Skip to main content

Notifications via Callback URL

Frontpayment will notify your system of the payment status via the callback.callbackUrl you provided in the initial request payload. This allows you to update the order status in your system accordingly.

The callback URL will include the following parameters as query strings:

Available Parameters

Parameter Description
orderUuid The unique identifier for the order.
status The current status of the order (e.g., PAID, INVOICED).
createdAt The timestamp when the order was created.
paymentMethod The payment method user has selected.
amount The order amount
timestamp The current timestamp when the callback is sent.
checksum A SHA256 hash for integrity verification.

Example Callback URL: https://your-callback-url.com/callback?orderUuid=ODR123&status=success&paymentMethod=Visa&amount=100&createdAt=1755764131&timestamp=1755764131&checksum=abcdef123456...

Checksum Verification

To ensure the integrity and authenticity of the callback, you must verify the checksum included in the query string of any callback url. The checksum is generated using the following formula:

hash('sha256', receivedOrderUuid$routeParameters . receivedStatus . receivedCreatedAt . receivedAmount . receivedTimestamp . $secretKey)

Where:

  • orderUuid is the value of the orderUuid parameter from the callback URL.
  • status is the value of the status parameter from the callback URL.
  • createdAt is the value of the createdAt parameter from the callback URL.
  • amount is the value of total order amount from the callback URL.
  • timestamp timestamp is the current timestamp
  • secretKey will be given by frontpayment.

Example Verification (Conceptual):

// In your callback handler
$getParameters = $_GET;
$receivedOrderUuid = $getParameters['orderUuid'];
$receivedStatus = $getParameters['status'];
$receivedCreatedAt = $getParameters['createdAt'];
$receivedAmount = $getParameters['amount'];
$receivedTimestamp = $getParameters['timestamp']; // You might also want to log/check this for freshness
$receivedChecksum = $getParameters['checksum'];
$secretKey = '';  // Given by Front Payment;

// Construct the string used to calculate the checksum
$concatenatedValues  = '';
foreach($getParameters as $key => $value) {
  //Only lookExcept for GET params before the HASHchecksum parameter
  if ($key == 'checksum') { break; }
  $concatenatedValues .= $value;
}

$hashedKey = hash('sha256', $concatenatedValues . $secretKey);
        
if (!hash_equals($hashedKey, $receivedChecksum)) {
    return "Checksum verification failed.";
}

// Checksum is valid, process the callback data
// e.g., update order status in your database
return "Callback successfully processed.";

By verifying the checksum, you can confirm that the callback data has not been altered during transmission, enhancing the security of your integration.

Back to top