GhostPass API Reference

This API reference consists of all the APIs provided by GhostPass. The GhostPass API can be interacted with HTTPS requests to obtain certain information from GhostPass.

If you have any suggestions or confusion about our reference pages, please get in touch with the Integration Team.

Hosted Checkout Page

Checkout Page is the most popular way to integrate GhostPass. It provides a payment page for a hosted checkout payment experience which can be connected to your application. The request for payment page consists of the parameters below:

Parameters

Name	Description
api_key required string	The project key which can be found in Merchant Area→ My Projects.
email required string	E-mail ID of the End user.
amount required string	The amount of your product. The minimum transaction limit is USD 0.3 or equivalent in other currencies.. 2 decimal places are expected.
currency required string	Currency code of your product. Format by ISO 4217. 3 letters.
description string	Short description of the Product purchased.
country string	Country code in ISO format of the user.
ref_id string	Your transaction id. Use to identify the payment Id in your system.
success_url string	URL of the page where the end-user should be redirected to after the payment is complete.
failure_url string	URL of the page where the end-user should be redirected to after the payment is failed.

End Point:

POST https://checkout.ghostpass.io/widget

<form action="https://checkout.ghostpass.io/widget" method="POST" id="PaymentForm">
    <input type="hidden" name="api_key" value="[YOUR_API_KEY]" />
    <input type="hidden" name="email" value="user@test.com" />
    <input type="hidden" name="amount" value="9.99" />
    <input type="hidden" name="currency" value="USD" />
    <input type="hidden" name="country" value="US" />
    <input type="hidden" name="ref_id" value="merchant_transaction_id_1587528719" />
    <input type="hidden" name="description" value="Order #1587528719" />
    <input type="hidden" name="success_url" value="http://your-site.com/success" />
    <input type="hidden" name="failure_url" value="http://your-site.com/failure" />
</form>

<script>
    document.getElementById('PaymentForm').submit();
</script>

End Point:

GET https://checkout.ghostpass.io/widget

curl https://checkout.ghostpass.io/widget \
-d "api_key=[YOUR_PUBLIC_KEY]" \
-d "email=user@test.com" \
-d "amount=9.99" \
-d "currency=USD" \
-d "country=US" \
-d "ref_id=merchant_transaction_id_1587528719" \
-d "description=Order #1587528719"

Refunds

Refund API can be used to initiate a refund from your system to Ghostpass system. Upon completion of the system, your system should receive the webhook on the url provided in the Ghostpass account configuration.

Headers

Name	Description
X-MERCHANT-SECRET required string	Your `Ghostpass` secret key
Authorization : Bearer api key required string	Your `Ghostpass` public key

Parameters

Name	Description
amount optional numeric	Required in order to initiate Partial refunds.
reason required string	Refund reason.
currency optional string	3-letter currency code.

End Point:

POST https://checkout.ghostpass.io/api/payments/{payment}/refund

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://checkout.ghostpass.io/api/payments/{payment}/refund',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS => 'reason=Test%20refund',
  CURLOPT_HTTPHEADER => array(
    'Authorization: Bearer {bearer_token}',
    'X-MERCHANT-SECRET: {secret_key}'
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

Response:

{
  "status": "reversal_fully_refunded",
  "amount": "1.00",
  "currency": "USD",
  "paid_amount": "1.00",
  "processing_amount": "1.00",
  "refunded_amount": "1.00",
  "processing_currency": "USD",
  "payment_system_fee": "0.27",
  "processing_fee": "1.01",
  "rolling_reserve": "0.05",
  "merchant_net_revenue": "-1.33",
  "merchant_transaction_id": "1592897603",
  "subscription_type": "first_non_trial",
  "created_at": "2020-06-23 02:34:05",
  "id": "DAP-200623-PWJ5",
  "created_at_tz": "2020-06-23 14:34:05"
}

End Point:

POST https://checkout.ghostpass.io/api/payments/{payment}/refund

curl -X POST \
https://checkout.ghostpass.io/api/payments/{payment}/refund \
-H 'Authorization: Bearer {bearer_token}' \
-H 'X-MERCHANT-SECRET: {secret_key}' \
-d 'reason=Test%20refund'

Response:

{
  "status": "reversal_fully_refunded",
  "amount": "1.00",
  "currency": "USD",
  "paid_amount": "1.00",
  "processing_amount": "1.00",
  "refunded_amount": "1.00",
  "processing_currency": "USD",
  "payment_system_fee": "0.27",
  "processing_fee": "1.01",
  "rolling_reserve": "0.05",
  "merchant_net_revenue": "-1.33",
  "merchant_transaction_id": "1592897603",
  "subscription_type": "first_non_trial",
  "created_at": "2020-06-23 02:34:05",
  "id": "DAP-200623-PWJ5",
  "created_at_tz": "2020-06-23 14:34:05"
}

Subscriptions

Subscription is a recurring billing payment solution of Checkout API. It allows you to bill your customer based on a specific schedule automatically. Once a user makes his first payment via subscription, our system signs him up for recurring billing.

Parameters

Subscription API uses more parameters along with the API parameters specified by Checkout API.

Name	Description
recurring_name required string	Product Name of the subscriptions.
recurring_sku required string	Product ID of the subscription.
recurring_period required string	Duration of the subscription Format {number}(‘d’/’w’/’m’) i.e 1d = 1 day, 2w = 2 weeks, 1m = 1 month.
recurring_trial_amount required double	Currency code of your product. Format by ISO 4217. 3 letters.
recurring_trial_period required string	Duration of the Trial subscription period string: format {number}(‘d’/’w’/’m’) i.e 1d = 1 day, 2w = 2 weeks, 1m = 1 month.

End Point:

POST https://checkout.ghostpass.io/widget

<form action="https://checkout.ghostpass.io/widget" method="POST" id="PaymentForm">
    <input type="hidden" name="api_key" value="[YOUR_API_KEY]" />
    <input type="hidden" name="email" value="user@test.com" />
    <input type="hidden" name="amount" value="9.99" />
    <input type="hidden" name="currency" value="USD" />
    <input type="hidden" name="country" value="US" />
    <input type="hidden" name="ref_id" value="merchant_transaction_id_1587528719" />
    <input type="hidden" name="description" value="Order #1587528719" />
    <input type="hidden" name="recurring_name" value="1-Month Subscription" />
    <input type="hidden" name="recurring_sku" value="sub1587528719" />
    <input type="hidden" name="recurring_period" value="1m" />
    <input type="hidden" name="recurring_trial_amount" value="1.99" />
    <input type="hidden" name="recurring_trial_period" value="1w" />
    <input type="hidden" name="success_url" value="http://your-site.com/success" />
    <input type="hidden" name="failure_url" value="http://your-site.com/failure" />
</form>

<script>
    document.getElementById('PaymentForm').submit();
</script>

End Point:

GET https://checkout.ghostpass.io/widget

curl https://checkout.ghostpass.io/widget \
-d "api_key=[YOUR_PUBLIC_KEY]" \
-d "email=user@test.com" \
-d "amount=9.99" \
-d "currency=USD" \
-d "country=US" \
-d "ref_id=merchant_transaction_id_1587528719" \
-d "description=Order #1587528719" \
-d "recurring_name=1-Month Subscription" \
-d "recurring_sku=sub1587528719" \
-d "recurring_period=1m" \
-d "recurring_trial_amount=1.99" \
-d "recurring_trial_period=1w"

Cancel Subscription

Cancel Subscription API allows you to cancel an existing subscription created in Ghostpass system.

Headers

Name	Description
X-MERCHANT-SECRET required string	Your `Ghostpass` secret key
Authorization : Bearer api key required string	Your `Ghostpass` public key

Parameters

Name	Description
cancellation_option optional numeric	Extra options to cancel subscription 0 - Cancel Immediately (Default) 1 - At the end of the period

End Point:

POST https://checkout.ghostpass.io/api/subscriptions/{subscription}/cancel

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://checkout.ghostpass.io/api/subscriptions/{subscription}/cancel',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS => 'cancellation_option=1',
  CURLOPT_HTTPHEADER => array(
    'Authorization: Bearer {bearer_token}',
		'X-MERCHANT-SECRET: {secret_key}'
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

Response:

{
  "name": "Gold Package",
  "period": "1m",
  "status": "cancelled",
  "trial_end_date": null,
  "start_date": "2020-06-23 02:34:22",
  "repeat_date": "2020-06-24 02:34:22",
  "stop_date": null,
  "expire_date": null,
  "cancel_date": "2020-06-23 02:34:43",
  "cancelled_at": "2020-06-23 02:34:43",
  "id": "sub_9rPkrpaWG8UCwfDoXPueaT",
  "repeats": 1
}

End Point:

POST https://checkout.ghostpass.io/api/subscriptions/{subscription}/cancel

curl -X POST \
https://checkout.ghostpass.io/api/subscriptions/{subscription}/cancel \
-H 'Authorization: Bearer {api_key}' \
-H 'X-MERCHANT-SECRET: {secret_key}' \
-d 'cancellation_option=1'

Response:

{
  "name": "Gold Package",
  "period": "1m",
  "status": "cancelled",
  "trial_end_date": null,
  "start_date": "2020-06-23 02:34:22",
  "repeat_date": "2020-06-24 02:34:22",
  "stop_date": null,
  "expire_date": null,
  "cancel_date": "2020-06-23 02:34:43",
  "cancelled_at": "2020-06-23 02:34:43",
  "id": "sub_9rPkrpaWG8UCwfDoXPueaT",
  "repeats": 1
}

Webhooks

A webhook request is a POST request that contains all the information for you to do the product delivery. Webhook request is initiated when a user completes a payment on the GhostPass Hosted Checkout Page. After validating the webhook, your server is always expected to be able to proceed the delivery process and respond to it with only OK in the body of response.

Parameters

Name	Description
type string	Type of webhook. Refer: Webhook Types
data.id string	Transaction Reference.
data.status string	Status of the Transaction. Refer: Status Values
data.amount double	Total amount of the transaction.
data.currency string	ISO Currency Code for the transaction.
data.paid_amount string	Amount paid by the customer upon completion of the transaction.
data.processing_amount string	Amount processed according to the project configuration.
data.processing_currency string	ISO Currency Code for the `processing_amount`.
data.payment_system_fee string	Fees charged by Payment system selected by the user.
data.processing_fee string	Processing Fee charged according to Project configuration.
data.created_at string	Date-Time of Transaction completion.
signature string	Refer: Signature Calculation.

Possible values for `type` parameter

Name	Description
payment.updated	Occurs whenever a payment status is updated.
payment.pending	Occurs whenever the payment is initiated and waiting for the user to finish paying.
payment.pending:auth	Occurs whenever the payment is in authorized state and is waiting to be captured or voided.
payment.pending:3ds	Occurs whenever the payment is ongoing 3D-Secure check.
payment.pending:risk_review	Occurs whenever the payment is under the risk check process.
payment.completed	Occurs whenever the payment has been completed and the merchant can issue the goods to the user.
payment.reversal:pending_refund	Occurs whenever a refund request has been initiated for the transaction and the refund result is yet to be determined.
payment.reversal:partially_refunded	Occurs whenever the the payment has been partially refunded.
payment.reversal:fully_refunded	Occurs whenever the payment has been fully refunded.
payment.reversal:void	Occurs whenever the payment has been voided after being authorized.
payment.chargeback	Occurs whenever the payment has been reported to be disputed by the user.
payment.chargeback:data_required	Occurs whenever the merchant is asked to provide the documents to support the dispute process.
payment.chargeback:data_provided	Occurs whenever the merchant has provided the necessary documents to support the dispute process.
payment.chargeback:disputed	Occurs whenever the chargeback is undergoing the dispute process.
payment.chargeback:disputed_auto	Occurs whenever the chargeback has been automatically disputed.
payment.chargeback:disputed_won	Occurs whenever the chargeback has been disputed and the result is in favor of the user.
payment.chargeback:disputed_lost	Occurs whenever the the chargebacks has been accepted by the merchant without wanting to dispute. This can be considered to be a result in favor of the user.
payment.chargeback:accepted	Occurs whenever the timeframe for a chargeback to be represented has passed without any actions taken.
payment.chargeback:expired	Occurs whenever the payment has been rejected from the payment method due to various reasons.
payment.rejected	Occurs whenever the payment has been rejected from the payment method due to various reasons.
payment.rejected:medusa	Occurs whenever the payment has been rejected due to fraud concerns.

Possible values for `data.status` parameter

Name
pending
pending_auth
pending_3ds
pending_risk_review
completed
reversal_pending_refund
reversal_partially_refunded
reversal_fully_refunded
reversal_void
chargeback
chargeback_data_required
chargeback_data_provided
chargeback_disputed
chargeback_disputed_auto
chargeback_disputed_won
chargeback_disputed_lost
chargeback_accepted
chargeback_expired
rejected
rejected_medusa

<?php
$response = $_POST;

$eventType = isset($_POST['type']) ? $_POST['type'] : null;
$data = isset($_POST['data']) ? $_POST['data'] : [];

$signature = isset($_POST['signature']) ? $_POST['signature'] : null;
if (calculate_signature($data) === $signature) {
    // handle valid webhook
    // return HTTP 2xx status code if you processed the webhook successfully
    echo "OK";
}
// return HTTP 4xx/5xx status code if you failed to process the webhook
?>

Sample Pingback Data

{
  "type":"payment.completed",
  "data":{
    "status":"completed",
    "amount":"150.00",
    "currency":"USD",
    "processing_amount":"150.00",
    "refunded_amount":"0",
    "processing_currency":"USD",
    "merchant_net_revenue":"144.02",
    "merchant_transaction_id":"1595592316",
    "id":"CGV-200724-SMDV",
    "payment_method":"mint",
    "fee":"5.98"
  },
  "signature":"7dbc0ca350bb24c9faafe5af1e646db914da087d7e56c9ced9031dac32bde198"
}

Signature Calculation

While handling webhook from GhostPass, it is necessary that the webhook is needed to be validated for authenticity. This can be done by generating the signature based on the data received in the webhook and comparing it with the value of signature parameter in the webhook.

<?php

// calculate signature using "data" parameter from webhook request body
function calculate_signature($data) {
    return hash_hmac('sha256', json_encode($data), '<webhook secret key>');
}

?>

GhostPass API Reference

Hosted Checkout Page

Parameters

Refunds

Headers

Parameters

Subscriptions

Parameters

Cancel Subscription

Headers

Parameters

Webhooks

Parameters

Possible values for type parameter

Possible values for data.status parameter

Signature Calculation

Possible values for `type` parameter

Possible values for `data.status` parameter