Get Merchant Configuration API

API to get the current merchant configuration including transaction whitelist keywords, custom CSS, and logo URL.

API Endpoint

GET
https://bankhub-api-sandbox.sepay.vn/v1/merchant-config
Note
  • This API requires a Bearer Token in the Authorization header
  • Returns the current merchant configuration
  • If the merchant has no configuration yet, fields will have default values (empty array or null)
  • Custom CSS is applied to all hosted links of the merchant

Error Handling

401Unauthorized

Access token is invalid or expired

API Response

Response 200 - Success
{
  "data": {
    "transaction_whitelist_remark_keywords": [
      "string"
    ],
    "global_hosted_link_custom_css": "string",
    "logo_url": "https://example.com"
  }
}
dataobject

Merchant configuration

Code Examples

1
2
3
curl --request GET \
  --url https://bankhub-api-sandbox.sepay.vn/v1/merchant-config \
  --header 'Authorization: Bearer REPLACE_BEARER_TOKEN'

Usage Examples

JSGet merchant configuration
1
2
curl --location 'https://bankhub-api-sandbox.sepay.vn/v1/merchant-config' \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN'
Transaction Whitelist Keywords

How it works:

  • List of keywords used to filter transactions before sending webhooks
  • Only transactions whose content (transaction_content) contains at least one keyword will be sent via webhook
  • Case-insensitive matching
  • If the array is empty [], all transactions will be sent via webhook

Example:

  • Keywords: ["thanh toan", "payment"]
  • Transaction content: "Chuyen khoan thanh toan don hang ABC" → Webhook sent
  • Transaction content: "Gui tien cho ban" → No webhook sent
Global Hosted Link Custom CSS

Custom CSS for WebView:

  • CSS is injected into all merchant's hosted links
  • Allows customization of colors, fonts, and layout of the WebView interface
  • Must be valid CSS, cannot contain scripts or malicious code

Note:

  • CSS must not break hosted link functionality
  • Should be thoroughly tested before deploying to production
Important Note
  • Configuration changes take effect immediately for all active hosted links
  • Custom CSS must comply with security policy (no scripts, external resources)
  • Whitelist keywords should be updated carefully to avoid missing important webhooks
Previous page
Next page