Notification Callback
For security reason, we highly recommend Merchant to ensure that the notifications received by Merchant backend, are actually sent by Finpay system. There are two ways to do those activity:
- Validate the response by request checking transaction status to Finpay using Check Status Service. This flow is the most secure method to verify the authenticity of Callback. If transaction status match with Callback then Merchant can continue process the order
- Validate the response using a comparison of the signature key receive from Finpay system when sending Callback with the signature generated by Merchant them self. If the siganture key does not match please ignore callback send by Finpay and you dont need to process the transaction.
Here are logic of the Signature Key to generate the Signature Key:
hash_hmac("sha512", json_encode($fields), $key);
Note
$fields it's not included signature parameter.
| Method | Merchant URL |
|---|---|
| POST | https://url.callback.merchant/ |
Data Request
| No | Name | Type | Mandatory | Min Length | Max Length | Description |
|---|---|---|---|---|---|---|
| 1 | order | Object | M | 1 | 12 | Detail of Order |
| 2 | customer | Object | M | 1 | 8 | Detail of Customer |
| 3 | meta | Object | O | 1 | 1 | Detail of MetaData |
| 4 | card | Object | C | 1 | 7 | Detail of Card |
| 5 | result | Object | O | 1 | 11 | Result |
| 6 | signature | String | M | 128 | 128 | Signature |
Sample Request
{
"customer": {
"id": "hajar@yahoo.com"
},
"order": {
"id": "1664255905824",
"reference": "16642559058241000000000",
"amount": 1000,
"currency": "IDR"
},
"card": {
"mask": "512345xxxxxx0008",
"info": {
"brand": "MASTERCARD",
"issuing": "BANCO DEL PICHINCHA CA",
"type": "CREDIT",
"subType": "STANDARD",
"country": "ECUADOR"
}
},
"meta": {
"data": null
},
"result": {
"payment": {
"amount": 1000,
"status": "CAPTURED",
"statusDesc": null
}
},
"signature": "8e77b8ffa3f2766e7cd5355b3a37e96feae5d924d3eb06aa374bf10cb1c95d02fa301c856d09463de4b6655815cc29d3829440bb5249b3390caaed42b15a7eb9"
}
Data Response
Sample Response
{
"responseCode": "2000000",
"responseMessage": "Success",
"processingTime": 0.6609270572662354
}