📘
All field names must be UPPERCASE as specified below.

Request Endpoint

POST https://secure.paygate.co.za/payweb3/initiate.trans

Sample request:

<?php

// Encryption key set in the Merchant Access Portal
$encryptionKey = 'secret';

$DateTime = new DateTime();

$data = array(
    'PAYGATE_ID'        => 10011072130,
    'REFERENCE'         => 'pgtest_123456789',
    'AMOUNT'            => 3299,
    'CURRENCY'          => 'ZAR',
    'RETURN_URL'        => 'https://my.return.url/page',
    'TRANSACTION_DATE'  => $DateTime->format('Y-m-d H:i:s'),
    'LOCALE'            => 'en-za',
    'COUNTRY'           => 'ZAF',
    'EMAIL'             => 'customer@paygate.co.za',
);

$checksum = md5(implode('', $data) . $encryptionKey);
$data['CHECKSUM'] = $checksum;

$fieldsString = http_build_query($data);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://secure.paygate.co.za/payweb3/initiate.trans');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['HTTP_HOST']);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fieldsString);
$result = curl_exec($ch);
curl_close($ch);
?>

const axios = require('axios');
const crypto = require('crypto');

// Encryption key set in the Merchant Access Portal
const encryptionKey = 'secret';

const data = {
  PAYGATE_ID: '10011072130',
  REFERENCE: 'pgtest_123456789',
  AMOUNT: 3299,
  CURRENCY: 'ZAR',
  RETURN_URL: 'https://my.return.url/page',
  TRANSACTION_DATE: new Date().toISOString().replace('T', ' ').substring(0, 19),
  LOCALE: 'en-za',
  COUNTRY: 'ZAF',
  EMAIL: 'customer@paygate.co.za'
};

// Generate checksum
const checksumString = Object.values(data).join('') + encryptionKey;
data.CHECKSUM = crypto.createHash('md5').update(checksumString).digest('hex');

// Send the request
axios.post('https://secure.paygate.co.za/payweb3/initiate.trans', new URLSearchParams(data).toString(), {
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Referer': 'yourdomain.com' // Replace with your actual domain
  }
})
.then(response => {
  console.log('Response:', response.data);
})
.catch(error => {
  console.error('Error:', error);
});

📘
See the list of supported locale and country codes.

Request Fields

Field	Description	Type	Requirement
PAYGATE_ID	Your PayGate ID – assigned by PayGate	`varchar(20)`	✅
REFERENCE	Your internal reference for the transaction	`varchar(110)`	✅
AMOUNT	Amount in cents (e.g. 32.99 = 3299)	`varchar(20)`	✅
CURRENCY	Currency code (e.g. ZAR)	`varchar(5)`	✅
RETURN_URL	Where the customer should be redirected after payment	`varchar(255)`	✅
TRANSACTION_DATE	UTC-formatted timestamp of the transaction	`datetime`	✅
LOCALE	Customer locale (e.g. `en-za`)	`varchar(5)`	☑️
COUNTRY	Country code (e.g. `ZAF`)	`varchar(5)`	☑️
EMAIL	Customer email address for confirmation	`varchar(255)`	✅
PAY_METHOD	Restrict to a specific payment method	`varchar(5)`	🚫
PAY_METHOD_DETAIL	Detail for the payment method (if applicable)	`varchar(45)`	🚫
NOTIFY_URL	URL to receive a real-time response	`text`	☑️
USER1	Custom field 1 – must be included in CHECKSUM if used	`varchar(255)`	☑️
USER2	Custom field 2	`varchar(255)`	☑️
USER3	Custom field 3	`varchar(255)`	☑️
VAULT	Set to 1 to tokenise card using PayVault	`tinyint(3)`	☑️
VAULT_ID	Token to use a saved card (if PayVault is enabled)	`varchar(40)`	☑️
CHECKSUM	MD5 hash of all fields + encryption key	`varchar(40)`	✅

Sample Response (Success)

The Initiate request returns standard HTTP POST data structured like this:

PAYGATE_ID=10011072130
&PAY_REQUEST_ID=23B785AE-C96C-32AF-4879-D2C9363DB6E8
&REFERENCE=pgtest_123456789
&CHECKSUM=b41a77f83a275a849f23e30b4666e837

Response Fields

Field	Description	Type
PAYGATE_ID	Same PayGate ID sent in the request	`varchar(20)`
PAY_REQUEST_ID	GUID generated for this transaction	`varchar(36)`
REFERENCE	Same reference value sent in the request	`varchar(110)`
CHECKSUM	MD5 hash of the response fields	`varchar(32)`

For possible errors returned in the response, see: PayWeb3 Error Codes