Notifications via Callback URL

Frontpayment will notify your system of the payment status via the callback.callbackUrl you provided in the initial request payload. This allows you to update the order status in your system accordingly.

The callback URL will include the following parameters as query strings:

Available Parameters

Parameter	Description
`orderUuid`	The unique identifier for the order.
`status`	The current status of the order (e.g., `PAID`, `INVOICED`).
`createdAt`	The timestamp when the order was created.
`paymentMethod`	The payment method user has selected.
`timestamp`	The current timestamp when the callback is sent.
`checksum`	A SHA256 hash for integrity verification.

Example Callback URL: https://your-callback-url.com/callback?orderUuid=ODR123&status=success&paymentMethod=Visa&createdAt=1755764131&timestamp=1755764131&checksum=abcdef123456...

Checksum Verification

To ensure the integrity and authenticity of the callback, you must verify the checksum included in the query string of any callback url. The checksum is generated using the following formula:

hash('sha256', orderUuid . status . createdAt . secretKey)

Where:

orderUuid is the value of the orderUuid parameter from the callback URL.
status is the value of the status parameter from the callback URL.
createdAt is the value of the createdAt parameter from the callback URL.
secretKey will be given by frontpayment.

Example Verification (Conceptual):

// In your callback handler
$receivedOrderUuid = $_GET['orderUuid'];
$receivedStatus = $_GET['status'];
$receivedCreatedAt = $_GET['createdAt'];
$receivedTimestamp = $_GET['timestamp']; // You might also want to log/check this for freshness
$receivedChecksum = $_GET['checksum'];
$secretKey = '';  //Given by Front Payment;

// Construct the string used to calculate the checksum
$stringToHash = $receivedOrderUuid . $receivedStatus . $receivedCreatedAt . $secretKey ;

$calculatedChecksum = hash('sha256', $stringToHash);

if ($receivedChecksum === $calculatedChecksum) {
    // Checksum is valid, process the callback data
    // e.g., update order status in your database
    echo "Callback successfully processed.";
} else {
    // Checksum mismatch, reject the callback as potentially tampered
    // Log the discrepancy for investigation for security purposes
    http_response_code(403); // Forbidden
    echo "Checksum verification failed.";
}

By verifying the checksum, you can confirm that the callback data has not been altered during transmission, enhancing the security of your integration.

Create Session for One - Time Payment Link

Create Session for Invoice Order

Get All Order Status

Get Order Status By UUID

Get Order Details By UUID

Send E-Faktura

Send EHF Invoice

Cancel Order

Send Payment Link

Send Invoice

Resend Payment Link

Refund Order

Get Invoice Number By UUID

Hosted Checkout Integration Guide

Notifications via Callback URL

Submit Reservation

Get Reservation Details By UUID

Cancel Reservation

Capture Reservation

Charge Reservation

Complete Reservation

Resend Reservation

Refund Reservation

Create Session for Reservation

Get Reservation History By Time Frame

Create Subscription

Create Session For Subscription Payment

Get Subscription List

Get Failed Payment List

Get Subscription Details By Uuid

Get Failed Payment Details

Resend Subscription

Cancel Subscription

Refund Subscription Cycle

Get Customer Details By Uuid

Update Private Customer

Update Corporate Customer

Request Refund Approval

Get Terminal Lists

Create Terminal Order

Cancel Terminal Order

Resend Terminal Order

Payment Status Check

Refund or Reverse Payment

Refund Status Check

Cancel Refund Request

Credit Check for Private Customer

Credit Check for Corporate Customer

Get Credit Check List

Notifications via Callback URL

Available Parameters

Checksum Verification