Notification Callback
If a notify_url was defined when the payment request was created, you will receive a notification callback POST from the API with the payment request data and a signature. We recommend that you verify the signature, since it proves authenticity of the data.
Note: Your server must respond with 200 OK. Otherwise the response is treated as an error and the API will POST again later.

The notification object

Key
Type
Description
payment_request_id
uuid
The unique identifier for the payment request.
transaction_id
uuid
The unique identifier for the transaction. A transaction ID is only issued if the request has been paid. Not issued if the request is unpaid, rejected or expired.
amount
float
The paid amount.
currency
string
Three-letter ISO-4217 code.
status
string
Same value as posted when the payment request was created.
order
string
The payment request status. Note: Rejected can either mean that the payer declined or the payment request expired.
pending
paid
rejected
completed
int
The date and time when the status changed from pending to paid. UTC (GMT +0) UNIX timestamp.
signature
string
The signature is used to verify the authenticity of the data.
1
{
2
"payment_request_id": "3e6975e8-77cb-48b7-7722-3dfe47677bbc",
3
"transaction_id": "a917be59-f35a-478f-a5d9-19bf467972ad",
4
"amount": 10.99,
5
"currency": "USD",
6
"status": "paid",
7
"order": "abc123",
8
"completed": 1458748422,
9
"signature": "8022cb71924dba2e24f849fdc83596e80a3966465f6b3f1702326afa31229b11"
10
}
Copied!

Signature

The signature is a string comprised of the following variables and then hashed using HMAC SHA256 where the merchant's access token is the key.

Signature string composition

{payment_request_id}&{transaction_id}&{order}&{amount}&{status}&{completed}

Example string before hashing

3e6975e8-77cb-48b7-7722-3dfe47677bbc&a917be59-f35a-478f-a5d9-19bf467972ad&abc123&2199&paid&1458748422

Example string after hashing

8022cb71924dba2e24f849fdc83596e80a3966465f6b3f1702326afa31229b11
Last modified 1yr ago