# README

### 1. Login to the Merchant Dashboard <a href="#id-1.-login-to-the-merchant-dashboard" id="id-1.-login-to-the-merchant-dashboard"></a>

* Contact the operations team to obtain your **merchant dashboard link**, **login username**, and **password.**
* Ask the customer service to whitelist your login IPs.
* After logging in, you have to change **password** and **Google Authenticator** **Key** first.
* Then click the **"API Settings"** button at the top right.

### 2. Configure AccessKey and Auth IP Whitelist <a href="#id-2.-configure-accesskey-and-auth-ip-whitelist" id="id-2.-configure-accesskey-and-auth-ip-whitelist"></a>

* Click **Regenerate AccessKey**, copy and save it in a secret place.
* Ask the customer service to whitelist your **Auth IPs** (the server which you would raise the API requests).
* Enter the Google Authenticator verification code.
* Click **Submit** to apply the changes.

### 3. API Request Instructions <a href="#id-3.-api-request-instructions" id="id-3.-api-request-instructions"></a>

#### **V2**

* When making requests, set the following in the **Header**:

```
Content-Type: application/json
Authorization: {MerchantID}
```

* Example:

```
Content-Type: application/json
Authorization: 1514639549140992
```

### 4. Callback Instructions <a href="#callback-instructions" id="callback-instructions"></a>

* Only successful or failed orders will trigger a callback.
* The callback URL can be specified individually when placing an order. If not specified, the system will use the default callback URL configured in the merchant dashboard.
* Callback source IP: **65.20.91.228**
* Callback succeed when the endpoint responses with http code **200**, other than that is failed.
* Failed callbacks will automatically retry **3 times**.
* Callback method: **POST**
* Callback content: **AES-encrypted JSON string**

**Example: Callback Payload**

```json
{
    "sourceNo": "merchant order No.",
    "data": "encrypted order details"
}
```

**Decrypted data:**

```json
// for payin
{
  "channelCreditOrderSimpleInfo": object,
  "channelPaymentRecordSimpleInfo": object
}

// for payout
{
  "channelDebitOrderSimpleInfo": object,
  "channelPaymentRecordSimpleInfo": object
}
```

### 5. AES Encryption Specification <a href="#id-5.-aes-encryption-specification" id="id-5.-aes-encryption-specification"></a>

* Mode: ECB
* Padding: PKCS7
* Key Length: 256 bits
* Key: Same as AccessKey
* Character Encoding: UTF-8
* Output Format: Base64

**🔑 Example**

* Plaintext: Test
* Key: ecb797f9e9feab0a92ab283978d33711
* Encrypted Result: M2SwiX1fxQ5aJ34scDi0zA==

👉 Online testing tool: [AES Encryption Tool](https://www.toolhelper.cn/SymmetricEncryption/AES)

### 6. API Endpoints and Environment <a href="#id-6.-api-endpoints-and-environment" id="id-6.-api-endpoints-and-environment"></a>

Test Environment Endpoint: <https://api-beta.bharatpay.cc>

Production Environment Endpoint: <https://api.bharatpay.cc>

⚠️ Before going live, please contact the operations team to obtain the production environment merchant dashboard link, and complete the following steps:

* Reapply for and configure your AccessKey.
* Fill your Auth IP whitelist.

Once all configurations are complete and tested successfully, you may switch to the production environment for live operations.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc-en.bharatpay.cc/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.