Notification Callback
For security reason, we highly recommend Merchant to ensure that the notifications received by Merchant backend, are actually sent by Finpay system. There are two ways to do those activity:
Validate the response by request checking transaction status to Finpay using Check Status Service. This flow is the most secure method to verify the authenticity of Callback. If transaction status match with Callback then Merchant can continue process the order
Validate the response using a comparison of the signature key receive from Finpay system when sending Callback with the signature generated by Merchant them self. If the siganture key does not match please ignore callback send by Finpay and you dont need to process the transaction.
Here are logic of the Signature Key to generate the Signature Key:
hash_hmac("sha512", json_encode($fields), $key);Data Request
1
transactionDate
String
O
1
50
ISO 8601 format
2
transferDateTime
String
M
1
50
Actual transfer date time ISO 8601 format
3
originalReferenceNo
String
M
1
64
Original transaction identifier on service provider system
4
originalPartnerReferanceNo
String
O
1
64
Original Transaction identifier on service consumer system
5
beneficiaryBackCode
String
M
1
6
Original beneficiary bank code on service provider system
6
beneficiaryAccountName
String
M
1
64
Original beneficiary account name on service provider system
7
beneficiaryAccountNo
String
M
1
64
Original beneficiary account number on service provider system
9
latestTransactionStatus
String
M
1
2
00 - Success
01 - Initiated
02 - Paying
03 - Pending
04 - Refunded
05 - Cancelled
06 - Failed
07 - Not found
10
triggerType
String
M
1
9
Type of Notification: - automatic (updated by system) - manual (triggered by merchant/operation)
Sample Request
Data Response
2
responseMessage
String
M
1
500
Response Message
3
processingTime
Number
M
1
20
Processing Time
Sample Response
Last updated