Merchant Webhook Documentation:
Introduction:
This document is aimed at merchants who have integrated with our payment gateway and would like to receive real-time payment notifications for their transactions via Webhook. A webhook is a mechanism that allows real-time communication between two systems, in this case, our payment gateway and your server. Whenever a payment transaction occurs on our payment gateway, we will send a notification to your server via the webhook.
Webhook URL:
You should provide us with the URL of your webhook endpoint where we will send payment notifications. You can provide us with the webhook URL in the merchant dashboard or by contacting our support team.
Payload:
The webhook payload will contain the following data:
| Field | Type | Description |
|---|---|---|
| orderid | string | The unique identifier for the payment transaction. |
| mobile | string | The mobile number of the payer. |
| name | boolean | The name of the payer. |
| amount | string | The amount paid by the payer. |
| mid | String | The unique identifier of the merchant. |
| userid | String | The unique identifier of the user making the payment. |
| ud1 to ud5 | String | Any additional user-defined data provided by the merchant. |
| TrnId | String | The transaction ID generated by our payment gateway. |
| TxnStatus | String | The status of the payment transaction (SUCCESS, FAILURE, etc.). |
| TxnInitDate | String | The date and time the payment transaction was initiated. |
| TxnCompletionDate | String | The date and time the payment transaction was completed. |
| PayeeVA | String | The virtual account number of the payee. |
Security:
To ensure the security of the payment data, the payload will be encrypted using AES-256-CBC encryption with a secret key shared between our payment gateway and your server. The encrypted data will be included in the encrypted_data field of the payload.
Handling Webhook Notifications:
Upon receiving a webhook notification, your server should:
- Verify the authenticity of the webhook payload by decrypting the encrypted_data field using the shared secret key and verifying the digital signature included in the payload.
- Verify that the orderid in the payload corresponds to a valid payment transaction in your database.
- Update the status of the payment transaction in your database based on the TxnStatus field in the payload.
- Process the payment transaction accordingly based on the updated status.
Sample Code how to receive the webhook
<?php
$data = json_decode(file_get_contents('php://input'), true);
if ($data) {
$payer_va = $data['PayerVA'];
$payee_va = $data['PayeeVA'];
$bank_rrn = $data['BankRRN'];
$payer_mobile = $data['PayerMobile'];
$txn_completion_date = $data['TxnCompletionDate'];
$txn_init_date = $data['TxnInitDate'];
$payer_name = $data['PayerName'];
$txn_status = $data['TxnStatus'];
$payer_amount = $data['PayerAmount'];
$trn_id = $data['TrnId'];
// Perform any necessary operations with the received data here
// ...
}
?>
This code first retrieves the webhook data from the request body using file_get_contents('php://input'). It then decodes the data using json_decode() and assigns the relevant fields to individual variables. Finally, any necessary operations can be performed with the received data.
Errors
If the API encounters any errors, it will return an appropriate HTTP status code and an error message in the response body. Some common error codes are:
| Status Status | Message | Description |
|---|---|---|
| 400 | Bad Request | The request was malformed or missing a parameter |
| 401 | Unauthorized | The authorization token was invalid or expired |
| 500 | Internal Server Error | An error occurred while processing the request |
| 200 | Success | No issue |
Conclusion:
We hope this documentation provides you with all the necessary information to integrate with our payment gateway via webhook. If you have any further questions or require assistance, please do not hesitate to contact our support team.