4️⃣Handle Payment Response
After payment for an order has occurred, Optty performs the necessary confirmations and redirects to the merchant.
Last updated
After payment for an order has occurred, Optty performs the necessary confirmations and redirects to the merchant.
Last updated
Merchant URL | https://api.qa.optty.com |
Merchant URL | https://api.optty.com |
The following data is returned in the redirect back to the merchant, as url parameters.
| Parameter | Type | Description |
|---|---|---|
hash* | string | The hash being returned to the merchant for verification |
reference* | string | The reference provided by the merchant; can be used for lookups |
status* | string | The state of the transaction Possible values are: SUCCESSFUL, CANCELLED, DECLINED, ERROR |
providerReference | string | The reference provided by the APM provider; can be used for lookups directly with the APM provider |
To protect your server from unauthorised redirects, we strongly recommend that you verify the HMAC signature by hashing with the merchant "payment secret" to recreate the signature, and only honour the redirect if it matches.
The "payment secret" can be found on the "view profile" page under "view credentials" on the UPP.
To calculate the hash value, concatenate the 'status' and 'reference' parameters (using a pipe "|" to delimit the values) and generate a hash using the SHA512 algorithm.
Current hashed string contents - {status}|{reference}
The Payment Response will be sent to the default URL setup in your Optty account. However, to override the return URL you can send dynamicRedirectUrl
