Next-Gen Payment Gateway
Welcome to Cuan10pay API! This documentation will help you integrate our payment gateway into your application.
https://cuan10pay.com/api/
API requests are limited to 100 requests per hour per IP address. If you exceed this limit, you'll receive a 429 status code.
All API requests must include authentication headers. The signature is generated using HMAC-SHA256.
X-API-KEY: Your merchant API keyX-TIMESTAMP: Current timestamp (Unix timestamp)X-SIGNATURE: HMAC-SHA256 signaturesignature = HMAC-SHA256(private_key, timestamp + method + path + body)
Invoice API adalah antarmuka untuk mengelola tagihan pembayaran yang telah dibuat. API ini digunakan untuk memeriksa status pembayaran tagihan yang ada.
Check invoice payment status
/v1/invoice_status?ref={reference}
Create a deposit request
/v1/deposit_create
| Parameter | Type | Required | Description |
|---|---|---|---|
| channel_code | string | Yes | Payment channel code (e.g., QRIS, BCA, etc.) |
| amount | number | Yes | Deposit amount (min 10,000, max 10,000,000) |
| notes | string | No | Deposit notes |
| customer_name | string | No | Customer name |
| customer_email | string | No | Customer email |
| customer_phone | string | No | Customer phone number |
| return_url | string | No | URL to redirect after payment |
| expired_time | number | No | Payment expiration time (Unix timestamp) |
{
{
"status": "success",
"message": "Deposit request created successfully",
"data": {
"deposit_id": "CP-20250928-38B575",
"channel_name": "BCA Virtual Account",
"amount": 10000,
"fee": 2500,
"total": 12500,
"status": "pending",
"payment_code": "1234567890123456",
"checkout_url": "https://tripay.co.id/checkout/abc123def456",
"link_url": "https://cuan10pay.com/pay.php?ref=CP-20250928-38B575",
"payment_instructions": "Please follow the payment instructions provided.",
"created_at": "2025-09-28 17:02:30"
}
}
Check deposit status
/v1/deposit_status?ref={reference}
| Parameter | Type | Required | Description |
|---|---|---|---|
| ref | string | Yes | Deposit reference |
Get available PPOB products
/v1/ppob_products
| Parameter | Type | Required | Description |
|---|---|---|---|
| operator | string | No | Filter by operator (e.g., telkomsel) |
Create a new PPOB order
/v1/ppob_order
| Parameter | Type | Required | Description |
|---|---|---|---|
| product_code | string | Yes | Product code |
| target | string | Yes | Target number or account ID |
| ref | string | No | Client reference |
| callback_url | string | No | Webhook URL for order updates |
{
"product_code": "PULSA_50K",
"target": "081234567890",
"ref": "ORDER123",
"callback_url": "https://merchant.example.com/ppob_callback"
}Get available SMM services
/v1/smm_services
| Parameter | Type | Required | Description |
|---|---|---|---|
| category | string | No | Filter services by category |
Create a new SMM order
/v1/smm_order
| Parameter | Type | Required | Description |
|---|---|---|---|
| service_id | number | Yes | Service ID to order |
| link | string | Yes | Target link/username/post URL |
| quantity | number | Yes | Quantity to deliver |
| ref | string | No | Client reference |
| callback_url | string | No | Webhook URL for order updates |
{
"service_id": 123,
"link": "https://instagram.com/p/xxxx",
"quantity": 1000,
"ref": "SMM123",
"callback_url": "https://merchant.example.com/smm_callback"
}Get available voucher products
/v1/voucher_products
| Parameter | Type | Required | Description |
|---|---|---|---|
| game | string | No | Filter by game (e.g., ml, ff, pubg) |
Create a new voucher order
/v1/voucher_order
| Parameter | Type | Required | Description |
|---|---|---|---|
| product_code | string | Yes | Voucher product code |
| player_id | string | Yes | Player/User ID |
| server_id | string | No | Server/Zone ID (if applicable) |
| ref | string | No | Client reference |
| callback_url | string | No | Webhook URL for order updates |
{
"product_code": "ML_86_DIAMOND",
"player_id": "12345678",
"server_id": "9001",
"ref": "VCHR123",
"callback_url": "https://merchant.example.com/voucher_callback"
}We will send POST requests to your webhook URL on status changes.
{
"reference": "INV123",
"status": "PAID",
"amount": 100000,
"timestamp": 1700000000,
"signature": "HMAC_SHA256"
}
200 OK - Successful request
400 Bad Request - Validation error
401 Unauthorized - Invalid or missing API key/signature
404 Not Found - Resource not found
429 Too Many - Rate limit exceeded
500 Server Error - Internal server error
<?php
$apiKey = 'your_api_key';
$privateKey = 'your_private_key';
$merchantCode = 'your_merchant_code';
$merchantRef = 'CP_' . time();
$amount = 100000;
$data = [
'method' => 'QRIS2',
'merchant_ref' => $merchantRef,
'amount' => $amount,
'customer_name' => 'Nama Pelanggan',
'customer_email' => 'emailpelanggan@domain.com',
'customer_phone' => '081234567890',
'order_type' => 'Deposit',
'return_url' => 'https://domainanda.com/redirect',
'expired_time' => (time() + (24 * 60 * 60)),
'signature' => hash_hmac('sha256', $merchantCode.$merchantRef.$amount, $privateKey)
];
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => 'http://cuan10pay.com/api/v1/deposit_create.php',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => http_build_query($data),
CURLOPT_HTTPHEADER => ['X-API-KEY: '.$apiKey]
]);
$response = curl_exec($curl);
curl_close($curl);
$result = json_decode($response, true);
echo "Response: " . $response . PHP_EOL;
?>import hashlib
import hmac
import json
import time
import requests
def generate_signature(timestamp, method, path, body, private_key):
payload = f"{timestamp}{method}{path}{body}"
return hmac.new(
private_key.encode(),
payload.encode(),
hashlib.sha256
).hexdigest()
# Configuration
api_key = 'your_api_key'
private_key = 'your_private_key'
base_url = 'https://cuan10pay.com/api'
# Create deposit
timestamp = int(time.time())
method = 'POST'
path = '/v1/deposit_create'
body = json.dumps({
'amount': 100000,
'customer_name': 'John Doe',
'customer_email': 'john@example.com'
})
signature = generate_signature(timestamp, method, path, body, private_key)
headers = {
'Content-Type': 'application/json',
'X-API-KEY': api_key,
'X-TIMESTAMP': str(timestamp),
'X-SIGNATURE': signature
}
response = requests.post(f"{base_url}{path}", data=body, headers=headers)
result = response.json()
print(result['data']['reference'])// Generate signature
function generateSignature(timestamp, method, path, body, privateKey) {
const payload = timestamp + method + path + body;
const encoder = new TextEncoder();
const key = encoder.encode(privateKey);
const data = encoder.encode(payload);
return crypto.subtle.importKey(
'raw',
key,
{ name: 'HMAC', hash: 'SHA-256' },
false,
['sign']
).then(key => {
return crypto.subtle.sign('HMAC', key, data);
}).then(signature => {
return Array.from(new Uint8Array(signature))
.map(b => b.toString(16).padStart(2, '0'))
.join('');
});
}
// Configuration
const apiKey = 'your_api_key';
const privateKey = 'your_private_key';
const baseUrl = 'https://cuan10pay.com/api';
// Create deposit
const timestamp = Math.floor(Date.now() / 1000);
const method = 'POST';
const path = '/v1/deposit_create';
const body = JSON.stringify({
amount: 100000,
customer_name: 'John Doe',
customer_email: 'john@example.com'
});
generateSignature(timestamp, method, path, body, privateKey).then(signature => {
const headers = {
'Content-Type': 'application/json',
'X-API-KEY': apiKey,
'X-TIMESTAMP': timestamp.toString(),
'X-SIGNATURE': signature
};
fetch(baseUrl + path, {
method: 'POST',
headers: headers,
body: body
})
.then(response => response.json())
.then(result => {
console.log(result.data.reference);
});
});