bKash & Nagad Payment Integration Guide for Websites

In Bangladesh, mobile financial services dominate the payment landscape. bKash leads with over 75 million registered users, while Nagad has rapidly grown to over 50 million users. For any e-commerce website or online business in Bangladesh, integrating these payment gateways isn't optional — it's essential. This guide covers everything you need to know about adding bKash and Nagad payment to your website.

What Is Payment Gateway Integration?

Payment gateway integration connects your website to a payment processor, allowing customers to pay directly through your site. Instead of manually collecting payments via personal bKash numbers (which is unprofessional and risky), a proper integration provides a secure, automated checkout experience. The customer clicks “Pay”, gets redirected to bKash/Nagad, completes the payment, and your website automatically confirms the transaction.

Why Local Payments Matter

International payment gateways like Stripe and PayPal have limited presence in Bangladesh. Most Bangladeshi consumers don't have credit cards — they rely on mobile banking. bKash and Nagad are the payment methods your customers know and trust. Offering these options reduces cart abandonment and increases conversion rates. Studies show that websites offering local payment methods see 30-40% higher checkout completion in Bangladesh.

How bKash Payment API Works

bKash offers a Payment Gateway (PGW) API for merchants. The process involves: registering as a bKash merchant, receiving API credentials (app key, app secret, username, password), integrating the bKash checkout SDK into your website, and handling payment callbacks. bKash supports both “Checkout” (redirect-based) and “Tokenized” (saved payment) flows. The API uses REST endpoints with OAuth 2.0 authentication. Transaction fees typically range from 1.5% to 2% per transaction.

How Nagad Payment API Works

Nagad's merchant payment API follows a similar pattern. After registering as a Nagad merchant, you receive API credentials and integrate their payment SDK. Nagad uses a two-step process: initiating a payment request and then completing it after customer authorization. Nagad's API is well-documented and offers competitive transaction fees, often slightly lower than bKash.

Implementation Costs and Timeline

Merchant registration with bKash and Nagad typically takes 1-3 weeks for verification. The technical integration itself takes 3-7 days for an experienced developer. Costs include: merchant registration fees (varies), development costs (৳5,000-৳20,000 depending on complexity), and ongoing transaction fees (1.5-2% per transaction). Some payment aggregators like SSLCommerz offer both bKash and Nagad through a single integration, simplifying the process.

Security Considerations

Payment integration requires careful attention to security. Always use HTTPS, validate all server-side callbacks, never store sensitive credentials in client-side code, implement proper error handling, and keep transaction logs for reconciliation. Working with an experienced developer team ensures your payment integration is secure and reliable.

DIPTAIT's Expertise

At DIPTAIT, we've integrated bKash and Nagad payments across multiple e-commerce projects. We handle the entire process — from merchant registration guidance to API integration and testing. Our team ensures your payment flow is smooth, secure, and user-friendly, so your customers can pay with confidence.

bKash vs Nagad: Complete Comparison

Choosing between bKash and Nagad — or deciding to support both — depends on your target audience, budget, and technical requirements. bKash remains the dominant player with over 75 million registered users, making it the default choice for maximum customer reach. Nagad, backed by the Bangladesh Post Office, has grown rapidly to 50+ million users and often attracts cost-conscious merchants with its lower transaction fees.

From a developer's perspective, bKash offers a more mature API ecosystem with comprehensive documentation, JavaScript/Android/iOS SDKs, and robust sandbox testing. Nagad's API is simpler — a two-step initiate-and-complete flow compared to bKash's four-step process — but its SDK support is more limited. For most businesses in Bangladesh, we recommend integrating both to maximize customer coverage.

Payment Aggregators: The Easier Alternative

If integrating bKash and Nagad separately sounds like too much work, payment aggregators offer a simpler path. These platforms act as intermediaries, providing a single API that connects your website to multiple payment methods — including bKash, Nagad, credit cards, and bank transfers.

SSLCommerz is Bangladesh's largest payment aggregator, supporting 30+ payment methods through one integration. It's battle-tested across thousands of merchants and offers the most reliable uptime. AamarPay stands out for its simple API and competitive fees, making it ideal for startups and small businesses. ShurjoPay offers a modern, developer-friendly API with excellent documentation and responsive support. PortWallet is particularly developer-friendly and supports recurring payments, which is valuable for subscription-based businesses.

The trade-off is cost: aggregators typically charge 2-3% per transaction compared to 1.5-2% for direct API integration. However, they save significant development time and provide a unified transaction dashboard. In our experience at DIPTAIT, SSLCommerz is the safest choice for most businesses — its wide payment method support and proven reliability outweigh the slightly higher fees for the majority of use cases.

Step-by-Step: What the Integration Process Looks Like

Whether you're working with a developer or hiring an agency like DIPTAIT, understanding the integration process helps you plan your timeline and budget. Here's the typical workflow from start to finish:

1. Choose your payment method. Decide between direct bKash/Nagad API integration or using a payment aggregator like SSLCommerz. This decision affects cost, development time, and the number of payment options available to your customers.
2. Register as a merchant. This takes 1-3 weeks and requires your trade license, NID (National ID), bank account details, and business documents. Apply early — this is usually the longest wait in the process.
3. Receive sandbox credentials. Once approved, you'll get test API keys for the sandbox environment. These allow development and testing without processing real money.
4. Developer integrates the payment flow. Your developer builds the checkout page, connects the payment API, handles callbacks, and implements error handling. This typically takes 3-7 days.
5. Test thoroughly in sandbox. Run multiple test transactions covering success, failure, and timeout scenarios. No real money is involved at this stage.
6. Switch to production credentials. After testing passes, replace sandbox keys with live production credentials provided by the payment provider.
7. First live transaction testing. Process a few small real transactions (e.g., ৳10-৳50) to verify everything works correctly in the production environment.
8. Go live. Start accepting payments from customers. Monitor the first few days closely for any issues.

Common Mistakes to Avoid

We've seen many businesses make preventable mistakes with payment integration. Avoiding these common pitfalls will save you time, money, and customer trust:

• Using a personal bKash number instead of the merchant API. This is unprofessional and unreliable — there's no automatic payment confirmation, no transaction tracking, and it violates bKash's terms of service.
• Not validating server-side callbacks. If you only check payment status on the client side, attackers can bypass payment entirely. Always verify transactions server-side using the payment provider's API.
• Skipping sandbox testing. Going straight to production leads to bugs that cost real money. Always test every payment scenario — success, failure, timeout, and duplicate requests — in the sandbox first.
• Not handling payment failures gracefully. When a payment fails, customers should see a clear message and an option to retry — not a generic error page or a blank screen.
• Storing API credentials in frontend code. API keys, secrets, and passwords must be stored on the server side using environment variables. Exposing them in client-side JavaScript is a serious security breach risk.
• Not keeping transaction logs. Without detailed logs, you cannot reconcile payments, investigate disputes, or debug issues. Log every transaction with its status, amount, and timestamps.

Related Articles

• bKash Payment Gateway Integration Tutorial 2026
• E-Commerce Website Development in Bangladesh
• Website Cost in Bangladesh 2026