Request Parameters

Field	Type	Mandatory	Description
type	String	Mandatory	`virtual_account`, `ewallet`, `qrcode`, or `credit_card`. Check table below for more explanation.
externalId	String	Mandatory	Unique per transaction per client. Duplicate values will give DUPLICATE_EXTERNAL_ID error
attributes	Object	Conditional	Varies by type (see table below).
amount	Integer	Conditional	Required for closed VA, QR code, eWallet, and credit card. Must be >0.
expire	Integer	Optional	Expiration time in seconds. Final expiry depends on provider capability. If the provider's expiry time is not customisable, then the value will be ignored.
metadata	String	Optional	Custom key-value pairs. Stored in Paystrator and returned in API/webhook, but never sent to providers. Read more about metadata here.

❗️
Notes on expiry time
The actual expiry time may vary depending on provider capability. Always refer to the response for the exact expiredAt value.

Type and Attributes Explanation

Type	Required Fields	Non-Required Fields	Notes
`virtual_account`	attributes.name attributes.code	amount (conditional) expire	Empty amount → open VA. With amount → closed VA.
`ewallet`	attributes.code amount	expire
`qrcode`	no required attribute	amount (conditional) expire	Omit amount → Dynamic QR Include amount → Static QR
`credit_card`	amount	expire	Always displays card form. Tokenization coming soon.

Error Handling

All error follow this scheme:

...
"error": {
    "code": "<machine_readable_code>",
    "message": "<human readable message>",
    "action": "<what the dev should do>",
    "reason": "<why it happened>"
}
...

HTTP	Code	Description	Action Needed
400	invalid_parameters_in_request	Invalid parameter (e.g., “Only type QRCODE can be process”)	Change type to a supported value
400	wrong_parameters_in_request	Missing required field	Check your request for a mistake or missing parameter
400	provider_sequences_not_found	No provider sequence configured	Please add or set the provider sequences
401	unauthorized	Invalid/missing bearer token	re-authenticate; send valid token
401	permission denied	Authenticated but role lacks permission	Adjust API permission on dashboard
405	method_not_allowed	Wrong HTTP method used	Use the correct HTTP method
409	invalid_parameters_in_request	Duplicate externalId	Please use unique externalId
4xx/5xx	provider_error	Error from provider	Please contact provider / retry

Payload Example

Please check example pages for examples of each type.

200

409Conflict