SSSMS88 Logo

SSSMS88 Merchant API Documentation

Table of Contents

Common Response Format

All API endpoints follow this standard response format:

Field Type Description
status integer 1 for success, 0 for error
message string Response message indicating success or error details
data array|object Response payload. Empty array [] for errors, contains response data for success

Authentication API

POST https://{url}/api/apiAuthLogin

Description

This endpoint authenticates a merchant user and returns an authentication token upon successful login.

Request Parameters

Parameter Type Required Description
username string Yes Merchant's username
password string Yes Merchant's password
apiKey string Yes Merchant's API key
signature string Yes HMAC-SHA256 signature encoded in base64

Signature Generation

The signature is generated using the following steps:

  1. Create a string by concatenating parameters: username={username}&password={password}&apiKey={apiKey}
  2. Generate HMAC-SHA256 using the merchant's API secret as the key
  3. Encode the result in base64

Example Usage

$apiKey = 'YOUR_API_KEY';
$apiSecret = 'YOUR_API_SECRET';
$username = 'your_merchant_username';
$password = 'your_merchant_password';

// Generate signature
$signString = "username={$username}&password={$password}&apiKey={$apiKey}";
$signature = base64_encode(hash_hmac('sha256', $signString, $apiSecret, true));

$ch = curl_init('https://{url}/api/apiAuthLogin');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
    'username' => $username,
    'password' => $password,
    'apiKey' => $apiKey,
    'signature' => $signature
]));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json'
]);

$response = curl_exec($ch);
$result = json_decode($response, true);

if ($result['status'] === 1) {
    $accessToken = $result['data']['accessToken'];
    echo "Login successful! Token: " . $accessToken;
} else {
    echo "Error: " . $result['message'];
}

import hmac
import hashlib
import base64
import requests
import json

api_key = 'YOUR_API_KEY'
api_secret = 'YOUR_API_SECRET'
username = 'your_merchant_username'
password = 'your_merchant_password'

# Generate signature
sign_string = f"username={username}&password={password}&apiKey={api_key}"
signature = base64.b64encode(
    hmac.new(
        api_secret.encode(),
        sign_string.encode(),
        hashlib.sha256
    ).digest()
).decode()

response = requests.post(
    'https://{url}/api/apiAuthLogin',
    headers={'Content-Type': 'application/json'},
    json={
        'username': username,
        'password': password,
        'apiKey': api_key,
        'signature': signature
    }
)

result = response.json()
if result['status'] == 1:
    access_token = result['data']['accessToken']
    print(f"Login successful! Token: {access_token}")
else:
    print(f"Error: {result['message']}")
# Generate signature using OpenSSL
signature=$(echo -n "username=your_merchant_username&password=your_merchant_password&apiKey=YOUR_API_KEY" | \
  openssl dgst -sha256 -hmac "YOUR_API_SECRET" -binary | base64)

# Make the API call
curl -X POST https://{url}/api/apiAuthLogin \
-H "Content-Type: application/json" \
-d '{
    "username": "your_merchant_username",
    "password": "your_merchant_password",
    "apiKey": "YOUR_API_KEY",
    "signature": "'$signature'"
}'

Response Fields

Field Type Description
status integer 1 for success, 0 for error
message string Response message
data.accessToken string JWT token for authentication

Response Examples

Successful Response

{
    "status": 1,
    "message": "Login successful",
    "data": [
        "accessToken": "1|4vY2W2KdFPUugYDDkdSBPXKHwGjKu6iMJTXq3Smxc7561ffe"
    ]
}

Invalid Signature Response

{
    "status": 0,
    "message": "Invalid signature",
    "data": []
}

Invalid Credentials Response

{
    "status": 0,
    "message": "Invalid username / password",
    "data": []
}

Using the Access Token

For subsequent API calls, include the access token in the Authorization header:

Authorization: Bearer 1|4vY2W2KdFPUugYDDkdSBPXKHwGjKu6iMJTXq3Smxc7561ffe

Merchant Information API

GET https://{url}/api/merchant/me

Description

This endpoint retrieves the current merchant's information including credit balance and account details.

Authentication

Requires a valid access token in the Authorization header.

Headers

Header Value Required Description
Authorization Bearer {access_token} Yes The access token received from login
Content-Type application/json Yes Request content type

Response Fields

Field Type Description
status integer 1 for success, 0 for error
message string Response message
data.merchant.id string Unique identifier for the merchant account
data.merchant.merchant.id string Unique identifier for the merchant business
data.merchant.merchant.merchantCode string Merchant's business code (format: M[0-9]{7})
data.merchant.merchant.credit string Current credit balance (decimal format with 4 decimal places)
data.merchant.name string Merchant's display name
data.merchant.username string Merchant's login username
data.merchant.email string Merchant's email address
data.merchant.phoneNumber string|null Merchant's contact number (null if not provided)
data.merchant.status integer Account status (1: active)

Example Usage

// Your access token from successful login
$accessToken = '1|4vY2W2KdFPUugYDDkdSBPXKHwGjKu6iMJTXq3Smxc7561ffe';

// Initialize cURL session
$ch = curl_init('https://{url}/api/merchant/me');

// Set cURL options
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'Authorization: Bearer ' . $accessToken
]);

// Execute the request
$response = curl_exec($ch);

// Check for cURL errors
if (curl_errno($ch)) {
    echo "cURL Error: " . curl_error($ch);
    exit;
}

// Parse response
$result = json_decode($response, true);

if ($result['status'] === 1) {
    $merchantData = $result['data']['merchant'];
    $credit = $merchantData['merchant']['credit'];
    $merchantCode = $merchantData['merchant']['merchantCode'];
    $name = $merchantData['name'];
    
    echo "Merchant Information:\n";
    echo "Name: " . $name . "\n";
    echo "Merchant Code: " . $merchantCode . "\n";
    echo "Current Credit Balance: " . $credit . "\n";
} else {
    echo "Error: " . $result['message'];
}

// Close cURL session
curl_close($ch);
import requests

access_token = '1|4vY2W2KdFPUugYDDkdSBPXKHwGjKu6iMJTXq3Smxc7561ffe'

response = requests.get(
    'https://{url}/api/merchant/me',
    headers={
        'Content-Type': 'application/json',
        'Authorization': f'Bearer {access_token}'
    }
)

result = response.json()
if result['status'] == 1:
    merchant_data = result['data']['merchant']
    credit = merchant_data['merchant']['credit']
    merchant_code = merchant_data['merchant']['merchantCode']
    name = merchant_data['name']
    
    print(f"Merchant Information:\nName: {name}\nMerchant Code: {merchant_code}\nCurrent Credit Balance: {credit}")
else:
    print(f"Error: {result['message']}")
curl -X GET https://{url}/api/merchant/me \
-H "Authorization: Bearer 1|4vY2W2KdFPUugYDDkdSBPXKHwGjKu6iMJTXq3Smxc7561ffe" \
-H "Content-Type: application/json"

Response Examples

Successful Response

{
    "status": 1,
    "message": "Merchant retrieved successfully",
    "data": {
        "merchant": {
            "id": "c9bc55ba-abcd-abcd-abcd-ff522ca1935e",
            "merchant": {
                "id": "a2fefd78-abcd-abcd-abcd-484897fb8268",
                "merchantCode": "M0001234",
                "credit": "100.0000"
            },
            "name": "Merchant Name",
            "username": "your_merchant_username",
            "email": "[email protected]",
            "phoneNumber": null,
            "status": 1
        }
    }
}

Unauthorized Response

{
    "status": 0,
    "message": "Unauthorized",
    "data": []
}

Send SMS API

POST https://{url}/api/sms/send

Description

This endpoint sends SMS messages to multiple recipients. You can send to up to 1000 phone numbers in a single API call.

Authentication

Requires a valid access token in the Authorization header.

Headers

Header Value Required Description
Authorization Bearer {access_token} Yes The access token received from login
Content-Type application/json Yes Request content type

Request Parameters

Parameter Type Required Description
accountCode string Yes Your SMS account application code
phoneNumbers string Yes Comma-separated list of phone numbers (max 1000 numbers). Format: country code + number (e.g., 60123456789)
content string Yes The SMS message content to send
Phone Number Format:
- Must include country code (e.g., 60 for Malaysia)
- No spaces or special characters
- Example: 601234567890
- Multiple numbers: 601234567890,601234567891,601234567892

Response Fields

Field Type Description
status integer 1 for success, 0 for error
message string Response message
data array Contains SMS sending results when successful, empty array when error

Example Usage

$accessToken = '1|4vY2W2KdFPUugYDDkdSBPXKHwGjKu6iMJTXq3Smxc7561ffe';
$accountCode = 'YOURACCOUNTAPPCODE';
$phoneNumbers = '601111330000,60189990000';
$content = 'Your SMS message content here';

$ch = curl_init('https://{url}/api/sms/send');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
    'accountCode' => $accountCode,
    'phoneNumbers' => $phoneNumbers,
    'content' => $content
]));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'Authorization: Bearer ' . $accessToken
]);

$response = curl_exec($ch);
$result = json_decode($response, true);

if ($result['status'] === 1) {
    echo "SMS queued successfully!";
} else {
    echo "Error: " . $result['message'];
}
import requests

access_token = '1|4vY2W2KdFPUugYDDkdSBPXKHwGjKu6iMJTXq3Smxc7561ffe'
account_code = 'YOURACCOUNTAPPCODE'
phone_numbers = '601111330000,60189990000'
content = 'Your SMS message content here'

response = requests.post(
    'https://{url}/api/sms/send',
    headers={
        'Content-Type': 'application/json',
        'Authorization': f'Bearer {access_token}'
    },
    json={
        'accountCode': account_code,
        'phoneNumbers': phone_numbers,
        'content': content
    }
)

result = response.json()
if result['status'] == 1:
    print("SMS queued successfully!")
else:
    print(f"Error: {result['message']}")
curl -X POST https://{url}/api/sms/send \
-H "Authorization: Bearer 1|4vY2W2KdFPUugYDDkdSBPXKHwGjKu6iMJTXq3Smxc7561ffe" \
-H "Content-Type: application/json" \
-d '{
    "accountCode": "YOURACCOUNTAPPCODE",
    "phoneNumbers": "601111330000,60189990000",
    "content": "Your SMS message content here"
}'

Response Examples

Successful Response

{
    "status": 1,
    "message": "SMS queued for sending. Please wait a moment for the result.",
    "data": []
}

Invalid Account Response

{
    "status": 0,
    "message": "Merchant Sms Account not found.",
    "data": []
}

Unauthorized Response

{
    "status": 0,
    "message": "Unauthorized",
    "data": []
}

Invalid Request Response

{
    "status": 0,
    "message": "Invalid phone number format",
    "data": []
}
Important Notes:
1. Each SMS sent will deduct credits from your account balance
2. Maximum 1000 phone numbers per API call
3. Ensure all phone numbers include country code
4. Check your credit balance before sending using the /api/merchant/me endpoint
5. SMS sending is asynchronous - successful response means the message is queued, not necessarily delivered