API Documentation

Dokumentasi lengkap untuk integrasi Payment Gateway

API Key
Info: Login untuk melihat API Key Anda. Contoh di bawah menggunakan placeholder YOUR_API_KEY_HERE.
YOUR_API_KEY_HERE
Penting: Jangan bagikan API Key Anda kepada siapapun. API Key digunakan untuk mengautentikasi request ke API.
Base URL
https://payments.403forbidden.tools/api
Authentication

Semua request API harus menyertakan API Key di header:

X-API-Key: YOUR_API_KEY_HERE

Atau sebagai query parameter:

?apiKey=YOUR_API_KEY_HERE
Payment Endpoints
POST /api/create-payment.php

Membuat pembayaran baru dengan opsi produk digital, foto produk, dan redirect URL.

Request Body
Parameter Type Required Description
amount number Required Nominal pembayaran (minimal 1000)
description string Optional Deskripsi pembayaran
customer_name string Optional Nama pelanggan
customer_email string Optional Email pelanggan
customer_phone string Optional No. HP pelanggan
callback_url string Optional URL webhook saat pembayaran sukses
redirect_url string Optional URL redirect setelah pembayaran sukses New
file_id number Optional ID file digital yang akan diberikan setelah bayar New
content_id number Optional ID hidden content yang akan dibuka setelah bayar New
product_image_id number Optional ID foto produk yang ditampilkan di halaman pembayaran New
Example Request (cURL)
curl -X POST https://payments.403forbidden.tools/api/create-payment.php \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY_HERE" \
  -d '{
    "amount": 50000,
    "description": "Pembayaran Produk A",
    "customer_name": "John Doe",
    "customer_email": "john@example.com",
    "redirect_url": "https://yoursite.com/thank-you",
    "file_id": 1,
    "product_image_id": 1
  }'
Example Request (PHP)
<?php
$apiKey = 'YOUR_API_KEY_HERE';
$data = [
    'amount' => 50000,
    'description' => 'Pembayaran Produk A',
    'customer_name' => 'John Doe',
    'redirect_url' => 'https://yoursite.com/thank-you',
    'file_id' => 1,  // Optional: attach digital file
    'product_image_id' => 1  // Optional: show product image
];

$ch = curl_init('https://payments.403forbidden.tools/api/create-payment');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'X-API-Key: ' . $apiKey
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
$result = json_decode($response, true);

echo $result['data']['payment_url'];
?>
Example Response
{
  "success": true,
  "data": {
    "invoice_id": "403-PAY-1234567890-ABC123",
    "amount": 50000,
    "unique_code": 123,
    "final_amount": 50123,
    "payment_url": "https://payments.403forbidden.tools/pay?invoice=403-PAY-1234567890-ABC123",
    "expires_at": "2024-01-15 12:30:00",
    "status": "pending",
    "redirect_url": "https://yoursite.com/thank-you",
    "has_file": true,
    "file_id": 1,
    "has_product_image": true,
    "product_image_id": 1,
    "download_token": "abc123..."
  }
}
GET /api/check-payment.php

Mengecek status pembayaran berdasarkan Invoice ID.

Query Parameters
Parameter Type Required Description
invoice string Required Invoice ID pembayaran
Example Request
curl "https://payments.403forbidden.tools/api/check-payment?invoice=403-PAY-1234567890-ABC123" \
  -H "X-API-Key: YOUR_API_KEY_HERE"
Example Response
{
  "success": true,
  "invoice_id": "403-PAY-1234567890-ABC123",
  "status": "paid",
  "amount": 50000,
  "final_amount": 50123,
  "paid_at": "2024-01-15 12:25:30",
  "expires_at": "2024-01-15 12:30:00"
}
GET /api/list-payments.php New

Mendapatkan daftar pembayaran dengan filter dan pagination.

Query Parameters
Parameter Type Required Description
status string Optional Filter by status: pending, paid, expired, cancelled
start_date string Optional Filter dari tanggal (YYYY-MM-DD)
end_date string Optional Filter sampai tanggal (YYYY-MM-DD)
page number Optional Halaman (default: 1)
limit number Optional Jumlah per halaman (default: 20, max: 100)
Example Request
curl "https://payments.403forbidden.tools/api/list-payments?status=paid&limit=10" \
  -H "X-API-Key: YOUR_API_KEY_HERE"
Example Response
{
  "success": true,
  "data": [
    {
      "invoice_id": "403-PAY-1234567890-ABC123",
      "amount": 50000,
      "unique_code": 123,
      "final_amount": 50123,
      "status": "paid",
      "description": "Pembayaran Produk A",
      "customer_name": "John Doe",
      "payment_url": "https://payments.403forbidden.tools/pay?invoice=403-PAY-1234567890-ABC123",
      "created_at": "2024-01-15 12:00:00",
      "paid_at": "2024-01-15 12:25:30",
      "has_file": true,
      "file_id": 1
    }
  ],
  "pagination": {
    "total": 50,
    "page": 1,
    "limit": 10,
    "total_pages": 5
  }
}
Digital Products Endpoints New
GET /api/list-files.php

Mendapatkan daftar file digital yang sudah diupload.

Query Parameters
Parameter Type Required Description
active_only boolean Optional Hanya file aktif (default: true)
Example Request
curl "https://payments.403forbidden.tools/api/list-files" \
  -H "X-API-Key: YOUR_API_KEY_HERE"
Example Response
{
  "success": true,
  "data": [
    {
      "id": 1,
      "original_name": "ebook.pdf",
      "file_type": "pdf",
      "file_size": 1048576,
      "is_active": true,
      "download_count": 10,
      "created_at": "2024-01-15 10:00:00"
    }
  ],
  "total": 1
}
GET /api/list-contents.php

Mendapatkan daftar hidden content yang sudah dibuat.

Query Parameters
Parameter Type Required Description
active_only boolean Optional Hanya konten aktif (default: true)
Example Request
curl "https://payments.403forbidden.tools/api/list-contents" \
  -H "X-API-Key: YOUR_API_KEY_HERE"
Example Response
{
  "success": true,
  "data": [
    {
      "id": 1,
      "title": "Secret Tutorial",
      "content_type": "text",
      "is_active": true,
      "view_count": 25,
      "created_at": "2024-01-15 10:00:00"
    }
  ],
  "total": 1
}
GET /api/list-images.php

Mendapatkan daftar foto produk yang sudah diupload.

Query Parameters
Parameter Type Required Description
active_only boolean Optional Hanya gambar aktif (default: true)
Example Request
curl "https://payments.403forbidden.tools/api/list-images" \
  -H "X-API-Key: YOUR_API_KEY_HERE"
Example Response
{
  "success": true,
  "data": [
    {
      "id": 1,
      "original_name": "product.jpg",
      "image_url": "https://payments.403forbidden.tools/uploads/images/product_1_xxx.jpg",
      "file_size": 524288,
      "mime_type": "image/jpeg",
      "width": 800,
      "height": 600,
      "is_active": true,
      "created_at": "2024-01-15 10:00:00"
    }
  ],
  "total": 1
}
Webhook & Callback
Callback

Jika Anda menyertakan callback_url saat membuat pembayaran, sistem akan mengirim POST request ke URL tersebut saat pembayaran berhasil.

Callback Payload
{
  "event": "payment.paid",
  "invoice_id": "403-PAY-1234567890-ABC123",
  "status": "paid",
  "amount": 50000,
  "final_amount": 50123,
  "unique_code": 123,
  "paid_at": "2024-01-15 12:25:30",
  "paid_amount": 50123,
  "paid_reff_num": "TRX123456789",
  "customer_name": "John Doe",
  "customer_email": "john@example.com",
  "customer_phone": "08123456789",
  "description": "Pembayaran Produk A",
  "redirect_url": "https://yoursite.com/thank-you",
  "has_file": true,
  "has_content": false,
  "download_token": "abc123...",
  "timestamp": 1705312530,
  "signature": "sha256_hmac_signature"
}
Callback Headers
Header Description
Content-Type application/json
X-Webhook-Event payment.paid
X-Webhook-Signature HMAC SHA256 signature untuk verifikasi
X-Webhook-Timestamp Unix timestamp saat callback dikirim
X-Invoice-ID Invoice ID pembayaran
Verifikasi Signature
<?php
// Verifikasi callback signature
$payload = json_decode(file_get_contents('php://input'), true);
$signature = $_SERVER['HTTP_X_WEBHOOK_SIGNATURE'] ?? '';
$timestamp = $_SERVER['HTTP_X_WEBHOOK_TIMESTAMP'] ?? '';

// Buat signature untuk verifikasi
$signatureData = $payload['invoice_id'] . '|' . $payload['status'] . '|' . $payload['final_amount'] . '|' . $timestamp;
$expectedSignature = hash_hmac('sha256', $signatureData, 'YOUR_SECRET_KEY');

if (hash_equals($expectedSignature, $signature)) {
    // Signature valid, proses callback
    if ($payload['status'] === 'paid') {
        // Update order status
        http_response_code(200);
        echo json_encode(['success' => true]);
    }
} else {
    // Signature tidak valid
    http_response_code(401);
    echo json_encode(['error' => 'Invalid signature']);
}
?>
Payment Status
Status Description
pending Menunggu pembayaran
paid Pembayaran berhasil
expired Pembayaran expired (melebihi batas waktu)
cancelled Pembayaran dibatalkan
Error Codes
HTTP Code Description
200 Success
400 Bad Request - Parameter tidak valid
401 Unauthorized - API Key tidak valid
404 Not Found - Resource tidak ditemukan
405 Method Not Allowed
429 Too Many Requests - Rate limit exceeded
500 Internal Server Error
Daftar Isi