Skip to main content

IPPS Proxy API

The IPPS Proxy API serves as a secure intermediary between IPPS’s wallet management service and Bangkok Bank’s (BBL) TQR Payment APIs.

API Flow

  1. Register Wallet User
    Assigns a new IPPS wallet ID to a eWallet user.     Each partner wallet is asssigned a 2 digit system code. <TEPACODE><WALLET SYSTEM CODE><USER WALLETID>.
  2. Query
    Initiates and validates a QR transfer (amount, recipient type/value). Supports ThaiQR Tag29 national ID, phone number or e-Wallet ID as receipients.
  3. Confirm
    Confirms a previously queried payment.
  4. Deactivate Wallet User
    Disables a wallet user when no longer needed.

Authentication & Required Headers

All IPPS Proxy API requests must include the following headers to ensure integrity and security.
HeaderTypeRequiredDescription
X-Wallet-Code stringyesThe wallet system code—identifies the caller wallet app.
X-TimestampstringyesUnix timestamp in milliseconds of the time when the request is made.
X-SignaturestringyesHMAC‑SHA256 signature computed over the timestamp + raw JSON body, hex‑encoded.

HMAC Signature Generation (High Level)

  1. Concatenate the X-Timestamp value and the raw JSON request body.
  2. Compute HMAC‑SHA256 using your shared secret key over that concatenated payload.
  3. Hex‑encode the HMAC output to produce the signature string.
  4. Set the resulting hex string as the value of X-Signature.
  5. Server verification recomputes the HMAC in a timing‑safe way and rejects the request if the signatures differ.