Skip to main content
Gcashier Pay is a cross-border payment API platform designed specifically for small and medium-sized enterprises that need to collect, convert, and move money across borders. Every API call travels over HTTPS 1.2 and JSON, and every message is protected by a layered encryption scheme — AES for payload confidentiality, RSA for session-key exchange, and SHA1withRSA for request signing — so your transaction data stays secure end to end. Whether you are integrating collection flows, executing foreign-exchange trades, or reconciling payouts, this documentation gives you everything you need to go from zero to a working integration.

Collection

Accept payments from international customers through hosted and API-driven collection flows, with real-time status callbacks delivered to your server.

Foreign Exchange

Execute FX conversions at competitive rates directly through the API. Lock in a rate, confirm the trade, and track settlement status in one workflow.

International Remittance

Send funds to beneficiaries worldwide. Submit beneficiary details, confirm debit amounts, and receive arrival confirmations — all programmatically.

Payouts

Disburse funds to bank accounts in supported corridors. The withdrawal API handles routing details and returns status updates as the payment progresses.

E-Commerce Collection

Integrate checkout-ready collection links and callbacks into your e-commerce storefront for a seamless buyer experience.

Accounting & Reconciliation

Query balances, retrieve transaction histories, and associate flow orders to keep your books in sync with every API-driven movement.

How the API works

Every request you send and every response you receive follows the same encrypted envelope pattern. You build a JSON payload, sign it with your RSA private key, encrypt it with a freshly generated AES session key, wrap that session key with Gcashier Pay’s RSA public key, and POST all four fields — merchantNo, jsonEnc, keyEnc, and sign — to the appropriate endpoint. Gcashier Pay verifies the signature with your public key, decrypts the session key with its own private key, and decrypts the payload. Responses arrive in the same envelope structure so you reverse the process on your end. This dual-key design means neither party ever transmits a long-lived secret in the clear. AES keys are ephemeral — one per request — and RSA key pairs are held exclusively by their respective owners.
All API communication must use HTTPS 1.2. Plain HTTP connections are rejected. All text encoding is UTF-8 and the Content-Type header must be application/json.

Request and response structure

Every JSON payload — before encryption — shares a common envelope: 
{
  "head": {
    "version": "1.0.0",
    "tradeType": "00",
    "tradeTime": "1551341750",
    "tradeCode": "sp1301",
    "language": "cn"
  },
  "body": {}
}
tradeType is "00" in requests and "01" in responses. Successful responses carry respCode: "S00000" in the head. Every other field in the body is specific to the API operation you are calling.

Changelog

VersionDateSummary
1.0.42025-01-23Payment API updates
1.0.32024-12-13Contact maintenance APIs
1.0.22024-10-24Merchant access fields
1.0.12024-09-01E-commerce collection
1.0.02024-07-30Initial release

Next steps

Ready to make your first API call? The Quickstart walks you through generating your RSA key pair, exchanging public keys with Gcashier Pay, and sending your first encrypted request in under 30 minutes.

Quickstart →

Generate your keys, download the demo SDK, and send your first encrypted request.