- PCI Compliance: Direct violation of PCI DSS requirements
- Security Risks: WebView and iframe may not provide sufficient security isolation
- Man-in-the-Middle Attacks: Malicious applications may intercept or tamper with payment data
- Phishing Risks: Cannot ensure users are entering sensitive information in a trusted environment
Device Environment Requirements
Regional Restrictions
Unsupported Regions List
Unsupported Regions List
AD - AndorraAE - United Arab EmiratesAF - AfghanistanAG - Antigua and BarbudaAI - AnguillaAL - AlbaniaAM - ArmeniaAO - AngolaAQ - AntarcticaAR - ArgentinaAS - American SamoaAW - ArubaAX - Åland IslandsBA - Bosnia and HerzegovinaBB - BarbadosBD - BangladeshBF - Burkina FasoBH - BahrainBI - BurundiBJ - BeninBL - Saint BarthélemyBM - BermudaBN - BruneiBQ - Bonaire, Sint Eustatius, and SabaBS - BahamasBT - BhutanBV - Bouvet IslandBW - BotswanaBY - BelarusBZ - BelizeCC - Cocos (Keeling) IslandsCD - Democratic Republic of the CongoCF - Central African RepublicCG - Republic of the CongoCI - Ivory CoastCK - Cook IslandsCM - CameroonCO - ColombiaCU - CubaCV - Cape VerdeCW - CuraçaoCX - Christmas IslandCY - CyprusDJ - DjiboutiDM - DominicaDO - Dominican RepublicDZ - AlgeriaEC - EcuadorEE - EstoniaEG - EgyptEH - Western SaharaER - EritreaET - EthiopiaFJ - FijiFK - Falkland IslandsFM - Federated States of MicronesiaFO - Faroe IslandsGA - GabonGD - GrenadaGE - GeorgiaGF - French GuianaGG - GuernseyGH - GhanaGI - GibraltarGL - GreenlandGM - GambiaGN - GuineaGP - GuadeloupeGQ - Equatorial GuineaGS - South Georgia and the South Sandwich IslandsGT - GuatemalaGW - Guinea-BissauHK - Hong KongHM - Heard Island and McDonald IslandsHN - HondurasHT - HaitiID - IndonesiaIL - IsraelIM - Isle of ManIN - IndiaIO - British Indian Ocean TerritoryIQ - IraqIR - IranJM - JamaicaJO - JordanJP - JapanKE - KenyaKH - CambodiaKI - KiribatiKM - ComorosKN - Saint Kitts and NevisKP - North KoreaKR - South KoreaKW - KuwaitKY - Cayman IslandsKZ - KazakhstanLA - LaosLB - LebanonLC - Saint LuciaLI - LiechtensteinLK - Sri LankaLR - LiberiaLS - LesothoLV - LatviaLY - LibyaMD - MoldovaME - MontenegroMF - Saint Martin (French part)MG - MadagascarMH - Marshall IslandsMK - North MacedoniaML - MaliMM - MyanmarMN - MongoliaMP - Northern Mariana IslandsMQ - MartiniqueMR - MauritaniaMS - MontserratMU - MauritiusMV - MaldivesMW - MalawiMY - MalaysiaMZ - MozambiqueNA - NamibiaNC - New CaledoniaNE - NigerNF - Norfolk IslandNG - NigeriaNI - NicaraguaNP - NepalNR - NauruNU - NiueOM - OmanPA - PanamaPE - PeruPF - French PolynesiaPG - Papua New GuineaPH - PhilippinesPK - PakistanPM - Saint Pierre and MiquelonPN - Pitcairn IslandsPR - Puerto RicoPS - PalestinePW - PalauRE - RéunionRU - RussiaRW - RwandaSA - Saudi ArabiaSB - Solomon IslandsSC - SeychellesSD - SudanSH - Saint HelenaSJ - Svalbard and Jan MayenSK - SlovakiaSL - Sierra LeoneSM - San MarinoSN - SenegalSO - SomaliaSR - SurinameSS - South SudanST - São Tomé and PríncipeSV - El SalvadorSX - Sint Maarten (Dutch part)SY - SyriaSZ - EswatiniTC - Turks and Caicos IslandsTD - ChadTF - French Southern TerritoriesTG - TogoTH - ThailandTK - TokelauTL - East TimorTM - TurkmenistanTN - TunisiaTO - TongaTR - TurkeyTT - Trinidad and TobagoTV - TuvaluTW - TaiwanTZ - TanzaniaUA - UkraineUG - UgandaUM - United States Minor Outlying IslandsUY - UruguayUZ - UzbekistanVA - Vatican CityVC - Saint Vincent and the GrenadinesVE - VenezuelaVG - British Virgin IslandsVI - U.S. Virgin IslandsVN - VietnamVU - VanuatuWF - Wallis and FutunaWS - SamoaYE - YemenYT - MayotteZA - South AfricaZM - ZambiaZW - Zimbabwe
Integration Modes
Credit card payment offers two integration modes, the key difference being who hosts the payment page:- PayUrl Redirect Mode
- JS Embedded Mode
The simplest integration method. After the merchant server calls the collection application API, use the returned Example Code (Frontend redirect after server obtains payUrl)Recommendations
payUrl to redirect the user to HaiPay’s hosted payment page, where the user completes credit card information entry and payment authorization.Integration Process1
Server calls collection application API
Merchant server sends a Collection Application request to HaiPay, passing required parameters such as transaction amount, payment method, callback URLs, and optional
cancelUrl.2
Get payUrl and redirect
The API response contains a
payUrl field. Merchant redirects the user’s browser to this URL.3
User completes payment
User completes credit card information entry and payment authorization on HaiPay’s hosted page. After payment, HaiPay redirects the user back to the merchant’s
callBackUrl; if provided, the payment page displays a Back button that redirects the user to cancelUrl when clicked; HaiPay also sends an async notification to notifyUrl.- Ideal for the fastest payment integration with minimal frontend changes.
- No strong customization requirements for the payment page UI.
- In mobile H5 scenarios, the redirect experience typically meets requirements.
Transaction Limits
Collection API
1. Collection Application
Brief Description:- Create a collection order
/usd/collect/apply
Note: appId for USD, amount in USD, settlement in USD
Parameters:
Request Example
2. Collection Application MIT Mode
Brief Description:- Create MIT mode collection order
/usd/mit/apply
Note: appId for USD, amount in USD, settlement in USD
Parameters:
Request Example
3. Collection Query
Brief Description:- Query collection order
/usd/collect/query
Parameters:
Request Example
4. Refund Application
Brief Description:- Initiate a refund operation for the original credit card transaction order. Please pay attention to the status values returned synchronously. It is recommended to use the query interface for status checks.
/usd/refund/apply
Parameters:
Response data parameter description
5. Refund Query
Brief Description:- Query the result of the refunded order.
/usd/refund/refundQuery
Parameters:
Response data parameter description
6. Payment Methods
7. Test Card Numbers
Simulate Successful Payment
Use the following test card numbers, enter any CVC (3-digit number) and expiration date (future date) to simulate successful payment:- Card Number 1: 4242424242424242
Simulate Payment Failure
Use the following test card numbers with invalid data to simulate payment failure:- Card Number 1: 4000000000009995
- Invalid month: 13
- Invalid CVV: 99
8. MIT (Merchant Initiated Transaction) Mode Description
MIT (Merchant Initiated Transaction) Refers to transactions that merchants can initiate without the user being present after the user completes a one-time payment authorization. This mode is widely used in business scenarios such as subscription payments, installment payments, membership renewals, delayed deductions, etc.Basic Process
-
User Authorization
- User enters payment information during the first payment and completes necessary identity verification.
- Merchant saves the user’s payment credentials for subsequent deduction requests.
-
Merchant-Initiated Deduction
- Merchant directly uses saved payment credentials to initiate deduction requests based on agreed cycles or conditions.
- Since the transaction is an offline scenario (off-session), meaning the user is not involved in the transaction, the system will complete processing based on user authorization and compliance requirements.
-
Authentication Requirements
- In most cases, transactions will complete directly.
- If the issuing bank or risk control system requires re-verification, the transaction may enter a pending user confirmation state, requiring user supplementary verification to complete.
Mode Features
- Enhanced Experience: Users don’t need to manually enter payment information each time.
- Compliant and Secure: Meets international payment regulations and Strong Customer Authentication (SCA) requirements.
- Wide Application: Suitable for subscription billing, auto-renewal, installment deductions, delayed settlement, etc.

