SABI SCI GUIDE
Shopping Cart Interface Guide version 3.16.4

Requirement

To understand this document, you have to at least know basic HTML and HTTP POST/GET request.
SCI Simple Mode are available for Active Member
SCI Advance Mode are available for Store and Corporate Member
SCI Secure Mode are available for Store and Corporate Member

Change Log

Status Form Update :
- Removal of unused fp_fee_mode
- Removal of redundant fp_timestamp
- Removal of redundant fp_hash_all
- Removal of redundant fp_hash_2
- Change fp_currency from base Currency to Wallet Name
- Change fp_hash to use SCI v2 string list
- Add fp_discount
- Add fp_base_currency as replacement of the old fp_currency

Feature Comparison

Feature	Simple Mode	Advance Mode	Secure Mode
Streamlined Payment
Back to Merchant on Success
Back to Merchant on Failure
Merchant Reference
Need SCI Store
Store Banner / Logo
Hash Verification
Immediate Payment Notification Callback (IPN)
Secure Link
Secure Field

Feature Description

Streamlined Payment: Payment are streamlined and consist of 4 steps. Login, Transfer Information, Confirm Transaction, and Result.
Back to Merchant on Success: Merchant can provide SUCCESS URL (a link) and SUCCESS METHOD (POST/GET) that will be used as action link for SUCCESS FORM. This Form will be shown as a “Back to Merchant” Button on the Last Step (Result) of the Transaction.
Back to Merchant on Failure: Merchant can provide FAIL URL (a link) and FAIL METHOD (POST/GET) that will be used as action link for FAIL FORM. This Form will be shown as a “Back to Merchant” after the user pressed the CANCEL button.
Store Banner/Logo: Merchant can provide link to an image file that will be used as Banner or Logo on the SCI. The maximum dimension is 600x100 pixels.
Hash Verification: Hash verification are used to verify the integrity and authenticity of STATUS FORM
Immediate Payment Notification Callback (IPN): Immediate Payment Notification is a notification (callback) system that will send STATUS FORM to STATUS URL on successfull transaction.
Secure Link: Secure link is a redirect link to Sabi SCI without exposing the REQUEST FORM to user. The REQUEST FORM is send by Merchant Server directly to Sabi Server with additional parameter and then Sabi will return the Secure Link. (see Secure Mode)
Secure Field: Secure Field are baggage field that was send using the SECURE MODE inside fp_sec_field and will only be returned to Merchant in STATUS FORM. Those make it hidden from user and prevent it from being tampered.

Flow Diagram

Sabi SCI Simple Mode

(A)Merchant Shopping Cart using REQUEST FORM redirect user to (1) Sabi SCI Login Page (https://sci.fasapay.com/)
(1) Sabi SCI Login, User input their login credential
(2) Sabi SCI TRANSFER form, User input additional transfer information
(3) Sabi SCI CONFIRM Transaction, User Confirm transfer information and authorize the transfer
(4) Sabi SCI RESULT , Transaction success and the SUCCESS FORM to redirect user is available
SUCCESS FORM send to (C) Merchant Success Page if user click on "Back to Merchant" Button

If User Press any Cancel button in step 2-4 They will be send to (5) Sabi SCI FAIL page and a FAIL FORM to redirect user is available

Sabi SCI Advance Mode

(A)Merchant Shopping Cart using REQUEST FORM redirect user to (1) Sabi SCI Login Page (https://sci.fasapay.com/)
(1) Sabi SCI Login, User input their login credential
(2) Sabi SCI TRANSFER form, User input additional transfer information
(3) Sabi SCI CONFIRM Transaction, User Confirm transfer information and authorize the transfer
1. On Successful transaction Sabi send STATUS FORM to (D) Merchant STATUS page
2. (4) Sabi SCI RESULT , Transaction success and the SUCCESS FORM to redirect user is available
SUCCESS FORM send to (C) Merchant Success Page if user click on "Back to Merchant" Button

If User Press any Cancel button in step 2-4 They will be send to (5) Sabi SCI FAIL page and a FAIL FORM to redirect user is available

Sabi SCI Secure Mode

1. (A0) Merchant Secure Link Requester send REQUEST FORM to (0) Sabi SCI INDEX (https://sci.fasapay.com/)
2. Sabi Response with a JSON data containing the SECURE LINK and validation hash
3. (A)Merchant Shopping Cart using SECURE LINK redirect user to (1) Sabi SCI Login Page
(1) Sabi SCI Login, User input their login credential
(2) Sabi SCI TRANSFER form, User input additional transfer information
(3) Sabi SCI CONFIRM Transaction, User Confirm trnasfer information and authorize the transfer
1. On Successful transaction Sabi send STATUS FORM to (D) Merchant STATUS page
2. (4) Sabi SCI RESULT , Transaction success and the SUCCESS FORM to redirect user is available
SUCCESS FORM send to (C) Merchant Success Page if user click on "Back to Merchant" Button

If User Press any Cancel button in step 2-4 They will be send to (5) Sabi SCI FAIL page and a FAIL FORM to redirect user is available

Request Form

Example

<form method="POST" action="https://sci.fasapay.com/"> 
    <input type="hidden" name="fp_acc" value="FP0001">
    <input type="hidden" name="fp_item" value="2 pieces of Clothes">
    <input type="hidden" name="fp_amnt" value="2000">
    <input type="hidden" name="fp_currency" value="IDR">
    <input type="hidden" name="fp_comments" value="Purchase of 2 pieces of black clothes with white collar">
    <input type="hidden" name="fp_merchant_ref" value="BL002883" /> 
    <input type="hidden" name="fp_success_url" value="http://www.domain.com/merchant/result.php" />
    <input type="hidden" name="fp_success_method" value="POST" />
    <input type="hidden" name="fp_fail_url" value="http://www.domain.com/merchant/cancel.php" />
    <input type="hidden" name="fp_fail_method" value="GET" />
    <input type=”hidden” name=
    <!-- additional fields -->
    <input type="hidden" name="track_id" value="558421222">
    <input type="hidden" name="order_id" value="BJ2993800-">
    <input name="" type="submit">
</form>

Variable/Input	Description	Type Data (Accepted Value)	Example	Simple Mode	Advance Mode	Secure Mode
`fp_acc`	Merchant Sabi Account. If specified it cannot be changed.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456	O	R	R
`fp_acc_from`	User/Buyer Sabi Account. If specified it cannot be changed	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456	O	O	O
`fp_store`	The store’s name. if specified it will become the header of the SCI page. If Merchant has created SCI Store in their account. it will be used as store name identifier for Advance Mode.	STRING Max : 100 Character	My Store MyStore	O	R	R
`fp_item`	Name of the item or its amount. Will be appeared in the left side of transaction summary.	STRING Max: 255 Character	2 Piece of Apple	O	O	O
`fp_cart`	List of the items, quantity and price of each item.	Array	[ {“item”:”Apple”,”price”:100,”qty”:2}, {“item”:”Berry”,”price”:500,”qty”:5}, ]	O	O	O
`fp_cart[][item]`	Name of the Item.	STRING Max: 100 character		O	O	O
`fp_cart[][comment]`	Additional note of the item.	STRING Max: 100 character		O	O	O
`fp_cart[][price]`	Price of the Item.	FLOAT Use point (.) as decimal separator. Please remove Thousand Separator.		O	O	O
`fp_cart[][qty]`	Quantity of the Item.	Number		O	O	O
`fp_amnt`	Amount of transaction which should be transferred. The value here will be converted into float number with two decimals. If specified it cannot be changed Leave it blank if you want to make the user insert their own amount	FLOAT Use point (.) as decimal separator. Please remove Thousand Separator.	5000 12.5	O	O	R
`fp_fee_mode`	Type Fee used in the transaction `FiR` = Fee On Recipient, Fee will be charged to the recipient (Merchant) `FiS` = Fee On Sender, Fee will be charged to the sender (buyer) `FsC` = Fee On Sender Choice (Default), Buyer is free to choose the type of Fee. Not available in Secure Mode. If not defined it will use `FsC` as default. if using Advance Mode or Secure Mode it will be overridden or automatically filled by store `fee_mode` of the merchant store setting.	STRING (FiR\|FiS\|FsC)	FiR	O	O	R
`fp_currency`	Currency used for transaction. If specified it cannot be changed Make sure the `fp_acc` has activated the currency	STRING (IDR\|USD)	IDR	O	O	R
`fp_comments`	Comment/Note for this transaction. Not changeable by user. However, user can add additional comment	STRING Max: 100 Character	Payment for 2 pieace of Apple	O	O	O
`fp_merchant_ref`	MERCHANT REFERENCE field. it can be used to hold identification number from the shopping cart or other use. merchant is free to use this field for their own needs.	STRING Max: 100 Character	OrderID5558689	O	O	O
`fp_success_url`	URL which used as SUCCESS FORM action and submitted by “Return to Merchant” button. Shown in Step 5 (Sabi SCI RESULT Page) when transaction is completed successfully. if using Advance Mode or Secure Mode it will be overridden or automatically filled by store `success_url` from the merchant store setting. if no URL specified, there will be no "Return to Merchant" button.	STRING Must be valid URL	http://www.merchant.com/success.html https://www.merchant.com/success.html	O	O	O
`fp_success_method`	Method used by SUCCESS FORM at the Sabi SCI RESULT page. If using Advance Mode, it will be overridden or automatically filled by store merchant setting. Default to POST	STRING POST, GET	POST GET	O	O	O
`fp_fail_url`	URL which used as FAIL FORM action and submitted by “Return to Merchant” button. Shown in FAIL Page which is the Page when user push CANCEL button on: Step 2 - (1) Sabi SCI Login, Step 3 - (2) Sabi SCI TRANSFER form, Step 4 - (3) Sabi SCI CONFIRM Transaction If using Advance Mode or Secure Mode, it will be overridden or automatically filled by store fail_url from merchant store setting. If no URL specified. there will be no "Return to Merchant" button on (5) Sabi SCI FAIL page.	STRING Must be valid URL	http://www.merchant.com/fail.html https://www.merchant.com/fail.html	O	O	O
`fp_fail_method`	Method used by FAIL FORMat the (5) Sabi SCI FAIL page. if using Advance Mode, it will be overridden or automatically filled by store merchant setting. Default to POST	STRING POST, GET	POST GET	O	O	O
`fp_status_url`	URL which used as STATUS_FORM action. (IPN Callback). If using Advance Mode or Secure Mode, it will be overridden or automatically filled by store merchant setting. If no URL specified, No STATUS FORM will be send.	STRING URL	http://www.merchant.com/status.html https://www.merchant.com/callback.html	O	O	O
`fp_status_method`	Method used by STATUS FORM to send the Transaction Data. if using Advance Mode, it will be overridden or automatically filled by store merchant setting. Default to POST	STRING POST, GET	POST GET	O	O	O
`fp_resend_callback`	How many times would the fp_status_url be called until it return HTTP 2xx	INTEGER 0-9	0 5	O	O	O
`fp_sci_link`	If present Sabi will return SECURE MODE JSON data. Please only include this field to initiate Secure Modeand generate Secure LINK.	STRING TRUE	TRUE	O	O	R
`fp_sec_field`	Secure Field array, Merchant can use this field to hold sensitive data that should not be seen by user. Please only use this field to initiate Secure Mode. Any data defined in this field will be delete after successful transaction or secure link expired.	ARRAY	fp_sec_field[userid] = 12345 fp_sec_field[order][id] = 5555 fp_sec_field[order][crc] = d49283c1	O	O	O
`additional field`	Additional field or baggage field. Merchant can add their own field. this fields will be ignored by SCI but will be include in the STATUS FORM, SUCCESS FORM or FAIL FORM.	MIXED Max: 50 field, and 100 character / field.		O	O	O

Note:
O = Optional
R = Required

SECURITY CONSIDERATION, in Simple Mode and Advance Mode The REQUEST FORM and (2) Sabi SCI TRANSFER form are rendered on user’s browser therefore opening the possibility of data tampering and sometimes used to create fraudulent transaction, please always check the integrity of STATUS FORM and/or check the transaction using Sabi API Detail Operation or manually check it on your Sabi Transaction History.

Fail Form

FAIL FORM is a form that exists in the FAIL page it shown as Back to Merchant button, it purposes is to send user back to merchant website. FAIL FORM is optional and only exists if fp_fail_url is defined.
in the fp_fail_url page merchant can create a page with alternative payment method or to continue/retry the payment.

SECURITY CONSIDERATION, while this form is intended to be used as failed transaction notification, the data are submitted by user’s browser therefore opening the possibility of data TAMPERING and can be used to send misinformation.

Variable/Input	Description	Type Data (Accepted Value)	Example
`fp_paidto`	Merchant’s Sabi Account. If REQUEST FORM `fp_acc` not empty, `fp_paidto` will have the same value as `fp_acc`.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_amnt`	The amount that should have been transferred. If REQUEST FORM `fp_amnt` not empty, this will have the same value.	FLOAT	10.20 1000.00
`fp_currency`	The currency that should have been used in the transaction. If REQUEST FORM `fp_currency` not empty, this will have the same value.	STRING (IDR\|USD)	IDR USD
`fp_store`	The Store name that should have been used in the transaction. If REQUEST FORM `fp_store` not empty, this will have the same value.	STRING	MyStore MyStore
`fp_merchant_ref`	If REQUEST FORM `fp_merchant_ref` not empty, this will have the same value.	STRING	OrderID5558689
`Additional field`	Additional field that was defined in the REQUEST FORM

Success Form

SUCCESS FORM is a form that exists in the (4) Sabi SCI RESULT page it shown as Return to Merchant button, it purposes is to send user back to merchant website. SUCCESS FORM is optional and created when a transaction is completed successfully and fp_success_url are defined.
In the fp_success_url page merchant can create a page with successful payment notification or post payment transaction*.

SECURITY CONSIDERATION, while this form is intended to be used as successful transaction notification, the data are submitted by user’s browser therefore opening the possibility of data TAMPERING and can be used to send misinformation or FRAUDULENT data. Please AVOID using this form to validate a complete transaction. If you need to automated process or validate transaction, please use the fp_status_url and STATUS FORM.

Variable/Input	Description	Type Data (Accepted Value)	Example
`fp_paidto`	Merchant’s Sabi Account. If REQUEST FORM `fp_acc` not empty, `fp_paidto` will have the same value as `fp_acc`.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_paidby`	User’s (Buyer/Payer) Sabi Account used to transfer fund to Merchant’s Sabi Account. If REQUEST FORM `fp_acc_from` not empty, `fp_paidby` should be the same as `fp_acc_from`	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_amnt`	The amount that should have been transferred. If REQUEST FORM `fp_amnt` not empty, this will have the same value.	FLOAT	10.20 1000.00
`fp_fee_amnt`	The amount of fee that Sabi cut or add from the transaction amount.	FLOAT	0.01 100
`fp_fee_mode`	Fee Mode used in the transaction's	STRING (FiR\|FiS)	FiR FiS
`fp_total`	The total Amount that `fp_paidto` or Merchant receive. If `fp_fee_mode` is FiR `fp_total` is `fp_amnt` negative `fp_fee_amnt` If `fp_fee_mode` is FiS `fp_total` is equal to `fp_amnt`	FLOAT	10.19 900.00
`fp_currency`	The currency that should have been used in the transaction. If REQUEST FORM `fp_currency` not empty, this will have the same value.	STRING (IDR\|USD)	IDR USD
`fp_batchnumber`	Unique Sabi Transaction batch number (Identification Number)	STRING TR\d{13,15} TR#############	TR2016040112345 TR2016031565432
`fp_store`	The Store name that should have been used in the transaction. If REQUEST FORM `fp_store` not empty, this will have the same value.	STRING	MyStore MyStore
`fp_timestamp`	Date time when the transaction occurred. `fp_timestamp` is in GMT+7	DATETIME STRING (\d{4})-(\d{2})-(\d{2}) (\d{2}):(\d{2}):(\d{2}) YYYY-MM-DD HH:mm:ss	2016-04-01 11:30:45
`fp_merchant_ref`	If REQUEST FORM `fp_merchant_ref` not empty, this will have the same value.	STRING	OrderID5558689
`Additional field`	Additional field that was defined in the REQUEST FORM

Status Form

POST /status.html HTTP/1.1
Host: www.merchant.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 759
Referer: https://www.fasapay.com/sci
Accept: */*
User-Agent: PHP (Linux) Sabi Sabi-IPN Sabi-SCI



fp_paidto=FI12049&fp_paidby=FI12022&fp_amnt=1200&fp_fee_amnt=100&fp_fee_mode=FiR&fp_total=1100&fp_currency=IDR&fp_batchnumber=KR2017081229853&fp_store=FPID-Merchant&fp_timestamp=2017-08-12+00%3A34%3A46&fp_unix_time=1502472886&fp_merchant_ref=BL002883&fp_sec_field=&track_id=558421222&order_id=BJ2993800-&fp_hash=321bac928504608085458dd5bd5e7ab4b337a657a246b19a5a2f229cd6e8f9d0&fp_hash_2=ce6d86e3e11e4ac2b0ef69c1fa27b6b9b595e33f3cd35e1261116e813b8760e6&fp_hash_list=fp_amnt%3Afp_batchnumber%3Afp_currency%3Afp_fee_amnt%3Afp_fee_mode%3Afp_merchant_ref%3Afp_paidby%3Afp_paidto%3Afp_sec_field%3Afp_store%3Afp_timestamp%3Afp_total%3Afp_unix_time%3Aorder_id%3Atrack_id%3ASCI_SECURITY_WORD&fp_hash_all=954a0d24016b920f4d397b6ce0d7e868e0d15f57038e8476e04b4e44305ee7fc

STATUS FORM is form that contain the transaction detail and some security information. STATUS FORM purpose is to notify Merchant of successful transaction.

STATUS FORM will only be created if fp_store is defined and exists in the Merchant Sabi Account Store Setting, and fp_status_url is defined either in REQUET FORM or in Store Setting.

STATUS FORM contains HASH value (fp_hash, fp_hash_2, fp_hash_all) that you should validate to ensure the validity and integrity of STATUS FORM data.

SECURITY CONSIDERATION, STATUS FORM will only be send from Sabi Server. To add more layer to security of your application if possible please only use Sabi STORE setting to define fp_status_url and leave fp_status_url and fp_status_method blank (or dont include them at all) in the REQUEST FORM. It is also advised that you use IP whitelist and only accept the data send from Sabi Server’s IP.

For list of Sabi Server's IP please Contact Sabi Customer Support

Variable/Input	Description	Type Data (Accepted Value)	Example
`fp_paidto`	Merchant’s Sabi Account. If REQUEST FORM `fp_acc` not empty, `fp_paidto` will have the same value as `fp_acc`.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_paidby`	User’s (Buyer/Payer) Sabi Account used to transfer fund to Merchant’s Sabi Account. If REQUEST FORM `fp_acc`_from not empty, `fp_paidby` should be the same as `fp_acc_from`	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_amnt`	The amount that should have been transferred. If REQUEST FORM `fp_amnt` not empty, this will have the same value.	FLOAT\|STRING	10.20 1000.00
`fp_fee_amnt`	The amount of fee that Sabi cut from the transaction amount.	FLOAT\|STRING	0.01 100
`fp_total`	The total Amount that `fp_paidto` or Merchant receive.	FLOAT\|STRING	10.19 900.00
`fp_discount`	The amount of discount applied to the transaction	FLOAT	10.19 900.00
`fp_currency`	The wallet that receive the payment.	STRING (FasaCash-Payment\|FasaCash-Payment\|FasaCash\|FasaPoint)	FasaCash-Payment FasaCash-DK
`fp_base_currency`	Base Currency yg di gunakan pada wallet	STRING (IDR\|USD)	IDR USD
`fp_batchnumber`	Unique Sabi Transaction batch number (Identification Number)	STRING TR\d{13,15} TR#############	TR2016040112345 TR2016031565432
`fp_store`	The Store name that should have been used in the transaction.	STRING	MyStore MyStore
`fp_unix_time`	Time when the transaction occurred in Unix time stamp.	NUMBER	1459485045
`fp_merchant_ref`	If REQUEST FORM `fp_merchant_ref` not empty, this will have the same value.	STRING	OrderID5558689
`fp_merchant_note`	If REQUEST FORM `fp_comments` not empty, this will have the same value.	STRING	OrderID5558689
`fp_member_note`	The Note member add when they doing the transfer	STRING	Please Process it ASAP
`fp_shipping`	If REQUEST FORM `fp_cart[0][product_code] = "shipping"` is not empty, this will have the same value. of `fp_cart[0][price]`	STRING\|FLOAT	500.00
`fp_transactions`	If User pay using multiple wallet (Point and FasaCash) for example or user using voucher_code this will list all the transaction that the merchant will receive.	ARRAY	500.00
`fp_status`	Transaction Status,	INT PENDING = 1 FINISH = 2 CANCEL = 3	1
`fp_sec_field`	If REQUEST FORM `fp_sec_field` is not empty, this will have the same value.	ARRAY	fp_sec_field[userid] = 12345 fp_sec_field[order][id] = 5555 fp_sec_field[order][crc] = d49283c1
`Additional field`	Additional field that was defined in the REQUEST FORM
`fp_hash`	Sabi SCI v.2 sha256 hash based data verification. Because it is only verifying few most basic data, please use it with care or consider using the most complete form. Please refer to : Generate FP_HASH_2 for the detail.	STRING	8eb7c0e4854aa51c617408a2cfd385b1712e5c9dcd7941ffde31dff052487acc
`fp_hash_list`	Field order list used to create `fp_hmac`	STRING	fp_amnt\|fp_batchnumber\|fp_currency\|fp_fee_amnt\|fp_fee_mode\|fp_merchant_ref\|fp_paidby \|fp_paidto\|fp_sec_field\|fp_store\|fp_timestamp\|fp_total\|fp_unix_time
`fp_hmac_string`	The string that was used to generate `fp_hmac` the string order is based on `fp_hash_list`	STRING	fp_amnt\|fp_batchnumber\|fp_currency\|fp_fee_amnt\|fp_fee_mode\|fp_merchant_ref\| fp_paidby\|fp_paidto\|fp_sec_field\|fp_store\|fp_timestamp\|fp_total\|fp_unix_time\|SCI_SECURITY_WORD
`fp_hmac`	Prefixes data with a keyed SHA-256 hash value using the `HMAC` method so that it can be detected if it is tampered. This is an alterative way to validate the data posted in the STATUS FORM. Please refer to : Generate FP_HMAC for the detail.	STRING	954a0d24016b920f4d397b6ce0d7e868e0d15f57038e8476e04b4e44305ee7fc

Generate FP_HASH

SHA-256 HASH is used to generate the value of fp_hash_2.
fp_hash_2 = SHA-256(StringToHash)
the StringToHash is colon-separated list derived from the response data and the SECURITY WORD,

StringToHash =
                fp_paidto+":"+fp_paidby+":"+fp_store+":"+fp_amnt+":"+fp_fee_amnt+":"+fp_total+":"+fp_batchnumber+":"+fp_currency+":"+SECURITY_WORD

Generate FP_HMAC

prefixed data with keyed SHA-256 hash value using HMAC method.
fp_hmac = HMAC-SHA256(SECURITY_WORD, StringToHash)+StringToHash
the StringToHash is pipe-separated list derived from the response data and with order governed by fp_hash_list,


                StringToHash = fp_acc+"|"+fp_acc_from+"|"+...+"|"+n

Secure Mode Data

Secure Mode is used if you need added security in your data and limiting user from most of the option in the transaction process. The data returned here is used to redirect user and to reconfirm your request data.

Variable/Input	Description	Type Data (Accepted Value)	Example
`fp_sec_field`	Secure Field array,	ARRAY	fp_sec_field[userid] = 12345 fp_sec_field[order][id] = 5555 fp_sec_field[order][crc] = d49283c1
`fp_sci_link`	The Redirect link to Sabi SCI. use this to redirect your user to Sabi	STRING [URL]	https://sci.fasapay.com/login?mid=4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7
`fp_sci_mid`	Unique SCI ID	STRING	4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7
`fp_sci_randkey`	Random Salt	STRING	c85bf964430bca83d92519ae773a7994
`fp_sci_hash`	Prefixes data with a keyed `SHA-256` hash value using the `HMAC`. Please refer to Generate FP_SCI_HASH	STRING	cc61cd904f08ffb42724e892cef88d6aab8eec7d4b76651dd280958f3a4c269aFI12049::BJ2993800-:558421222:2000:Purchase of 2 pieces of black clothes with white collar:IDR:POST:https://mc.dv.aevsa.org/fpid/fail.php:FiR:2 pieces of Clothes:https://mc.dv.aevsa.org/fpid/logo.png:BL002883:9:https://fpid.dv.aevsa.org/sci/login?mid=4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7:4a861f19cec0650ef48ab61f721b2e3c111febe163ffd1f2b12145dc72f9afb7:c85bf964430bca83d92519ae773a7994:VAL558421222:VAL558421222:POST:https://mc.dv.aevsa.org/fpid/status.php:FPID-Merchant:POST:https://mc.dv.aevsa.org/fpid/success.php
Reflection of REQUEST FORM. Please refer to REQUEST FORM
`fp_acc`	Merchant Sabi Account.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_acc_from`	User/Buyer Sabi Account.	STRING FP\d{5,6} FP##### FP######	FP12345 FP123456
`fp_store`	The store’s name.	STRING Max : 100 Character	My Store MyStore
`fp_item`	Name of the item or its amount.	STRING Max: 255 Character	2 Piece of Apple
`fp_cart`	List of the items, quantity and price of each item.	Array	[ {“item”:”Apple”,”price”:100,”qty”:2}, {“item”:”Berry”,”price”:500,”qty”:5}, ]
`fp_cart[][item]`	Name of the Item.	STRING Max: 100 character
`fp_cart[][comment]`	Additional note of the item.	STRING Max: 100 character
`fp_cart[][price]`	Price of the Item.	FLOAT Use point (.) as decimal separator. Please remove Thousand Separator.
`fp_cart[][qty]`	Quantity of the Item.	Number
`fp_amnt`	Amount of transaction which should be transferred.	FLOAT Use point (.) as decimal separator. Please remove Thousand Separator.	5000 12.5
`fp_fee_mode`	Type Fee used in the transaction	STRING (FiR\|FiS\|FsC)	FiR
`fp_currency`	Currency used for transaction.	STRING (IDR\|USD)	IDR
`fp_comments`	Comment/Note for this transaction.	STRING Max: 100 Character	Payment for 2 pieace of Apple
`fp_merchant_ref`	MERCHANT REFERENCE field. it can be used to hold identification number from the shopping cart or other use.	STRING Max: 100 Character	OrderID5558689
`fp_success_url`	URL which used as SUCCESS FORM action and submitted by “Return to Merchant” button.	STRING Must be valid URL	http://www.merchant.com/success.html https://www.merchant.com/success.html
`fp_success_method`	Method used by SUCCESS FORM at the Sabi SCI RESULT page.	STRING POST, GET	POST GET
`fp_fail_url`	URL which used as FAIL FORM action and submitted by “Return to Merchant” button.	STRING Must be valid URL	http://www.merchant.com/fail.html https://www.merchant.com/fail.html
`fp_fail_method`	Method used by FAIL FORMat the (5) Sabi SCI FAIL page.	STRING POST, GET	POST GET
`fp_status_url`	URL which used as STATUS_FORM action. (IPN Callback).	STRING URL	http://www.merchant.com/status.html https://www.merchant.com/callback.html
`fp_status_method`	Method used by STATUS FORM to send the Transaction Data.	STRING POST, GET	POST GET
`fp_resend_callback`	How many times would the fp_status_url be called until it return HTTP 2xx	INTEGER 0-9	0 5

Generate FP_SCI_HASH

prefixed data with keyed SHA-256 hash value using HMAC method.
fp_sci_hash = HMAC-SHA256(Key, StringToHash)+StringToHash
Key = SHA256(SECURITY_WORD+fp_sci_randkey) the StringToHash is pipe-separated list derived from the response data and with order governed by its name,


                StringToHash = fp_acc+"|"+fp_acc_from+"|"+fp_aditional_field[order_id]+"|"+...+"|"+n

SABI SCI GUIDE Shopping Cart Interface Guide version 3.16.4