⚙️
GovNet Gateway API Documentation
  • Introduction
  • Getting Started
    • Registration
    • Error Handling
    • Authentication
    • Merchant Account Credentials
      • Generate Secret Key
      • Generate New Keys
    • Supported Countries
    • Sandbox Test Accounts
  • Utility Functions
    • Balance Inquiry
    • Payment Options
    • Handling Notifications/Callbacks
      • Callback Events
    • Handling Card Redirects
  • Collections
    • Getting Started
    • Request Mobile Money Payment
    • Request Card Payment
    • Collect For Payment
  • Callbacks & Redirects
    • HMAC Signature Verification
    • RSA Signature Verification
Powered by GitBook
On this page
  1. Utility Functions

Handling Card Redirects

Whenever card payment is completed or is cancelled or fails (for a variety of reasons), we redirect to the URL on record. Below are the hints to take note of as regards these redirects.

PreviousCallback EventsNextGetting Started

Last updated 11 months ago

  • All redirects are sent to the redirect URL you provide when setting up the card collection request.

  • A secure redirect URL is required and redirects will ONLY be sent to https URLs. If you don't receive these redirects, ensure to check this.

  • The redirect request is a GET with some transaction details in query parameters.

  • The redirect request includes two critical parameters; hmac_signature and rsa_signature, and these can optionally be used to verify that the redirect request originated from our servers. Verification can be done for any of these two signatures, NOT necessarily both of them. If the signature is valid, you can proceed with your business logic.

  • The redirect URL would therefore look like; https://your-redirect-url?id=&merchant_reference=&internal_reference=&transaction_status=&status_message=&rsa_signature=&hmac_signature=

  • The HMAC signature can be verified using procedure while the RSA signature can be verified using procedure. The merchant can choose which procedure to work with.

The table below describes the query parameters to expect in the redirect request as well as sample values;

Query Param
Description
Sample Value

id

Transaction ID generated by GovBill

14080

merchant_reference

The merchant reference - generated by the merchant

CSTREFAKPZNMHFHTGGQJ

internal_reference

Unique Transaction reference generated by GovBill

GOVBIL8VWGJNQ83QFAMKWG

transaction_status

The transaction status

COMPLETED

status_message

Description of the transaction status

Transaction Completed Successfully

hmac_signature

The HMAC signature - optionally use this to check authenticity of the redirect

a92ef5bfe9e3b1c38b877a8cb8481e3ddf7f816f42470256a7f8064e79f4651d

rsa_signature

The RSA signature - optionally use this to check authenticity of the redirect

cEbk7xV5qaDHPaNk3mVxT8pgzdVxvzfqEAQvfHEL7/p0HuUx2F9/SBDxDyohJdOcwGT7yBUpVl+N3v2c3oxSqT+uebB4yex3hrdsWEQNSoSs5LaimULrFTXCK/w8RmwKd77CvIwrRZ4a/+zf4/os6TBbq2n1hMEuW8yJO4PbwVTtOzVKGgHr2yy/pSiAmwX/7oWU/EevzrktUFwtSDvo+HFS8w5RStkZC2VW5/+qwNx8AYmaWgbeNsA9/HfqenvK6grL09MjO4XH8fS/b7IlSGEAB+yHBKPfdgtoL7UIv0JF3o5Y4I0gWM5fT0ni6AUKUVwMJpBsrCV7FI0cBgEOXA9cYwHfkx1w95jeQ1p3AOUSwzGNGOSMgHcLAt0AQR+EPCm8O+qHalW9FL/3tAll9vyJgwNr8PjJTTzBrktI57gTF2QWEV5zFMd2aWHnrCCpcxCafVu0oxZln2ZYlS+gOutZYUclESLfjZn1WjqOE1UYNUYnrDJxcLCdj/Fbrlj84rZC+y17VdWmV6u1L+EkGDCv1sQUsdoqs8h50YkENEggMU7Mc3tOYOQsMCIM77KkdWjojAvZfCLhf8Kec5m8x+nzGau5tib+Jdw46onlWpTFh0exWjBiSW6QShVSkFdYDBYh13EusdFqtZcAl4ntSHLdYHXTd0O9Cn3p/o2hGyo=

All the sample values in the table are accurate and were obtained from a real redirect test. They can therefore be used to test signature verification as described and/or

this
this
here
here