Payment Gateway Research — Indonesia 2025

Midtrans vs Xendit

Comprehensive comparison for MVP products planning subscription-based billing in Indonesia.

Pricing Subscription/Recurring Security & Fraud Data Handling Licensing Developer Setup MVP Context
Overview
Who Are They?
Midtrans
Part of GoTo Group (Gojek + Tokopedia ecosystem). Originally Veritrans, now the most widely used gateway in Indonesia. Strong GoPay integration is exclusive to Midtrans. IDR-only, Indonesia-only.
500K+
Active Merchants
20M+
Transactions/Month
24+
Payment Methods
Xendit
Southeast Asia fintech unicorn. Built for regional scale — Indonesia, Philippines, Malaysia, Singapore, Vietnam. Developer-first approach with multi-currency support and strong recurring billing from the start.
100+
Payment Methods
7
Countries
450+
Disbursement Banks
Architecture
How It Works
General payment flow (both gateways follow the same principle):
01
Customer Checkout
02
Your App API Call
03
Gateway Hosted UI / API
04
Bank / E-Wallet
05
Webhook Callback
06
Settlement to Merchant
Midtrans Integration Modes
  • Snap — Hosted pop-up checkout (fastest to integrate)
  • Core API — Full custom UI, maximum control
  • Payment Link — No-code, dashboard-only, zero dev work
  • CMS Plugins — WooCommerce, Shopify, Magento, etc.
Xendit Integration Modes
  • Invoice/Payment Links — No-code, dashboard or API
  • Checkout — Hosted checkout page
  • API/SDK — Full custom integration
  • Plugins — WooCommerce, Magento, Shopify
Developer Experience
Setup & Ease of Integration
Aspect 🟠 Midtrans 🔵 Xendit
Registration & Onboarding
Account Signup Free, online. Sandbox available immediately after sign-up with no document required. Free, online. Sandbox available immediately. Account verification required for production.
KYC / Documents Required for production activation. Business documents, NPWP, NIB. Can take 1–3 business days. Required for production. Similar docs: KTP, NPWP, business license. Response usually within 1–2 days.
Sandbox ✓ Instant ✓ Instant
Technical Integration
Documentation Excellent. Highly praised by developers. docs.midtrans.com is very clear with code samples in multiple languages. Very good. docs.xendit.co. Multi-language SDK (JS, Python, PHP, Go, Ruby). Slightly more modern feel.
Quickest Path Payment Link from dashboard — no code at all. Snap integration: ~2–4 hours for a developer. Payment Link from dashboard — no code. Invoice API: ~2–4 hours. Slightly more batteries-included for subscriptions.
Official SDKs Node.js, PHP, Python, Go, Ruby, Java Node.js, PHP, Python, Go, Ruby — plus official mobile SDKs (Android/iOS)
CMS Plugins WooCommerce, Magento, Shopify, WHMCS, PrestaShop, OpenCart WooCommerce, Magento, Shopify (with native subscription plugin)
Reputation (community) Best Docs in ID Strong reputation among Indonesian devs Developer-First Praised for responsiveness, plugin support
Critical for Your Product
Subscription / Recurring Billing
Midtrans Recurring
  • Subscription API via Core API (server-triggered)
  • Supports Credit Card (tokenized) and GoPay Tokenization
  • One-click / Two-click token saving for cards
  • Custom intervals, start dates, retry on failure
  • Requires special "recurring MID" from acquiring bank — you need to contact Midtrans activation team to enable it in production
  • E-wallets (GoPay only via tokenization) — limited to credit card + GoPay for auto-charge
  • DANA, OVO, ShopeePay — NOT available for auto-recurring; customer must pay manually each cycle
Xendit Recurring
  • Dedicated Subscription product — first-class feature
  • Supports Credit/Debit cards, Direct Debit, AND e-wallets
  • OVO, DANA, ShopeePay, LinkAja, Jenius supported for recurring!
  • Claimed first in SEA to do real recurring with e-wallets
  • Customer links payment method once — auto-charged every cycle
  • Customizable anchor date, amount, interval, retry logic
  • Automated failed-payment notifications to customers
  • Subscription product has an extra fee: ~Rp 4,500–5,000/active subscription/month (on top of transaction fee)
⭐ Verdict for MVP Subscription Product

Xendit wins for subscriptions — significantly broader support for recurring via e-wallets (OVO, DANA, etc.), which is critical because most Indonesian users don't have credit cards. Midtrans recurring is limited to cards + GoPay only, and requires extra activation steps. If subscriptions are your core model, Xendit's dedicated Subscription product is the better fit. The extra ~Rp 5K/active sub/month is a fair trade for the automation and coverage. Midtrans is still viable if most of your users pay by credit card.

Costs
Pricing (Indonesia, IDR)
Midtrans No Setup Fee
Virtual Account (Bank Transfer)Rp 4,000 flat
QRIS0.7% MDR
Credit Card2.9% + Rp 2,000
GoPay~2% MDR
ShopeePay2% (Retail)
Alfamart / IndomaretCustom (contact sales)
Subscription / RecurringNo extra fee (only txn fee)
Monthly / Setup FeeRp 0
Xendit No Setup Fee
Virtual Account (Bank Transfer)Rp 4,000–5,500 flat
QRIS0.7% + Rp 250–300
Credit Card (domestic)~3% + Rp 800
OVO / DANA / LinkAja / Jenius1.5% – 3.18%
ShopeePay2% (Retail)
Alfamart / Indomaret~1.73%
Subscription product fee~Rp 2,500/active sub/month
Monthly / Setup FeeRp 0
⚠ All fees are subject to 11% VAT (PPN). Fees are deducted automatically at settlement — you don't pay upfront. Rates above are standard; volume-based discounts available by contacting sales. Gaming/digital content merchants may have different rates.
Trust & Safety
Security & Fraud Prevention
Standard / Feature 🟠 Midtrans 🔵 Xendit
PCI-DSS Level 1 — Highest level. Card data never touches your servers. Certified — PCI-DSS compliant. Card data handled by Xendit, not merchant.
ISO/IEC 27001 Certified — Information Security Management System Not publicly stated. Likely compliant (required for BI license) but not prominently advertised.
Data Encryption AES-256 for all sensitive data at rest and in transit. TLS/SSL in transit; encrypted storage. Sensitive data sent directly to Xendit (not through merchant server).
3D Secure (3DS) Supported for credit card transactions Supported. Plus built-in fraud filters reduce friction for legit buyers.
Fraud Detection Engine Aegis — AI + machine learning + rule-based system. Prevents ~IDR 15 Billion fraudulent transactions/week. In-house fraud detection — automated filters, real-time scoring, claims up to 30% higher card acceptance rates by reducing false declines.
Chargeback Handling Merchant handles dispute via Midtrans dashboard. Support team assists. Returns fee % on refunded card payments. Chargeback tools built-in.
Your Server Exposure Payment data goes directly to Midtrans (Snap/Core API). Your server only handles order creation & webhook. Sensitive data sent directly to Xendit. Your server doesn't handle raw card data.
Privacy & Compliance
Data Handling
Midtrans Data Policy
  • Data stored in Indonesia (GoTo Group infrastructure)
  • Registered with Kominfo as Electronic System Provider
  • Complies with Indonesian PDP Law (UU PDP 2022)
  • Privacy policy covers data retention, deletion upon request
  • Merchant receives tokenized card data only — never raw card numbers
  • Being part of GoTo ecosystem means data could theoretically be used for GoTo-wide analytics (check TOS)
Xendit Data Policy
  • Headquartered in Indonesia; regional operations in SEA
  • Data processed per country regulations
  • Complies with Indonesian PDP Law and similar laws per country
  • Sensitive data sent directly to Xendit servers — not through merchant
  • Privacy policy covers data minimization principles
  • Multi-country operation means data may be processed outside Indonesia for international transactions (GDPR-aware for SEA standards)
💡 For an MVP, neither will require you to sign a DPA separately by default. Both follow opt-in models where customer consent is obtained during payment. Your obligation is to disclose in your own Privacy Policy that you use a third-party payment processor.
Regulatory
Licenses & Compliance
License 🟠 Midtrans 🔵 Xendit
Bank Indonesia License ✓ Licensed since 2018 — Payment System Operator (PJP) ✓ Licensed — Payment System Operator (PJP) under BI Regulation 23/6/2021
Kominfo Registration ✓ Registered as Electronic System Provider (PSE) ✓ Registered as Electronic System Provider (PSE)
Philippines (BSP) Not applicable (Indonesia-only) ✓ Licensed — Remittance & Transfer Co., VASP
Singapore (MAS) Not applicable ✓ Licensed — Major Payment Institution
Malaysia (BNM) Not applicable ✓ Licensed — Merchant Acquiring Services
Summary Fully compliant for Indonesia. Strong regulatory standing within GoTo Group. Fully compliant for Indonesia + regional SEA licenses. Better if you plan to expand outside Indonesia later.
Coverage
Payment Methods Available in Indonesia
Category 🟠 Midtrans 🔵 Xendit
Virtual Accounts BCA, BNI, BRI, Mandiri, Permata, BSI, others BCA, BNI, BRI, Mandiri, Permata, BTN, CIMB, NOBU + 140+ banks
E-Wallets GoPay (exclusive deeplink), ShopeePay, OVO, DANA, LinkAja, QRIS OVO, DANA, ShopeePay, LinkAja, Jenius, GoPay (via QRIS), QRIS
Credit / Debit Cards Visa, Mastercard, JCB, Amex — all Indonesian + foreign banks Visa, Mastercard, JCB, Amex — up to 30% better acceptance rate claimed
Over-the-Counter (Cash) Indomaret, Alfamart Alfamart, Alfamidi, 7-Eleven — 12,000+ outlets
BNPL / PayLater Akulaku, Kredivo Kredivo, Akulaku, Indodana, Billease
Direct Debit Limited Strong — BRI, BNI, Mandiri, BCA (pull payments from bank account)
International Cards All Visa/MC/Amex issued by foreign banks International cards: 4% + Rp 800; broader multi-currency support
GoPay Exclusive ✓ Exclusive — Deeplink & GoPay Tokenization only via Midtrans GoPay only available through QRIS — no tokenization
At a Glance
Category Scores (Editor's Assessment)
SETUP EASE
8
8
Tie — both excellent
SUBSCRIPTION
6
9
Xendit wins clearly
SECURITY
9
8
Midtrans edge (ISO 27001)
MVP PRICING
9
8
Midtrans slightly cheaper at low vol
Recommendation
Final Verdict for Your MVP
For a Subscription-Based MVP in Indonesia

🟠 Choose Midtrans if…

Your users primarily pay by credit card or GoPay. You want the best-in-class docs and broadest ecosystem integration (GoTo). Your subscription volume is low and you want to avoid Xendit's per-active-subscription fee. You need ISO 27001 compliance explicitly stated. You're only targeting Indonesia with no plans to expand SEA.

🔵 Choose Xendit if…

Subscription/recurring is your core model. You need to auto-charge e-wallet users (OVO, DANA, ShopeePay) — this alone is a strong reason to choose Xendit for Indonesia's payment landscape. You might expand to Philippines, Malaysia, or elsewhere. You want built-in retry logic, webhook reliability, and subscription-specific tooling out of the box.

💡 Our Recommendation: Start with Xendit

For an MVP subscription product in Indonesia, Xendit is the stronger choice. Indonesia's low credit card penetration means a large portion of your potential subscribers will want to pay via OVO, DANA, or ShopeePay — and Xendit is the only gateway that supports true auto-recurring for these e-wallets. The extra Rp 2,500/active subscription/month is minimal overhead for the automation you gain. Both gateways have no setup fees, sandbox environments, and comparable developer experience — so you can prototype with either. But for subscriptions at scale, Xendit's architecture is better aligned to your use case.