Redirect Callback

Payment Completion Callback - Redirect URL

When a buyer completes payment, the system will send a callback notification by Redirect URL. There are several key points to note regarding this callback method:

1. When setting the callback URL, avoid using the following reserved fields as parameters: status , hash, checkoutCode, timestamp, and sign. These values will be provided via URL parameters.

2. Always validate the sign parameter in the callback URL using HMAC Sha256 encryption with your App Secret.

Step:
1) Concatenate all URL query parameters in order, excluding the  parameter.
   
   Example: 
   String callbackURL = "https://ok.order.a.com?orderId=3837698874738423&status=complated&hash=0x339fb15b236d15569fba301f33964b6eafe438bd92f77a726749931db7249fcc&checkoutCode=4cADM2G7UJfXXjJlXsC9t9NL&timestamp=1757493452000&sign=1b3d2058cfaa4237fc6aec5664a2b3779125543fccf704031fcde8f21251bc2c";
   String paramString = "orderId=3837698874738423&status=complated&hash=ab6395efbc53040cc16bbae9d0bac32d981b19f0e936593aaf46930f9a8a8dc2&checkoutCode=4cADM2G7UJfXXjJlXsC9t9NL&timestamp=1757493452000";
   Sign the 'paramString' using HMAC SHA256 with your App Secret.
   
2) Encrypt the result using HMAC SHA256 with your .
3) Verify if the encrypted result matches the sign value.

1. After receiving the callback, we strongly recommend fetching the Fetch Query API once to verify its validity.