Handling Callback

This page will guide you on what is callback and how to handle the callback

POST <your_configured_callback_url>

The <your_configured_callback_url> can be set in the dashboard under Settings → Configuration → Payment WebHook URL, or it can be provided dynamically via the callback_url parameter during the Initialize Transaction request.

Request Body

{
    "transaction": {
        "payment_id": "<payment_id>",
        "merchant_email": "<merchant_email>",
        "merchant_id": "<merchant_id>",
        "status": "Success", // Can be Initialized, Success, Failed Or Dropped
        "status_flag": 1, // 1 in case of Success otherwise 0
        "payment_mode": "<payment_method_used>",
        "rrn": "<bank_rrn_no>",
        "order": {
            "order_id": "<order_id>",
            "product_name": "<product_name>",
            "gross_amount": 10,
            "gateway_fee": 0.2,
            "currency": "INR",
            "tax": 0.036
        },
        "customer": {
            "name": "<customer_name>",
            "email_id": "<customer_email>",
            "mobile_no": "<customer_mobile>"
        },
        "shipping": {
            "address": null,
            "city": null,
            "state": null,
            "country": null,
            "pincode": null
        },
        "billing": {
            "address": null,
            "city": null,
            "state": null,
            "country": null,
            "pincode": null
        },
        "custom_field_1": "<custom_field_1>",
        "custom_field_2": "<custom_field_2>",
        "custom_field_3": "<custom_field_3>",
        "custom_field_4": "<custom_field_4>",
        "custom_field_5": "<custom_field_5>",
        "date": "<txn_date>",
        "payment_source": "WEB",
        "signature": "<signature_value>"
    }
}

Please respond to the callback request with HTTP status code 200. Any other status code will result in a retry, with a maximum of 3 attempts.

It is recommended to verify the signature before processing the response to ensure the data has not been tampered with.

While signature verification ensures authenticity, it is advisable to also validate the transaction amount against your order amount as an additional security measure.

Signature Generation

Initialize dataString as an empty string

Remove the 'signature' key from requestBody if available

Define function getArrayValues(requestBody, dataString):
    For each key-value pair in requestBody:
        If value is an array:
            Call getArrayValues(value, dataString)
        Else:
            Append value + '|' to dataString
    Return dataString

Call getArrayValues(requestBody, dataString)
Append '#' to dataString

Generate signature as HMAC-SHA512 hash of dataString using apiSecret as the key

API Secret is generated along with API Token, See Authentication page for more information