Hattha Mobile API integration & OpenBanking Cambodia

OpenData · OpenFinance · OpenBanking · Protocol analysis · KHQR

Connect Hattha Mobile accounts, statements, and KHQR payments to your stack — safely

Hattha Mobile is the mobile banking app of Hattha Bank Plc. (formerly Hattha Kaksekar Limited), a Cambodian commercial bank within the Krungsri / Bank of Ayudhya group. We deliver protocol analysis, authorized API endpoints, and runnable source code so finance teams, accounting platforms, and fintechs can read balances, pull transaction history, export account statements, and reconcile KHQR and cross-border ThaiQR payments — all framed in the OpenData and OpenBanking model rather than brittle screen scraping.

Account & balance API — Mirror the in-app login (biometric / Touch ID / Face) and token flow, then read current and available balances per account; use it to power treasury dashboards and daily cash-position reports.

Transaction history & statement API — Paged transaction lists with date ranges, channel filters (KHQR, instant transfer, bill payment, top-up), and downloadable PDF/Excel statements for bookkeeping and audit.

KHQR & Bakong rails — Generate and parse EMVCo KHQR, resolve KHQR ID, and verify Bakong transactions so merchant settlement and refund reconciliation can be automated end to end.

Cross-border ThaiQR module — Capture cross-border payments made in Thailand via Krungsri, with FX rate, settlement currency, and reference fields for multi-currency reporting.

What we deliver

Every engagement ends with artefacts your engineers can run on day one, not a slide deck. We document the authorization chain, hand over working clients for the highest-value endpoints, and ship tests so regressions surface early. The package below is the default; we trim or extend it to match the integration scope you confirm at kickoff.

Deliverables checklist

API specification (OpenAPI / Swagger) for login, balance, transactions, statements, KHQR
Protocol & auth flow report — device binding, OTP, biometric token, refresh and cookie chain
Runnable source for login + statement + KHQR verification (Python and Node.js)
Automated tests, Postman collection, and step-by-step API documentation
Compliance notes — NBC payment rules, KHQR/Bakong guidelines, consent and retention guidance

Engagement options

Source-code delivery from $300 — you receive runnable API source code plus documentation; pay after delivery once you are satisfied.
Pay-per-call hosted API — call our managed endpoints and pay only for the requests you make, with no upfront fee; useful for teams that prefer usage-based pricing or a quick proof of concept.
Maintenance retainer — optional monthly window for keeping clients in sync when the app or Bakong specs change.

Recent app context

Hattha Bank rolled out Hattha Mobile version 3.0 as a modernized rebuild with faster transactions and a simplified hamburger menu. In late 2024 the bank ran a ThaiQR cross-border cashback promotion (20% back on ThaiQR payments via Hattha Mobile in Thailand, November–December 2024), reflecting Cambodia's wider push into cross-border QR with Thailand, Vietnam, Laos, Malaysia, China and Japan. Integrations should therefore treat KHQR ID receipt and cross-border ThaiQR as first-class transaction types, not edge cases.

Data available for integration (OpenData perspective)

The table below maps the structured data Hattha Mobile holds to the screen or feature it comes from, the granularity you can expect, and how integrators typically use it. It is derived from the published app feature set and from how Cambodian banks expose KHQR and Bakong data; field names are indicative and confirmed during protocol analysis.

Data type	Source screen / feature	Granularity	Typical use
Account balance	Home / account dashboard	Per account, current + available, near real-time	Treasury dashboards, cash-position reports, low-balance alerts
Transaction history	Transaction list & transaction detail	Per posting: amount, currency, counterparty, channel, timestamp, reference, status	Bookkeeping, reconciliation, analytics, fraud/risk scoring
Account statement	Statement (repeat / print / download)	Date-range document, PDF/Excel, opening & closing balance	Audit packs, loan applications, accounting period close
KHQR & KHQR ID payments	Scan-to-pay / receive via KHQR ID	Per QR: merchant ID, bill number, amount, Bakong trace, payer alias	Merchant settlement, refund matching, e-commerce checkout
Cross-border ThaiQR transfers	Cross-border payment (Thailand / Krungsri)	Per transfer: source & settlement currency, FX rate, fee, beneficiary, reference	Multi-currency reporting, remittance tracking, FX reconciliation
Bill payments & mobile top-ups	Pay bills / mobile top-up (PIN & PIN-less)	Per payment: biller category, account/MSISDN, amount, receipt no.	Expense categorisation, utility spend analytics, agent payout records
Push notification events	Instant transaction notifications	Event stream: debit/credit, amount, balance after, channel	Real-time ledger sync, webhook fan-out, anomaly detection
Reference & profile data	Exchange/interest rate tools, branch & ATM locator, profile	Rate tables, geo-coded locations, masked customer profile fields	Pricing widgets, branch finders, KYC pre-fill

Typical integration scenarios

These are end-to-end flows we have built or scoped for Cambodian fintech, accounting, and merchant clients. Each names the business context, the data or API involved, and how it maps to OpenData / OpenFinance / OpenBanking concepts.

1. Accounting & ERP reconciliation

Context: an SME using a cloud accounting suite wants Hattha Bank movements to appear automatically. Data/API: nightly call to the transaction-history endpoint with from_date/to_date, plus monthly statement PDF for the audit trail. OpenBanking mapping: an "account information service" pattern — read-only consented access to balances and transactions, normalised to a standard ledger schema and pushed into Xero/QuickBooks-style books.

2. KHQR merchant settlement & refunds

Context: an online store accepts KHQR and needs to confirm each payment before fulfilment. Data/API: generate EMVCo KHQR, then poll or webhook the Bakong verification call by md5/trace ID; on success, write the order; on timeout, void. OpenFinance mapping: a "payment initiation + status" flow against the national QR rail, with settlement reports rolled up daily for finance.

3. Cross-border ThaiQR expense tracking

Context: a travel or logistics firm whose staff pay ThaiQR merchants in Thailand via Hattha Mobile. Data/API: filter transaction history for the cross-border channel, capture FX rate and settlement currency, attach receipt references. OpenData mapping: unified multi-currency expense feed that joins KHR and THB legs into one reportable record for the finance team.

4. Real-time ledger sync via push events

Context: a lending app needs to know the moment a borrower's repayment lands. Data/API: ingest instant push-notification events (debit/credit, amount, balance-after), de-duplicate against the transaction endpoint, then fan out to internal webhooks. OpenBanking mapping: an event-driven "transaction notification" stream feeding a near-real-time mirror of the account ledger.

5. Bill-payment & top-up analytics

Context: a utility aggregator wants spend insight across its biller categories. Data/API: pull bill-payment and mobile top-up records, classify by biller type (utilities, internet, insurance, property, agents, MSISDN top-up), aggregate by period. OpenData mapping: a categorised payments dataset that powers dashboards, dunning, and partner reconciliation without touching card networks.

Technical implementation

The snippets below illustrate the shape of the integration: a device-bound login that yields a bearer token, a paged statement query, a KHQR verification against the Bakong-style trace, and a webhook payload for push events. Exact headers, signing, and error codes are confirmed during protocol analysis and documented in the deliverable.

1) Authenticate & bind device

// Step 1: login (pseudocode)
POST /api/v1/hattha/auth/login
Content-Type: application/json

{
  "username": "85512XXXXXX",
  "password": "<hashed>",
  "device_id": "<uuid>",
  "biometric": false
}

// 200 OK
{
  "access_token": "eyJhbGci...",
  "refresh_token": "def502...",
  "expires_in": 1800,
  "accounts": [{"acct_id":"0010xxxxxx","ccy":"KHR"},{"acct_id":"0020xxxxxx","ccy":"USD"}]
}

// On 401 -> trigger OTP step; on 423 -> account locked; on 426 -> app/version upgrade required

2) Fetch statement / transaction history

POST /api/v1/hattha/statement
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: application/json

{
  "acct_id": "0010xxxxxx",
  "from_date": "2026-04-01",
  "to_date": "2026-04-30",
  "channel": ["KHQR","TRANSFER","BILL","TOPUP","CROSSBORDER"],
  "page": 1,
  "page_size": 50,
  "format": "json"   // or "pdf" / "xlsx"
}

// 200 OK
{
  "opening_balance": 1820.55,
  "closing_balance": 2143.10,
  "page": 1, "pages": 3,
  "items": [
    {"txn_id":"T2604...","posted_at":"2026-04-03T09:21:04+07:00",
     "amount":-12.50,"ccy":"USD","channel":"KHQR",
     "counterparty":"Merchant ABC","bakong_trace":"FT26...","ref":"INV-7781","status":"SUCCESS"}
  ]
}

3) Verify a KHQR / Bakong payment

POST /api/v1/hattha/khqr/verify
Authorization: Bearer <ACCESS_TOKEN>

{ "md5": "<khqr-md5>" }   // hash of the generated EMVCo KHQR string

// 200 OK
{ "responseCode": 0, "data": { "hash": "...", "fromAccountId": "payer@bank",
  "toAccountId": "merchant@hkl", "amount": 12.50, "currency": "USD",
  "trackingStatus": "COMPLETED", "createdDateMs": 1746000000000 } }

// responseCode != 0 -> not yet paid / expired; retry with backoff, then void the order

4) Push-event webhook (your endpoint)

POST https://yourapp.example/webhooks/hattha
X-Signature: sha256=<hmac>
Content-Type: application/json

{
  "event": "transaction.posted",
  "acct_id": "0010xxxxxx",
  "direction": "CREDIT",
  "amount": 250.00, "ccy": "USD",
  "balance_after": 2393.10,
  "channel": "TRANSFER",
  "ref": "REPAY-10293",
  "occurred_at": "2026-05-12T14:02:11+07:00"
}

// Respond 2xx within 5s; we retry with exponential backoff and de-dupe on (acct_id, ref, occurred_at)

Data flow / architecture

A typical pipeline has four nodes: Hattha Mobile client / authorized API (login, balance, statement, KHQR calls) → Ingestion & normalisation layer (token refresh, paging, schema mapping, de-duplication, signing) → Storage (encrypted transaction store + object storage for statement PDFs, with retention rules) → Output (your REST/GraphQL API, webhooks, BI exports, or accounting-system connectors). Push events shortcut straight from node 1 to node 2 for near-real-time sync, while batch statement pulls run on a nightly schedule.

Compliance & privacy

Regulatory context

Hattha Bank is supervised by the National Bank of Cambodia under the Law on Banking and Financial Institutions, and its mobile payment features sit on the NBC's national rails — the Bakong system and the EMVCo-based KHQR standard, with cross-border QR linkages governed by bilateral arrangements (e.g. Thailand via the Regional Payment Connectivity initiative). We build only against authorized or documented interfaces — the Bakong Open API and KHQR SDK, plus partner or sandbox credentials you supply — and we never bypass authentication or impersonate users. Cambodia's draft Personal Data Protection Law and existing telecom/e-commerce privacy provisions inform our data-minimisation defaults.

How we keep it safe

Customer-authorized access only; consent records and full request/response audit logs
Data minimisation — request the narrowest scope and shortest retention that meets the use case
Encryption in transit and at rest; secrets in a vault, not in source
NDAs and a documented data-processing description on request
Clear separation of test (sandbox) and production credentials and data

Market positioning & user profile

Hattha Mobile serves retail and micro/SME customers of Hattha Bank across Cambodia — a market where Acleda, Wing and ABA lead the mobile-banking field and Bakong/KHQR has become the default way to pay, with Bakong processing roughly 608 million transactions worth about US$104.8 billion in 2024. The app is consumer-facing (B2C) for everyday banking — balance checks, instant transfers, KHQR scan-to-pay, bill payments, mobile top-ups, card-less ATM withdrawals — while also supporting cross-border ThaiQR for Cambodians and merchants who transact with Thailand via Krungsri. The note that "the service is not applied to corporate accounts" means most integration demand comes from individual users, sole traders, merchants, and the fintech/accounting platforms that serve them, on both Android and iOS. That profile is exactly why an OpenData layer is useful: thousands of small businesses keep their books, settle KHQR sales, and track cross-border spend across apps that do not yet talk to each other.

Screenshots

Selected Hattha Mobile screens from the official store listing — login, dashboard, transfers, KHQR and statements. Click any thumbnail to view it larger.

Similar apps & integration landscape

Hattha Mobile sits inside a busy Cambodian digital-finance ecosystem. The apps below are part of that landscape — we list them so teams that work across several of them can picture a unified data layer; this is not a ranking or a criticism of any product. Many integration projects end up touching two or three of these at once because customers and merchants rarely keep all their money in one place.

ABA Mobile — ABA Bank's widely used app; holds accounts, cards, QR payments and transaction history that teams often want to merge with Hattha exports for a single view.
ACLEDA mobile — ACLEDA Bank's app (the rebuilt "Unity ToanChet"); a common second account whose statements and KHQR records appear in the same reconciliation jobs.
Wing Bank — Wing's bank-licensed app with a deep agent network; transfers, bill payments and top-ups here frequently need to line up with Hattha movements.
Sathapana Mobile — Sathapana Bank's app (relaunched in April 2025); similar balance, transfer and statement data that integrators normalise alongside Hattha.
Prince Bank app — Prince Bank's digital-first app; accounts, deposits and QR payments that show up in cross-bank cash-position dashboards.
AMK Mobile — AMK's microfinance app; loan, savings and payment records that pair naturally with Hattha's SME-oriented data.
PRASAC mobile — PRASAC's app, with a large rural customer base; transaction and statement feeds often consolidated with Hattha for agribusiness clients.
Maybank KH — Maybank Cambodia's app; accounts, FX and QR payments that fit the same cross-border reporting need as Hattha's ThaiQR data.
Chip Mong Bank app — Chip Mong Commercial Bank's app; another account commonly held alongside Hattha by Phnom Penh merchants.
Bakong app — the National Bank of Cambodia's wallet that links to bank accounts (including Hattha); the KHQR/Bakong rail that nearly every integration in this list ultimately settles on.

About us

We are an independent technical studio focused on app interface integration and authorized API work, with a strong fintech and digital-banking track record. Our engineers have shipped protocol-analysis and API projects across banks, payment gateways, and microfinance institutions, and we know the National Bank of Cambodia's payment landscape — Bakong, KHQR, FAST, and the cross-border QR linkages — as well as multi-region privacy expectations.

Payments, digital banking, microfinance, and cross-border remittance integrations
Enterprise API gateways, webhook delivery, and security reviews
Custom Python / Node.js / Go SDKs, Postman collections, and test harnesses
Full pipeline: protocol analysis → build → validation → compliance hand-off
Source-code delivery from $300 — runnable API source plus documentation; pay after delivery upon satisfaction
Pay-per-call hosted API — usage-based pricing, no upfront cost

Contact

To request a quote or scope a Hattha Mobile integration, send us the target app name (already provided here) and your concrete requirements — for example transaction-history export, KHQR verification, or cross-border ThaiQR reconciliation — plus any sandbox or partner credentials you hold.

Contact page

Engagement workflow

Scope confirmation — which data and endpoints (login, balance, transactions, statements, KHQR verify, push events).
Protocol analysis & API design — 2–5 business days depending on auth complexity.
Build & internal validation — 3–8 business days, including tests and a Postman collection.
Documentation, samples, and hand-off — 1–2 business days.
Typical first delivery: 5–15 business days; third-party or partner approvals may extend the timeline.

FAQ

What data can you extract from Hattha Mobile?

Account balances, transaction history with KHQR and cross-border details, downloadable account statements, bill-payment and mobile top-up records, exchange and interest rate tables, and branch/ATM locations — delivered as JSON, CSV/Excel, or PDF.

Do you use official Hattha Bank or Bakong APIs?

We work with documented and authorized interfaces: the Bakong Open API and KHQR SDK published by the National Bank of Cambodia, plus any partner or sandbox credentials you provide. Where no public API exists, we deliver a protocol-analysis report and an authorized client implementation.

How long does delivery take and what does it cost?

A first API drop with documentation usually takes 5 to 15 business days. Source-code delivery starts at US$300 with payment after you are satisfied, and a pay-per-call hosted option is available with no upfront fee.

How do you handle compliance and customer consent?

Integrations follow National Bank of Cambodia payment rules, KHQR and Bakong technical guidelines, and data-minimisation practices, with consent logging, audit trails, and NDAs on request.

📱 Original app overview — Hattha Mobile (appendix)

Hattha Mobile is the mobile banking app of Hattha Bank Plc., a commercial bank in Cambodia formerly known as Hattha Kaksekar Limited (HKL) and now part of the Krungsri / Bank of Ayudhya group within MUFG. The bank describes the app as user-friendly, personalisable, feature-rich, and secure, available free of charge for registration and basic features (certain services may carry a fee). The current generation is version 3.0, a modernized rebuild promising faster transactions and a simplified menu. Read more on Wikipedia or the official site, hatthabank.com.

Highlighted services (per the app listing):

Check balance and transaction history; view transaction details
Receive transfers via KHQR ID from any bank; transfer to any Hattha account instantly
Make cross-border payments in Thailand (ThaiQR); favourite transactions for quick repeat
Repeat, print, and download account statements anytime, anywhere
Instant push notification for each transaction; set payment reminders
Card-less withdrawal via Cash To ATM; block ATM card
Pay bills — utilities, mobile, internet, property, insurance, and agents
Mobile top-up with PIN code and PIN-less
Check or calculate exchange rate and interest rate
Security tips, FAQ, About us, Contact us; find nearest Hattha branch and ATM
Apply for Hattha products and services; personalise your profile
Touch ID / Face login to the Hattha Mobile app

Getting started: existing Hattha Bank customers with a registered mobile number can download the app and register with their deposit account number and phone number, or visit the nearest branch to apply for the service. The service is not applied to corporate accounts; terms and conditions may change at the bank's discretion. Hotline 023 999 266, toll-free 1800 212 222, available 6 AM – 10 PM. (This appendix summarises publicly available information about the original app for context; it does not imply any affiliation.)