Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Advanced tools
This library is the abstraction of Xendit API for access from applications written with server-side Javascript.
Note: This library is only meant for usage from server-side with Xendit secret API key. For PCI compliance to be maintained, tokenization of credit cards info should be done on client side with Xendit.js.
Please check Xendit API Reference.
npm install --save xendit-node
Configure package with your account's secret key obtained from your Xendit Dashboard.
const Xendit = require('xendit-node');
const x = new Xendit({
secretKey: 'xnd_...',
Usage examples:
Instanitiate Card service using constructor that has been injected with Xendit keys
const { Card } = x;
const cardSpecificOptions = {};
const card = new Card(cardSpecificOptions);
Example: Capturing a charge
chargeID: 'charge-id-from-create-charge-endpoint',
externalID: 'your-system-tracking-id',
.then(({ id }) => {
console.log(`Charge created with ID: ${id}`);
.catch(e => {
console.error(`Charge creation failed with message: ${e.message}`);
Refer to Xendit API Reference for more info about methods' parameters
card.createCharge(data: {
tokenID: string;
externalID: string;
amount?: number;
authID?: string;
cardCVN?: string;
capture?: boolean;
descriptor?: string;
currency?: string;
midLabel?: string;
billingDetails?: object;
promotion?: object;
installment?: object;
forUserID?: string;
metadata?: object;
card.captureCharge(data: {
chargeID: string;
amount: number;
forUserID?: string;
card.getCharge(data: { chargeID: string; forUserID?: string })
card.createAuthorization(data: {
tokenID: string;
externalID: string;
amount?: number;
authID?: string;
cardCVN?: string;
descriptor?: string;
currency?: string;
midLabel?: string;
billingDetails?: object;
promotion?: object;
installment?: object;
forUserID?: string;
card.reverseAuthorization(data: {
chargeID: string;
externalID: string;
forUserID?: string;
card.createRefund(data: {
chargeID: string;
amount: number;
externalID: string;
xIdempotencyKey?: string;
forUserID?: string;
card.createPromotion(data: {
referenceId: string;
description: string;
promoCode?: string;
binList?: string[];
channelCode?: string;
discountPercent?: number;
discountAmount?: number;
currency: string;
startTime: Date;
endTime: Date;
minOriginalAmount?: number;
maxDiscountAmount?: number;
Instanitiate VA service using constructor that has been injected with Xendit keys
const { VirtualAcc } = x;
const vaSpecificOptions = {};
const va = new VirtualAcc(vaSpecificOptions);
Example: Create a fixed virtual account
externalID: 'your-external-id',
bankCode: 'BCA',
name: 'Stanley Nguyen',
.then(({ id }) => {
console.log(`Fixed VA created with ID: ${id}`);
.catch(e => {
console.error(`VA creation failed with message: ${e.message}`);
Refer to Xendit API Reference for more info about methods' parameters
va.getVABanks(data?: {
forUserID?: string;
va.createFixedVA(data: {
externalID: string;
bankCode: string;
name: string;
virtualAccNumber?: string;
suggestedAmt?: number;
isClosed?: boolean;
expectedAmt?: number;
expirationDate?: Date;
isSingleUse?: boolean;
description?: string;
forUserID?: string;
va.getFixedVA(data: {
id: string;
forUserID?: string;
va.updateFixedVA(data: {
id: string;
suggestedAmt?: number;
expectedAmt?: number;
expirationDate?: Date;
isSingleUse?: boolean;
description?: string;
forUserID?: string;
va.getVAPayment(data: {
paymentID: string;
forUserID?: string;
: ID of the payment that you obtained from your callback
Instanitiate Disbursement service using constructor that has been injected with Xendit keys
const { Disbursement } = x;
const disbursementSpecificOptions = {};
const d = new Disbursement(disbursementSpecificOptions);
Example: Create a disbursement
externalID: 'your-external-tracking-ID',
bankCode: 'BCA',
accountHolderName: 'Stan',
accountNumber: '1234567890',
description: 'Payment for nasi padang',
amount: 10000,
.then(({ id }) => {
console.log(`Disbursement created with ID: ${id}`);
.catch(e => {
console.error(`Disbursement creation failed with message: ${e.message}`);
Refer to Xendit API Reference for more info about methods' parameters
d.create(data: {
externalID: string;
bankCode: string;
accountHolderName: string;
accountNumber: string;
description: string;
amount: number;
emailTo?: string[];
emailCC?: string[];
emailBCC?: string[];
xIdempotencyKey?: string;
forUserID?: string;
withFeeRule?: string;
d.createBatch(data: {
reference: string;
disbursements: Array<{
externalID: string;
bankCode: string;
accountHolderName: string;
accountNumber: string;
description: string;
amount: number;
emailTo?: string[];
emailCC?: string[];
emailBCC?: string[];
forUserID?: string;
withFeeRule?: string;
xIdempotencyKey?: string;
d.getByID(data: { disbursementID: string })
d.getByExtID(data: { externalID: string })
Instanitiate Invoice service using constructor that has been injected with Xendit keys
const { Invoice } = x;
const invoiceSpecificOptions = {};
const i = new Invoice(invoiceSpecificOptions);
Example: Create an invoice
externalID: 'your-external-id',
payerEmail: '',
description: 'Invoice for Shoes Purchase',
amount: 100000,
}).then(({ id }) => {
console.log(`Invoice created with ID: ${id}`);
Refer to Xendit API Reference for more info about methods' parameters
i.createInvoice(data: {
externalID: string;
payerEmail: string;
description: string;
amount: number;
shouldSendEmail?: boolean;
callbackVirtualAccountID?: string;
invoiceDuration?: number;
successRedirectURL?: string;
failureRedirectURL?: string;
paymentMethods?: string[];
currency?: string;
midLabel?: string;
forUserID?: string;
i.getInvoice(data: { invoiceID: string; forUserID?: string })
i.expireInvoice(data: {
invoiceID: string;
forUserID?: string;
i.getAllInvoices(data?: {
statuses?: string[];
limit?: number;
createdAfter?: Date;
createdBefore?: Date;
paidAfter?: Date;
paidBefore?: Date;
expiredAfter?: Date;
expiredBefore?: Date;
lastInvoiceID?: string;
clientTypes?: string[];
paymentChannels?: string[];
onDemandLink?: string;
recurringPaymentID?: string;
forUserID?: string;
Instanitiate Recurring Payments service using constructor that has been injected with Xendit keys
const { RecurringPayment } = x;
const rpSpecificOptions = {};
const rp = new RecurringPayment(rpSpecificOptions);
Example: Create a recurring payment
externalID: '123',
payerEmail: '',
description: 'Payment for something',
amount: 10000,
interval: RecurringPayment.Interval.Month,
intervalCount: 1,
.then(({ id }) => {
console.log(`Recurring payment created with ID: ${id}`);
.catch(e => {
`Recurring payment creation failed with message: ${e.message}`,
Refer to Xendit API Reference for more info about methods' parameters
rp.createPayment(data: {
externalID: string;
payerEmail?: string;
description?: string;
amount: number;
interval: Interval;
intervalCount: number;
totalRecurrence?: number;
invoiceDuration?: number;
shouldSendEmail?: boolean;
missedPaymentAction?: Action;
creditCardToken?: string;
startDate?: Date;
successRedirectURL?: string;
failureRedirectURL?: string;
recharge?: boolean;
chargeImmediately?: boolean;
currency?: string;
rescheduleAt?: Date;
customer?: object;
customerNotificationPreference?: object;
reminderTimeUnit?: string;
reminderTime?: number;
paymentMethodId?: string;
rp.getPayment(data: { id: string })
rp.editPayment(data: {
id: string;
amount?: number;
creditCardToken?: string;
interval?: Interval;
intervalCount?: number;
shouldSendEmail?: boolean;
invoiceDuration?: number;
missedPaymentAction?: Action;
rescheduleAt?: Date;
customerId?: string;
reminderTimeUnit?: string;
reminderTime?: number;
paymentMethodId?: string;
rp.stopPayment(data: { id: string })
rp.pausePayment(data: { id: string })
rp.resumePayment(data: { id: string })
Instantiate Recurring service using constructor that has been injected with Xendit keys
const { Recurring } = x;
const rSpecificOptions = {};
const r = new Recurring(rSpecificOptions);
Example: Create a recurring plan
businessId: '6066ebf68204c740b61aa3c6',
referenceId: 'ref-123',
customerId: 'cus-123',
recurringAction: 'PAYMENT',
currency: 'IDR',
amount: 1000,
paymentMethods: [
{ paymentMethodId: 'pm-123', rank: 1 },
scheduleId: 'resc-123',
immediateActionType: 'FULL_AMOUNT',
notificationConfig: {
recurringCreated: ['EMAIL'],
recurringSucceeded: ['SMS'],
recurringFailed: ['WHATSAPP']
failedCycleAction: 'RESUME'
.then(({ id }) => {
console.log(`Recurring plan created with ID: ${id}`);
.catch(e => {
`Recurring plan creation failed with message: ${e.message}`,
Refer to Xendit API Reference for more info about methods' parameters
r.createSchedule(data: {
referenceId: string;
businessId: string;
interval: string;
intervalCount: number;
totalRecurrence?: number;
anchorDate?: string;
retryInterval?: string;
retryIntervalCount?: number;
totalRetry?: number;
failedAttemptNotifications?: number[];
r.editSchedule(data: {
id: string;
businessId: string;
interval: string;
intervalCount: number;
totalRecurrence?: number;
anchorDate?: string;
retryInterval?: string;
retryIntervalCount?: number;
totalRetry?: number;
failedAttemptNotifications?: number[];
r.getSchedule(data: {
id: string;
businessId: string;
r.createPlan(data: {
businessId: string;
referenceId: string;
customerId: string;
recurringAction: RecurringAction;
currency: Currency;
amount: number;
paymentMethods?: Array<PaymentMethodIdRanked>;
scheduleId: string;
immediateActionType?: ImmediateActionType | null;
notificationConfig?: NotificationConfig | null;
failedCycleAction?: FailingCycleAction;
metadata?: object | null;
r.createPlan(data: {
businessId: string;
referenceId: string;
customerId: string;
recurringAction: RecurringAction;
currency: Currency;
amount: number;
paymentMethods?: Array<PaymentMethodIdRanked>;
schedule: RecurringSchedule;
immediateActionType?: ImmediateActionType | null;
notificationConfig?: NotificationConfig | null;
failedCycleAction?: FailingCycleAction;
metadata?: object | null;
r.editPlan(data: {
businessId: string;
customerId?: string;
currency?: Currency;
amount?: number;
paymentMethods?: Array<PaymentMethodIdRanked>;
notificationConfig?: NotificationConfig | null;
metadata?: object | null;
description?: string;
r.getPlan(data: { id: string; businessId: string; })
r.deactivatePlan(data: { id: string; businessId: string; })
r.editCycle(data: {
id: string;
businessId: string;
planId: string;
scheduledTimestamp: string;
currency: Currency;
amount: number;
metadata?: object | null;
r.getCycle(data: {
id: string;
planId: string;
businessId: string;
r.getAllCycles(data: {
planId: string;
businessId: string;
limit?: number;
beforeId?: string;
afterId?: string;
r.cancelCycle(data: {
id: string;
planId: string;
businessId: string;
Instantiate Payout service using constructor that has been injected with Xendit keys
const { Payout } = x;
const payoutSpecificOptions = {};
const p = new Payout(payoutSpecificOptions);
Example: Create a payout
externalID: 'your-external-id',
amount: 100000,
email: '',
}).then(({ id }) => {
console.log(`Invoice created with ID: ${id}`);
Refer to Xendit API Reference for more info about methods' parameters
p.createPayout(data: {
externalID: string;
amount: string;
email: string;
p.getPayout(data: { id: string })
p.voidPayout(data: { id: string })
Deprecation notice here: We will continue working on developing the SDK to support the new EWallet service
Instanitiate EWallet service using constructor that has been injected with Xendit keys
const { EWallet } = x;
const ewalletSpecificOptions = {};
const ew = new EWallet(ewalletSpecificOptions);
Example: Create an ewallet charge
referenceID: 'test-reference-id',
currency: 'IDR',
amount: 50000,
checkoutMethod: 'ONE_TIME_PAYMENT',
channelCode: 'ID_OVO',
channelProperties: {
mobileNumber: '+6281234567890',
}).then(r => {
console.log('created ewallet payment charge:', r);
return r;
Refer to Xendit API Reference for more info about methods' parameters
ew.createPayment(data: {
externalID: string;
amount: number;
phone?: string;
expirationDate?: Date;
callbackURL?: string;
redirectURL?: string;
items?: PaymentItem[];
ewalletType: CreateSupportWalletTypes;
xApiVersion?: string;
ew.getPayment(data: {
externalID: string;
ewalletType: GetSupportWalletTypes;
ew.createEWalletCharge(data: {
referenceID: string;
currency: Currency;
amount: number;
checkoutMethod: string;
channelCode?: ChannelCode;
channelProperties?: ChannelProps;
paymentMethodId?: string;
customerID?: string;
basket?: Basket[];
metadata?: object;
forUserID?: string;
withFeeRule?: string;
ew.getEWalletChargeStatus(data: {
chargeID: string;
forUserID?: string;
ew.voidEWalletCharge(data: {
chargeID: string;
forUserID?: string;
ew.initializeTokenization(data: {
customerID: string;
channelCode: ChannelCode;
properties?: OnlineBankingAccessProperties;
metadata?: object;
ew.unlinkTokenization(data: {
linkedAccTokenID: string;
ew.createPaymentMethod(data: {
customerID: string;
type: PaymentMethodType;
properties: PaymentMethodProperties;
metadata?: object;
ew.getPaymentMethodsByCustomerID(data: {
customerID: string;
Instanitiate Balance service using constructor that has been injected with Xendit keys
const { Balance } = x;
const balanceSpecificOptions = {};
const i = new Balance(balanceSpecificOptions);
Example: Get balance of holding account
accountType: Balance.AccountType.Holding,
}).then(({ balance }) => {
console.log('Holding balance amount:', balance);
Refer to Xendit API Reference for more info about methods' parameters
b.getBalance(data: {
accountType: AccountType;
forUserID?: string;
Instanitiate Retail outlet service using constructor that has been injected with Xendit keys
const { RetailOutlet } = x;
const retailOutletSpecificOptions = {};
const ro = new RetailOutlet(retailOutletSpecificOptions);
Example: Example: Create a fixed payment code
externalID: '123',
retailOutletName: 'ALFAMART',
name: 'Ervan Adetya',
expectedAmt: 10000,
}).then(({ id }) => {
console.log(`Fixed Payment Code created with ID: ${id}`);
Refer to Xendit API Reference for more info about methods' parameters
ro.createFixedPaymentCode(data: {
externalID: string;
retailOutletName: string;
name: string;
expectedAmt: number;
paymentCode?: string;
expirationDate?: Date;
isSingleUse?: boolean;
ro.getFixedPaymentCode(data: { id: string })
ro.getPaymentsByFixedPaymentCodeId(data: { id: string })
ro.updateFixedPaymentCode(data: {
id: string
name?: string;
expectedAmt?: number;
expirationDate?: Date;
ro.simulatePayment(data: {
retailOutletName: string;
paymentCode: string;
transferAmount: number;
Instanitiate QR Code service using constructor that has been injected with Xendit keys
const { QrCode } = x;
const qrcodeSpecificOptions = {};
const q = new QrCode(qrcodeSpecificOptions);
Example: create a QR code
externalID: 'your-system-tracking-id',
amount: 10000,
type: QrCode.Type.Dynamic,
callback_url: 'https://yourwebsite/callback',
.then(({ id }) => {
console.log(`QR code created with ID: ${id}`);
.catch(e => {
console.error(`QR code creation failed with message: ${e.message}`);
Refer to Xendit API Reference for more info about methods' parameters
q.createCode(data: {
externalID: string;
type: QrCodeTypes;
callbackURL: string;
amount?: number;
q.getCode(data: { externalID: string });
q.simulate(data: { externalID: string; amount?: number });
q.getPayments(data: {
externalID: string;
from?: string;
to?: string;
limit?: number;
Instanitiate customer service using constructor that has been injected with Xendit keys
const { Customer } = x;
const customerSpecificOptions = {};
const c = new Customer(customerSpecificOptions);
Example: create a customer
referenceID: 'ref-id-example-1',
givenNames: 'customer 1',
email: '',
mobileNumber: '+6281212345678',
description: 'dummy customer',
middleName: 'middle',
surname: 'surname',
addresses: [],
.then(({ id }) => {
console.log(`Customer created with ID: ${id}`);
.catch(e => {
console.error(`Customer creation failed with message: ${e.message}`);
Refer to Xendit API Reference for more info about methods' parameters
c.createCustomer(data: {
referenceID: string;
mobileNumber?: string;
email?: string;
givenNames: string;
middleName?: string;
surname?: string;
description?: string;
phoneNumber?: string;
nationality?: string;
addresses?: Address[];
dateOfBirth?: string;
metadata?: object;
c.getCustomer(data: { id: string });
c.getCustomerByReferenceID(data: { referenceID: string });
c.updateCustomer(data: {
id: string;
referenceID?: string;
givenNames?: string;
mobileNumber?: string;
addresses?: Address[];
description?: string;
middleName?: string;
surname?: string;
phoneNumber?: string;
nationality?: string;
dateOfBirth?: string;
metadata?: object;
Instanitiate direct debit service using constructor that has been injected with Xendit keys
const { DirectDebit } = x;
const directDebitSpecificOptions = {};
const dd = new DirectDebit(directDebitSpecificOptions);
Example: create a direct debit payment
idempotencyKey: '7960e3fd-9a1d-469d-8b3e-2f88df139c50',
referenceID: 'merchant-ref-id-ex-1',
paymentMethodID: 'pm-8c09656d-09fe-4bdd-bd8d-87495a71d231',
currency: 'IDR',
amount: 15000,
callbackURL: 'https://payment-callback-listener/',
enableOTP: true,
.then(({ id }) => {
console.log(`Direct debit payment created with ID: ${id}`);
.catch(e => {
console.error(`Direct debit creation failed with message: ${e.message}`);
Refer to Xendit API Reference for more info about methods' parameters
dd.initializeTokenization(data: {
customerID: string;
channelCode: ChannelCode;
properties?: DebitCardProperties | OnlineBankingAccessProperties;
device?: object;
metadata?: object;
dd.validateOTPforLinkedAccount(data: {
tokenID: string;
otpCode: string;
dd.retrieveAccountsByTokenID(data: {
tokenID: string;
dd.createPaymentMethod(data: {
customerID: string;
type: PaymentMethodType;
properties: PaymentMethodProperties;
metadata?: object;
dd.getPaymentMethodsByCustomerID(data: {
customerID: string;
dd.createDirectDebitPayment(data: {
idempotencyKey: string;
referenceID: string;
paymentMethodID: string;
currency: string;
amount: number;
callbackURL: string;
enableOTP?: boolean;
description?: string;
basket?: Basket[];
device?: object;
metadata?: object;
dd.validateOTPforPayment(data: {
directDebitID: string;
otpCode: string;
dd.getDirectDebitPaymentStatusByID(data: {
directDebitID: string;
dd.getDirectDebitPaymentStatusByReferenceID(data: {
referenceID: string;
Instantiate the Report service using a constructor which has been injected with Xendit keys.
const { Report } = x;
const reportSpecificOptions = {};
const r = new Report(reportSpecificOptions);
Example: Generating a report
filterDateFrom: new Date(new Date().getTime() - 24 * 60 * 60 * 1000), // Yesterday's Date
filterDateTo: new Date(),
format: 'CSV',
currency: 'IDR',
.then(res => {
console.log('Generated report:', res);
.catch(e => {
console.error(`Generate Report Failed with Error: ${e.message}`);
r.generateReport(data: {
type: reportTypes;
filterDateFrom?: Date;
filterDateTo?: Date;
format?: formatTypes;
currency?: currencyTypes;
r.getReport(data: {
id: string
Instantiate the Transaction service using a constructor which has been injected with Xendit keys.
const { Transaction } = x;
const transactionSpecificOptions = {};
const t = new Transaction(transactionSpecificOptions);
Example: Getting a transaction
id: 'txn_123',
.then(res => {
console.log('Get Transaction:', res);
.catch(e => {
console.error(`Get Transaction Failed with Error: ${e.message}`);
t.getTransaction(data: {
id: string;
t.listTransactions(data: {
types?: Array<string>;
statuses?: Array<string>;
channelCategories?: Array<string>;
referenceId?: string;
productId?: string;
accountIdentifier?: string;
currency?: string;
amount?: number;
limit?: number;
afterId?: string;
beforeId?: string;
createdDateFrom?: Date;
createdDateTo?: Date;
updatedDateFrom?: Date;
updatedDateTo?: Date;
Instanitiate Platform service using constructor that has been injected with Xendit keys
const { Platform } = x;
const platformSpecificOptions = {};
const p = new Platform(platformSpecificOptions);
Example: Creating a sub-account
accountEmail: '',
type: 'MANAGED',
.then(({ user_id }) => {
console.log(`Account created with ID: ${user_id}`);
.catch(e => {
console.error(`Account creation failed with message: ${e.message}`);
Refer to Xendit API Reference for more info about methods' parameters
p.createAccount(data: {
accountEmail: string;
type: AccountTypes;
businessProfile?: {
businessName: string;
p.createV2Account(data: {
email: string;
type: string;
publicProfile?: {
businessName: string;
p.getAccountByID(data: {
id: string;
p.updateAccount(data: {
id: string;
email: string;
publicProfile?: {
businessName: string;
p.setCallbackURL(data: {
type: string;
url: string;
forUserID?: string;
p.createTransfer(data: {
reference: string;
amount: number;
sourceUserID: string;
destinationUserID: string;
p.createFeeRule(data: {
name: string;
description?: string;
routes: Array<{
unit: string;
amount: number;
currency: string;
Running test suite
npm install
npm run test
Running examples
cp .env.sample .env # then fill in required environment variables
node examples/card.js # or whichever example you would like to run
There are a commit hook to run linting and formatting and push hook to run all tests. Please make sure they pass before making commits/pushes.
For any requests, bug or comments, please open an issue or submit a pull request.
OpenAPI client for xendit-node
The npm package xendit-node receives a total of 4,486 weekly downloads. As such, xendit-node popularity was classified as popular.
We found that xendit-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.