1. Payment Gateway
TrustPay
en
  • en
  • zh
  • Integration Guide
  • Payment Gateway
    • Payment Callback Specification
    • Enums
    • Risk Control – Merchant Integration
    • C21 Suport Regions
      • TrustPay Supported Billing Countries and US/Canada Regions
    • Card Direct Payin
      POST
    • Cashier Payin
      POST
    • Payment Callback
      POST
    • Balance
      POST
    • Order Query
      POST
    • Order Refund
      POST
    • Fee Query
      POST
  • Credit Card Issuer
    • Available Card
      POST
    • Open Card
      POST
    • Open/Recharge Card Callback
      POST
    • Get Card Detail
      POST
    • Card Recharge
      POST
    • Order List
      POST
    • Card List
      POST
    • Transaction List
      POST
    • Fee Query
      POST
  • Physical Card Issuer
    • Create Cardholder
      POST
    • List Cardholders
      POST
    • Assign Physical Cards
      POST
    • List Assigned Physical Cards
      POST
    • Query Card Balance
      POST
    • Query Card Transactions
      POST
    • Query Account
      POST
    • Card Charge
      POST
  • Schemas
    • VCardDetail
    • VOrderDetail
  1. Payment Gateway

Risk Control – Merchant Integration

1. Overview#

To enhance payment security, the banking channel has added a risk control confirmation step to the payment process. When a user submits payment information, the payment system calls the merchant’s configured risk control API, allowing the merchant to decide whether to approve the transaction.
What the merchant must do:
1.
Configure the Risk Control API URL (via the admin dashboard or by contacting technical support).
2.
Implement the Risk Control API to receive payment system requests and return a decision.

2. Payment Flow#

2.1 Full Payment Flow#

2.2 Key Time Points#

T0: Merchant creates order and obtains payment link
T1: User accesses link and enters payment info
T2: User submits payment → Bank channel calls confirmation API
T3: Payment system calls merchant risk control API (merchant makes decision here)
T4: Payment process continues or terminates based on decision

3. Merchant Requirements#

3.1 Configure Risk Control API URL#

Option 1: Configure via Admin Dashboard
Log in to the merchant admin dashboard
Go to the merchant configuration page
Set the bank channel risk control API URL
Option 2: Contact Technical Support
Provide your merchant ID and risk control API URL
Technical support will configure it in the database
Configuration Fields:
merchant_id: Merchant ID
risk_control_url: Full HTTPS URL of the risk control API
Example:
merchant_id: 10001
risk_control_url: https://merchant.example.com/api/risk-control

3.2 Implement the Risk Control API#

The merchant must implement an HTTP POST endpoint to receive risk control requests and return a decision.

3.2.1 API Specification#

Request Method: POST
Request Header:
Content-Type: application/json
Request Body:
{
  "order_id": "ORD202401011234567890",
  "card_prefix": "123456",
  "card_suffix": "7890",
  "card_holder_name": "John Doe"
}
Field Description:
FieldTypeRequiredDescription
order_idstringYesOrder ID (same as orderId used when creating the order)
card_prefixstringYesFirst 6 digits of the card number
card_suffixstringYesLast 4 digits of the card number
card_holder_namestringYesName of the cardholder
Response Specification:
Allow Payment
HTTP Status: 200 OK
Response Body: "allow" (plain text)
Deny Payment
HTTP Status: 403 Forbidden
Response Body: "deny" (plain text)
Notes:
The API must respond within 5 seconds; otherwise, payment will be automatically denied.
The response body must be plain text ("allow" or "deny") — do not return JSON.

4. Request/Response Examples#

4.1 Example — Allow Payment#

Request:
Response:
HTTP/1.1 200 OK
Content-Type: text/plain

allow

4.2 Example — Deny Payment#

Request:
Response:
HTTP/1.1 403 Forbidden
Content-Type: text/plain

deny
Modified at 2026-04-03 04:45:10
Previous
Enums
Next
TrustPay Supported Billing Countries and US/Canada Regions
Built with