Notifications via Callback URL Frontpayment will notify your system of the payment status via the callback.callbackUrl you provided in the initial request payload. This allows you to update the order status in your system accordingly. The callback URL will include the following parameters as query strings: Available Parameters Parameter Description orderUuid The unique identifier for the order. (for Reservation, Regular Order and Subscription) status The current status of the order (e.g., PAID, INVOICED, RESEVRED, CAPTURED, CHARGED). createdAt The timestamp when the order was created. paymentMethod The payment method user has selected. amount The order amount timestamp The current timestamp when the callback is sent. checksum A SHA256 hash for integrity verification. Example Callback URL: https://your-callback-url.com/callback?orderUuid=ODR123&status=success&paymentMethod=Visa&amount=100&createdAt=1755764131×tamp=1755764131&checksum=abcdef123456... Checksum Verification To ensure the integrity and authenticity of the callback, you must verify the checksum included in the query string of any callback url. The checksum is generated using the following formula: hash('sha256', $routeParameters . $secretKey) Where: orderUuid is the value of the orderUuid parameter from the callback URL. status is the value of the status parameter from the callback URL. createdAt is the value of the createdAt parameter from the callback URL. amount is the value of total order amount from the callback URL. paymentMethod is the paymentMethod used. example: visa, mastercard etc. timestamp timestamp is the current timestamp secretKey will be given by frontpayment. Example Verification (Conceptual): // In your callback handler $getParameters = $_GET; //Or manually read each query string $receivedOrderUuid = $getParameters['orderUuid']; $receivedStatus = $getParameters['status']; $receivedCreatedAt = $getParameters['createdAt']; $receivedAmount = $getParameters['amount']; $paymentMethod = $getParameters['paymentMethod']; $receivedTimestamp = $getParameters['timestamp']; // You might also want to log/check this for freshness $receivedChecksum = $getParameters['checksum']; $secretKey = ''; // Given by Front Payment; // Construct the string used to calculate the checksum $concatenatedValues = ''; foreach($getParameters as $key => $value) { // Except checksum parameter if ($key == 'checksum') { continue; } $concatenatedValues .= $value; } $hashedKey = hash('sha256', $concatenatedValues . $secretKey); if (!hash_equals($hashedKey, $receivedChecksum)) { return "Checksum verification failed."; } // Checksum is valid, process the callback data // e.g., update order status in your database return "Callback successfully processed."; By verifying the checksum, you can confirm that the callback data has not been altered during transmission, enhancing the security of your integration.