Handling Notifications/Callbacks

Whenever the status of the request/transaction changes, we notify your service via callbacks. Below are the hints to take note of as regards these payment notifications.

All callback/webhook requests from our platform are sent to the callback URLs configured on the merchant account during registration.
A secure callback URL is required and notifications will ONLY be sent to https URLs. If you don't receive these notifications, ensure to check this.
The callback request is a POST with JSON serialized data.
Every callback payload has a parameter named event and its purpose is to communicate the reason for the callback as described here.
We expect that your service will acknowledge the callback request by responding with HTTP code 200 otherwise we will retry a few more times (if the response code is below the 500 range) and then stop.
The callback request includes two extra headers; hmac-signature and rsa-signature, and these can optionally be used to verify that the callback request originated from our servers. Verification can be done for any of these two signatures, NOT necessarily both of them. If the signature is valid, you can proceed with your business logic.
The HMAC signature can be verified using this procedure while the RSA signature can be verified using this procedure. The merchant can choose which procedure to work with.

PreviousPayment Options NextCallback Events

Last updated 1 year ago