Notification
IPN (Instant Payment Notification) is a notification sent from one server to another through an HTTP POST request informing your transactions.
Last updated
IPN (Instant Payment Notification) is a notification sent from one server to another through an HTTP POST request informing your transactions.
Last updated
To receive notifications about the events in your platform, you have to previously configure the notification when you do the POST of the payment, indicating the URL in the field notify_url.
POST
$notify_url which defined when submitting the payin transaction.
Notification Parameters
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Whenever an event occurs, we will send you a notification in json format using HTTP POST to the URL that you specified.
We will notify the following events:
We can notify the following events, contact us to set up if needed:
Pagsmile will send notifications with the following schedule of retries and confirmation waiting times. You must return an HTTP STATUS 200 (OK) with response data "success" before the corresponding time expires. If not, it will be assumed that you did not receive it correctly and you will be notified again.
It is recommended that you respond to the notification before executing business logic or before accessing external resources so as not to exceed the estimated response times.
This communication is exclusively between the servers of Pagsmile and your server, so there will not be a physical user seeing any type of result.
The approximate content of the Pagsmile-Signature header is as follows (here with line breaks for easy viewing, the actual content is all on one line):
The Pagsmile-Signature header contains a timestamp and a signature. The timestamp is prefixed by t=, followed by a UNIX timestamp; the signature is prefixed by v2=, followed by the signature content.
Split the header using the [,] character as the separator, to get a list of elements. Then split each element using the [=] character as the separator, to get a prefix and value pair.
The value for the prefix [t] corresponds to the timestamp, and [v2] corresponds to the signature. You can discard all other elements.
Get all the content in the RequestBody. Please pay attention here. Please do not use the program's self-built structure to format and/or serialize the RequestBody content. If you have similar requirements, please do it after getting the original data for verification to avoid unnecessary sorting of fields and the addition of characters affecting the signature.
Compute an HMAC with the SHA256 hash function. Use the SecretKey get from The merchant dashboard as the key(salt), and use the original RequestBody string as the message.
Compare the signature in the header to the expected signature. For an equality match, compute the difference between the current timestamp and the received timestamp, then decide if the difference is within your tolerance.
The following notification is only an example. Different methods can have more or less parameters in the real notification. Please refer to what you received when testing.
Please contact us to get the IP addresses that our notifications will be sent from.
Action | Description |
---|---|
Action | Description |
---|---|
Event | Time after the first dispatch |
---|---|
Content-Type*
String
application/json
Pagsmile-Signature*
String
t=$timestamp,v2=HMAC SHA256($RequestBody)
trade_no*
String
Pagsmile transaction id
out_trade_no*
String
merchant out_trade_no
out_request_no
String
Pagsmile refund transaction id. Only for refund order
app_id*
String
trade_status*
String
trade status.
amount*
String
method*
String
currency*
String
timestamp*
String
channel
String
SUCCESS
Trade has been successful
CANCEL
Trade has been cancelled
EXPIRED
Trade is expired
REFUSED
Trade has been refused
CHARGEBACK
Chargeback occurred
CHARGEBACK_REVERSED
Chargeback reversed
REFUND_REVOKE
Refund revoke
REFUND_REFUSED
Refund is refused
REFUNDED
Trade has been refunded
DISPUTE
Dispute occurred
PROCESSING
User has submitted the payment information
RISK_CONTROLLING
Trade is considered high risk or there is unclear billing information
REFUND_VERIFYING
Waiting for the user to submit refund information
REFUND_PROCESSING
Refund information is received. Waiting for processing the refund.
Dispatch
-
1st retry
10 minutes
2nd retry
30 minutes
3rd retry
60 minutes
4th retry
120 minutes
5th retry
360 minutes
6th retry
840 minutes