less
than 03 digits. currency
Field
Identification code of F5
identification Character 4 [F5]
field
code
10
02 decimal digits, padding
Settlement
Number 12 left with zero if it’s value
Amount (F5)
is less than 12 digits
settlement_amount
Field
Identification code of F50
identification Character 5 [F50]
field
code
11 The currency code with 03
Settlement
numbers, padding left with
currency code Number 3
zero if it’s value is less
(F50)
than 03 digits. settlement_currency
Field
Identification code of F9
identification Character 4 [F9]
field
code
This field format :
12 nXXXXXXX n : number
Settlement
of decimal digits.
conversion rate Number 8 F9
XXXXXXX : exchange
(F9)
rate Fill zero if there is no
value. Default is “1”
Field
Identification code of F6
identification Character 4 [F6]
field
code
13
Cardholder 02 decimal digits, padding
Billing Number 12 left with zero if it’s value
Amount (F6) is less than 12 digits
96
Field
Identification code of Real
identification Character 5 [RCA]
Cardholder Amount field
code
02 decimal digits, padding
left with zero if it’s value
is less than 12 digits. If
transaction is successful
and is not reversed, then
this amount is equal to the
14
Real transaction amount. If
Cardholder Number 12 transaction is successful
Amount and is reversed, then this
amount is zero. If
transaction is successful
and is reversed partialy,
then this amount is less
than the transaction
amount.
Field
Identification code of F51
15 identification Character 5 [F51]
field
code
The currency code with 03
Cardholder numbers, padding left with
Number 3
Billing (F51) zero if it’s value is less
than 03 digits.
Field
Identification code of F10
16 identification Character 5 [F10]
field
code
This field format :
nXXXXXXX
Cardholder n : number of decimal
Billing digits.
Number 8
Conversion XXXXXXX : exchange
Rate (F10) rate
Fill with zero if there is no
value
Field
Identification code of F11
17 identification Character 5 [F11]
field
code
System
Trace Padding left with zero if
Number 6
Audit Number there is less than 06 digits
(F11) payment.trace
Field
Identification code of F12
identification Character 5 [F12]
field
code
In HHmmss format
18 Convert the transaction time
Local HH : hour (24-hours
transaction Number 6 format) to HHmmss format from:
time (F12) mm : minute payment.transaction
ss : second _local_date_time
field
Field
Identification code of F13
19 identification Character 5 [F13]
field
code
97
Convert the transaction date
Local In MMdd format to MMdd format from:
transaction Number 4 MM : month payment.transaction
date (F13) dd : day of month _local_date_time
field
Field
Identification code of F15
identification Character 5 [F15]
field
code
20
In MMdd format
Settlement
Number 4 MM : month settlement_date
date (F15)
dd : day of month
Field
Identification code of F18
identification Character 5 [F18]
field
code
21
Merchant
recipient.merchant_category
Category Code Number 4 Merchant type
_code
(F18)
Field
Identification code of F22
identification Character 5 [F22]
field
code
The entry mode at Point-
22 of-service
Point-of-
The code identifies how
service Entry Number 3 Default is “000”
the PAN and PIN is
Mode (F22)
inputted at the Point-of-
service
Field
Identification code of F25
23 identification Character 5 [F25]
field
code
Point-of-
service The condition code at
Number 2 Default is “00”
Condition Point-of-service
Code (F25)
Field
Identification code of F41
identification Character 5 [F41]
field
code
98
Field Identification code of
identification Character 5 [ACQ] Acquiring institution code
code field (F32)
Acquirer identification
25
code is registered in
Acquiring
Napas participant.originating_instit
Institution Character 8
Padding left with zero if ution_id
Code (F32)
it’s value is less than 08
digits
Field
Issuer identification code
identification Character 5 [ISS]
(Issuer Identify)
code
99
Field
Identification code of F103
identification Character 6 [F103]
field
code
30
Destination Padding left with space if
Card/Account Character 28 it’s value is less than 28
number digits The PAN field in the
(F103) recipient_account object.
Identification code of F37
Field field.
identification Character 5 [F37] For ECOM service :
code filled with transaction
code.
31
Reference number
transaction for
Retrieval Character 12 reconciliaction
Reference Padding left with if it has
Number (F37) less than characters payment.payment_reference
Field
Identification code of F38
identification Character 5 [F38]
field
code
32 Authorization Authorization Number is
Identification responded from Issuer.
Character 6
Response Fill space if there is no
(F38) value payment.authorization_code
Identification code of F63
Field
field (Transaction
identification Character 5 [TRN]
Reference Number –
code
TRN)
33 The transaction
Transaction identification number is
Reference Character 16 generated by Napas
Number – when the transaction is
TRN (F63) processed payment.reference
Field Identification code of
identification Character 5 [RRC] Reconcilation response
code code field (RRC)
Reconciliation Response
34
Code is specified in the
settlement process for MO.
Number 4
Reconciliation Padding left with zero if
Response it’s value is less than 4
Code digits.
Field
Reserve information field
35 identification Character 6 [RSV1]
1
code
100
- For ECOM service :
Noted that this field to add
and fill with full
values using with
merchants in ECOM
service.
+ From 1-32 (including 32
characters) : filled with
merchant code (but from
Field 48 of online
message), padding right
with space if it is less than
Character 100 32 characters.
+ From 33-52 (including
20 characters) : filled with
transaction code (but from
Field 48 of online
message), padding right
with space if it is less than Combine the value of the 3
20 characters. fields below:
+ From 53-100 : not used,
filled with spaces. sender.first_name
- For the other services :
sender.middle_name
filled with spaces
sender.last_name
Reserve
information 1 And space in the middle
Field
Reserve information field
identification Character 6 [RSV2]
2
code
101
6.2.3 Trailer line format (Trailer)
No Field Name Type Length Value Description
3 Field identification Character 5 [CRE] Field identification code người tạo file
code (Creater - CRE)
4 Field identification Character 6 [TIME] Field identification code giờ tạo file (TIME)
code
102