# Customer Initiated Orders This is the core of the Optty service, every customer will have to complete at least their initial order through a customer-initiated transaction. When creating an order make sure that all the `requiredFields` for the selected provider returned from the [options](https://docs.optty.com/direct-api-orders/order-flow/options "mention")endpoint have been passed to avoid validation issues on the endpoint.
## Handling Response
ParameterTypeDescription
hash*stringThe hash being returned to the merchant for verification
reference*stringThe reference provided by the merchant; can be used for lookups
status*stringThe state of the transaction
Possible values are:
SUCCESSFUL, CANCELLED, DECLINED, ERROR
providerReferencestringThe reference provided by the APM provider; can be used for lookups directly with the APM provider
### Example Redirect URL {% code overflow="wrap" %} ```url http://example.com?hash=coqCmt%2FIZ4E3CzPvMY8zTjQVL5hYJUiBRg8UU%2BiCWo0&reference=1234&status=SUCCESSFUL&providerReference=c4dbe976f7 ``` {% endcode %} To protect against unauthorised redirects, we strongly recommend that you verify the HMAC signature by hashing with the merchant "payment secret" to recreate the signature, and only honour the redirect if it matches. The "payment secret" can be found on the "view profile" page under "view credentials" on the UPP. To calculate the hash value, concatenate the 'status' and 'reference' parameters (using a pipe "|" to delimit the values) and generate a hash using the SHA512 algorithm. Current hashed string contents - {status}|{reference} ## ID References **Order Reference:** This is the reference used when querying the Optty system. Will be set to merchantReference from createOrder request. **Transaction Reference:** This is an internal Optty reference to the transaction.