QFPay Payment API Skill

Overview

QFPay API is a comprehensive payment solution that offers various payment methods to meet the needs of different businesses. This skill provides complete API integration guidelines including environment configuration, request formats, signature generation, payment types, supported currencies, and status codes.

Environment Configuration

QFPay API is accessible via three main environments:

Environment	Base URL	Description
Sandbox	INLINECODE0	For simulating payments without real fund deduction
Testing

https://test-openapi-hk.qfapi.com | Real payment flow but linked to test accounts (no settlement) |
| Production | https://openapi-hk.qfapi.com | Real live payments with actual settlement |

Important Notes:

• - Transactions in Testing environment using test accounts will NOT be settled
• Always ensure refunds are triggered immediately for test transactions
• Mixing credentials or endpoints across environments will result in signature or authorization errors

Environment Variables Setup

Configure these environment variables before using the API:

CODEBLOCK0

API Usage Guidelines

Rate Limiting

To ensure fair usage and optimal performance:

• - Limit: Maximum 100 requests per second (RPS) and 400 requests per minute per merchant
• Exceeding Limit: API responds with HTTP 429 (Too Many Requests)

Best Practices

1. 1. Batch Requests: Use batch processing to minimize individual requests
2. Efficient Queries: Utilize filtering and pagination
3. Caching: Implement response caching to avoid repeated requests
4. Monitoring: Track API usage and implement logging for request patterns

Error Handling

When receiving HTTP 429:

1. 1. Pause further requests for a specified duration
2. Implement exponential backoff for retries
3. Log errors for monitoring

Traffic Spike Management

For anticipated traffic spikes (e.g., promotional events), contact:

• - Technical Support: technical.support@qfpay.com

Request Format

HTTP Request

CODEBLOCK1

Public Payment Request Parameters

Attribute	Required	Type	Description
INLINECODE3	Yes	Int(11)	Transaction amount in cents (100 = $1). Suggest > 200 to avoid risk control
INLINECODE4

Yes | String(3) | Transaction currency. See Currencies section for full list | | pay_type | Yes | String(6) | Payment type code. See Payment Types section | | out_trade_no | Yes | String(128) | External transaction number. Must be unique per merchant account | | txdtm | Yes | String(20) | Transaction time format: YYYY-MM-DD hh:mm:ss | | auth_code | Yes (CPM only) | String(128) | Authorization code for scanning barcode/QR. Expires within one day | | expired_time | No (MPM only) | String(3) | QR expiration in minutes. Default: 30, Min: 5, Max: 120 | | goods_name | No | String(64) | Item description. Max 20 chars, UTF-8 for Chinese. Required for App payments | | mchid | No | String(16) | Merchant ID. Required if assigned, must NOT be included if not assigned | | udid | No | String(40) | Unique device ID for internal tracking | | notify_url | No | String(256) | URL for asynchronous payment notifications |

HTTP Header Requirements

Field	Required	Description
INLINECODE14	Yes	App code assigned to merchant
INLINECODE15

Yes | Signature generated per signature algorithm | | X-QF-SIGNTYPE | No | Signature algorithm. Use SHA256 or defaults to MD5 |

Content Specifications

• - Character Encoding: UTF-8
• Method: POST/GET (depends on endpoint)
• Content-Type: application/x-www-form-urlencoded

Response Format

Success Response Structure

CODEBLOCK2

Response Fields

Field	Type	Description
INLINECODE19	String(4)	Return code. "0000" means success
INLINECODE20

String(64) | Message description of respcd | | data | Object | Payment transaction data |

Data Object Fields

Field	Type	Description
INLINECODE22	String	Transaction amount in cents
INLINECODE23

String | Merchant's original order number | | txcurrcd | String | Currency code (e.g., HKD) | | txstatus | String | Payment status: SUCCESS, FAILED, PENDING | | qf_trade_no | String | QFPay's unique transaction number | | pay_type | String | Payment method code | | txdtm | String | Payment time (YYYY-MM-DD HH:mm:ss) |

Signature Verification

Response may include X-QF-SIGN and X-QF-SIGNTYPE headers. Verify by:

1. 1. Extracting data fields in sorted order
2. Concatenating as key1=value1&key2=value2&...
3. Appending client key
4. Generating MD5 hash and comparing

Signature Generation

All API requests must include a digital signature in the HTTP header:

CODEBLOCK3

Step-by-Step Guide

Step 1: Sort Parameters

Sort all request parameters by parameter name in ASCII ascending order.

Example:

Parameter	Value
INLINECODE31	INLINECODE32
INLINECODE33

100 |
| txcurrcd | HKD |

Sorted result:
CODEBLOCK4

Step 2: Append Client Key

Append your secret client_key to the string.

If client_key = abcd1234:
CODEBLOCK5

Step 3: Hash the String

Hash using MD5 or SHA256 (SHA256 recommended):

CODEBLOCK6

Step 4: Add to Header

CODEBLOCK7

Important Notes

• - Do NOT insert line breaks, tabs, or extra spaces
• Parameter names and values are case-sensitive
• Double-check parameter order and encoding if signature fails

Code Examples

Python

CODEBLOCK8

Payment Types

The pay_type parameter specifies which payment method to use. This affects transaction routing and UI requirements.

Note: Not all pay_type values are enabled for every merchant. Contact technical.support@qfpay.com for clarification.

Supported Payment Types

Code	Description
800008	CPM for WeChat, Alipay, UnionPay QuickPass, PayMe
800101

Alipay MPM (Overseas Merchants) | | 800108 | Alipay CPM (Overseas & HK Merchants) | | 801101 | Alipay Web Payment (Overseas) | | 801107 | Alipay WAP Payment (Overseas) | | 801110 | Alipay In-App Payment (Overseas) | | 800107 | Alipay Service Window H5 Payment | | 801501 | Alipay MPM (HK Merchants) | | 801510 | Alipay In-App (HK Merchants) | | 801512 | Alipay WAP (HK Merchants) | | 801514 | Alipay Web (HK Merchants) | | 800201 | WeChat MPM (Overseas & HK) | | 800208 | WeChat CPM (Overseas & HK) | | 800207 | WeChat JSAPI Payment (Overseas & HK) | | 800212 | WeChat H5 Payment | | 800210 | WeChat In-App Payment (Overseas & HK) | | 800213 | WeChat Mini-Program Payment | | 801008 | WeChat Pay HK CPM (Direct Settlement, HK) | | 801010 | WeChat Pay HK In-App (Direct Settlement, HK) | | 805801 | PayMe MPM (HK Merchants) | | 805808 | PayMe CPM (HK Merchants) | | 805814 | PayMe Web Payment (HK Merchants) | | 805812 | PayMe WAP Payment (HK Merchants) | | 800701 | UnionPay QuickPass MPM | | 800708 | UnionPay QuickPass CPM | | 800712 | UnionPay WAP Payment (HK) | | 800714 | UnionPay PC-Web Payment (HK) | | 802001 | FPS MPM (HK Merchants) | | 803701 | Octopus MPM (HK Merchants) | | 803712 | Octopus WAP Payment (HK) | | 803714 | Octopus PC-Web Payment (HK) | | 802801 | Visa / Mastercard Online | | 802808 | Visa / Mastercard Offline | | 806527 | ApplePay Online | | 806708 | UnionPay Card Offline | | 806808 | American Express Card Offline |

Special Remarks

• - 801101: Transaction amount must be greater than 1 HKD
• 802001: This payment method does not support refunds

Supported Currencies

All codes follow ISO 4217 format (3-letter uppercase):

Code	Description
AED	Arab Emirates Dirham
CNY

Chinese Yuan |
| EUR | Euro |
| HKD | Hong Kong Dollar |
| IDR | Indonesian Rupiah |
| JPY | Japanese Yen |
| MMK | Myanmar Kyat |
| MYR | Malaysian Ringgit |
| SGD | Singapore Dollar |
| THB | Thai Baht |
| USD | United States Dollar |
| CAD | Canadian Dollar |
| AUD | Australian Dollar |

Note: Some payment methods may only support HKD. Verify with your integration manager before non-HKD transactions.

Status Codes

Standard respcd values returned by QFPay API:

Code	Description
0000	Transaction successful
1100

System under maintenance |
| 1101 | Reversal error |
| 1102 | Duplicate request |
| 1103 | Request format error |
| 1104 | Request parameter error |
| 1105 | Device not activated |
| 1106 | Invalid device |
| 1107 | Device not allowed |
| 1108 | Signature error |
| 1125 | Transaction already refunded |
| 1136 | Transaction does not exist or not operational |
| 1142 | Order already closed |
| 1143 | Order not paid, password being entered |
| 1145 | Processing, please wait |
| 1147 | WeChat Pay transaction error |
| 1150 | T0 billing method does not support cancellation |
| 1155 | Refund request denied |
| 1181 | Order expired |
| 1201 | Insufficient balance |
| 1202 | Incorrect or expired payment code |
| 1203 | Merchant account error |
| 1204 | Bank error |
| 1205 | Transaction failed, try again later |
| 1212 | Please use UnionPay overseas payment code |
| 1241 | Store does not exist or status incorrect |
| 1242 | Store not configured correctly |
| 1243 | Store has been disabled |
| 1250 | Transaction forbidden |
| 1251 | Store configuration error |
| 1252 | System error making order request |
| 1254 | Problem occurred, resolving issue |
| 1260 | Order already paid |
| 1261 | Order not paid |
| 1262 | Order already refunded |
| 1263 | Order already cancelled |
| 1264 | Order already closed |
| 1265 | Transaction cannot be refunded (11:30pm-0:30am) |
| 1266 | Transaction amount wrong |
| 1267 | Order information mismatch |
| 1268 | Order does not exist |
| 1269 | Insufficient unsettled balance for refund |
| 1270 | Currency does not support partial refund |
| 1271 | Transaction does not support partial refund |
| 1272 | Refund amount exceeds maximum refundable |
| 1294 | Transaction non-compliant, prohibited by bank |
| 1295 | Connection slow, waiting for network response |
| 1296 | Connection slow, try again later |
| 1297 | Banking system busy |
| 1298 | Connection slow, do not repeat payment if already paid |
| 2005 | Customer payment code incorrect or expired |
| 2011 | Transaction serial number repeats |

Usage Examples

Complete Payment Flow (Python)

CODEBLOCK9

Environment Configuration with Multiple Merchants

CODEBLOCK10

Important Notes

1. 1. Signature Security: Never expose your client_key in frontend code or client-side applications. Always compute signatures on the server side.

1. 2. Order Number Uniqueness: out_trade_no must be unique across all payment and refund requests under the same merchant account.

1. 3. Character Encoding: All requests and responses use UTF-8 encoding.

1. 4. Timeout Handling: For payment requests that don't return promptly, implement a polling mechanism to query transaction status.

1. 5. Async Notifications: Configure notify_url to receive asynchronous payment completion notifications and verify notification signatures.

1. 6. Refund Limitations: FPS (802001) payment type does not support refunds. Confirm business requirements before integration.

1. 7. Amount Format: Amount is in cents. For example, 100 represents 1 HKD.

1. 8. Timezone: The txdtm parameter uses the merchant's local timezone.

1. 9. Environment Variables: Always load sensitive credentials from environment variables, never hardcode them in source files.

Technical Support

For any integration issues, contact:

• - Email: technical.support@qfpay.com
• Documentation: https://sdk.qfapi.com
• Postman Collection: https://sdk.qfapi.com/assets/files/qfpayopenapipaymentrequest.postmancollection-c8de8c8fe69f3fcd5a7653d41c289a29.json

See Also

• - QFPay Developer Center
• Payment Integration Guides
• Checkout Integration