Callbacks
:::info
In our system, we have implemented a callback function, and to set it up, we need to add the merchant's URL in merchan settings where the callbacks will be sent.
The callback can be sent in next cases:
Callback will be a POST HTTP request to the address you have configured, depending on the status the order transitions to.
The request will include a "Signature" header by which you can verify the validity of the request. However, we still recommend making a request to check the status.
:::
CallBack params
POST {yourCallBackUrl}
Body:
Signature
The request will include a Signature header, which you can use to verify that the request is valid. However, we still recommend making a status check request.
Step 1
Retrieving Data for the Signature:
- Extract the values of
externalId
,status
,amount
andorderType
from the request. - Use your
privateKey
to construct the signature string in the following format:externald;status;amount;orderType;privatekey
Step 2
Calculating the Signature:
- Apply SHA-256 hashing to the string obtained in Step 1.
- Convert the hash result to a hexadecimal string.
Step 3
Verifying the Signature:
- Extract the Signature header from the request.
- Repeat steps 1 and 2 to obtain the expected signature.
- Compare the received signature with the expected one. If they match, the request signature is valid.
Examples of validation
JavaScript
const crypto = require('crypto');
// Function for signature validation
function validateSignature(signature, requestData, privateKey) {
const dataToSign = `${requestData.externald};${requestData.statusFrom};${requestData.statusTo};${requestData.orderType};${privateKey}`;
const expectedSignature = crypto.createHash('sha256').update(dataToSign).digest('hex');
return signature === expectedSignature;
}
// Example of usage
const requestSignature = '...'; // Get the signature from the request header.
const requestData = {
externald: '...',
statusFrom: '...',
statusTo: '...',
orderType: '...'
};
const privateKey = '...'; // Your private key
const isValid = validateSignature(requestSignature, requestData, privateKey);
console.log(isValid); // It will return true or false depending on whether the signature is valid.
Python
import hashlib
# Function for signature validation
def validate_signature(signature, request_data, private_key):
data_to_sign = f"{request_data['externald']};{request_data['statusFrom']};{request_data['statusTo']};{request_data['orderType']};{private_key}"
expected_signature = hashlib.sha256(data_to_sign.encode()).hexdigest()
return signature == expected_signature
# Example of usage
request_signature = '...' # Get the signature from the request header.
request_data = {
'externald': '...',
'statusFrom': '...',
'statusTo': '...',
'orderType': '...'
}
private_key = '...' # Your private key
is_valid = validate_signature(request_signature, request_data, private_key)
print(is_valid) # It will return true or false depending on whether the signature is valid.
C Sharp
using System;
using System.Security.Cryptography;
using System.Text;
public class SignatureValidator
{
// Method for validating the signature
public static bool ValidateSignature(string signature, dynamic requestData, string privateKey)
{
string dataToSign = $"{requestData.externald};{requestData.statusFrom};{requestData.statusTo};{requestData.orderType};{privateKey}";
using (SHA256 sha256 = SHA256.Create())
{
byte[] hashBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(dataToSign));
string expectedSignature = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
return signature == expectedSignature;
}
}
// Example of usage
public static void Main(string[] args)
{
string requestSignature = "..."; // Get the signature from the request header.
dynamic requestData = new
{
externald = "...",
statusFrom = "...",
statusTo = "...",
orderType = "..."
};
string privateKey = "..."; // Your private key
bool isValid = ValidateSignature(requestSignature, requestData, privateKey);
Console.WriteLine(isValid); // It will return true or false depending on whether the signature is valid.
}
}