Notification Callback

If a notify_url was defined when the payment request was created, you will receive a notification callback POST from the API with the payment request data and a signature. We recommend that you verify the signature, since it proves authenticity of the data.

Note: Your server must respond with 200 OK. Otherwise the response is treated as an error and the API will POST again later.

The notification object

Key

Type

Description

payment_request_id

uuid

The unique identifier for the payment request.

transaction_id

uuid

The unique identifier for the transaction. A transaction ID is only issued if the request has been paid. Not issued if the request is unpaid, rejected or expired.

amount

float

The paid amount.

currency

string

Three-letter ISO-4217 code.

status

string

Same value as posted when the payment request was created.

order

string

The payment request status. Note: Rejected can either mean that the payer declined or the payment request expired.

pending

paid

rejected

completed

int

The date and time when the status changed from pending to paid. UTC (GMT +0) UNIX timestamp.

signature

string

The signature is used to verify the authenticity of the data.

{
"payment_request_id": "3e6975e8-77cb-48b7-7722-3dfe47677bbc",
"transaction_id": "a917be59-f35a-478f-a5d9-19bf467972ad",
"amount": 10.99,
"currency": "USD",
"status": "paid",
"order": "abc123",
"completed": 1458748422,
"signature": "8022cb71924dba2e24f849fdc83596e80a3966465f6b3f1702326afa31229b11"
}

Signature

The signature is a string comprised of the following variables and then hashed using HMAC SHA256 where the merchant's access token is the key.

Signature string composition

{payment_request_id}&{transaction_id}&{order}&{amount}&{status}&{completed}

Example string before hashing

3e6975e8-77cb-48b7-7722-3dfe47677bbc&a917be59-f35a-478f-a5d9-19bf467972ad&abc123&2199&paid&1458748422

Example string after hashing

8022cb71924dba2e24f849fdc83596e80a3966465f6b3f1702326afa31229b11

‚Äč