ShopeePay API integration & OpenFinance Thailand

OpenData · OpenFinance · Protocol analysis · PromptPay · SPayLater BNPL

Connect ShopeePay wallets, PromptPay QR and SPayLater installments to your stack — under Thai PDPA and Bank of Thailand rules

ShopeePay is one of Thailand's most used cashless wallets, with a 2025 launch of Scan to Pay with SPayLater letting customers pay any PromptPay merchant via 0% interest or up to 12-month installments. We deliver authorized API access, protocol analysis, and runnable source code for the data that actually matters: wallet balance, PromptPay transactions, SPayLater repayment schedules, statement exports, merchant settlement, and OAuth-style account login.

Account & OAuth login APIs — mirror the in-app authorization flow (OAuth 2.0 with HMAC-SHA256 signing as documented by ShopeePay), bind users, refresh tokens, and extend the same trust chain to merchant and enterprise sub-accounts.

Statement & transaction APIs — wallet, PromptPay QR, top-up and bill-payment history with paging, date filters, and exports to JSON, Excel or PDF for accounting and ERP sync.

SPayLater BNPL APIs — query eligibility, draw down installments (Next month, 3 / 6 / 12 / 18 / 24 month tenures depending on country), and pull repayment schedules for risk and credit dashboards.

Merchant Presented Mode & webhook — generate dynamic QR codes via the ShopeePay Create Dynamic QR endpoint, then ingest paid / refunded / reversed callbacks for real-time POS reconciliation.

What we deliver

Deliverables checklist

OpenAPI 3.1 / Swagger spec with example payloads for every endpoint we ship
Protocol and auth flow report (OAuth 2.0, HMAC signing, token refresh, certificate pinning notes)
Runnable source for login, balance, statement and SPayLater query APIs (Python and Node.js)
Postman collection plus automated pytest / Jest suites against sandbox
PDPA / Bank of Thailand compliance guidance, consent record templates, retention policy
Optional hosted gateway: pay-per-call billing, no upfront fee

Engagement model

We offer two engagement tracks. Source-code delivery from $300 hands over runnable API source plus documentation, with payment after delivery upon satisfaction. Pay-per-call hosted API gives access to our managed ShopeePay endpoints with usage-based pricing and zero upfront. Most clients combine the two: prototype with our hosted endpoints, then take over the source for production.

Typical first delivery is 5 to 15 business days. Sandbox approvals from third-party processors (DOKU, Antom, Airwallex, iPay88, Paymentwall) may extend timelines, and we can escalate where existing relationships exist.

Data available for integration (OpenData perspective)

The ShopeePay app holds a rich, structured dataset that becomes useful the moment it is liberated from the in-app UI. The table below maps the data classes we typically expose through OpenData APIs, where they originate inside the app, and the most common downstream use case. Granularity assumes an authorized user session or a documented merchant credential.

Data type	Source screen / feature	Granularity	Typical use
Wallet balance & sub-balances	Home → Wallet	Real-time, per currency	Treasury dashboards, low-balance alerts
Transaction history	Wallet → Transactions	Per-transaction, paged	Accounting export, ERP sync
PromptPay QR payments	Scan / Pay	Per scan, with reference ID	Reconciliation against bank statement
SPayLater installments	SPayLater Hub	Per loan, schedule level	Credit risk view, repayment reminders
Top-up & bill payments	Top up / Bills	Per event with operator	Telecom & utility cost analytics
Movie, travel and game vouchers	Lifestyle services	Per voucher, with merchant	Loyalty & engagement programs
User profile & KYC level	Account	Per user, masked	Risk scoring, AML / CFT screening
Merchant settlement	Merchant Portal	Per settlement batch	Daily P&L, MDR fee tracking

Typical integration scenarios

1. Cross-wallet finance dashboard

A regional retailer accepts ShopeePay, TrueMoney Wallet and Rabbit LINE Pay across 200+ stores. We expose /v1/shopeepay/statement and merge it with parallel TrueMoney and LINE Pay endpoints into a unified ledger keyed on PromptPay reference IDs. The CFO sees one Power BI view; reconciliation that took two days now runs in under five minutes.

2. SPayLater BNPL credit dashboard

A Thai e-commerce brand uses SPayLater for high-AOV electronics. Through the /v1/spaylater/installments endpoint we surface tenure (3, 6, 12 months), outstanding principal, next-due date and customer eligibility tier. Risk operates an early-warning rule: if > 1 missed installment, suppress further SPayLater offers in checkout.

3. Real-time PromptPay QR settlement

A Bangkok F&B chain replaces paper sales books with dynamic QR via ShopeePay's Merchant Presented Mode. Each generated QR carries an order_ref; ShopeePay posts a payment.completed webhook within seconds, our middleware emits a Soundbox-style audio confirmation and writes the row to MySQL — fully aligned with the Bangkok Bank PromptPay sponsorship rails.

4. Accounting & tax export

A SaaS client needs monthly Excel exports for VAT filing. We schedule a job that pulls statements via OAuth, redacts PII according to PDPA, and uploads encrypted CSVs to S3. The flow demonstrates how OpenFinance principles — explicit user consent, narrow scope, time-bound tokens — apply outside the EU PSD2 context.

5. Compliance & audit log

A licensed e-money operator must retain transaction logs for the Bank of Thailand. We build an append-only event store keyed on txn_id and signed hourly with a Merkle root, so any later reversal stays auditable. The same store doubles as evidence for AML / CFT screening required of payment licensees.

Technical implementation

Below are simplified but realistic snippets for the three most-requested ShopeePay API surfaces. They reflect the public ShopeePay merchant integration model: OAuth 2.0 partner credentials, an HMAC-SHA256 signature header derived from a shared secret, request and response in JSON, and TLS 1.2 / 1.3 only. Replace placeholders with sandbox credentials before running.

1. OAuth login & token refresh

POST /v1/shopeepay/oauth/token
Content-Type: application/x-www-form-urlencoded
X-Signature: hmac-sha256=<sig>

grant_type=authorization_code
&code=<auth_code>
&client_id=<partner_id>
&redirect_uri=https://example.com/cb

200 OK
{
  "access_token": "eyJhbGciOi...",
  "refresh_token": "rt_9f2c...",
  "expires_in": 3600,
  "scope": "wallet.read statement.read spaylater.read"
}

2. Statement query (paged, filterable)

POST /v1/shopeepay/statement
Authorization: Bearer <ACCESS_TOKEN>
X-Signature: hmac-sha256=<sig>
Content-Type: application/json

{
  "account_id": "u_8810233",
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "channels":  ["WALLET", "PROMPTPAY", "SPAYLATER"],
  "page":      1,
  "page_size": 100
}

200 OK
{
  "items": [
    {
      "txn_id": "TX2026043011872",
      "amount": 459.00,
      "currency": "THB",
      "channel": "PROMPTPAY",
      "merchant": "STARBUCKS THONGLOR",
      "ref":      "ppr-7f1e9c",
      "created":  "2026-04-30T08:14:22+07:00"
    }
  ],
  "page": 1,
  "total": 4123
}

3. Dynamic QR & settlement webhook

POST /v1/shopeepay/qr/dynamic
{ "order_ref":"INV-9981","amount":129.50,"currency":"THB","ttl":600 }
=> { "qr_payload":"00020101...", "expires_at":"..." }

# Webhook (POST from ShopeePay → your server)
{
  "event": "payment.completed",
  "order_ref": "INV-9981",
  "txn_id": "TX2026050312033",
  "amount": 129.50,
  "spaylater": { "used": false, "tenure_months": null },
  "signature": "hmac-sha256=..."
}

# Always verify X-Signature with your shared secret
# before acknowledging with HTTP 200.

Compliance & privacy

Regulatory framework

Every integration we ship in Thailand is mapped to two anchor regulations. First, the Bank of Thailand Payment Systems Act B.E. 2560 (2017), which classifies ShopeePay-style e-wallets as Designated Payment Services that must hold an E-Money license. Second, the Personal Data Protection Act B.E. 2562 (2019) — Thailand PDPA, which has been in full effect since 2022 and applies extraterritorially to anyone processing personal data of Thai users.

We also follow ShopeePay's published merchant integration rules: TLS 1.2 or 1.3, OAuth 2.0 for partner authentication, and HMAC signing for every API call. PSD2-style Open Banking concepts inform our consent and scope design, even though Thai law does not yet mandate them.

How we operate

Authorized merchant credentials or explicit end-user consent only — never scraped sessions
Data minimization: every endpoint declares the narrowest scope needed
Signed audit logs of every API call, retained per BoT and PDPA timelines
PII redaction (national ID, phone) on by default; opt-in to expose
NDA, data-processing agreement, and DPIA templates included on request

Data flow & reference architecture

A typical ShopeePay integration follows a four-stage pipeline that keeps regulated data inside your perimeter while still letting analytics and finance tools consume it:

Client / merchant app — initiates OAuth consent or merchant signature; presents PromptPay or dynamic QR to the user.
Ingestion gateway — our API layer signs every outbound request with HMAC-SHA256, verifies inbound webhooks, and enforces rate limits.
Storage & redaction — events land in an append-only store (PostgreSQL or BigQuery), with PDPA-aware PII tokenization before downstream copies.
Analytics / API output — a thin BFF serves dashboards (Metabase, Looker), exposes a stable OpenAPI to internal consumers, and emits hourly Excel and PDF statements.

This separation means a CFO viewing dashboards never touches raw KYC fields, and the audit trail required by the Bank of Thailand survives even if any one component is replaced.

Market positioning & user profile

ShopeePay (package com.beeasy.airpay, formerly known as AirPay) is one of the top mobile wallets in Thailand, sitting alongside TrueMoney Wallet — which according to Fintech Singapore holds roughly 53% of Thailand's e-wallet market — and Rabbit LINE Pay. Its primary users are urban Thai consumers aged 18–45 who already use the Shopee marketplace and want a single wallet for online checkout, in-store PromptPay QR, mobile top-up, bills, gaming, and travel. The 2024–2025 launch of Scan to Pay with SPayLater via PromptPay materially extends its profile from a marketplace wallet into a full BNPL contender.

On the merchant side, ShopeePay serves both online stores integrating through aggregators (DOKU, Antom, Airwallex, iPay88, Paymentwall) and offline brands plugging into the Bangkok Bank PromptPay sponsorship. Mordor Intelligence projects Thailand's mobile payment market to grow at roughly 16.2% CAGR with a USD 13.4 billion expansion between 2026 and 2031, so APIs that give back office, finance, and risk teams structured access to ShopeePay data are increasingly load-bearing rather than optional.

Screenshots

Click any thumbnail to view it at full size. Screenshots are hosted on the Google Play CDN and reflect the current ShopeePay Thailand release.

Similar apps & the broader Thai mobile-wallet integration landscape

ShopeePay does not sit alone. Most Thai businesses run multiple wallets in parallel and need unified APIs across them. The apps below frequently appear in the same integration brief and we ship parallel connectors for each — they form the keyword ecosystem you'll see on this page:

TrueMoney Wallet — the largest Thai wallet by share. Holds top-up, bill, transfer, gaming, and 7-Eleven payment data. Most clients ask for combined ShopeePay + TrueMoney statement exports.
Rabbit LINE Pay — embedded in LINE messaging and BTS SkyTrain. Carries transit, dining, and LINE Points data; complements ShopeePay for urban Bangkok.
GrabPay — wallet attached to Grab ride-hailing, food and parcel; useful when reconciling employee mobility expenses against retail purchases.
K PLUS (Kasikornbank) — bank app with ~17M active users covering transfers, QR payments, loans, investments and overseas remittance to 47 countries.
SCB EASY (Siam Commercial Bank) — bank-owned wallet with strong KYC and lending features; favored when projects must satisfy stricter Bank of Thailand reporting.
mPay (AIS) — telco-led wallet integrated with AIS billing; common in subscriber-base enterprise integrations.
Paotang — government-backed wallet originally tied to Thai stimulus programs, holds public-benefit and social-payment data.
Krungthai NEXT — Krungthai Bank's flagship app; pairs naturally with ShopeePay for civil-servant and public-sector flows.
Bualuang mBanking — Bangkok Bank's mobile app, which is also the exclusive PromptPay sponsor bank for ShopeePay scan-to-pay flows.
AirPay — the legacy brand of ShopeePay (still reflected in the package id com.beeasy.airpay); historical transaction archives sometimes need migration to ShopeePay schemas.

If you already work with one of these apps, your ShopeePay integration probably needs to share schema, signing keys, or webhook reception with it. We design connectors so the same finance pipeline can ingest them all without duplicate code paths.

About OpenFinance Lab

We are an independent technical studio specializing in mobile-app interface integration and authorized API delivery for fintech, e-commerce, travel, and OTT clients. Our team includes engineers who have shipped at banks, payment gateways, e-wallet operators, and protocol-analysis houses across Thailand, Singapore, Indonesia, Malaysia, and the Philippines.

Mobile wallets, digital banking, BNPL, cross-border remittance
Enterprise API gateways, security reviews, and threat modeling
Custom Python / Node.js / Go SDKs and Postman test harnesses
End-to-end pipeline: protocol analysis → build → validation → compliance
Source-code delivery from $300 — runnable API source plus full documentation; pay after delivery upon satisfaction
Pay-per-call hosted API — usage-based pricing, zero upfront cost

Contact

To request a quote, share a target app, or discuss compliance scope, open our contact page. We typically respond within one business day, in English, Thai, or Chinese.

Contact page

Engagement workflow

Scope confirmation: which ShopeePay flows are in scope (login, statement, PromptPay QR, SPayLater, webhook).
Protocol analysis & API design: 2–5 business days, complexity dependent.
Build & internal validation against sandbox: 3–8 business days.
Documentation, sample apps, and pytest / Jest test cases: 1–2 business days.
Typical first delivery: 5–15 business days; third-party processor approvals may extend the schedule.

FAQ

Which ShopeePay data and flows can you integrate?

Wallet balance and top-up history, PromptPay QR scan-to-pay flows, SPayLater installment status, transaction and statement exports, refund and reversal events, and merchant settlement reports for both online checkout and in-store dynamic QR.

How long does ShopeePay API integration delivery take?

A first runnable drop covering OAuth login, balance and statement APIs typically lands in 5 to 12 business days. Adding SPayLater BNPL, dynamic QR generation, and webhook reconciliation extends the timeline to 3 to 5 weeks depending on sandbox approvals.

How do you stay compliant with Thai PDPA and Bank of Thailand rules?

We work under documented authorized APIs, the official ShopeePay merchant integration channel, or explicit user consent. We follow PDPA B.E. 2562 (2019) data minimization principles and Bank of Thailand Payment Systems Act guidance, and we ship consent logs, retention policies, and PII redaction by default.

Do you support cross-wallet reconciliation across TrueMoney, LINE Pay and ShopeePay?

Yes. We unify transaction schemas across major Thai wallets so finance teams can pull a single statement covering ShopeePay, TrueMoney Wallet, Rabbit LINE Pay, K PLUS and SCB EASY, with merchant fee normalization and PromptPay reference matching.

📱 Original app overview (appendix)

ShopeePay is described by its publisher as Thailand's leading Mobile Wallet with the most secured, smart and simple payment to your cashless lifestyle. The app is delivered under package id com.beeasy.airpay on Google Play (the package name preserves the AirPay heritage from which the wallet evolved) and is also distributed on the Apple App Store. Across both stores it positions itself as the No.1 Mobile Wallet in Thailand.

Its 2025 marquee feature is Scan to Pay with SPayLater: customers can pay any PromptPay QR merchant via 0% interest or flexible installments up to 12 months. Activation is described as quick and the publisher explicitly notes that interest of 15%–25% per annum applies for late repayment, framing it as a credit product to be used responsibly.

Pay everything — game credits, mobile top-up, bills, movie tickets, online shopping, travel booking, and other lifestyle services in one app.
Pay cheaper on Shopee — exclusive deals, free-shipping vouchers and extra Shopee Coins when paying with ShopeePay on Shopee.
Pay QR Code easily nationwide — scan QR codes at leading merchants across Thailand, simplifying daily cashless payments.
Secured and convenient — payment system integrated with Thai banks, including the Bangkok Bank PromptPay sponsorship, with a stated focus on transaction security.
Public channels — website shopeepay.co.th, Facebook ShopeePayTH, Instagram and TikTok @shopeepay_th.

This page exists to position those features in OpenData / OpenFinance / OpenBanking terms and to describe how compliant API integration can liberate the structured data they generate. ShopeePay is referenced as a sample app; trademarks belong to Sea Group / Shopee and their affiliates.