Redirect Callback

Payment Completion Callback - Redirect URL

When a buyer completes payment, the system will send a callback notification by Redirect URL. There are several key points to note regarding this callback method:

When setting the callback URL, avoid using the following reserved fields as parameters: status , hash, checkoutCode, timestamp, and sign. These values will be provided via URL parameters.
Always validate the sign parameter in the callback URL using HMAC Sha256 encryption with your App Secret.

Step:
1) Concatenate all URL query parameters in order, excluding the sign parameter.
   
   Example: 
   String callbackURL = "https://ok.order.a.com?orderId=3837698874738423&status=completed&hash=0x339fb15b236d15569fba301f33964b6eafe438bd92f77a726749931db7249fcc&checkoutCode=4cADM2G7UJfXXjJlXsC9t9NL&timestamp=1757493452000&sign=1b3d2058cfaa4237fc6aec5664a2b3779125543fccf704031fcde8f21251bc2c";
   String paramString = "orderId=3837698874738423&status=completed&hash=ab6395efbc53040cc16bbae9d0bac32d981b19f0e936593aaf46930f9a8a8dc2&checkoutCode=4cADM2G7UJfXXjJlXsC9t9NL&timestamp=1757493452000";
   Sign the 'paramString' using HMAC SHA256 with your App Secret.
   
2) Encrypt the result using HMAC SHA256 with your App Secret.
3) Verify if the encrypted result matches the sign value.

After receiving the callback, we strongly recommend fetching the Fetch Query API once to verify its validity.

PreviousEmbed using an iframe NextWebhooks

Last updated 29 days ago