NuPayBT API Documentation for RMA Payment Gateway

Integrate secure, reliable payments into your application with our comprehensive API.

Secure

Bank-grade security with 256-bit encryption and fraud protection.

Fast

Real-time payment processing with instant confirmations.

Comprehensive

Support for all 7 major Bhutanese banks in one API.

API Overview

The RMA Payment Gateway API allows you to accept payments from all major Bhutanese banks through a single, unified interface. Our RESTful API uses JSON for requests and responses, making it easy to integrate with any programming language.

Base URL: https://bigtech.codes/api

Simple Payment: https://bigtech.codes/api/payment/create

Format: JSON

🚀 Simple Payment API (Recommended)

The easiest way to integrate RMA Payment Gateway! Perfect for third-party applications that need minimal setup. Just provide your API credentials, amount, and order ID - we handle everything else automatically.

Super Simple

Only 4 required fields: API key, secret, amount, and order ID.

Auto-Configuration

Beneficiary ID, bank code, and currency are set automatically.

Payment URL

Returns a ready-to-use payment URL for customer redirect.

POST /api/payment/create

Request Parameters

Parameter	Type	Required	Description
`api_key`	string	Yes	Your API key from client dashboard
`api_secret`	string	Yes	Your API secret from client dashboard
`amount`	decimal	Yes	Payment amount (e.g., 100.00)
`order_id`	string	Yes	Your unique order identifier
`customer_email`	string	No	Customer's email address
`description`	string	No	Payment description

JavaScript Example

const createPayment = async () => {
    try {
        const response = await fetch('/api/payment/create', {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
                'Accept': 'application/json'
            },
            body: JSON.stringify({
                api_key: 'rma_OKmXkjtDxP6ZIZI8V2sRUUDDUpdfkZPE',
                api_secret: 'ubEZf57F9jYaNDimP41BzPhCGPfQ73XDneaUHVja1U6WgKUI3YxamNZZSENPvChG',
                amount: 100.00,
                order_id: 'ORDER-2024-001',
                customer_email: 'customer@example.com',
                description: 'Payment for order ORDER-2024-001'
            })
        });
        
        const result = await response.json();
        
        if (result.success) {
            // Redirect customer to payment URL
            window.location.href = result.data.payment_url;
        } else {
            console.error('Payment failed:', result.message);
        }
    } catch (error) {
        console.error('Error:', error);
    }
};

PHP Example

<?php
function createRMAPayment($apiKey, $apiSecret, $amount, $orderId) {
    $url = 'http://127.0.0.1:8000/api/payment/create';
    
    $data = [
        'api_key' => $apiKey,
        'api_secret' => $apiSecret,
        'amount' => $amount,
        'order_id' => $orderId
    ];
    
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Content-Type: application/json',
        'Accept: application/json'
    ]);
    
    $response = curl_exec($ch);
    $result = json_decode($response, true);
    curl_close($ch);
    
    if ($result['success']) {
        // Redirect to payment URL
        header('Location: ' . $result['data']['payment_url']);
        exit;
    } else {
        echo 'Payment failed: ' . $result['message'];
    }
}

// Usage
createRMAPayment(
    'rma_OKmXkjtDxP6ZIZI8V2sRUUDDUpdfkZPE',
    'ubEZf57F9jYaNDimP41BzPhCGPfQ73XDneaUHVja1U6WgKUI3YxamNZZSENPvChG',
    100.00,
    'ORDER-2024-001'
);
?>

Success Response

{
    "success": true,
    "message": "Payment created successfully",
    "data": {
        "transaction_id": "TXN_1758827100_123",
        "order_id": "ORDER-2024-001",
        "amount": 100.00,
        "currency": "BTN",
        "payment_url": "http://127.0.0.1:8000/payment/TXN_1758827100_123",
        "status": "initiated",
        "beneficiary": "Your Company Name",
        "bank_name": "Bhutan National Bank",
        "created_at": "2025-09-25T19:05:00.000000Z"
    }
}

Try It Now: Interactive Demo | PHP Example

🔒 Security Features

IP Whitelisting

Restrict API access to specific IP addresses configured in your client dashboard.

Rate Limiting

Maximum 60 requests per hour per client to prevent abuse and ensure fair usage.

Transaction Limits

Daily and monthly transaction limits enforced based on your client configuration.

Duplicate Prevention

Automatic detection and prevention of duplicate order IDs per client.

Comprehensive Logging

All API requests, failures, and security events are logged for monitoring.

⚠️ Security Best Practices

Server-Side Only: Never expose API credentials in client-side code. Always make API calls from your server.

Secure Storage: Store API credentials securely using environment variables or encrypted configuration files.

IP Whitelisting: Configure allowed IP addresses in your client dashboard for additional security.

Rotate Credentials: Regularly regenerate your API credentials, especially if you suspect they may be compromised.

Monitor Usage: Regularly check your API usage logs and set up alerts for unusual activity.

Authentication

All API requests must be authenticated using your API key and secret. You can find these credentials in your client dashboard.

Authentication Headers

Authorization: Bearer YOUR_API_KEY
X-API-Secret: YOUR_API_SECRET
Content-Type: application/json

Security Notice: Never expose your API credentials in client-side code. Always make API calls from your server.

Quick Start

Get started with your first payment in just a few steps:

1

Register Your Application

Sign up for a client account and get your API credentials.

2

Make Your First Request

Create a payment request using our API.

3

Handle the Response

Process the payment response and redirect the user.

Simple Payment Request (cURL)

curl -X POST https://bigtech.codes/api/payment/create \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "api_key": "rma_OKmXkjtDxP6ZIZI8V2sRUUDDUpdfkZPE",
    "api_secret": "ubEZf57F9jYaNDimP41BzPhCGPfQ73XDneaUHVja1U6WgKUI3YxamNZZSENPvChG",
    "amount": 100.00,
    "order_id": "ORDER_123",
    "customer_email": "customer@example.com",
    "description": "Payment for ORDER_123"
  }'

New Simple API: We now offer a much simpler integration method! Check out the Simple Payment API section above for the easiest way to get started.

Payment Request

Create a new payment request to initiate a transaction.

POST /payments

Request Parameters

Parameter	Type	Required	Description
`amount`	decimal	Yes	Payment amount in BTN
`currency`	string	Yes	Currency code (BTN)
`order_id`	string	Yes	Your unique order identifier
`customer`	object	Yes	Customer information
`callback_url`	string	Yes	URL for payment status updates
`return_url`	string	Yes	URL to redirect after payment

Example Response

{
  "success": true,
  "payment_id": "pay_1234567890",
  "payment_url": "https://gateway.rmapayments.bt/pay/1234567890",
  "status": "pending",
  "amount": 100.00,
  "currency": "BTN",
  "order_id": "ORDER_123",
  "expires_at": "2024-01-01T12:30:00Z"
}

Payment Status

Check the status of a payment transaction.

GET /payments/{payment_id}

Example Response

{
  "success": true,
  "payment_id": "pay_1234567890",
  "status": "completed",
  "amount": 100.00,
  "currency": "BTN",
  "order_id": "ORDER_123",
  "bank_code": "01",
  "transaction_id": "TXN_987654321",
  "completed_at": "2024-01-01T12:35:00Z"
}

Payment Statuses

pending Payment is awaiting customer action

processing Payment is being processed by the bank

completed Payment has been successfully completed

failed Payment has failed or was declined

cancelled Payment was cancelled by the customer

WooCommerce Plugin v2.0 Integration

Updated WooCommerce plugin with Simple Payment API and dedicated WooCommerce endpoints.

v2.0 Simple API

Only requires API key and secret - no complex configuration needed.

Dedicated Routes

WooCommerce-specific API endpoints with higher rate limits (120 req/hour).

Enhanced Security

IP whitelisting, rate limiting, and comprehensive logging.

Installation Steps

1

Download Plugin v2.0

Download the updated RMA Payment Gateway plugin from your client dashboard.

2

Upload to WordPress

Go to Plugins → Add New → Upload Plugin and select the downloaded zip file.

3

Choose API Version

Navigate to WooCommerce → Settings → Payments → RMA Payment Gateway and select v2 API.

v2.0 Simple Configuration (Recommended)

// v2.0 Simple Configuration - Only 2 fields needed!
$settings = array(
    'enabled' => 'yes',
    'title' => 'RMA Payment Gateway',
    'use_v2_api' => 'yes',
    'api_key' => 'rma_OKmXkjtDxP6ZIZI8V2sRUUDDUpdfkZPE',
    'api_secret' => 'ubEZf57F9jYaNDimP41BzPhCGPfQ73XDneaUHVja1U6WgKUI3YxamNZZSENPvChG',
    'test_mode' => 'yes'
    // No beneficiary_id, bank_code, or private_key needed!
);

v1.0 Legacy Configuration

// v1.0 Legacy Configuration (for backward compatibility)
$settings = array(
    'enabled' => 'yes',
    'title' => 'RMA Payment Gateway',
    'use_v2_api' => 'no',
    'api_key' => 'your_api_key_here',
    'api_secret' => 'your_api_secret_here',
    'beneficiary_id' => 'BE10000255',
    'bank_code' => '01',
    'private_key' => 'your_private_key',
    'test_mode' => 'yes'
);

🔒 WooCommerce Security Features

Dedicated API Routes

WooCommerce uses /api/woocommerce/* endpoints, separate from general API.

Higher Rate Limits

120 requests per hour for WooCommerce vs 60 for general API.

WooCommerce Optimized

Enhanced order tracking, return URLs, and WooCommerce-specific logging.

Download WooCommerce Plugin v2.0: Available in your client dashboard | Dual API support | Enhanced security | Read Documentation

PHP SDK Integration

Use our updated PHP SDK with Simple Payment API for quick and secure integration.

Installation

composer require rma/payment-gateway-php

Simple API Usage (v2.0 - Recommended)

<?php
require_once 'vendor/autoload.php';

use RMA\PaymentGateway\SimpleClient;

// Initialize Simple Client (only API key/secret needed)
$client = new SimpleClient([
    'api_key' => 'rma_OKmXkjtDxP6ZIZI8V2sRUUDDUpdfkZPE',
    'api_secret' => 'ubEZf57F9jYaNDimP41BzPhCGPfQ73XDneaUHVja1U6WgKUI3YxamNZZSENPvChG',
    'test_mode' => true
]);

// Create payment (auto-configured)
$payment = $client->createPayment([
    'amount' => 150.00,
    'order_id' => 'ORDER_123',
    'customer_email' => 'customer@example.com',
    'description' => 'Payment for ORDER_123'
]);

// Redirect to payment
header('Location: ' . $payment['payment_url']);
?>

Legacy API Usage (v1.0)

<?php
// Legacy Client (requires manual configuration)
use RMA\PaymentGateway\Client;

$client = new Client([
    'api_key' => 'your_api_key',
    'api_secret' => 'your_api_secret',
    'beneficiary_id' => 'BE10000255',
    'bank_code' => '01',
    'test_mode' => true
]);

$payment = $client->payments()->create([
    'amount' => 150.00,
    'currency' => 'BTN',
    'order_id' => 'ORDER_123',
    'customer' => [
        'email' => 'customer@example.com',
        'phone' => '17123456'
    ]
]);
?>

SDK v2.0 Benefits: Live PHP Example | Only requires API key/secret | Auto-configuration | Enhanced security

JavaScript SDK Integration

Updated JavaScript SDK with Simple Payment API for modern web applications.

Include SDK

<script src="/downloads/javascript-sdk/src/SimpleRMAGateway.js"></script>

Simple API Usage (v2.0 - Recommended)

// Initialize Simple SDK (only API key/secret needed)
const rma = new SimpleRMAGateway({
    apiKey: 'rma_OKmXkjtDxP6ZIZI8V2sRUUDDUpdfkZPE',
    apiSecret: 'ubEZf57F9jYaNDimP41BzPhCGPfQ73XDneaUHVja1U6WgKUI3YxamNZZSENPvChG',
    testMode: true
});

// Create payment (auto-configured)
async function processPayment() {
    try {
        const payment = await rma.createPayment({
            amount: 200.00,
            orderId: 'ORDER_' + Date.now(),
            customerEmail: 'customer@example.com',
            description: 'Payment for order'
        });
        
        // Redirect to payment URL
        window.location.href = payment.payment_url;
        
    } catch (error) {
        console.error('Payment failed:', error);
    }
}

// Or create and redirect in one step
async function createAndRedirect() {
    await rma.createPaymentAndRedirect({
        amount: 200.00,
        orderId: 'ORDER_' + Date.now(),
        customerEmail: 'customer@example.com'
    });
}

// Event listeners
rma.on('payment.created', function(payment) {
    console.log('Payment created:', payment);
});

rma.on('payment.error', function(error) {
    alert('Payment failed: ' + error.message);
});

JavaScript SDK v2.0: Live JS Example | Event-driven | Auto-configuration | Enhanced security

Direct API Integration

Direct HTTP integration using the Simple Payment API - no SDKs required.

Simple Payment Request (cURL)

curl -X POST https://bigtech.codes/api/payment/create \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "api_key": "rma_OKmXkjtDxP6ZIZI8V2sRUUDDUpdfkZPE",
    "api_secret": "ubEZf57F9jYaNDimP41BzPhCGPfQ73XDneaUHVja1U6WgKUI3YxamNZZSENPvChG",
    "amount": 300.00,
    "order_id": "DIRECT_123456",
    "customer_email": "customer@example.com",
    "description": "Direct API integration payment"
  }'

PHP Direct Integration

function createDirectPayment($apiKey, $apiSecret, $amount, $orderId) {
    $url = 'https://bigtech.codes/api/payment/create';
    
    $data = [
        'api_key' => $apiKey,
        'api_secret' => $apiSecret,
        'amount' => $amount,
        'order_id' => $orderId,
        'customer_email' => 'customer@example.com',
        'description' => 'Direct integration payment'
    ];
    
    $options = [
        'http' => [
            'method' => 'POST',
            'header' => [
                'Content-Type: application/json',
                'Accept: application/json'
            ],
            'content' => json_encode($data)
        ]
    ];
    
    $context = stream_context_create($options);
    $response = file_get_contents($url, false, $context);
    $result = json_decode($response, true);
    
    if ($result['success']) {
        // Redirect to payment URL
        header('Location: ' . $result['data']['payment_url']);
        exit;
    } else {
        echo 'Payment failed: ' . $result['message'];
    }
}

Direct Integration: Live Direct Example | No complex configuration | Simple HTTP requests | Auto-configured

Node.js Example

const crypto = require('crypto');
const axios = require('axios');

class RMAGateway {
    constructor(config) {
        this.apiKey = config.apiKey;
        this.apiSecret = config.apiSecret;
        this.beneficiaryId = config.beneficiaryId;
        this.bankCode = config.bankCode;
        this.privateKey = config.privateKey;
    }

    generateChecksum(data) {
        const sourceString = Object.values(data).join('|');
        const sign = crypto.createSign('RSA-SHA256');
        sign.update(sourceString);
        return sign.sign(this.privateKey, 'hex');
    }

    async createPayment(paymentData) {
        const data = {
            bank_code: this.bankCode,
            beneficiary_id: this.beneficiaryId,
            timestamp: new Date().toISOString().replace(/[-:T.]/g, '').slice(0, 14),
            message_type: 'AR',
            order_id: paymentData.orderId,
            description: paymentData.description,
            customer_email: paymentData.customerEmail,
            amount: paymentData.amount.toFixed(2),
            currency: 'BTN',
            version: '1.0'
        };

        const checksum = this.generateChecksum(data);
        
        return await axios.post('/api/payments', {
            ...data,
            checksum
        }, {
            headers: {
                'Authorization': `Bearer ${this.apiKey}`,
                'X-API-Secret': this.apiSecret
            }
        });
    }
}

Error Codes

Common error codes and their meanings:

Code	Message	Description
`400`	Bad Request	Invalid request parameters
`401`	Unauthorized	Invalid API credentials
`404`	Not Found	Payment or resource not found
`429`	Rate Limited	Too many requests
`500`	Server Error	Internal server error

Support

Need help with integration? We're here to assist you.

Email Support

Get technical support via email

support@nupay.bt

Phone Support

Call us for immediate assistance

+975 17 481607

Live Chat

Chat with our technical team