API Reference

The public merchant API is centered on the MultiHub endpoint:

POST https://api.bafanglaicai88.com/public/api/multihub/v1

All MultiHub operations use the same URL. The JSON body method field selects the operation.

Public Surfaces

Surface	Endpoint	Audience	Authentication
MultiHub API	`POST /public/api/multihub/v1`	Merchant backend integrations	`X-Data-Application-Id` + `X-Data-Hash`
Outgoing webhooks	Merchant callback URL	Merchant webhook receivers	Signed with `X-Data-Hash` and webhook metadata headers
Merchant webhook resend	`/api/v1/payments/{paymentId}/webhook/resend`	Re-queue callback for a terminal payment	`X-Data-Application-Id` + `X-Data-Hash`
Payment pages	`/payment-pages/:token/details`, `/payment-pages/:token/events`	Hosted payment page frontend	Signed `sig` + `exp` query parameters

Provider callback endpoints, health checks, metrics, and internal admin APIs are not part of the merchant-facing public API documentation.

MultiHub Methods

Method	Description	`service_id`
`payment.in`	Create a deposit	Required
`payment.out`	Create a withdrawal	Required
`payment.status`	Get payment status by `c_id` or `h_id`	Optional
`payment.notification`	Re-send webhook notification by `c_id` or `h_id`	Optional
`balance.get`	Get merchant balances	Optional
`gateway.ping`	Verify credentials and connectivity	Not used

See MultiHub API for request and response shapes.

Authentication

MultiHub requests require both headers:

Header	Type	Description
`X-Data-Application-Id`	integer	Application ID issued during onboarding
`X-Data-Hash`	string	Lowercase SHA-512 hex hash of `rawRequestBody + secretKey`

The bytes you hash must match the HTTP request body exactly. Compact JSON and pretty JSON produce different signatures. Successful and error responses may include an X-Data-Hash response header. When present, it is computed as:

SHA512(JSON.stringify(responseBody) + secretKey)

Response Envelope

Successful responses return HTTP 200:

{
  "success": true,
  "result": {},
  "request_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "processing_time": 42
}

Errors return HTTP 400, except unknown methods (1002) which return HTTP 404:

{
  "success": false,
  "error": {
    "code": 6010,
    "message": "Payment does not exist",
    "details": null,
    "context": null
  },
  "request_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "processing_time": 5
}

Always use success as the primary outcome flag. HTTP status only separates transport-level success from API errors.

Identifiers

Identifier	Direction	Description
`c_id`	Request and response	Merchant-supplied unique reference. Required when creating a payment.
`h_id`	Response	Hub-assigned payment identifier. Can be used for `payment.status` and `payment.notification`.
`p_id`	Response	Provider transaction identifier. It is returned when known, but is not accepted as a lookup key.
`utr`	Response	Provider/bank tracking reference when available.

Rate Limits

The MultiHub controller is currently not limited by the default gateway throttler. Partner-specific limits may still be applied at the edge or account level. If a rate limit is configured for your account, support will provide the concrete limit during onboarding. Payment-page endpoints use gateway throttling and route-specific limits. See their reference pages for details.

​API Reference

​Public Surfaces

​MultiHub Methods

​Authentication

​Response Envelope

​Identifiers

​Rate Limits