# Redirect Callback

When a buyer completes payment, the system will send a callback notification by Redirect URL. There are several key points to note regarding this callback method:

1. When setting the callback URL, avoid using the following reserved fields as parameters: **`status`** , **`hash`**, **`checkoutCode`**, **`timestamp`**, and **`sign`**. These values will be provided via URL parameters.
2. Always validate the sign parameter in the callback URL using HMAC Sha256 encryption with your App Secret.

<pre><code>Step:
1) Concatenate all URL query parameters in order, excluding the <a data-footnote-ref href="#user-content-fn-1">sign</a> parameter.
   
   Example: 
   String callbackURL = "https://ok.order.a.com?orderId=3837698874738423&#x26;status=completed&#x26;hash=0x339fb15b236d15569fba301f33964b6eafe438bd92f77a726749931db7249fcc&#x26;checkoutCode=4cADM2G7UJfXXjJlXsC9t9NL&#x26;timestamp=1757493452000&#x26;sign=1b3d2058cfaa4237fc6aec5664a2b3779125543fccf704031fcde8f21251bc2c";
   String paramString = "orderId=3837698874738423&#x26;status=completed&#x26;hash=ab6395efbc53040cc16bbae9d0bac32d981b19f0e936593aaf46930f9a8a8dc2&#x26;checkoutCode=4cADM2G7UJfXXjJlXsC9t9NL&#x26;timestamp=1757493452000";
   Sign the 'paramString' using HMAC SHA256 with your App Secret.
   
2) Encrypt the result using HMAC SHA256 with your <a data-footnote-ref href="#user-content-fn-2">App Secret</a>.
3) Verify if the encrypted result matches the sign value.
</code></pre>

3. After receiving the callback, we strongly recommend fetching the [Fetch Query API](/docs/checkout/get-transactions-by-checkout-code.md) once to verify its validity.

[^1]: from URL query string

[^2]: Dashboard -> Settings -> API


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://tradpay.gitbook.io/docs/getting-started/integration-practices/redirect-callback.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.