Skip to main content

Notification Callback

For security reason, we highly recommend Merchant to ensure that the notifications received by Merchant backend, are actually sent by Finpay system. There are two ways to do those activity:

  1. Validate the response by request checking transaction status to Finpay using Check Status Service. This flow is the most secure method to verify the authenticity of Callback. If transaction status match with Callback then Merchant can continue process the order
  2. Validate the response using a comparison of the signature key receive from Finpay system when sending Callback with the signature generated by Merchant them self. If the siganture key does not match please ignore callback send by Finpay and you dont need to process the transaction.

Here are logic of the Signature Key to generate the Signature Key:

hash_hmac("sha512", json_encode($fields), $key);
MethodMerchant URL

Data Request

NoNameTypeMandatoryMin LengthMax LengthDescription
1 orderObjectM112Detail of Order
2 customerObjectM18Detail of Customer
3 metaObjectO11Detail of MetaData
4 cardObjectC17Detail of Card
5 resultObjectO111Result
6 signatureStringM128128Signature

Sample Request

"customer": {
"id": ""
"order": {
"id": "1664255905824",
"reference": "16642559058241000000000",
"amount": 1000,
"currency": "IDR"
"card": {
"mask": "512345xxxxxx0008",
"info": {
"brand": "MASTERCARD",
"type": "CREDIT",
"subType": "STANDARD",
"country": "ECUADOR"
"meta": {
"data": null
"result": {
"payment": {
"amount": 1000,
"status": "CAPTURED",
"statusDesc": null
"signature": "8e77b8ffa3f2766e7cd5355b3a37e96feae5d924d3eb06aa374bf10cb1c95d02fa301c856d09463de4b6655815cc29d3829440bb5249b3390caaed42b15a7eb9"

Data Response

Sample Response

"responseCode": "2000000",
"responseMessage": "Success",
"processingTime": 0.6609270572662354