Skip to content

Direct Deposit

Brief Description
  • This API is intended for merchants who have the capability to collect card information on their own front end.
  • After the card information is collected on the merchant front end, the merchant server should call this API to submit the card data.
  • cardData is a sensitive card data field. The merchant must encrypt it according to the agreed method before submission.
  • When 3DS, OTP, or bank verification is required, the system returns paymentInfo, and the merchant front end must redirect the user to that URL to continue the payment process.
  • Currently, only the JCB channel is supported by this API.
Request URL
  • /v1/vexora/deposits
Request Method
  • POST
Header Required Type Description
merchantNo Yes String Merchant number
Request Body Parameters
Parameter Required Type Description
sign Yes String Use all fields except sign, sort them alphabetically, and concatenate as key1=value1key2=value2.... Then use the app secret as a salt for MD5 encryption. The sign should be in lowercase.
timestamp Yes long Timestamp of the transaction.
tradeNo Yes String Merchant transaction number. Must be unique.
amount Yes String Transaction amount. Supports up to two decimal places.
currency Yes String Currency code. For the current JCB channel, the value is fixed as JPY.
name Yes String Cardholder name.
mobile Yes String Cardholder's mobile number (supports country code + local mobile number).
email Yes String Email address (used to notify the user by email after the transaction is completed)
userId Yes String Merchant user ID
cardData Yes String Encrypted card data. The merchant must encrypt the card information according to the agreed method before submission.
notifyUrl Yes String Merchant asynchronous callback URL used to receive the final payment result
remark No String Remark. This field will be returned as-is
cardData Description
  • The merchant server must package the card information first, encrypt it according to the agreed method, and then submit it in the cardData field.
  • The plaintext structure of cardData is as follows:
{
  "cardNumber": "3566123412341234",
  "cardDate": "12/28",
  "cardCvv": "123",
  "cardHolderName": "TARO YAMADA"
}
  • The AES-256-ECB encryption method is as follows:
public static String aesEncode(String tempStr, String aesKey) throws Exception {
    SecretKeySpec secretKey = new SecretKeySpec(aesKey.getBytes(StandardCharsets.UTF_8), "AES");
    Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);

    byte[] encrypted = cipher.doFinal(tempStr.getBytes(StandardCharsets.UTF_8));
    return Hex.encodeHexString(encrypted).toUpperCase(); // Convert to uppercase HEX
}
  • When generating the signature, cardData participates using its encrypted string value. Do not expand the plaintext card fields for signature generation.
Request Example
{
  "sign": "f53ee692f15d0329a1461373b67ff25a",
  "timestamp": "1724142041682",
  "tradeNo": "00000007",
  "amount": "300.00",
  "currency": "JPY",
  "userId": "USER_000001",
  "name": "TARO YAMADA",
  "mobile": "819012345678",
  "email": "taro@example.com",
  "cardData": "ENCRYPTED_CARD_DATA",
  "notifyUrl": "https://merchant.example.com/callback",
  "remark": "000000"
}
Response Parameters
Parameter Required Type Description
msg Yes String Request result. When the value is success, it only means the current API request was accepted successfully and cannot be used as the final transaction result.
code Yes String Response code. When the value is 0000, it only means the current API request was accepted successfully and cannot be used as the final transaction result.
timestamp Yes String Transaction time
success Yes Boolean Transaction result
data Yes Object Returned object.
data.tradeNo Yes String Merchant transaction number
data.platFormTradeNo Yes String Unique platform transaction number
data.status Yes String Transaction results,Merchants can process subsequent workflows based on the returned status in the transaction result. For details, please refer to the status code reference table.
data.message Yes String Error description
data.remark No String The remark value submitted in the request, returned as-is
data.paymentInfo No String Returned when 3DS, OTP, or bank verification is required. The merchant front end must redirect the user to this URL.
Successful Response Example
{
  "msg": "success",
  "code": "0000",
  "timestamp": "1728609277476",
  "success": true,
  "data": {
    "tradeNo": "428c430ce59b47138674c971ff07a711",
    "platFormTradeNo": "c167o1itir0fypid",
    "status": "0015",
    "message": "Paying",
    "remark": "11111",
    "paymentInfo": "https://xxx-3ds.com/auth/xxxxx"
  }
}
Processing Notes
  • When code=0000, it only means the current API request was successful. It does not mean the payment is finally successful.
  • The merchant should continue to evaluate data.status.
  • 0000: Payment successful.
  • 0015: Processing. In most cases, paymentInfo will also be returned, and the merchant should guide the user to complete the verification flow.
  • Other values: Handle as failed.
  • The final payment result should be determined based on the asynchronous callback notification and proactive order query result.