Overview Integration Summary
Medicare SIMRS implements a sequential payment gate for outpatient (rajal) self-pay (UMUM) patients at Alia hospital. Patients must pay at each checkpoint — Poli, Lab/Radiology, and Pharmacy — before the next station can proceed. Payment is handled entirely by Alia's payment gateway; Medicare only initiates the request and receives the result via webhook.
Medicare's Responsibility
We implement
- Bundle transaction items per checkpoint station
- Call Alia API to create a payment request
- Block next-station actions until checkpoint is RELEASED
- Expose webhook endpoint for Alia callbacks
- Create internal deposit record upon RELEASED
Alia's Responsibility
Alia implements
- Expose
POST /payment-requestsendpoint - Expose
GET /payment-requests/{id}endpoint - Generate checkout URL and deliver to patient (WhatsApp/SMS)
- Process payment via QRIS, VA, etc.
- POST webhook to Medicare upon status change (RELEASED / EXPIRED / CANCELLED)
Checkpoint Station Flow
flowchart TD
A([Patient Registered]) --> B
subgraph S1[" STATION 1 — POLI "]
B[Doctor inputs treatments] --> C[Staff clicks FAB\nValidate and Send]
C --> D[Medicare calls Alia API]
D --> E[Patient pays via Alia PG]
end
E -->|RELEASED| F
subgraph S2[" STATION 2 — LAB / RADIOLOGY "]
F[Lab processes orders] --> G[Staff clicks FAB\nValidate and Send]
G --> H[Medicare calls Alia API]
H --> I[Patient pays via Alia PG]
end
I -->|RELEASED| J
subgraph S3[" STATION 3 — PHARMACY "]
J[Pharmacist saves prescriptions] --> K[Staff clicks FAB\nValidate and Send]
K --> L[Medicare calls Alia API]
L --> M[Patient pays via Alia PG]
end
M -->|RELEASED| N([Cashier closes invoice])
Integration Points Summary
| Direction | Endpoint | Triggered by | Purpose |
|---|---|---|---|
| Medicare → Alia | POST /payment-requests |
Staff clicks "Validate & Send" | Create payment request for a checkpoint bundle |
| Medicare → Alia | GET /payment-requests/{id} |
Polling job (every 2 minutes, fallback) | Re-sync payment status if webhook was missed |
| Alia → Medicare | POST /webhook/alia/payment-callback |
Patient completes payment on Alia platform | Notify Medicare of result (RELEASED / EXPIRED / CANCELLED) |
Full Payment Flow End to End
Complete sequence from patient registration to invoice closure, showing all interactions between Medicare, Alia, and the patient across all three checkpoints.
End-to-End Sequence — All Three Checkpoints
sequenceDiagram
actor Patient as Patient
actor Staff as Medicare Staff
participant MED as Medicare SIMRS
participant ALIA as Alia Payment Gateway
participant HP as Patient Phone
rect rgb(239, 246, 255)
Note over Staff,MED: CHECKPOINT 1 — POLI
Staff->>MED: Input treatments for patient
Staff->>MED: Click FAB — Validate and Send (POLI)
MED->>ALIA: POST /payment-requests (station: POLI)
ALIA-->>MED: 200 — alia_order_id + checkout_url
Note over MED: status: AWAITING_PAYMENT
ALIA->>HP: Send payment link via WhatsApp or SMS
Patient->>HP: Opens link, completes payment
ALIA->>MED: POST /webhook — status: RELEASED
Note over MED: status: RELEASED — deposit created
end
rect rgb(236, 253, 245)
Note over Staff,MED: CHECKPOINT 2 — LAB / RADIOLOGY
Staff->>MED: Process lab/rad orders (gate: POLI RELEASED)
Staff->>MED: Click FAB — Validate and Send (LAB_RAD)
MED->>ALIA: POST /payment-requests (station: LAB_RAD)
ALIA-->>MED: 200 — alia_order_id + checkout_url
ALIA->>HP: Send payment link
Patient->>HP: Completes payment
ALIA->>MED: POST /webhook — status: RELEASED (LAB_RAD)
Note over MED: Deposit created for LAB_RAD
end
rect rgb(255, 251, 235)
Note over Staff,MED: CHECKPOINT 3 — PHARMACY
Staff->>MED: Save prescriptions, click FAB (FARMASI)
MED->>ALIA: POST /payment-requests (station: FARMASI)
ALIA-->>MED: 200 — alia_order_id + checkout_url
ALIA->>HP: Send payment link
Patient->>HP: Completes payment
ALIA->>MED: POST /webhook — status: RELEASED (FARMASI)
Note over MED: Deposit created — dispensing allowed
end
rect rgb(248, 250, 252)
Note over Staff,MED: CLOSE INVOICE
Staff->>MED: Cashier — Valid Kasir
Note over MED: Gate: no PENDING or AWAITING checkpoints
Staff->>MED: Close invoice
Note over MED: All 3 deposits auto-assigned to invoice
MED-->>Staff: Invoice settled via PG deposits
end
Outbound API: Medicare → Alia Alia must implement
Medicare will call these two endpoints on Alia's server.
The base URL is configured via PG_ALIA_BASE_URL on Medicare's side.
All requests include the header X-Api-Key: {PG_ALIA_API_KEY}.
POST /payment-requests — Create Payment Request
Called when Medicare staff clicks "Validate & Send" at a checkpoint.
Alia should create the payment, generate a checkout URL, and deliver it to the patient.
Medicare stores
alia_order_id and awaits the webhook.
HTTP Request
POST {ALIA_BASE_URL}/payment-requests
Content-Type: application/json
X-Api-Key: {PG_ALIA_API_KEY}
{
"reference_id": "MED-{noreg}-{station}-{epoch}",
"patient": {
"nopasien": "12345",
"nama": "BUDI SANTOSO",
"phone": "08123456789"
},
"station": "POLI",
"items": [
{
"kode": "TND001",
"deskripsi": "Konsultasi Dokter Umum",
"qty": 1,
"harga": 50000,
"subtotal": 50000
}
],
"total_amount": 50000,
"callback_url": "https://{MEDICARE_HOST}/webhook/alia/payment-callback"
}
JSON Response
{
"alia_order_id": "ALIA-20260511-001",
"checkout_url": "https://pay.alia.example/checkout/...",
"expires_at": "2026-05-11T12:00:00+07:00"
}
| Field | Type | Required | Description |
|---|---|---|---|
reference_id | string | REQ | Medicare's idempotency key. Format: MED-{noreg}-{station}-{epoch} |
patient.nopasien | string | REQ | Medicare internal patient ID |
patient.nama | string | REQ | Patient full name |
patient.phone | string | REQ | Patient phone for payment link delivery |
station | enum | REQ | One of: POLI, LAB_RAD, FARMASI |
items | array | REQ | Line items for the checkpoint |
total_amount | number | REQ | Total in IDR (integer) |
callback_url | string | REQ | Medicare webhook URL. Alia must POST the result here after payment. |
GET /payment-requests/{alia_order_id} — Check Status (Polling Fallback)
Polling fallback — Medicare calls this every 2 minutes for checkpoints stuck in
AWAITING_PAYMENT. Used to re-sync status if a webhook was delayed or missed.
This does not replace the webhook — webhook remains the primary path.
HTTP Request
GET {ALIA_BASE_URL}/payment-requests/{alia_order_id}
X-Api-Key: {PG_ALIA_API_KEY}
JSON Response
{
"alia_order_id": "ALIA-20260511-001",
"reference_id": "MED-2605110001-POLI-1715414400",
"status": "RELEASED | AWAITING_PAYMENT | EXPIRED | CANCELLED",
"paid_at": "2026-05-11T10:30:00+07:00",
"amount": 50000
}
Webhook: Alia → Medicare Medicare implements
Alia must call this endpoint when a payment request changes status. Medicare's webhook handler is already live and ready to receive.
POST /webhook/alia/payment-callback
Medicare webhook endpoint:
This endpoint is public (no auth middleware). Security is enforced via HMAC-SHA256 signature verification and optional IP whitelist. No CSRF token required.
POST https://{MEDICARE_HOST}/webhook/alia/payment-callbackThis endpoint is public (no auth middleware). Security is enforced via HMAC-SHA256 signature verification and optional IP whitelist. No CSRF token required.
HTTP Request
POST https://{MEDICARE_HOST}/webhook/alia/payment-callback
Content-Type: application/json
X-Alia-Signature: {hmac-sha256-hex}
{
"alia_order_id": "ALIA-20260511-001",
"reference_id": "MED-2605110001-POLI-1715414400",
"status": "RELEASED",
"paid_at": "2026-05-11T10:30:00+07:00",
"amount": 50000,
"payment_method": "QRIS",
"external_reference": "QRIS-REF-001"
}
Signature Generation
HMAC-SHA256
X-Alia-Signature = HMAC-SHA256( key = PG_ALIA_WEBHOOK_SECRET, data = raw request body (UTF-8) ) // hex-encoded, lowercase
Medicare Responses
HTTP Status Codes
// Payment processed
HTTP 200 { "received": true }
// Bad signature
HTTP 401
// Server error — Alia should retry
HTTP 500
| Field | Type | Required | Description |
|---|---|---|---|
alia_order_id | string | REQ | Alia's order ID — from POST /payment-requests response |
reference_id | string | REQ | Medicare's reference ID — echo from original request |
status | enum | REQ | RELEASED (paid) · EXPIRED (timeout) · CANCELLED (voided) |
paid_at | datetime | REQ | ISO 8601 with timezone. Required for RELEASED; null for others. |
amount | number | REQ | Actual amount paid in IDR |
payment_method | string | OPT | e.g. QRIS, VA, CREDIT_CARD |
external_reference | string | OPT | Alia upstream transaction ID |
Idempotency: If Alia sends the same
alia_order_id + status more than once,
Medicare returns HTTP 200 without re-processing. Safe to retry on network failure — no duplicate deposits.
Webhook Processing Sequence
sequenceDiagram
participant ALIA as Alia PG
participant WH as Medicare Webhook Handler
participant SS as Checkpoint State Service
participant DB as Medicare Database
ALIA->>WH: POST /webhook/alia/payment-callback
WH->>WH: Verify HMAC-SHA256 signature
alt Signature invalid
WH-->>ALIA: HTTP 401 — rejected
end
WH->>WH: Check IP whitelist (if configured)
WH->>DB: Lookup checkpoint by alia_order_id
alt Order ID not found
WH-->>ALIA: HTTP 200 — no-op (idempotent)
end
alt Already in terminal status
WH-->>ALIA: HTTP 200 — skip (idempotent)
end
WH->>SS: Transition checkpoint to new status
alt status is RELEASED
SS->>DB: Update checkpoint status to RELEASED
SS->>DB: INSERT deposit into tr_uang_muka_pasien
SS->>DB: Update checkpoint.deposit_noum
WH-->>ALIA: HTTP 200
else status is EXPIRED or CANCELLED
SS->>DB: Update checkpoint status accordingly
WH-->>ALIA: HTTP 200
end
Note over ALIA,DB: On HTTP 5xx — Alia should retry with exponential backoff
Payment States State Machine
Each checkpoint progresses through these states. Alia is the source of truth for all terminal states — Medicare never auto-transitions to RELEASED, EXPIRED, or CANCELLED without a signal from Alia.
Checkpoint State Diagram
flowchart LR
START(( )) -->|Row created| PENDING
PENDING -->|Submit to Alia OK| AWAITING_PAYMENT
PENDING -->|Manual admin| CANCELLED
AWAITING_PAYMENT -->|Alia webhook| RELEASED
AWAITING_PAYMENT -->|Alia webhook| EXPIRED
AWAITING_PAYMENT -->|Alia webhook| CANCELLED
RELEASED --> REND(( ))
EXPIRED --> EEND(( ))
CANCELLED --> CEND(( ))
classDef termNode fill:#0B1628,stroke:#0B1628,color:white
classDef stPending fill:#F1F5F9,stroke:#94A3B8,color:#374151,rx:6,ry:6
classDef stAwaiting fill:#FEF3C7,stroke:#D97706,color:#92400E
classDef stReleased fill:#D1FAE5,stroke:#059669,color:#065F46
classDef stExpired fill:#FEE2E2,stroke:#DC2626,color:#991B1B
classDef stCancelled fill:#FEE2E2,stroke:#DC2626,color:#991B1B
class START,REND,EEND,CEND termNode
class PENDING stPending
class AWAITING_PAYMENT stAwaiting
class RELEASED stReleased
class EXPIRED stExpired
class CANCELLED stCancelled
State Reference
| State | Set by | Meaning | Next States |
|---|---|---|---|
PENDING |
Medicare (internal) | Checkpoint row created, not yet submitted to Alia | AWAITING_PAYMENT, CANCELLED |
AWAITING_PAYMENT |
Medicare (internal) | Submitted to Alia successfully. Patient should pay via checkout URL. | RELEASED, EXPIRED, CANCELLED |
RELEASED |
Alia (webhook) | Patient paid. Next station unblocked. Deposit created in Medicare. | None — terminal |
EXPIRED |
Alia (webhook) | Payment link expired. Staff must re-submit the checkpoint. | None — terminal |
CANCELLED |
Alia (webhook) or admin | Payment request voided. Staff must re-submit. | None — terminal |
Polling fallback: Medicare polls
GET /payment-requests/{alia_order_id} every 2 minutes for
checkpoints in AWAITING_PAYMENT. If Alia returns a changed status,
Medicare applies the same transition logic as the webhook. This is a safety net only —
the webhook is the primary and preferred path.