Navigation

Post-Process RedirectionΒΆ

When a request has been made using the hosted flow or the server-to-server flow with a payment method that requires redirection (e.g. a 3DS credit card transaction) and the user has completed the required action, he or she will then be redirected back to your return URL.

In order to validate synchronously the result of such requests, three GET parameters are added to the return URL in the following order:

  • result: a base64-encoded JSON object, same as what you would receive back from the API call
  • merchant: your merchant id
  • checksum: A checksum computed with the passphrase linked to that merchant id, in order to validate that the result has not been tampered with.

The checksum is computed the following way:

HEX_SHA1(RESULT + PASSPHRASE)

Example code (PHP)

<?php

$keys = array(
    'login1' => 'passphrase1',
    'login2' => 'passphrase2'
);

$merchant = $_GET['merchant'];
$result   = $_GET['result'];
$checksum = $_GET['checksum'];

if (!isset($keys[$merchant])) {
    die("Unknown merchant login");
}

$shouldBe = sha1($result . $keys[$merchant]);

if ($checksum !== $shouldBe) {
    // URL is not genuine
}

// $result is a base64-encoded json string
$result = json_decode(base64_decode($result));

Once base64-decoded, the json will contain the response object relative to the request that has been made.

Scenario Example:

So assuming you made a Hosted Token request you would get back the below response.

{
   "class":"token",
   "id":"8",
   "status":"REDIRECT",
   "action_url":"http:\/\/www.syspay.com\/redirect\/hosted\/token\/28",
   "expiration_date":"1421426737",
   "customer":{
      "class":"customer",
      "email":"test@domain.com",
      "language":"en"
   },
   "payment_method":{
      "class":"payment_method",
      "type":null,
      "display":null
   }
}

You would then redirect the customer to the action_url and once the user inputs whatever is necessary to complete the request, he or she will then be redirect back to your return URL containing the extra parameters:

https://www.test.com/?result=eyJjbGFzcyI6InRva2VuIiwiaWQiOiIxIiwic3RhdHVzIjoiQUNUSVZFIiwiYWN0aW9uX3VybCI6bnVsbCwiZXhwaXJhdGlvbl9kYXRlIjoiNDU2NDU2NDY1NCIsImN1c3RvbWVyIjp7ImNsYXNzIjoiY3VzdG9tZXIiLCJlbWFpbCI6Imt1cnQuY2Fzc2FyMzIxQHN5c3BheS5jb20iLCJsYW5ndWFnZSI6ImVuIiwiaXAiOiI4NS42LjMuNSJ9LCJwYXltZW50X21ldGhvZCI6eyJjbGFzcyI6InBheW1lbnRfbWV0aG9kIiwidHlwZSI6IkNSRURJVENBUkQiLCJkaXNwbGF5IjoiNDAyNC0wMHh4LXh4eHgtNTkwOSJ9fQ%3D%3D
&merchant=login1
&checksum=e5719a1681ae34381ab938e8e9f92521fae3e926

Base64 decoding the result parameter gives back the string below:

{
   "class":"token",
   "id":"8",
   "status":"ACTIVE",
   "action_url":null,
   "expiration_date":"1421426737",
   "customer":{
      "class":"customer",
      "email":"test@domain.com",
      "language":"en"
   },
   "payment_method":{
      "class":"payment_method",
      "type":"CREDITCARD",
      "display":"4024-00xx-xxxx-5909"
   }
}

Navigation

© Copyright 2016, SysPay.